Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
- # (c) Copyright 2017-2018 SUSE LLC
- #
- # Licensed under the Apache License, Version 2.0 (the "License"); you may
- # not use this file except in compliance with the License. You may obtain
- # a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- # License for the specific language governing permissions and limitations
- # under the License.
- #
- ---
- # Collect static files and place them in vhost root
- # The command should typically translate to:
- # /opt/stack/service/horizon/venv/bin/python /opt/stack/service/horizon/manage.py collectstatic --clear --noinput
- - name: horizon_post_configure | post-configure | Collect static files
- command: "{{ horizon_bin_dir }}/django-admin.py collectstatic --clear --noinput --ignore '*.spec.js'"
- become: yes
- become_user: "{{ horizon_venv_user }}"
- environment:
- HORIZON_LOG_TO_CONSOLE: 1
- DJANGO_SETTINGS_MODULE: openstack_dashboard.settings
- PYTHONPATH: "{{ horizon_package_dir }}"
- # Compress the static files
- # The command should typically translate to:
- # /opt/stack/service/horizon/venv/bin/python /opt/stack/service/horizon/manage.py compress
- - name: horizon_post_configure | post-configure | Compress static files
- command: "{{ horizon_bin_dir }}/django-admin.py compress"
- become: yes
- become_user: "{{ horizon_venv_user }}"
- environment:
- HORIZON_LOG_TO_CONSOLE: 1
- DJANGO_SETTINGS_MODULE: openstack_dashboard.settings
- PYTHONPATH: "{{ horizon_package_dir }}"
- - name: horizon_post_configure | post-configure | DB migration and sync
- become: yes
- become_user: "{{ horizon_venv_user }}"
- run_once: yes
- command: "{{ horizon_bin_dir }}/django-admin.py migrate --noinput"
- environment:
- HORIZON_LOG_TO_CONSOLE: 1
- DJANGO_SETTINGS_MODULE: openstack_dashboard.settings
- PYTHONPATH: "{{ horizon_package_dir }}"
- # Database session backing requires clearing out the session table once in a while
- - name: horizon_post_configure | post-configure | Set up cronjob to clear expired sessions
- cron:
- name: "horizon session purge"
- user: "{{ horizon_user }}"
- # Make this configurable based on timezone somehow?
- hour: "{{ 23 }}"
- minute: "{{ 59 | random }}"
- job: "PYTHONPATH={{ horizon_package_dir }} DJANGO_SETTINGS_MODULE=openstack_dashboard.settings {{ horizon_bin_dir }}/django-admin.py clearsessions"
- # Sync policy files
- - name: "HZN-WEB | copy_policy_files | Check for keystone policy file"
- stat: path="{{ 'keystone' | config_dir() }}/policy.json"
- register: keystone_policy_file_info
- - name: "HZN-WEB | copy_policy_files | Copy keystone policy file"
- command: "cp {{ 'keystone' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/keystone_policy.json"
- when: keystone_policy_file_info.stat.exists
- - name: "HZN-WEB | copy_policy_files | Check for nova policy file"
- stat: path="{{ 'nova-api' | config_dir() }}/nova/policy.json"
- register: nova_policy_file_info
- # the policy file for Nova no longer exists as of Pike, use a generated copy if possible
- # and use a static copy if Nova is not locally installed
- - name: "HZN-WEB | copy_policy_file_generator_script | Copy policy file generator"
- become: yes
- copy:
- src: "gen_policy.sh"
- dest: "{{ horizon_package_dir }}/gen_policy.sh"
- owner: "{{ horizon_venv_user }}"
- group: "{{ horizon_venv_group }}"
- mode: 0775
- - name: "HZN-WEB | check_for_nova | Check for nova installation"
- stat: path="{{ 'nova-api' | venv_dir() }}"
- register: nova_install_dir
- - name: HZN-WEB | generate_policy_files | Generate nova policy file
- become: yes
- become_user: "{{ horizon_venv_user }}"
- shell: "{{ horizon_package_dir }}/gen_policy.sh {{ 'nova-api' | venv_dir() }} nova {{ 'nova-api' | config_dir() }} {{ horizon_package_dir }}"
- when: nova_install_dir.stat.exists
- # Horizon looks for 2 rules that aren't generated by the oslo policy generator, which is probably
- # an issue upstream long term. In the short term, patch in those rules
- # sed command does the following:
- # add a comma to the last rule in the file: s/"$/",\n
- # add the rules for os-server-groups:discoverable and
- # os-scheduler-hints:discoverable
- # these rules are in the horizon copy of nova_policy.json upstream but
- # are not produced as part of the nova policy generation
- # addressed in Queens upstream at:
- # https://github.com/openstack/horizon/blob/stable/queens/openstack_dashboard/conf/nova_policy.d/api-extensions.yaml
- # TODO: REMOVE once product is upgraded to Queens or later OpenStack release
- # compute_extension:aggregates addresses bsc#1089940 (host aggregates missing in Horizon)
- # os_compute_api:servers:attach_volume addresses bsc#1094184 (attach volume policy rule in generated file is a mismatch for rule in code)
- - name: HZN-WEB | patch nova_policy_file | Add missing rules to nova_policy.json
- become: yes
- become_user: "{{ horizon_venv_user }}"
- shell: >
- sed -i 's/"$/",\n
- "os_compute_api:os-server-groups:discoverable": "rule:os_compute_api:os-server-groups",\n
- "os_compute_api:os-scheduler-hints:discoverable": "rule:os_compute_api:os-server-groups",\n
- "os_compute_api:servers:attach_volume": "rule:admin_or_owner",\n
- "os_compute_api:servers:detach_volume": "rule:admin_or_owner",\n
- "compute_extension:aggregates": "rule:admin_api"/'
- "{{ horizon_package_dir }}/openstack_dashboard/conf/nova_policy.json"
- when: nova_install_dir.stat.exists
- - name: "HZN-WEB | copy_policy_files | Copy nova policy file"
- become: yes
- copy:
- src: "openstack_dashboard/conf/nova_policy.json"
- dest: "{{ horizon_package_dir }}/openstack_dashboard/conf/nova_policy.json"
- owner: "{{ horizon_venv_user }}"
- group: "{{ horizon_venv_group }}"
- mode: 0664
- when: not nova_install_dir.stat.exists
- - name: "HZN-WEB | copy_policy_files | Check for cinder policy file"
- stat: path="{{ cinder_dir }}/policy.json"
- register: cinder_policy_file_info
- - name: "HZN-WEB | copy_policy_files | Copy cinder policy file"
- command: "cp {{ cinder_dir }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/cinder_policy.json"
- when: cinder_policy_file_info.stat.exists
- - name: "HZN-WEB | copy_policy_files | Check for neutron policy file"
- stat: path="{{ 'neutron' | config_dir() }}/policy.json"
- register: neutron_policy_file_info
- - name: "HZN-WEB | copy_policy_files | Copy neutron policy file"
- command: "cp {{ 'neutron' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/neutron_policy.json"
- when: neutron_policy_file_info.stat.exists
- - name: "HZN-WEB | copy_policy_files | Modify neutron policy file"
- replace: dest={{ horizon_package_dir }}/openstack_dashboard/conf/neutron_policy.json regexp='tenant_id' replace='project_id'
- when: neutron_policy_file_info.stat.exists
- - name: "HZN-WEB | copy_policy_files | Check for glance policy file"
- stat: path="{{ 'glance-api' | config_dir() }}/policy.json"
- register: glance_policy_file_info
- - name: "HZN-WEB | copy_policy_files | Copy glance policy file"
- command: "cp {{ 'glance-api' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/glance_policy.json"
- when: glance_policy_file_info.stat.exists
- - name: "HZN-WEB | copy_policy_files | Check for heat policy file"
- stat: path="{{ 'heat-api' | config_dir() }}/heat/policy.json"
- register: heat_policy_file_info
- - name: "HZN-WEB | copy_policy_files | Copy heat policy file"
- command: "cp {{ 'heat-api' | config_dir() }}/heat/policy.json {{ horizon_package_dir}}/openstack_dashboard/conf/heat_policy.json"
- when: heat_policy_file_info.stat.exists
- - name: "HZN-WEB | copy_policy_files | Check for ceilometer policy file"
- stat: path="{{ 'ceilometer-api' | config_dir() }}/policy.json"
- register: ceilometer_policy_file_info
- - name: "HZN-WEB | copy_policy_files | Copy ceilometer policy file"
- command: "cp {{ 'ceilometer-api' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/ceilometer_policy.json"
- when: ceilometer_policy_file_info.stat.exists
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement