+++ /dev/null
-# == Class: horizon
-#
-# Installs Horizon dashboard with Apache
-#
-# === Parameters
-#
-# [*secret_key*]
-# (required) Secret key. This is used by Django to provide cryptographic
-# signing, and should be set to a unique, unpredictable value.
-#
-# [*fqdn*]
-# (optional) DEPRECATED, use allowed_hosts and server_aliases instead.
-# FQDN(s) used to access Horizon. This is used by Django for
-# security reasons. Can be set to * in environments where security is
-# deemed unimportant. Also used for Server Aliases in web configs.
-# Defaults to ::fqdn
-#
-# [*servername*]
-# (optional) FQDN used for the Server Name directives
-# Defaults to ::fqdn.
-#
-# [*allowed_hosts*]
-# (optional) List of hosts which will be set as value of ALLOWED_HOSTS
-# parameter in settings_local.py. This is used by Django for
-# security reasons. Can be set to * in environments where security is
-# deemed unimportant.
-# Defaults to ::fqdn.
-#
-# [*server_aliases*]
-# (optional) List of names which should be defined as ServerAlias directives
-# in vhost.conf.
-# Defaults to ::fqdn.
-#
-# [*package_ensure*]
-# (optional) Package ensure state. Defaults to 'present'.
-#
-# [*cache_server_ip*]
-# (optional) Memcached IP address. Can be a string, or an array.
-# Defaults to '127.0.0.1'.
-#
-# [*cache_server_port*]
-# (optional) Memcached port. Defaults to '11211'.
-#
-# [*swift*]
-# (optional) Enable Swift interface extension. Defaults to false.
-#
-# [*horizon_app_links*]
-# (optional) Array of arrays that can be used to add call-out links
-# to the dashboard for other apps. There is no specific requirement
-# for these apps to be for monitoring, that's just the defacto purpose.
-# Each app is defined in two parts, the display name, and
-# the URIDefaults to false. Defaults to false. (no app links)
-#
-# [*keystone_url*]
-# (optional) Full url of keystone public endpoint. (Defaults to 'http://127.0.0.1:5000/v2.0')
-# Use this parameter in favor of keystone_host, keystone_port and keystone_scheme.
-#
-# [*keystone_scheme*]
-# (optional) DEPRECATED: Use keystone_url instead.
-# Scheme of the Keystone service. (Defaults to 'http')
-# Setting this parameter overrides keystone_url parameter.
-#
-# [*keystone_host*]
-# (optional) DEPRECATED: Use keystone_url instead.
-# IP address of the Keystone service. (Defaults to '127.0.0.1')
-# Setting this parameter overrides keystone_url parameter.
-#
-# [*keystone_port*]
-# (optional) DEPRECATED: Use keystone_url instead.
-# Port of the Keystone service. (Defaults to 5000)
-# Setting this parameter overrides keystone_url parameter.
-#
-# [*keystone_default_role*]
-# (optional) Default Keystone role for new users. Defaults to '_member_'.
-#
-# [*django_debug*]
-# (optional) Enable or disable Django debugging. Defaults to 'False'.
-#
-# [*openstack_endpoint_type*]
-# (optional) endpoint type to use for the endpoints in the Keystone
-# service catalog. Defaults to 'undef'.
-#
-# [*secondary_endpoint_type*]
-# (optional) secondary endpoint type to use for the endpoints in the
-# Keystone service catalog. Defaults to 'undef'.
-#
-# [*available_regions*]
-# (optional) List of available regions. Value should be a list of tuple:
-# [ ['urlOne', 'RegionOne'], ['urlTwo', 'RegionTwo'] ]
-# Defaults to undef.
-#
-# [*api_result_limit*]
-# (optional) Maximum number of Swift containers/objects to display
-# on a single page. Defaults to 1000.
-#
-# [*log_level*]
-# (optional) Log level. Defaults to 'INFO'. WARNING: Setting this to
-# DEBUG will let plaintext passwords be logged in the Horizon log file.
-#
-# [*local_settings_template*]
-# (optional) Location of template to use for local_settings.py generation.
-# Defaults to 'horizon/local_settings.py.erb'.
-#
-# [*help_url*]
-# (optional) Location where the documentation should point.
-# Defaults to 'http://docs.openstack.org'.
-#
-# [*compress_offline*]
-# (optional) Boolean to enable offline compress of assets.
-# Defaults to True
-#
-# [*hypervisor_options*]
-# (optional) A hash of parameters to enable features specific to
-# Hypervisors. These include:
-# 'can_set_mount_point': Boolean to enable or disable mount point setting
-# Defaults to 'True'.
-# 'can_set_password': Boolean to enable or disable VM password setting.
-# Works only with Xen Hypervisor.
-# Defaults to 'False'.
-#
-# [*cinder_options*]
-# (optional) A hash of parameters to enable features specific to
-# Cinder. These include:
-# 'enable_backup': Boolean to enable or disable Cinders's backup feature.
-# Defaults to False.
-#
-# [*neutron_options*]
-# (optional) A hash of parameters to enable features specific to
-# Neutron. These include:
-# 'enable_lb': Boolean to enable or disable Neutron's LBaaS feature.
-# Defaults to False.
-# 'enable_firewall': Boolean to enable or disable Neutron's FWaaS feature.
-# Defaults to False.
-# 'enable_quotas': Boolean to enable or disable Neutron quotas.
-# Defaults to True.
-# 'enable_security_group': Boolean to enable or disable Neutron
-# security groups. Defaults to True.
-# 'enable_vpn': Boolean to enable or disable Neutron's VPNaaS feature.
-# Defaults to False.
-# 'profile_support': A string indiciating which plugin-specific
-# profiles to enable. Defaults to 'None', other options include
-# 'cisco'.
-#
-# [*configure_apache*]
-# (optional) Configure Apache for Horizon. (Defaults to true)
-#
-# [*bind_address*]
-# (optional) Bind address in Apache for Horizon. (Defaults to undef)
-#
-# [*listen_ssl*]
-# (optional) Enable SSL support in Apache. (Defaults to false)
-#
-# [*ssl_redirect*]
-# (optional) Whether to redirect http to https
-# Defaults to True
-#
-# [*horizon_cert*]
-# (required with listen_ssl) Certificate to use for SSL support.
-#
-# [*horizon_key*]
-# (required with listen_ssl) Private key to use for SSL support.
-#
-# [*horizon_ca*]
-# (required with listen_ssl) CA certificate to use for SSL support.
-#
-# [*vhost_extra_params*]
-# (optionnal) extra parameter to pass to the apache::vhost class
-# Defaults to undef
-#
-# [*file_upload_temp_dir*]
-# (optional) Location to use for temporary storage of images uploaded
-# You must ensure that the path leading to the directory is created
-# already, only the last level directory is created by this manifest.
-# Specify an absolute pathname.
-# Defaults to /tmp
-#
-# [*secure_cookies*]
-# (optional) Enables security settings for cookies. Useful when using
-# https on public sites. See: http://docs.openstack.org/developer/horizon/topics/deployment.html#secure-site-recommendations
-# Defaults to false
-#
-# [*django_session_engine*]
-# (optional) Selects the session engine for Django to use.
-# Defaults to undefined - will not add entry to local settings.
-#
-# === Deprecation notes
-#
-# If any value is provided for keystone_scheme, keystone_host, or
-# keystone_port parameters; keystone_url will be completely ignored. Also
-# can_set_mount_point is deprecated.
-#
-# === Examples
-#
-# class { 'horizon':
-# secret_key => 's3cr3t',
-# keystone_url => 'https://10.0.0.10:5000/v2.0',
-# available_regions => [
-# ['http://region-1.example.com:5000/v2.0', 'Region-1'],
-# ['http://region-2.example.com:5000/v2.0', 'Region-2']
-# ]
-# }
-#
-class horizon(
- $secret_key,
- $fqdn = undef,
- $package_ensure = 'present',
- $cache_server_ip = '127.0.0.1',
- $cache_server_port = '11211',
- $swift = false,
- $horizon_app_links = false,
- $keystone_url = 'http://127.0.0.1:5000/v2.0',
- $keystone_default_role = '_member_',
- $django_debug = 'False',
- $openstack_endpoint_type = undef,
- $secondary_endpoint_type = undef,
- $available_regions = undef,
- $api_result_limit = 1000,
- $log_level = 'INFO',
- $help_url = 'http://docs.openstack.org',
- $local_settings_template = 'horizon/local_settings.py.erb',
- $configure_apache = true,
- $bind_address = undef,
- $servername = $::fqdn,
- $server_aliases = $::fqdn,
- $allowed_hosts = $::fqdn,
- $listen_ssl = false,
- $ssl_redirect = true,
- $horizon_cert = undef,
- $horizon_key = undef,
- $horizon_ca = undef,
- $compress_offline = true,
- $hypervisor_options = {},
- $cinder_options = {},
- $neutron_options = {},
- $file_upload_temp_dir = '/tmp',
- $policy_files_path = undef,
- $policy_files = undef,
- # DEPRECATED PARAMETERS
- $can_set_mount_point = undef,
- $keystone_host = undef,
- $keystone_port = undef,
- $keystone_scheme = undef,
- $vhost_extra_params = undef,
- $secure_cookies = false,
- $django_session_engine = undef,
-) {
-
- include ::horizon::params
-
- if $swift {
- warning('swift parameter is deprecated and has no effect.')
- }
-
- if $keystone_scheme {
- warning('The keystone_scheme parameter is deprecated, use keystone_url instead.')
- }
-
- if $keystone_host {
- warning('The keystone_host parameter is deprecated, use keystone_url instead.')
- }
-
- if $keystone_port {
- warning('The keystone_port parameter is deprecated, use keystone_url instead.')
- }
-
- # Default options for the OPENSTACK_HYPERVISOR_FEATURES section. These will
- # be merged with user-provided options when the local_settings.py.erb
- # template is interpolated. Also deprecates can_set_mount_point.
- if $can_set_mount_point {
- warning('The can_set_mount_point parameter is deprecated, use hypervisor_options instead.')
- $hypervisor_defaults = {
- 'can_set_mount_point' => $can_set_mount_point,
- 'can_set_password' => false
- }
- } else {
- $hypervisor_defaults = {
- 'can_set_mount_point' => true,
- 'can_set_password' => false
- }
- }
-
- if $fqdn {
- warning('Parameter fqdn is deprecated. Please use parameter allowed_hosts for setting ALLOWED_HOSTS in settings_local.py and parameter server_aliases for setting ServerAlias directives in vhost.conf.')
- $final_allowed_hosts = $fqdn
- $final_server_aliases = $fqdn
- } else {
- $final_allowed_hosts = $allowed_hosts
- $final_server_aliases = $server_aliases
- }
-
- # Default options for the OPENSTACK_CINDER_FEATURES section. These will
- # be merged with user-provided options when the local_settings.py.erb
- # template is interpolated.
- $cinder_defaults = {
- 'enable_backup' => false,
- }
-
- # Default options for the OPENSTACK_NEUTRON_NETWORK section. These will
- # be merged with user-provided options when the local_settings.py.erb
- # template is interpolated.
- $neutron_defaults = {
- 'enable_lb' => false,
- 'enable_firewall' => false,
- 'enable_quotas' => true,
- 'enable_security_group' => true,
- 'enable_vpn' => false,
- 'profile_support' => 'None'
- }
-
- Service <| title == 'memcached' |> -> Class['horizon']
-
- package { 'horizon':
- ensure => $package_ensure,
- name => $::horizon::params::package_name,
- }
-
- file { $::horizon::params::config_file:
- content => template($local_settings_template),
- mode => '0644',
- require => Package['horizon'],
- }
-
- package { 'python-lesscpy':
- ensure => $package_ensure,
- }
-
- exec { 'refresh_horizon_django_cache':
- command => "${::horizon::params::manage_py} compress",
- refreshonly => true,
- require => [Package['python-lesscpy'], Package['horizon']],
- }
-
- if $compress_offline {
- File[$::horizon::params::config_file] ~> Exec['refresh_horizon_django_cache']
- }
-
- if $configure_apache {
- class { 'horizon::wsgi::apache':
- bind_address => $bind_address,
- servername => $servername,
- server_aliases => $final_server_aliases,
- listen_ssl => $listen_ssl,
- ssl_redirect => $ssl_redirect,
- horizon_cert => $horizon_cert,
- horizon_key => $horizon_key,
- horizon_ca => $horizon_ca,
- extra_params => $vhost_extra_params,
- }
- }
-
- if ! ($file_upload_temp_dir in ['/tmp','/var/tmp']) {
- file { $file_upload_temp_dir :
- ensure => directory,
- owner => $::horizon::params::wsgi_user,
- group => $::horizon::params::wsgi_group,
- mode => '0755'
- }
- }
-
-}