Wallaby Series Release Notes


New Features

  • The new horizon::wsgi::apache::ssl_extra_params parameter has been added. This parameter affects only ssl vhost and overrides the extra_params parameter when set.

Bug Fixes

  • Fix HORIZON_IMAGES_UPLOAD_MODE in template file because the value must be encapsulated with quotes or it will be treated as an expression by horizon.


New Features

  • The new horizon::dashboards::heat class has been added. This class can be used to manage parameters for heat-dashboard.

  • The new horizon::dashboards::manila class has been added. This class can be used to manage parameters for manila-dashboard.

  • The new horizon::dashboards::octavia class has been added. This class can be used to manage parameters for octavia-dashboard.

Bug Fixes

  • Fixed wrong usage of the DISALLOW_IFRAME_EMBED option.

  • Bug #1956904: The hard-coded REST_API_REQUIRED_SETTINGS parameter was removed, to use the default value defined in Horizon itself.


Upgrade Notes

  • The deprecated horizon::log_handler parameter has been removed.


New Features

  • Support was added to set the SECURE_PROXY_ADDR_HEADER option. If horizon is behind a proxy server and the proxy is configured, the IP address from request is passed using header variables inside the request. This setting specifies the name of the header with remote IP address.


New Features

  • Added ssl_cert, ssl_key and ssl_ca parameter to init class and the horizon::wsgi::apache class.

Upgrade Notes

  • You should now set the ssl_cert, ssl_key and ssl_ca parameters instead of the horizon_cert, horizon_key and horizon_ca parameters in the init and horizon::wsgi::apache class.

  • When setting ssl_ca (or the deprecated horizon_ca) end users must now set the ssl_verify_client parameter or the puppetlabs-apache module will not set SSLCACertificate in the vhost configuration.

Deprecation Notes

  • The horizon_cert, horizon_key and horizon_ca parameters is deprecated. Please use ssl_cert, ssl_key and ssl_ca.


New Features

  • Added the ssl_verify_client parameter to init class and horizon::wsgi::apache that is passed down to the created apache::vhost resource.

Upgrade Notes

  • The puppetlabs-apache module 2.1.0 introduced a change where ssl_verify_client is required otherwise the SSL CA certificate passed to the horizon module using the horizon_ca parameter is ignored.


New Features

  • The new horizon::log_handlers parameter was added to specify multiple log handlers.

Upgrade Notes

  • This module now requires a puppetlabs-apache version >= 5.0.0

Deprecation Notes

  • The horizon::log_handler parameter has been deprecated in favor of the horizon::log_handlers parameter and will be removed in a future release.


New Features

  • Added new horizon::dropdown_max_items parameter that configures the DROPDOWN_MAX_ITEMS config option in local_settings.py. Default value is set to 30 like the Horizon default is.



In this release Ubuntu has moved all projects that supported it to python3 which means that there will be a lot of changes. The Puppet OpenStack project does not test the upgrade path from python2 to python3 packages so there might be manual steps required when moving to the python3 packages.

Upgrade Notes

  • Ubuntu packages are now using python3, the upgrade path is not tested by Puppet OpenStack. Manual steps may be required when upgrading.


New Features

  • Added horizon::access_log_format and horizon::wsgi::apache::access_log_format that can be used to set the log format for the access log.

  • The default keystone role horizon::keystone_default_role is changed from _member_ to member to conform with what keystone-bootstrap creates. This sets the OPENSTACK_KEYSTONE_DEFAULT_ROLE configuration option in local_settings.

  • Added ensure parameter to horizon::dashboard resource which defaults to present. You can now set this to absent if you want to remove a horizon dashboard package.

Upgrade Notes

  • The default keystone role horizon::keystone_default_role is changed from _member_ to member. This sets the OPENSTACK_KEYSTONE_DEFAULT_ROLE config option in local_settings, if you still require or use the _member_ role as default you need to set this explicitly.


New Features

  • Added new parameter horizon::site_branding which can be used to set the SITE_BRANDING settings that controls the title of the web pages that horizon will render. The default value is undef which will not add this value to the configuration file and the horizon default value of ‘OpenStack Dashboard’ will be used.

  • Added a new parameter horizon::manage_memcache_package that can be used to determine if you want the python memcache library installed if the cache backend is set to using memcache.

Upgrade Notes

  • The os_any2array function that the Horizon module used internally is now removed and it instead uses the any2array function exposed by the stdlib module. The stdlib module introduced the any2array function in 2013 so we are now expecting that you are using atleast stdlib >= 4.0.0

  • The horizon::simple_ip_management parameter has been removed.

Bug Fixes

  • Django WSGI entrypoint changed from django.wsgi to wsgi.py file as deprecated by the Horizon project.


New Features

  • Added the parameter “keystone_domain_choices” to the ::horizon class. Setting this parameter would replace the domain text-field at the horizon login-page with a drop-down menu. The parameter should be an array with hashes, and the hashes should have two items each (name, display) containing the domain name and a human-readable description of the domain respectively.

  • New parameter horizon::simple_ip_manage can now be set to true to set and enable simple_ip_management in the Horizon local_settings config.

  • The wsgi_processes and wsgi_threads options that is passed to horizon::wsgi::apache can now be set in ::horizon class.

Upgrade Notes

  • The default value for horizon::wsgi::apache::wsgi_processes changed to $::os_workers

  • The default value for horizon::wsgi::apache::wsgi_threads changed to 1

Bug Fixes

  • Fixed a bug where having ssl and redirection enabled combined with a empty root_url did not redirect. If you are setting listen_ssl and ssl_redirect to true it will always redirect to https no matter what your root_url is.

  • Fixed a bug where the http vhost would not redirect to the custom root_url when setting listen_ssl to true and ssl_redirect to false.


New Features

  • You can now override the http and https port to horizon by passing integers to the http_port and https_ports parameters. Default values are still the same.

  • Added new resource horizon::dashboard which can be used to install additional dashboards that is not shipped with the horizon packages. Example would be install the heat-dashboard using horizon::dashboard { ‘heat’: }

Upgrade Notes

  • The deprecated horizon::fqdn parameter is now removed. Please use the allowed_hosts and server_aliases parameters instead.

  • The deprecated horizon::wsgi::apache::fqdn parameter is now removed. Please use the server_aliases parameter instead.

  • The deprecated horizon::custom_theme_path parameter is now removed. Please use the available_themes parameter instead.

  • The deprecated tuskar_ui, tuskar_ui_ironic_discoverd_url, tuskar_ui_undercloud_admin_password and tuskar_ui_deployment_mode is now removed. Please remove the usage of these parameters.

Bug Fixes

  • Fixed a bug where passing a ‘/’ as root_url would cause faulty paths in local_settings.py and apache configuration. You can now set it to ‘/’ and the module will fix the correct root url for you.


New Features

  • Add the config option “HORIZON_IMAGES_UPLOAD_MODE”. now it is possible in puppet to configure the option with “off”, “legacy” and “direct”.


New Features

  • Add parameter to wsgi::apache to allow to overwrite and/or add additional wsgi process options.

Bug Fixes

  • Updated the cap on the puppetlabs-apache module to include the 2.x series.


New Features

  • Horizon has a global override mechanism available to perform customizations. This change adds customization_module key to HORIZON_CONFIG dictionary in local_settings.py. The value of the parameter should be a string with the path to the module containing modifications in dotted python path notation.

  • Added parameter to horizon class to allow configuring LAUNCH_INSTANCE_DEFAULTS.

Security Issues

  • The horizon_ca option is now optional. This implies that you could in theory use the CA configured in the global httpd SSL configuration (ssl.conf) or simply not using this value.


Known Issues

  • an issue with horizon having ssl handshake issues under apache with ssl endpoints. Fix adds in WSGIApplicationGroup apache directive.


New Features

  • Added ability to enable/disable the password field while launching a Heat stack by setting the enable_user_pass parameter of the OPENSTACK_HEAT_STACK dictionary in local_settings.py.

  • Allows to specify a custom root_path to static assets.


Bug Fixes

  • Fixes wrong apache vhost config when root_url is empty

  • Rectify static alias prefix since starting from Ocata on Debian platforms static files resides in /var/lib.


New Features

  • Support was added for WEBSSO options in local_settings.py.erb. WEBSSO options enables keystone web single-sign-on.

  • Making DISALLOW_IFRAME_EMBED in local_settings.py a configurable value DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded within an iframe

  • Making password_validator a configurable value password_validator allows operators to use a regular express to insure passwords are validated for a certain criterion, which in turn allows stronger security over password complexity


New Features

  • Support was added to enable/disable the SECURE_PROXY_SSL_HEADER which enables horizon (via Django) to process the X-Forwarded-Proto header. This done with the “enable_secure_proxy_ssl_header” in the manifest.

  • Added ability to configure enforce_password_check


New Features

  • Added ability to configure disable_password_reveal

  • Making OPENSTACK_ENABLE_PASSWORD_RETRIEVE in local_settings.py a configurable value This allows users to retrieve the instance autogenerated password via Horizon


New Features

  • A new panel for glance images based on angularjs has been created in horizon. New parameter images_panel has been added to puppet-horizon to configure the enabled panel for images, legacy or angular.

Bug Fixes

  • Horizon Offline Generation Error on ubuntu systems. Previously, the ‘manage.py compress’ only ran on redhat. This change allows the command to be executed on ubuntu also.

Other Notes

  • Tests updated to leverage rspec-puppet-facts for testing multiple OS versions.


New Features

  • In mitaka release, available themes was introduced. A parameter was introduced to allow configuration of this setting.

  • In mitaka release, default theme was introduced where the value would be defined from available themes. A new parameter was introduced to allow configuration of this setting.

  • Allow Apache http/https ports to be configurable.

  • Use keystone v3 with horizon by default.

  • Making root_url configurable. This needs to occur to allow people the ability to serve Horizon from the root of a vhost.

  • Leave an ability to trigger collectstatic for debian/ubuntu.

  • Update of local_settings template from Mitaka.

  • Release notes are no longer maintained by hand, we now use the reno tool to manage them.

Deprecation Notes

  • custom_theme_path has been deprecated in mitaka release.

  • Remove installation of lesscpy package, not needed since Horizon has been using pyscss.

  • deprecate all tuskar parameters since the project is no longer maintained.

Security Issues

  • local_settings file is no longer world readable (from 644 to 640) as it may contain sensitive information.