1 heat_template_version: pike
4 OpenStack containerized Horizon service
10 DockerHorizonConfigImage:
11 description: The container image to use for the horizon config_volume
15 description: Mapping of service endpoint -> protocol. Typically set
16 via parameter_defaults in the resource registry.
20 description: Dictionary packing service data
24 description: Mapping of service_name -> network name. Typically set
25 via parameter_defaults in the resource registry. This
26 mapping overrides those in ServiceNetMapDefaults.
33 description: Role name on which the service is applied
37 description: Parameters specific to the role
45 internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
50 type: ./containers-common.yaml
53 type: ../../puppet/services/horizon.yaml
55 EndpointMap: {get_param: EndpointMap}
56 ServiceData: {get_param: ServiceData}
57 ServiceNetMap: {get_param: ServiceNetMap}
58 DefaultPasswords: {get_param: DefaultPasswords}
59 RoleName: {get_param: RoleName}
60 RoleParameters: {get_param: RoleParameters}
64 description: Role data for the Horizon API role.
66 service_name: {get_attr: [HorizonBase, role_data, service_name]}
69 - get_attr: [HorizonBase, role_data, config_settings]
70 - horizon::vhost_extra_params:
73 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
74 options: ['FollowSymLinks','MultiViews']
75 - horizon::secure_cookies: false
76 logging_source: {get_attr: [HorizonBase, role_data, logging_source]}
77 logging_groups: {get_attr: [HorizonBase, role_data, logging_groups]}
78 step_config: {get_attr: [HorizonBase, role_data, step_config]}
79 service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]}
80 # BEGIN DOCKER SETTINGS
82 config_volume: horizon
83 puppet_tags: horizon_config
84 step_config: {get_attr: [HorizonBase, role_data, step_config]}
85 config_image: {get_param: DockerHorizonConfigImage}
87 /var/lib/kolla/config_files/horizon.json:
88 command: /usr/sbin/httpd -DFOREGROUND
90 - source: "/var/lib/kolla/config_files/src/*"
93 preserve_properties: true
95 - path: /var/log/horizon/
98 # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
99 # horizon:horizon - the policy.json files need read permissions for the apache user
100 # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
101 - path: /etc/openstack-dashboard/
104 # FIXME Apache tries to write a .lock file there
105 - path: /usr/share/openstack-dashboard/openstack_dashboard/local/
108 # FIXME Our theme settings are there
109 - path: /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.d/
115 image: &horizon_image {get_param: DockerHorizonImage}
117 # NOTE Set ownership for /var/log/horizon/horizon.log file here,
118 # otherwise it's created by root when generating django cache.
119 # FIXME Apache needs to read files in /etc/openstack-dashboard
120 # Need to set permissions to match the BM case,
121 # http://paste.openstack.org/show/609819/
122 command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
124 - /var/log/containers/horizon:/var/log/horizon
125 - /var/log/containers/httpd/horizon:/var/log/httpd
126 - /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
129 image: *horizon_image
135 - {get_attr: [ContainersCommon, volumes]}
137 - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
138 - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
139 - /var/log/containers/horizon:/var/log/horizon
140 - /var/log/containers/httpd/horizon:/var/log/httpd
143 - internal_tls_enabled
144 - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
148 - internal_tls_enabled
149 - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
152 - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
154 - name: create persistent logs directory
159 - /var/log/containers/horizon
160 - /var/log/containers/httpd/horizon
162 - name: Stop and disable horizon service (running under httpd)
164 service: name=httpd state=stopped enabled=no
166 get_attr: [HorizonBase, role_data, metadata_settings]