X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Fservices%2Fhorizon.yaml;h=94fd9eef2223c18c2f08d35ed85722a380d9b9e3;hb=73616922e481b66fc2bfff145d7c1130ce1a6552;hp=c5123277469af40d35b8ce8d9c0dd613ce713981;hpb=18c86b0a0d8319d2b89f94af4a9d235f659cb796;p=apex-tripleo-heat-templates.git

diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index c5123277..94fd9eef 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -4,23 +4,21 @@ description: >
   OpenStack containerized Horizon service
 
 parameters:
-  DockerNamespace:
-    description: namespace
-    default: 'tripleoupstream'
-    type: string
   DockerHorizonImage:
     description: image
-    default: 'centos-binary-horizon:latest'
     type: string
   DockerHorizonConfigImage:
     description: The container image to use for the horizon config_volume
-    default: 'centos-binary-horizon:latest'
     type: string
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -38,6 +36,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -48,6 +53,7 @@ resources:
     type: ../../puppet/services/horizon.yaml
     properties:
       EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
@@ -67,6 +73,8 @@ outputs:
               access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
               options: ['FollowSymLinks','MultiViews']
           - horizon::secure_cookies: false
+      logging_source: {get_attr: [HorizonBase, role_data, logging_source]}
+      logging_groups: {get_attr: [HorizonBase, role_data, logging_groups]}
       step_config: {get_attr: [HorizonBase, role_data, step_config]}
       service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
@@ -74,10 +82,7 @@ outputs:
         config_volume: horizon
         puppet_tags: horizon_config
         step_config: {get_attr: [HorizonBase, role_data, step_config]}
-        config_image:
-          list_join:
-            - '/'
-            - [ {get_param: DockerNamespace}, {get_param: DockerHorizonConfigImage} ]
+        config_image: {get_param: DockerHorizonConfigImage}
       kolla_config:
         /var/lib/kolla/config_files/horizon.json:
           command: /usr/sbin/httpd -DFOREGROUND
@@ -90,6 +95,12 @@ outputs:
             - path: /var/log/horizon/
               owner: apache:apache
               recurse: true
+            # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
+            # horizon:horizon - the policy.json files need read permissions for the apache user
+            # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
+            - path: /etc/openstack-dashboard/
+              owner: apache:apache
+              recurse: true
             # FIXME Apache tries to write a .lock file there
             - path: /usr/share/openstack-dashboard/openstack_dashboard/local/
               owner: apache:apache
@@ -97,10 +108,7 @@ outputs:
       docker_config:
         step_2:
           horizon_fix_perms:
-            image: &horizon_image
-              list_join:
-                - '/'
-                - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ]
+            image: &horizon_image {get_param: DockerHorizonImage}
             user: root
             # NOTE Set ownership for /var/log/horizon/horizon.log file here,
             # otherwise it's created by root when generating django cache.
@@ -110,7 +118,8 @@ outputs:
             command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
             volumes:
               - /var/log/containers/horizon:/var/log/horizon
-              - /var/lib/config-data/horizon/etc/:/etc/
+              - /var/log/containers/httpd/horizon:/var/log/httpd
+              - /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
         step_3:
           horizon:
             image: *horizon_image
@@ -124,13 +133,27 @@ outputs:
                   - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/horizon:/var/log/horizon
+                  - /var/log/containers/httpd/horizon:/var/log/httpd
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
         - name: create persistent logs directory
           file:
-            path: /var/log/containers/horizon
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/horizon
+            - /var/log/containers/httpd/horizon
       upgrade_tasks:
         - name: Stop and disable horizon service (running under httpd)
           tags: step2