/home/zuul/src/opendev.org/openstack/openstack-ansible-os_horizon/defaults/main.yml
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

## Verbosity Options
debug: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
horizon_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
horizon_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((horizon_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
horizon_package_state: "latest"
horizon_pip_package_state: "latest"

# Set installation method.
horizon_install_method: "source"
horizon_venv_python_executable: "{{ openstack_venv_python_executable | default('python2') }}"

horizon_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"

## The git source/branch for Horizon
horizon_git_repo: https://opendev.org/openstack/horizon
horizon_git_track_branch: master
horizon_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Blazar UI plugin
blazar_dashboard_git_repo: https://opendev.org/openstack/blazar-dashboard
blazar_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for Cloudkitty UI plugin
cloudkitty_dashboard_git_repo: https://opendev.org/openstack/cloudkitty-dashboard
cloudkitty_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Magnum UI plugin
magnum_dashboard_git_repo: https://opendev.org/openstack/magnum-ui
magnum_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Manila UI plugin
manila_dashboard_git_repo: https://opendev.org/openstack/manila-ui.git
manila_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Masakari UI plugin
masakari_dashboard_git_repo: https://opendev.org/openstack/masakari-dashboard
masakari_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Mistral UI plugin
mistral_dashboard_git_repo: https://opendev.org/openstack/mistral-dashboard.git
mistral_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Octavia UI plugin
octavia_dashboard_git_repo: https://opendev.org/openstack/octavia-dashboard
octavia_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Designate UI plugin
designate_dashboard_git_repo: https://opendev.org/openstack/designate-dashboard
designate_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Tacker UI plugin
tacker_dashboard_git_repo: https://opendev.org/openstack/tacker-horizon
tacker_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Trove UI plugin
trove_dashboard_git_repo: https://opendev.org/openstack/trove-dashboard
trove_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Heat UI plugin
heat_dashboard_git_repo: https://opendev.org/openstack/heat-dashboard
heat_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Watcher UI plugin
watcher_dashboard_git_repo: https://opendev.org/openstack/watcher-dashboard
watcher_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The git source/branch for the Zun UI plugin
zun_dashboard_git_repo: https://opendev.org/openstack/zun-ui
zun_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

# The git source/branch for the Neutron VPNaaS UI plugin
neutron_vpnaas_dashboard_git_repo: https://opendev.org/openstack/neutron-vpnaas-dashboard
neutron_vpnaas_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"

## The packages to build from source
horizon_git_constraints:
  - "git+{{ horizon_git_repo }}@{{ horizon_git_install_branch }}#egg=horizon"
  - "git+{{ blazar_dashboard_git_repo }}@{{ blazar_dashboard_git_install_branch }}#egg=blazar-dashboard"
  - "git+{{ cloudkitty_dashboard_git_repo }}@{{ cloudkitty_dashboard_git_install_branch }}#egg=cloudkitty_dashboard"
  - "git+{{ magnum_dashboard_git_repo }}@{{ magnum_dashboard_git_install_branch }}#egg=magnum-ui"
  - "git+{{ manila_dashboard_git_repo }}@{{ manila_dashboard_git_install_branch }}#egg=manila-ui"
  - "git+{{ masakari_dashboard_git_repo }}@{{ masakari_dashboard_git_install_branch }}#egg=masakari_dashboard"
  - "git+{{ mistral_dashboard_git_repo }}@{{ mistral_dashboard_git_install_branch }}#egg=mistral-dashboard"
  - "git+{{ designate_dashboard_git_repo }}@{{ designate_dashboard_git_install_branch }}#egg=designate_dashboard"
  - "git+{{ tacker_dashboard_git_repo }}@{{ tacker_dashboard_git_install_branch }}#egg=tacker_horizon"
  - "git+{{ trove_dashboard_git_repo }}@{{ trove_dashboard_git_install_branch }}#egg=trove_dashboard"
  - "git+{{ heat_dashboard_git_repo }}@{{ heat_dashboard_git_install_branch }}#egg=heat_dashboard"
  - "git+{{ watcher_dashboard_git_repo }}@{{ watcher_dashboard_git_install_branch }}#egg=watcher_dashboard"
  - "git+{{ zun_dashboard_git_repo }}@{{ zun_dashboard_git_install_branch }}#egg=zun_ui"
  - "git+{{ neutron_vpnaas_dashboard_git_repo }}@{{ neutron_vpnaas_dashboard_git_install_branch }}#egg=neutron_vpnaas_dashboard"
  - --constraint {{ horizon_upper_constraints_url }}

horizon_pip_install_args: "{{ pip_install_options | default('') }}"

# Name of the virtual env to deploy into
horizon_venv_tag: "{{ venv_tag | default('untagged') }}"
horizon_bin: "{{ _horizon_bin }}"

## System info
horizon_system_user_name: horizon
horizon_system_group_name: horizon

horizon_system_shell: /bin/false
horizon_system_comment: horizon system user
horizon_system_user_home: "/var/lib/{{ horizon_system_user_name }}"

## Service Type and Data
horizon_service_region: RegionOne
horizon_service_name: horizon
## Session configuration
# Specifies the timespan in seconds inactivity, until a user is considered as
# logged out
horizon_session_engine: 'django.contrib.sessions.backends.cache'
horizon_session_caches:
  default:
    BACKEND: 'django.core.cache.backends.memcached.MemcachedCache'
    LOCATION: "{{ memcached_servers.split(',') }}"
horizon_session_timeout: 1800

## Horizon Help URL Path
horizon_help_url: https://docs.openstack.org/horizon/latest/user/

## Installation directories
horizon_lib_dir: "{{ _horizon_lib_dir }}"
horizon_lib_wsgi_file: "{{ horizon_lib_dir }}/openstack_dashboard/wsgi/django.wsgi"

horizon_endpoint_type: internalURL

horizon_server_name: "{{ ansible_fqdn | default('horizon') }}"
horizon_apache_servertokens: "Prod"
horizon_apache_serversignature: "Off"
horizon_log_level: info
# It's combined log format without datetime, since it's already present in journald
horizon_apache_custom_log_format: '"%h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""'
horizon_dropdown_max_items: 30
horizon_instance_log_length: 35
horizon_overview_days_range: 1
horizon_images_upload_mode: direct
horizon_images_allow_location: False
horizon_time_zone: UTC
horizon_enforce_password_check: False
horizon_disable_password_reveal: False
horizon_enable_password_retrieve: False
horizon_enable_password_autocomplete: False
horizon_enable_heatstack_user_pass: True
# If nova_libvirt_inject_password is set to True, then this can also be enabled:
horizon_can_set_password: False
horizon_enable_cinder_backup: False
# Enables IPv6 support in Horizon, such as managing network subnets
horizon_enable_ipv6: True
# Enables router support in Horizon, disable if you don't have Neutron L3 agent
horizon_enable_router: True

# Disable/Enable simplified floating IP address management for deployments with
# multiple floating IP pools or complex network requirements.
horizon_simple_ip_management: True

# To enable ha router support in horizon set to True
horizon_enable_ha_router: False

# Provide default DNS servers to use when a subnet is created.
horizon_default_dns_nameservers: []

# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
# Scripting (XFS) vulnerability, so this option allows extra security hardening
# where iframes are not used in deployment. Default setting is True.
# For more information see:
# http://tinyurl.com/anticlickjack
horizon_disallow_iframe_embed: True

# WSGI tuning parameters
# horizon_wsgi_processes: 4
# horizon_wsgi_threads: 4

## Cap the maximun number of threads / workers when a user value is unspecified.
horizon_wsgi_threads_max: 16
horizon_wsgi_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, horizon_wsgi_threads_max] | min }}"

## Horizon SSL
horizon_ssl_cert: /etc/ssl/certs/horizon.pem
horizon_ssl_key: /etc/ssl/private/horizon.key
horizon_ssl_ca_cert: /etc/ssl/certs/horizon-ca.pem
horizon_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1.1') }}"
horizon_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it
horizon_ssl_self_signed_regen: false
horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizon_server_name }}/subjectAltName=IP.1={{ external_lb_vip_address }}"

# Set these variables to deploy custom certificates
# horizon_user_ssl_cert: <path to cert on ansible deployment host>
# horizon_user_ssl_key: <path to cert on ansible deployment host>
# horizon_user_ssl_ca_cert: <path to cert on ansible deployment host>

# Toggle whether horizon should be served via SSL
horizon_enable_ssl: "{{ (haproxy_ssl | default(True)) | bool }}"

# Toggle whether horizon is served via an external device, like a load
# balancer. This enables the use of the horizon_secure_proxy_ssl_header
# in the web server configuration.
# Note (odyssey4me):
# This variable is actually badly named, as it applies
# settings which have nothing to do with SSL.
horizon_external_ssl: "{{ (openstack_external_ssl | default(False)) | bool }}"

# Set this to the header that your device sets when doing ssl termination
# Note (odyssey4me):
# This variable is actually badly named, as it applies
# settings which have nothing to do with SSL.
horizon_secure_proxy_ssl_header: "X-Forwarded-Proto"
horizon_secure_proxy_ssl_header_django: "HTTP_{{ horizon_secure_proxy_ssl_header | replace('-', '_') | upper }}"

# For multiple regions uncomment this configuration, and
# add the extra endpoints below the first list item.
# horizon_available_regions:
#   - { url: "{{ keystone_service_internalurl }}", name: "{{ keystone_service_region }}" }
#   - { url: "http://cluster1.example.com:5000/v2.0", name: "RegionTwo" }

## Horizon's keystone endpoint settings
horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"

## Horizon Multi-Domain Support
# these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint
horizon_keystone_multidomain_support: False
# It is strongly advised NOT to enable dropdown for public clouds, as advertising enabled domains
# to unauthenticated customers irresponsibly exposes private information.
horizon_keystone_multidomain_dropdown: False

horizon_keystone_default_domain: Default

# Enable/disable v2 openrc file download in horizon.
horizon_show_keystone_v2_rc: True

### Set the cacert pem for Keystone if you'd like Horizon to verify it.
# horizon_cacert_pem: /path/to/cacert.pem

## alternatively, you can set horizon to turn off ssl verification for Keystone
horizon_ssl_no_verify: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"

## The role which Horizon should use as a default for users
horizon_default_role_name: _member_

## Launch instance
horizon_launch_instance_legacy: False
horizon_launch_instance_ng: True
horizon_launch_instance_defaults:
  config_drive: False
  enable_scheduler_hints: True
  disable_image: False
  disable_instance_snapshot: False
  disable_volume: False
  disable_volume_snapshot: False
  create_volume: True

## Blazar UI Panel
horizon_enable_blazar_ui: False

## Cloudkitty UI Panel
horizon_enable_cloudkitty_ui: False

## Ironic UI Panel
horizon_enable_ironic_ui: False

## Magnum UI Panel
horizon_enable_magnum_ui: False

## Mistral Ui Panel
horizon_enable_mistral_ui: False

## Manila UI Panel
horizon_enable_manila_ui: False

## Masakari UI Panel
horizon_enable_masakari_ui: False

## Octavia UI Panel
horizon_enable_octavia_ui: False

## Sahara UI Panel
horizon_enable_sahara_ui: False

## Tacker UI Panel
horizon_enable_tacker_ui: False

## Trove UI Panel
horizon_enable_trove_ui: False

## Designate UI Panel
horizon_enable_designate_ui: False

## Heat UI Panel
horizon_enable_heat_ui: False

## Neutron features to enable
horizon_enable_neutron_fwaas: False
horizon_enable_neutron_vpnaas: False

## Watcher UI Panel
horizon_enable_watcher_ui: False

## Zun UI Panel
horizon_enable_zun_ui: False

## Swift
horizon_swift_file_transfer_chunk_size: 524288

## Panel
horizon_default_panel: overview

# For blacklisting certain Nova extensions uncomment this configuration,
# and add necessary list items.
# horizon_nova_extensions_blacklist:
#   - "SimpleTenantUsage"

## Customization module
## See https://docs.openstack.org/horizon/latest/configuration/customizing.html#horizon-customization-module-overrides
# horizon_customization_module: /local/path/to/customization_module.py

## Replace default theme files with your own
# horizon_custom_uploads:
#   logo:
#     src: "path_on_deployment_host_of_your_custom_logo.svg"
#     dest: "img/logo.svg"
#   logo_splash:
#     src: "path_on_deployment_host_of_your_custom_logo-splash.svg"
#     dest: "img/logo-splash.svg"

_horizon_available_themes:
  default:
    theme_name: "default"
    theme_label: "Default"
    theme_path: "themes/default"
  material:
    theme_name: "material"
    theme_label: "Material"
    theme_path: "themes/material"

# Add custom themes. Deployers need to place the archive, with the theme inside,
# into the directory, which is specified by theme_src_archive key.
# It should be an absolute path to the archive on the deployment host.
# Leading folders are not expected in the archive.
# Following archive formats are supported:
# .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2
# See https://docs.openstack.org/horizon/latest/configuration/themes.html
# for more details on custom themes
# Example:
#
# horizon_custom_themes:
#   custom_theme:
#     theme_name: "custom"
#     theme_label: "Custom"
#     theme_path: "themes/custom"
#     theme_src_archive: "/etc/openstack_deploy/horizon/themes/custom.tar.gz"
#
horizon_custom_themes: {}

# Which of the available themes will be used by default
# value is the theme_name from the vars above
horizon_default_theme: "default"

horizon_webroot: /

horizon_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"

horizon_listen_ports:
  http: "80"
  https: "443"

horizon_pip_packages:
  - horizon
  - python-memcached

# Specific pip packages provided by the user
horizon_user_pip_packages: []

# Optional pip packages for additional dashboards
# TODO(odyssey4me):
# Simplify this when we are no longer using the py_pkgs plugin
horizon_blazar_optional_pip_packages:
  - blazar_dashboard
horizon_cloudkitty_optional_pip_packages:
  - cloudkitty_dashboard
horizon_designate_optional_pip_packages:
  - designate_dashboard
horizon_heat_optional_pip_packages:
  - heat_dashboard
horizon_ironic_optional_pip_packages:
  - ironic-ui
horizon_magnum_optional_pip_packages:
  - magnum-ui
horizon_manila_optional_pip_packages:
  - manila-ui
horizon_masakari_optional_pip_packages:
  - masakari-dashboard
horizon_mistral_optional_pip_packages:
  - mistral-dashboard
horizon_neutron_fwaas_optional_pip_packages:
  - neutron-fwaas-dashboard
horizon_neutron_vpnaas_optional_pip_packages:
  - neutron-vpnaas-dashboard
horizon_octavia_optional_pip_packages:
  - octavia_dashboard
horizon_sahara_optional_pip_packages:
  - sahara_dashboard
horizon_tacker_optional_pip_packages:
  - tacker_horizon
horizon_trove_optional_pip_packages:
  - trove_dashboard
horizon_watcher_optional_pip_packages:
  - watcher_dashboard
horizon_zun_optional_pip_packages:
  - zun_ui

# This variable is used to install additional pip packages
# that could be needed for additional dashboards required
# which are not part of the standard set above.
horizon_optional_pip_packages: []

# This variable is used to update the horizon translations from
# Zanata, this can be set to "True" when testing translations,
# but should otherwise be left as False.
horizon_translations_update: False

# This variable is used to define the version of the project
# (horizon) to pull from Zanata. Default value is master,
# other possibly values are stable/pike, stable/queens...
horizon_translations_project_version: "master"

# This variable is used to be able to fully override or
# partially union/intersect lists in order to change the
# behaviour of the pull of the translations per component.
horizon_translations_pull: "{{ _horizon_translations_pull }}"

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
horizon_role_project_group: horizon_all

# Set arbitrary horizon configuration options
horizon_config_overrides: {}

horizon_keystone_admin_roles:
  - admin

# Set the "credentials" authentication choice to show as default.
# The list of authentication mechanisms which include keystone
# federation protocols and identity provider/federation protocol
horizon_websso_initial_choice: "credentials"