Allow one to specify horizon ALLOWED_HOSTS

If horizon is running in production (DEBUG is False), it will answer
only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the
local_settings.py configuration file.

The puppet-horizon module offer the feature to customize that,
tripleo-heat-teamplates was missing the link between the top-level
parameter and the puppet parameter, hence this commit.

More info :

 * https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
 * https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24

Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d

diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 7fdba56..654c242 100644 (file)
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -78,6 +78,10 @@ parameters:
     default: http
     description: Protocol to use when connecting to glance, set to https for SSL.
     type: string
+  HorizonAllowedHosts:
+    default: '*'
+    description: A list of IP/Hostname allowed to connect to horizon
+    type: comma_delimited_list
   ImageUpdatePolicy:
     default: 'REBUILD_PRESERVE_EPHEMERAL'
     description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
@@ -780,6 +784,7 @@ resources:
           HeatPassword: {get_param: HeatPassword}
           HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
           HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
+          HorizonAllowedHosts: {get_param: HorizonAllowedHosts}
           HorizonSecret: {get_resource: HorizonSecret}
           Image: {get_param: controllerImage}
           ImageUpdatePolicy: {get_param: ImageUpdatePolicy}

diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 3b7ec7e..8ea7053 100644 (file)
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -187,6 +187,10 @@ parameters:
   HeatAuthEncryptionKey:
     description: Auth encryption key for heat-engine
     type: string
+  HorizonAllowedHosts:
+    default: '*'
+    description: A list of IP/Hostname allowed to connect to horizon
+    type: comma_delimited_list
   HorizonSecret:
     description: Secret key for Django
     type: string
@@ -666,6 +670,7 @@ resources:
               - {get_param: HeatApiVirtualIP}
               - ':8000/v1/waitcondition'
         heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
+        horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
         horizon_secret: {get_param: HorizonSecret}
         admin_password: {get_param: AdminPassword}
         admin_token: {get_param: AdminToken}
@@ -1182,6 +1187,7 @@ resources:
 
                 # Horizon
                 apache::ip: {get_input: horizon_network}
+                horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
                 horizon::django_debug: {get_input: debug}
                 horizon::secret_key: {get_input: horizon_secret}
                 horizon::bind_address: {get_input: horizon_network}

diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index a4e2766..90c2705 100644 (file)
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -90,7 +90,6 @@ pacemaker::resource_defaults::defaults:
   resource-stickiness: { value: INFINITY }
 
 # horizon
-horizon::allowed_hosts: '*'
 horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
 
 # mysql