Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Rename CongressApi to Congress (docker)
[apex-tripleo-heat-templates.git] / puppet / services / horizon.yaml
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 60b009a..1f97b8b 100644 (file)
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Horizon service configured with Puppet
@@ -14,9 +14,21 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  HorizonDebug:
+    default: false
+    description: Set to True to enable debugging Horizon service.
+    type: string
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -40,6 +52,10 @@ parameters:
     type: string
     hidden: true
     default: ''
+  HorizonSecureCookies:
+    description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
+    type: boolean
+    default: false
   MemcachedIPv6:
     default: false
     description: Enable IPv6 features in Memcached.
@@ -50,7 +66,7 @@ parameters:
 
 conditions:
 
-  debug_empty: {equals : [{get_param: Debug}, '']}
+  debug_unset: {equals : [{get_param: Debug}, '']}
 
 outputs:
   role_data:
@@ -73,12 +89,11 @@ outputs:
           horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
           horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
           horizon::vhost_extra_params:
-            add_listen: false
             priority: 10
             access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
             options: ['FollowSymLinks','MultiViews']
           horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
-          horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+          horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
           horizon::password_validator: {get_param: [HorizonPasswordValidator]}
           horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
           horizon::secret_key:
@@ -88,12 +103,13 @@ outputs:
                 passwords:
                   - {get_param: HorizonSecret}
                   - {get_param: [DefaultPasswords, horizon_secret]}
+          horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
           memcached_ipv6: {get_param: MemcachedIPv6}
         -
           if:
-          - debug_empty
-          - {}
-          - horizon::django_debug: {get_param: Debug}
+          - debug_unset
+          - horizon::django_debug: { get_param: HorizonDebug }
+          - horizon::django_debug: { get_param: Debug }
       step_config: |
         include ::tripleo::profile::base::horizon
       # Ansible tasks to handle upgrade
@@ -113,3 +129,10 @@ outputs:
           tags: step1
           when: httpd_enabled.rc == 0
           service: name=httpd state=stopped
+      service_config_settings:
+        haproxy:
+          tripleo.horizon.firewall_rules:
+            '127 horizon':
+              dport:
+                - 80
+                - 443