Zed Series Release Notes¶
18.0.0.0b1-215¶
New Features¶
Add
horizon_allowed_hosts
to be able to configure django ALLOWED_HOSTS. The default is still the same as it was but you can create a list of allowed hosts in/etc/openstack_deploy/user_variables.yml
. to set the correct value, see https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for more details.
The blazar dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_blazar_ui: True
The cloudkitty dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_cloudkitty_ui: True
The
os_horizon
role now supports distribution of user custom themes. Deployers can use the new keytheme_src_archive
ofhorizon_custom_themes
dictionary to provide absolute path to the archived theme. Only .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2 archives are supported. Structure inside archive should be as a standard theme, without any leading folders.
The service setup in keystone for horizon will now be executed through delegation to the
horizon_service_setup_host
which, by default, islocalhost
(the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override inuser_variables.yml
.horizon_service_setup_host: "{{ groups['utility_all'][0] }}"
Added variable horizon_bind_address which defines IP address where Apache will listen on horizon_listen_ports
Added variable horizon_policy_overrides which allows to customize horizon specific policies. As we don’t want to carry and maintain horizon policies with OSA, they’re retrieved from horizon hosts and adjusted in-place, which means that they won’t rollback in case you just remove override. horizon_policy_overrides has also non-standart format, as it’s nested dictionary, where 1st level key represents service which policy needs to be overriden, and it’s value is normal policy override format.
The ability to define trusted Cross-Site Request Forgery domains hsa been added with the horizon_ssl_csrf_trusted_origins variable. The new variable is a array of strings and when defined will render the django built-in variable CSRF_TRUSTED_ORIGINS.
https://docs.djangoproject.com/en/4.1/ref/settings/#csrf-trusted-origins
Horizon now has the ability to run directly from uWSGI. To support this feature the new Boolean variable horizon_use_uwsgi has been added. The new variable, when set to true, will omit the apache2 install process and instead run horizon from a uWSGI process leveraging a systemd service file.
Implemented horizon WEBSSO auto redirects. Following new variables were added to manage redirects configuration:
horizon_websso_default_redirect
horizon_websso_default_redirect_region
horizon_websso_default_redirect_logout
Horizon has, since OSA’s inception, been deployed with HTTPS access enabled, and has had no way to turn it off. Some use-cases may want to access via HTTP instead, so this patch enables the following.
Listen via HTTPS on a load balancer, but via HTTP on the horizon host and have the load balancer forward the correct headers. It will do this by default in the integrated build due to the presence of the load balancer, so the current behaviour is retained.
Enable HTTPS on the horizon host without a load balancer. This is the role’s default behaviour which matches what it always has been.
Disable HTTPS entirely by setting
haproxy_ssl: no
(which will also disable https on haproxy. This setting is inherited by the newhorizon_enable_ssl
variable by default. This is a new option.
Add the possibility to disable openrc v2 download in the dashboard. new var
horizon_show_keystone_v2_rc
can be set toFalse
to remove the entry for the openrc v2 download.
The masakari dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_masakari_ui: True
The murano dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_murano_ui: True
VPNaaS dashboard is again available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_neutron_vpnaas: True
The role now supports using the distribution packages for the OpenStack services instead of the pip ones. This feature is disabled by default and can be enabled by simply setting the
nova_install_method
variable todistro
.
Added variables horizon_session_engine and horizon_session_caches which can be used to configure horizon session engine and a backend for it.
The tacker dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_tacker_ui: True
The watcher dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_watcher_ui: True
The zun dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_zun_ui: True
Upgrade Notes¶
horizon_listen_ports variable was transformed to the dictionary with required keys http and https to have effect not only for apache ports.conf file, but also for the virtual host.
SESSION_ENGINE has been changed to memcached by default. So that horizon do not require it’s own database for storing session information anymore. horizon_galera_* variables has no effect now.
Deprecation Notes¶
The variable
horizon_requires_pip_packages
is no longer required and has therefore been removed.
Variable horizon_enable_neutron_lbaas has been removed because of global neutron lbaas retirement process. This means that horizon neutron-lbaas-ui plugin won’t be installed.
The variable ‘horizon_ssl_cipher_suite’ is deprecated in favour of ‘horizon_ssl_cipher_suite_tls12’ which will continue to manage configuration of ciphers for TLS v1.2 and earlier.
Security Issues¶
The default TLS version has been set to TLS1.2. This only allows version 1.2 of the protocol to be used when terminating or creating TLS connections. You can change the value with the horizon_ssl_protocol variable.
Bug Fixes¶
Fixes bug https://bugs.launchpad.net/openstack-ansible/+bug/1778098 where playbook failed, if
horizon_custom_themes
is specified, and directory for theme is not provided
Change of
horizon_webroot
variable is now respected and will be reflected in Apache configuration to serve static files and define wsgi path accordingly.
Other Notes¶
When the option horizon_use_uwsgi is enabled, operators need to be aware that not all horizon capabilities will be present. The minimal uSGI process is just that, minimal, and not full featured. If the deployment requires full featured capabilities, the apache based deployment should remain enabled.
16.0.0.0b3¶
New Features¶
It’s now possible to disable heat stack password field in horizon.
horizon_enable_heatstack_user_pass
variable has been added and default to True.
It is now possible to use the horizon_launch_instance_defaults variable that allows customizing the default values for properties found in the Launch Instance modal, using the LAUNCH_INSTANCE_DEFAULTS config option. See https://docs.openstack.org/horizon/latest/configuration/settings.html#launch-instance-defaults
You can force update the translations direct from Zanata by setting
horizon_translations_update
toTrue
. This will call thepull_catalog
option built intohorizon-manage.py
. You should only use this when testing translations, otherwise this should remain set to the default ofFalse
.
16.0.0.0b2¶
New Features¶
The
horizon_images_allow_location
variable is added to support theIMAGES_ALLOW_LOCATION
setting in the horizon_local_settings.py file to allow to specify and external location during the image creation.
16.0.0.0b1¶
New Features¶
Capping the default value for the variables
horizon_wsgi_processes
andhorizon_wsgi_threads
to 16 when the user doesn’t configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16.
15.0.0.0rc1¶
New Features¶
It’s now possible to change the behavior of
DISALLOW_IFRAME_EMBED
by defining the variablehorizon_disallow_iframe_embed
in the user variables.
15.0.0.0b2¶
New Features¶
CentOS7/RHEL support has been added to the os_horizon role.
15.0.0.0b1¶
New Features¶
The os_horizon role now has support for the horizon designate-ui dashboard. The dashboard may be enabled by setting
horizon_enable_designate_ui
toTrue
in/etc/openstack_deploy/user_variables.yml
.
The Trove dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_trove_ui: True
Upgrade Notes¶
The variables
horizon_requirements_git_repo
andhorizon_requirements_git_install_branch
have been removed in favour of using the URL/path to the upper-constraints file using the variablepip_install_upper_constraints
instead.
14.0.0.0b3¶
New Features¶
The os_horizon role now has support for the horizon magnum-ui dashboard. The dashboard may be enabled by setting
horizon_enable_magnum_ui
toTrue
in/etc/openstack_deploy/user_variables.yml
.
The
horizon_keystone_admin_roles
variable is added to support theOPENSTACK_KEYSTONE_ADMIN_ROLES
list in the horizon_local_settings.py file.
The os_horizon role now supports the ability to configure whether apt/yum tasks install the latest available package, or just ensure that the package is present. The default action is to ensure that the latest package is present. The action taken may be changed to only ensure that the package is present by setting
horizon_package_state
topresent
.
The Sahara dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_sahara_ui: True
Upgrade Notes¶
The variable
horizon_apt_packages
has been renamed tohorizon_distro_packages
.
The os_horizon role always checks whether the latest package is installed when executed. If a deployer wishes to change the check to only validate the presence of the package, the option
horizon_package_state
should be set topresent
.
14.0.0.0b2¶
New Features¶
The os_horizon role now has support for the horizon ironic-ui dashboard. The dashboard may be enabled by setting
horizon_enable_ironic_ui
toTrue
in/etc/openstack_deploy/user_variables.yml
.
Deployers can now blacklist certain Nova extensions by providing a list of such extensions in
horizon_nova_extensions_blacklist
variable, for example:horizon_nova_extensions_blacklist: - "SimpleTenantUsage"
Horizon now has the ability to set arbitrary configuration options using global option
horizon_config_overrides
in YAML format. The overrides follow the same pattern found within the other OpenStack service overrides. General documentation on overrides can be found here.
The
os_horizon
role now supports configuration of custom themes. Deployers can use the newhorizon_custom_themes
andhorizon_default_theme
variables to configure the dashboard with custom themes and default to a specific theme respectively.
Added
horizon_apache_custom_log_format
tunable to the os-horizon role for changing CustomLog format. Default is “combined”.
Upgrade Notes¶
Installation of horizon and its dependent pip packages will now only occur within a Python virtual environment. The
horizon_venv_bin
,horizon_venv_enabled
,horizon_venv_lib_dir
, andhorizon_non_venv_lib_dir
variables have been removed.
Bug Fixes¶
The standard collectstatic and compression process in the os_horizon role now happens after horizon customizations are installed, so that all static resources will be collected and compressed.
14.0.0.0b1¶
New Features¶
The new LBaaS v2 dashboard is available in Horizon. Deployers can enable the panel by setting the following Ansible variable:
horizon_enable_neutron_lbaas: True
Horizon now has a boolean variable named
horizon_enable_ha_router
to enable Neutron HA router management.
Horizon’s IPv6 support is now enabled by default. This allows users to manage subnets with IPv6 addresses within the Horizon interface. Deployers can disable IPv6 support in Horizon by setting the following variable:
horizon_enable_ipv6: False
Please note: Horizon will still display IPv6 addresses in various panels with IPv6 support disabled. However, it will not allow any direct management of IPv6 configuration.
The horizon next generation instance management panels have been enabled by default. This changes horizon to use the upstream defaults instead of the legacy panels. Documentation can be found here.
Upgrade Notes¶
The default horizon instance launch panels have been changed to the next generation panels. To enable legacy functionality set the following options accordingly:
horizon_launch_instance_legacy: True horizon_launch_instance_ng: False
The database and user creates have been removed from the
os_horizon
role. These tasks have been relocated to the playbooks.
Security Issues¶
Horizon disables password autocompletion in the browser by default, but deployers can now enable autocompletion by setting
horizon_enable_password_autocomplete
toTrue
.