Compare commits
4 Commits
149590eb35
...
2e372f3b78
Author | SHA1 | Date | |
---|---|---|---|
|
2e372f3b78 | ||
|
8acb4813a1 | ||
|
776ce0b2d9 | ||
|
b1de9e17e5 |
10
.drone.yml
10
.drone.yml
@ -94,6 +94,16 @@ pipeline:
|
||||
tag: latest
|
||||
when:
|
||||
branch: master
|
||||
horizon_merlin:
|
||||
image: plugins/docker
|
||||
dockerfile: horizon/Dockerfile
|
||||
context: horizon
|
||||
secrets: [docker_username, docker_password]
|
||||
registry: registry.webhosting.rug.nl
|
||||
repo: registry.webhosting.rug.nl/hpc/openstack-horizon-merlin
|
||||
tag: latest
|
||||
when:
|
||||
branch: merlin
|
||||
neutron_controller_merlin:
|
||||
image: plugins/docker
|
||||
dockerfile: neutron_controller/Dockerfile
|
||||
|
@ -16,20 +16,29 @@ RUN set -x \
|
||||
python-openstackclient \
|
||||
&& apt-get -y clean
|
||||
|
||||
EXPOSE 80
|
||||
|
||||
EXPOSE 80 443
|
||||
|
||||
COPY openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.conf
|
||||
|
||||
COPY local_settings.py /etc/openstack-dashboard/local_settings.py
|
||||
|
||||
# Add a redirect to /keystone instead of the "It works! page"
|
||||
COPY 000-default.conf /etc/apache2/sites-available
|
||||
|
||||
COPY run.sh /etc/run.sh
|
||||
|
||||
RUN chown -R www-data: /var/lib/openstack-dashboard/
|
||||
|
||||
RUN touch /var/log/horizon.log
|
||||
|
||||
RUN chown www-data: /var/log/horizon.log
|
||||
|
||||
RUN chown horizon: /var/lib/openstack-dashboard/secret_key
|
||||
RUN a2enmod ssl
|
||||
RUN a2enmod headers
|
||||
RUN a2enmod rewrite
|
||||
|
||||
CMD apachectl -DFOREGROUND
|
||||
RUN chown /var/lib/openstack-dashboard/secret_key horizon
|
||||
|
||||
CMD /etc/run.sh
|
||||
|
||||
|
@ -37,7 +37,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
||||
#EMAIL_HOST_PASSWORD = 'top-secret!'
|
||||
|
||||
OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
|
||||
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
|
||||
OPENSTACK_KEYSTONE_URL = "https://%s:5000/v3" % OPENSTACK_HOST
|
||||
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
|
||||
|
||||
|
||||
@ -266,7 +266,6 @@ TIME_ZONE = "UTC"
|
||||
# ('default', 'Default', 'themes/default'),
|
||||
# ('material', 'Material', 'themes/material'),
|
||||
#]
|
||||
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
# When set to True this will disable all logging except
|
||||
@ -288,11 +287,12 @@ LOGGING = {
|
||||
},
|
||||
'console': {
|
||||
# Set the level to "DEBUG" for verbose output logging.
|
||||
'level': 'INFO',
|
||||
'class': 'logging.StreamHandler',
|
||||
'level': 'DEBUG',
|
||||
'class': 'logging.FileHandler',
|
||||
'filename': '/var/log/horizon.log',
|
||||
},
|
||||
'operation': {
|
||||
'level': 'INFO',
|
||||
'level': 'DEBUG',
|
||||
'class': 'logging.StreamHandler',
|
||||
'formatter': 'operation',
|
||||
},
|
||||
@ -516,3 +516,12 @@ ALLOWED_HOSTS = '*'
|
||||
COMPRESS_OFFLINE = True
|
||||
|
||||
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
|
||||
|
||||
WEBSSO_ENABLED = True
|
||||
|
||||
WEBSSO_CHOICES = (
|
||||
("credentials", _("Keystone Credentials")),
|
||||
("mapped", _("Security Assertion Markup Language"))
|
||||
)
|
||||
|
||||
WEBSSO_INITIAL_CHOICE = "mapped"
|
||||
|
35
horizon/openstack-dashboard.conf
Normal file
35
horizon/openstack-dashboard.conf
Normal file
@ -0,0 +1,35 @@
|
||||
<VirtualHost *:80>
|
||||
RedirectMatch "^/$" "/horizon"
|
||||
ServerName oscloudtest01.hpc.rug.nl
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTPS} off
|
||||
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443>
|
||||
RedirectMatch "^/$" "/horizon"
|
||||
ServerName oscloudtest01.hpc.rug.nl
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile "/certs/oscloudtest01.hpc.rug.nl.crt"
|
||||
SSLCertificateKeyFile "/certs/oscloudtest01.hpc.rug.nl.key"
|
||||
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|
||||
|
||||
# HTTP Strict Transport Security (HSTS) enforces that all communications
|
||||
# with a server go over SSL. This mitigates the threat from attacks such
|
||||
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
|
||||
# and potentially allowing an attacker to view confidential information on the
|
||||
# wire
|
||||
Header add Strict-Transport-Security "max-age=15768000"
|
||||
|
||||
Alias /horizon/static /var/lib/openstack-dashboard/static/
|
||||
Alias /static /var/lib/openstack-dashboard/static/
|
||||
|
||||
<Directory /var/lib/openstack-dashboard/static>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi process-group=horizon
|
||||
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 display-name=%{GROUP}
|
||||
WSGIProcessGroup horizon
|
||||
</VirtualHost>
|
||||
|
6
horizon/run.sh
Executable file
6
horizon/run.sh
Executable file
@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
#Making the console log console again...
|
||||
tail -f /var/log/horizon.log &
|
||||
|
||||
apachectl -DFOREGROUND
|
@ -12,7 +12,7 @@ RUN set -x \
|
||||
python-openstackclient \
|
||||
nova-compute \
|
||||
neutron-linuxbridge-agent \
|
||||
neutron-l3-agent \
|
||||
neutron-l3-agent \
|
||||
neutron-dhcp-agent \
|
||||
neutron-metadata-agent \
|
||||
python-ceph \
|
||||
|
Loading…
Reference in New Issue
Block a user