SHARE
TWEET

Untitled

a guest Jul 19th, 2019 102 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
  3. # (c) Copyright 2017-2018 SUSE LLC
  4. #
  5. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  6. # not use this file except in compliance with the License. You may obtain
  7. # a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  13. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  14. # License for the specific language governing permissions and limitations
  15. # under the License.
  16. #
  17. ---
  18.  
  19. # Collect static files and place them in vhost root
  20. # The command should typically translate to:
  21. # /opt/stack/service/horizon/venv/bin/python /opt/stack/service/horizon/manage.py collectstatic --clear --noinput
  22. - name: horizon_post_configure | post-configure | Collect static files
  23.   command: "{{ horizon_bin_dir }}/django-admin.py collectstatic --clear --noinput --ignore '*.spec.js'"
  24.   become: yes
  25.   become_user: "{{ horizon_venv_user }}"
  26.   environment:
  27.     HORIZON_LOG_TO_CONSOLE: 1
  28.     DJANGO_SETTINGS_MODULE: openstack_dashboard.settings
  29.     PYTHONPATH: "{{ horizon_package_dir }}"
  30.  
  31. # Compress the static files
  32. # The command should typically translate to:
  33. # /opt/stack/service/horizon/venv/bin/python /opt/stack/service/horizon/manage.py compress
  34. - name: horizon_post_configure | post-configure | Compress static files
  35.   command: "{{ horizon_bin_dir }}/django-admin.py compress"
  36.   become: yes
  37.   become_user: "{{ horizon_venv_user }}"
  38.   environment:
  39.     HORIZON_LOG_TO_CONSOLE: 1
  40.     DJANGO_SETTINGS_MODULE: openstack_dashboard.settings
  41.     PYTHONPATH: "{{ horizon_package_dir }}"
  42.  
  43. - name: horizon_post_configure | post-configure | DB migration and sync
  44.   become: yes
  45.   become_user: "{{ horizon_venv_user }}"
  46.   run_once: yes
  47.   command: "{{ horizon_bin_dir }}/django-admin.py migrate --noinput"
  48.   environment:
  49.     HORIZON_LOG_TO_CONSOLE: 1
  50.     DJANGO_SETTINGS_MODULE: openstack_dashboard.settings
  51.     PYTHONPATH: "{{ horizon_package_dir }}"
  52.  
  53. # Database session backing requires clearing out the session table once in a while
  54. - name: horizon_post_configure | post-configure | Set up cronjob to clear expired sessions
  55.   cron:
  56.     name: "horizon session purge"
  57.     user: "{{ horizon_user }}"
  58.     # Make this configurable based on timezone somehow?
  59.     hour: "{{ 23 }}"
  60.     minute: "{{ 59 | random }}"
  61.     job: "PYTHONPATH={{ horizon_package_dir }} DJANGO_SETTINGS_MODULE=openstack_dashboard.settings {{ horizon_bin_dir }}/django-admin.py clearsessions"
  62.  
  63.  
  64. # Sync policy files
  65. - name: "HZN-WEB | copy_policy_files | Check for keystone policy file"
  66.   stat: path="{{ 'keystone' | config_dir() }}/policy.json"
  67.   register: keystone_policy_file_info
  68.  
  69. - name: "HZN-WEB | copy_policy_files | Copy keystone policy file"
  70.   command: "cp {{ 'keystone' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/keystone_policy.json"
  71.   when: keystone_policy_file_info.stat.exists
  72.  
  73.  
  74. - name: "HZN-WEB | copy_policy_files | Check for nova policy file"
  75.   stat: path="{{ 'nova-api' | config_dir() }}/nova/policy.json"
  76.   register: nova_policy_file_info
  77.  
  78. # the policy file for Nova no longer exists as of Pike, use a generated copy if possible
  79. # and use a static copy if Nova is not locally installed
  80. - name: "HZN-WEB | copy_policy_file_generator_script | Copy policy file generator"
  81.   become: yes
  82.   copy:
  83.     src: "gen_policy.sh"
  84.     dest: "{{ horizon_package_dir }}/gen_policy.sh"
  85.     owner: "{{ horizon_venv_user }}"
  86.     group: "{{ horizon_venv_group }}"
  87.     mode: 0775
  88.  
  89. - name: "HZN-WEB | check_for_nova | Check for nova installation"
  90.   stat: path="{{ 'nova-api' | venv_dir() }}"
  91.   register: nova_install_dir
  92.  
  93. - name: HZN-WEB | generate_policy_files | Generate nova policy file
  94.   become: yes
  95.   become_user: "{{ horizon_venv_user }}"
  96.   shell: "{{ horizon_package_dir }}/gen_policy.sh {{ 'nova-api' | venv_dir() }} nova {{ 'nova-api' | config_dir() }} {{ horizon_package_dir }}"
  97.   when: nova_install_dir.stat.exists
  98.  
  99. # Horizon looks for 2 rules that aren't generated by the oslo policy generator, which is probably
  100. # an issue upstream long term. In the short term, patch in those rules
  101. # sed command does the following:
  102. # add a comma to the last rule in the file: s/"$/",\n
  103. # add the rules for os-server-groups:discoverable and
  104. # os-scheduler-hints:discoverable
  105. # these rules are in the horizon copy of nova_policy.json upstream but
  106. # are not produced as part of the nova policy generation
  107. # addressed in Queens upstream at:
  108. # https://github.com/openstack/horizon/blob/stable/queens/openstack_dashboard/conf/nova_policy.d/api-extensions.yaml
  109. # TODO: REMOVE once product is upgraded to Queens or later OpenStack release
  110. # compute_extension:aggregates addresses bsc#1089940 (host aggregates missing in Horizon)
  111. # os_compute_api:servers:attach_volume addresses bsc#1094184 (attach volume policy rule in generated file is a mismatch for rule in code)
  112. - name: HZN-WEB | patch nova_policy_file | Add missing rules to nova_policy.json
  113.   become: yes
  114.   become_user: "{{ horizon_venv_user }}"
  115.   shell: >
  116.     sed -i 's/"$/",\n
  117.     "os_compute_api:os-server-groups:discoverable": "rule:os_compute_api:os-server-groups",\n
  118.     "os_compute_api:os-scheduler-hints:discoverable": "rule:os_compute_api:os-server-groups",\n
  119.     "os_compute_api:servers:attach_volume": "rule:admin_or_owner",\n
  120.     "os_compute_api:servers:detach_volume": "rule:admin_or_owner",\n
  121.     "compute_extension:aggregates": "rule:admin_api"/'
  122.     "{{ horizon_package_dir }}/openstack_dashboard/conf/nova_policy.json"
  123.   when: nova_install_dir.stat.exists
  124.  
  125. - name: "HZN-WEB | copy_policy_files | Copy nova policy file"
  126.   become: yes
  127.   copy:
  128.     src: "openstack_dashboard/conf/nova_policy.json"
  129.     dest: "{{ horizon_package_dir }}/openstack_dashboard/conf/nova_policy.json"
  130.     owner: "{{ horizon_venv_user }}"
  131.     group: "{{ horizon_venv_group }}"
  132.     mode: 0664
  133.   when: not nova_install_dir.stat.exists
  134.  
  135. - name: "HZN-WEB | copy_policy_files | Check for cinder policy file"
  136.   stat: path="{{ cinder_dir }}/policy.json"
  137.   register: cinder_policy_file_info
  138.  
  139. - name: "HZN-WEB | copy_policy_files | Copy cinder policy file"
  140.   command: "cp {{ cinder_dir }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/cinder_policy.json"
  141.   when: cinder_policy_file_info.stat.exists
  142.  
  143.  
  144. - name: "HZN-WEB | copy_policy_files | Check for neutron policy file"
  145.   stat: path="{{ 'neutron' | config_dir() }}/policy.json"
  146.   register: neutron_policy_file_info
  147.  
  148. - name: "HZN-WEB | copy_policy_files | Copy neutron policy file"
  149.   command: "cp {{ 'neutron' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/neutron_policy.json"
  150.   when: neutron_policy_file_info.stat.exists
  151.  
  152. - name: "HZN-WEB | copy_policy_files | Modify neutron policy file"
  153.   replace: dest={{ horizon_package_dir }}/openstack_dashboard/conf/neutron_policy.json regexp='tenant_id' replace='project_id'
  154.   when: neutron_policy_file_info.stat.exists
  155.  
  156.  
  157. - name: "HZN-WEB | copy_policy_files | Check for glance policy file"
  158.   stat: path="{{ 'glance-api' | config_dir() }}/policy.json"
  159.   register: glance_policy_file_info
  160.  
  161. - name: "HZN-WEB | copy_policy_files | Copy glance policy file"
  162.   command: "cp {{ 'glance-api' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/glance_policy.json"
  163.   when: glance_policy_file_info.stat.exists
  164.  
  165.  
  166. - name: "HZN-WEB | copy_policy_files | Check for heat policy file"
  167.   stat: path="{{ 'heat-api' | config_dir() }}/heat/policy.json"
  168.   register: heat_policy_file_info
  169.  
  170. - name: "HZN-WEB | copy_policy_files | Copy heat policy file"
  171.   command: "cp {{ 'heat-api' | config_dir() }}/heat/policy.json {{ horizon_package_dir}}/openstack_dashboard/conf/heat_policy.json"
  172.   when: heat_policy_file_info.stat.exists
  173.  
  174.  
  175. - name: "HZN-WEB | copy_policy_files | Check for ceilometer policy file"
  176.   stat: path="{{ 'ceilometer-api' | config_dir() }}/policy.json"
  177.   register: ceilometer_policy_file_info
  178.  
  179. - name: "HZN-WEB | copy_policy_files | Copy ceilometer policy file"
  180.   command: "cp {{ 'ceilometer-api' | config_dir() }}/policy.json {{ horizon_package_dir }}/openstack_dashboard/conf/ceilometer_policy.json"
  181.   when: ceilometer_policy_file_info.stat.exists
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top