HPC/openstack_dockers
8
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'feature/federated-login-merlin' into merlin

Browse Source
This commit is contained in:
Egon Rijpkema 2018-08-09 12:09:58 +02:00
commit 8acb4813a1
5 changed files with 68 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
horizon/Dockerfile
View File

@ -16,20 +16,29 @@ RUN set -x \
python-openstackclient \ python-openstackclient \
&& apt-get -y clean && apt-get -y clean
EXPOSE 80
EXPOSE 80 443
COPY openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.conf
COPY local_settings.py /etc/openstack-dashboard/local_settings.py COPY local_settings.py /etc/openstack-dashboard/local_settings.py
# Add a redirect to /keystone instead of the "It works! page" # Add a redirect to /keystone instead of the "It works! page"
COPY 000-default.conf /etc/apache2/sites-available COPY 000-default.conf /etc/apache2/sites-available
COPY run.sh /etc/run.sh
RUN chown -R www-data: /var/lib/openstack-dashboard/ RUN chown -R www-data: /var/lib/openstack-dashboard/
RUN touch /var/log/horizon.log RUN touch /var/log/horizon.log
RUN chown www-data: /var/log/horizon.log RUN chown www-data: /var/log/horizon.log
RUN chown horizon: /var/lib/openstack-dashboard/secret_key RUN a2enmod ssl
RUN a2enmod headers
RUN a2enmod rewrite
CMD apachectl -DFOREGROUND RUN chown /var/lib/openstack-dashboard/secret_key horizon
CMD /etc/run.sh

19
horizon/local_settings.py
View File

@ -37,7 +37,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
#EMAIL_HOST_PASSWORD = 'top-secret!' #EMAIL_HOST_PASSWORD = 'top-secret!'
OPENSTACK_HOST = os.environ['KEYSTONE_HOST'] OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_URL = "https://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
@ -266,7 +266,6 @@ TIME_ZONE = "UTC"
# ('default', 'Default', 'themes/default'), # ('default', 'Default', 'themes/default'),
# ('material', 'Material', 'themes/material'), # ('material', 'Material', 'themes/material'),
#] #]
LOGGING = { LOGGING = {
'version': 1, 'version': 1,
# When set to True this will disable all logging except # When set to True this will disable all logging except
@ -288,11 +287,12 @@ LOGGING = {
}, },
'console': { 'console': {
# Set the level to "DEBUG" for verbose output logging. # Set the level to "DEBUG" for verbose output logging.
'level': 'INFO', 'level': 'DEBUG',
'class': 'logging.StreamHandler', 'class': 'logging.FileHandler',
'filename': '/var/log/horizon.log',
}, },
'operation': { 'operation': {
'level': 'INFO', 'level': 'DEBUG',
'class': 'logging.StreamHandler', 'class': 'logging.StreamHandler',
'formatter': 'operation', 'formatter': 'operation',
}, },
@ -516,3 +516,12 @@ ALLOWED_HOSTS = '*'
COMPRESS_OFFLINE = True COMPRESS_OFFLINE = True
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []} ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
WEBSSO_ENABLED = True
WEBSSO_CHOICES = (
("credentials", _("Keystone Credentials")),
("mapped", _("Security Assertion Markup Language"))
)
WEBSSO_INITIAL_CHOICE = "mapped"

35
horizon/openstack-dashboard.conf Normal file
View File

@ -0,0 +1,35 @@
<VirtualHost *:80>
RedirectMatch "^/$" "/horizon"
ServerName oscloudtest01.hpc.rug.nl
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
RedirectMatch "^/$" "/horizon"
ServerName oscloudtest01.hpc.rug.nl
SSLEngine On
SSLCertificateFile "/certs/oscloudtest01.hpc.rug.nl.crt"
SSLCertificateKeyFile "/certs/oscloudtest01.hpc.rug.nl.key"
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
# HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
Alias /horizon/static /var/lib/openstack-dashboard/static/
Alias /static /var/lib/openstack-dashboard/static/
<Directory /var/lib/openstack-dashboard/static>
Require all granted
</Directory>
WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi process-group=horizon
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 display-name=%{GROUP}
WSGIProcessGroup horizon
</VirtualHost>

6
horizon/run.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
#Making the console log console again...
tail -f /var/log/horizon.log &
apachectl -DFOREGROUND

2
nova_compute/Dockerfile
View File

@ -12,7 +12,7 @@ RUN set -x \
python-openstackclient \ python-openstackclient \
nova-compute \ nova-compute \
neutron-linuxbridge-agent \ neutron-linuxbridge-agent \
neutron-l3-agent \ neutron-l3-agent \
neutron-dhcp-agent \ neutron-dhcp-agent \
neutron-metadata-agent \ neutron-metadata-agent \
python-ceph \ python-ceph \