Puppet Class: openstack::horizon::config

Defined in:
modules/openstack/manifests/horizon/config.pp

Overview

Config for openstack horizon

Here, 'config' refers to local_settings.py as well

as a variety of policy files which affect which
UI elements are displayed to which users.

Because we deploy Horizon from source, and because the OpenStack APIs are backwards-compatible, we typically deploy a newer version of Horizon than the other OpenStack services.

That means we track two different version settings here:

$horizon_version: the actual version of Horizon that's running

$openstack_version: the version used for the other openstack
 services on e.g. cloudcontrol1001.

We need to know the value of $openstack_version so that we can pull the policy files that Horizon uses from the appropriate services and avoid having to duplicate them just for Horizon to consume.

SPDX-License-Identifier: Apache-2.0

Parameters:

  • horizon_version (String)
  • openstack_version (String)
  • keystone_api_fqdn (Stdlib::Fqdn)
  • dhcp_domain (Stdlib::Fqdn)
  • instance_network_id (String)
  • ldap_rw_host (Stdlib::Host)
  • ldap_user_pass (String)
  • all_regions (Array[String])
  • puppet_git_repo_name (String)
  • secret_key (String)
  • webserver_hostname (Stdlib::Fqdn) (defaults to: 'horizon.wikimedia.org')


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# File 'modules/openstack/manifests/horizon/config.pp', line 23

class openstack::horizon::config(
    String        $horizon_version,
    String        $openstack_version,
    Stdlib::Fqdn  $keystone_api_fqdn,
    Stdlib::Fqdn  $dhcp_domain,
    String        $instance_network_id,
    Stdlib::Host  $ldap_rw_host,
    String        $ldap_user_pass,
    Array[String] $all_regions,
    String        $puppet_git_repo_name,
    String        $secret_key,
    Stdlib::Fqdn  $webserver_hostname = 'horizon.wikimedia.org',
) {
    ensure_resource('file', '/etc/openstack-dashboard', {
        ensure => 'directory',
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
        force  => true,
    })

    file { '/etc/openstack-dashboard/local_settings.py':
        content => template("openstack/${horizon_version}/horizon/local_settings.py.erb"),
        mode    => '0444',
        owner   => 'root',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    file { '/etc/openstack-dashboard/nova_policy.yaml':
        source  => "puppet:///modules/openstack/${openstack_version}/nova/common/policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    file { '/etc/openstack-dashboard/keystone_policy.yaml':
        source  => "puppet:///modules/openstack/${openstack_version}/keystone/policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    file { '/etc/openstack-dashboard/glance_policy.yaml':
        source  => "puppet:///modules/openstack/${openstack_version}/glance/policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    file { '/etc/openstack-dashboard/designate_policy.yaml':
        source  => "puppet:///modules/openstack/${openstack_version}/designate/policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    file { '/etc/openstack-dashboard/neutron_policy.yaml':
        source  => "puppet:///modules/openstack/${openstack_version}/neutron/policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    file { '/etc/openstack-dashboard/cinder_policy.yaml':
        source  => "puppet:///modules/openstack/${openstack_version}/cinder/policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    file { '/etc/openstack-dashboard/trove_policy.yaml':
        source  => "puppet:///modules/openstack/${openstack_version}/trove/policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }

    # This is a trivial policy file that forbids everything.  We'll use it
    #  for services that we don't support to prevent Horizon from
    #  displaying spurious panels.
    file { '/etc/openstack-dashboard/disabled_policy.yaml':
        source  => "puppet:///modules/openstack/${horizon_version}/horizon/disabled_policy.yaml",
        owner   => 'root',
        mode    => '0444',
        notify  => Service['apache2'],
        require => File['/etc/openstack-dashboard'],
    }
}