{"id":485,"sha1":"7efc5a3b9cceafe41b2e2d0b46ae7ec0e39acda9","playbook":{"id":4,"items":{"plays":104,"tasks":1377,"results":1365,"hosts":2,"files":504,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:39:52.478534Z","ended":"2025-12-08T14:14:54.510371Z","duration":"00:35:02.031837","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n## Verbosity Options\ndebug: false\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\nhorizon_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\nhorizon_service_setup_host_python_interpreter: >-\n  {{\n    openstack_service_setup_host_python_interpreter | default(\n      (horizon_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n  }}\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\nhorizon_package_state: \"{{ package_state | default('latest') }}\"\n\n# Set installation method.\nhorizon_install_method: \"{{ service_install_method | default('source') }}\"\nhorizon_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\nhorizon_upper_constraints_url: >-\n  {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\n\nhorizon_venv_extra_constraints: []\n\n## The git source/branch for Horizon\nhorizon_git_repo: https://opendev.org/openstack/horizon\nhorizon_git_track_branch: master\nhorizon_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n# Enable or disable apache. If disabled a basic uwsgi deployment will be setup for this service.\nhorizon_use_uwsgi: false\n\n## The git source/branch for the Adjutant UI plugin\nadjutant_dashboard_git_repo: https://opendev.org/openstack/adjutant-ui\nadjutant_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Barbican UI plugin\nbarbican_dashboard_git_repo: https://opendev.org/openstack/barbican-ui\nbarbican_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Blazar UI plugin\nblazar_dashboard_git_repo: https://opendev.org/openstack/blazar-dashboard\nblazar_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for Cloudkitty UI plugin\ncloudkitty_dashboard_git_repo: https://opendev.org/openstack/cloudkitty-dashboard\ncloudkitty_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Magnum UI plugin\nmagnum_dashboard_git_repo: https://opendev.org/openstack/magnum-ui\nmagnum_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Manila UI plugin\nmanila_dashboard_git_repo: https://opendev.org/openstack/manila-ui.git\nmanila_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Masakari UI plugin\nmasakari_dashboard_git_repo: https://opendev.org/openstack/masakari-dashboard\nmasakari_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Mistral UI plugin\nmistral_dashboard_git_repo: https://opendev.org/openstack/mistral-dashboard.git\nmistral_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Octavia UI plugin\noctavia_dashboard_git_repo: https://opendev.org/openstack/octavia-dashboard\noctavia_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Designate UI plugin\ndesignate_dashboard_git_repo: https://opendev.org/openstack/designate-dashboard\ndesignate_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Tacker UI plugin\ntacker_dashboard_git_repo: https://opendev.org/openstack/tacker-horizon\ntacker_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Trove UI plugin\ntrove_dashboard_git_repo: https://opendev.org/openstack/trove-dashboard\ntrove_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Heat UI plugin\nheat_dashboard_git_repo: https://opendev.org/openstack/heat-dashboard\nheat_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Ironic UI plugin\nironic_dashboard_git_repo: https://opendev.org/openstack/ironic-ui\nironic_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Watcher UI plugin\nwatcher_dashboard_git_repo: https://opendev.org/openstack/watcher-dashboard\nwatcher_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The git source/branch for the Zun UI plugin\nzun_dashboard_git_repo: https://opendev.org/openstack/zun-ui\nzun_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n# The git source/branch for the Neutron VPNaaS UI plugin\nneutron_vpnaas_dashboard_git_repo: https://opendev.org/openstack/neutron-vpnaas-dashboard\nneutron_vpnaas_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n# The git source/branch for the Neutron FWaaS UI plugin\nneutron_fwaas_dashboard_git_repo: https://opendev.org/openstack/neutron-fwaas-dashboard\nneutron_fwaas_dashboard_git_install_branch: \"{{ horizon_git_track_branch }}\"\n\n## The packages to build from source\nhorizon_git_constraints:\n  - --constraint {{ horizon_upper_constraints_url }}\n\nhorizon_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\nhorizon_venv_tag: \"{{ venv_tag | default('untagged') }}\"\nhorizon_bin: \"{{ _horizon_bin }}\"\n\n## System info\nhorizon_system_user_name: horizon\nhorizon_system_group_name: horizon\n\nhorizon_system_shell: /bin/false\nhorizon_system_comment: horizon system user\nhorizon_system_user_home: \"/var/lib/{{ horizon_system_user_name }}\"\n\n## Service Type and Data\nhorizon_service_region: \"{{ service_region | default('RegionOne') }}\"\nhorizon_service_name: horizon\n## Session configuration\n# Specifies the timespan in seconds inactivity, until a user is considered as\n# logged out\nhorizon_session_engine: \"django.contrib.sessions.backends.cache\"\nhorizon_session_caches:\n  default:\n    BACKEND: \"django.core.cache.backends.memcached.PyMemcacheCache\"\n    LOCATION: \"{{ horizon_memcached_servers.split(',') }}\"\nhorizon_session_timeout: 1800\n\n## Horizon Help URL Path\nhorizon_help_url: https://docs.openstack.org/horizon/latest/user/\n\n## Horizon ALLOWED_HOSTS\nhorizon_allowed_hosts:\n  - \"*\"\n\n## Installation directories\n# When horizon_lib_dir is not defined, it will be detected automatically\n# horizon_lib_dir: \"\"\nhorizon_lib_wsgi_file: \"{{ horizon_lib_dir }}/openstack_dashboard/wsgi.py\"\n\nhorizon_endpoint_type: internalURL\n\nhorizon_server_name: \"{{ ansible_facts['fqdn'] | default('horizon') }}\"\n\nhorizon_log_level: info\n# It's combined log format without datetime, since it's already present in journald\nhorizon_apache_custom_log_format: '\"%h %l %u \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\"\"'\nhorizon_dropdown_max_items: 30\nhorizon_instance_log_length: 35\nhorizon_overview_days_range: 1\n\n# Valid options are \"direct\", \"legacy\" and \"off\".\n# Direct mode uploads images directly to glance, but requires CORS\n# to be configured for glance. Legacy will use horizon container as\n# a proxy for the image before uploading it to the glance, but do not\n# require any extra configuration\nhorizon_images_upload_mode: direct\n\nhorizon_images_allow_location: false\nhorizon_time_zone: UTC\nhorizon_enforce_password_check: false\nhorizon_disable_password_reveal: false\nhorizon_enable_password_retrieve: false\nhorizon_enable_password_autocomplete: false\nhorizon_enable_heatstack_user_pass: true\n# If nova_libvirt_inject_password is set to True, then this can also be enabled:\nhorizon_can_set_password: false\nhorizon_enable_cinder_backup: false\n# Enables IPv6 support in Horizon, such as managing network subnets\nhorizon_enable_ipv6: true\n# Enables router support in Horizon, disable if you don't have Neutron L3 agent\nhorizon_enable_router: true\n\n# Disable/Enable simplified floating IP address management for deployments with\n# multiple floating IP pools or complex network requirements.\nhorizon_simple_ip_management: true\n\n# To enable ha router support in horizon set to True\nhorizon_enable_ha_router: false\n\n# Provide default DNS servers to use when a subnet is created.\nhorizon_default_dns_nameservers: []\n# Provide list of network types that are available for creation\nhorizon_network_provider_types: \"{{ neutron_ml2_drivers_type | default('geneve,vlan,flat') }}\"\n\n# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded\n# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame\n# Scripting (XFS) vulnerability, so this option allows extra security hardening\n# where iframes are not used in deployment. Default setting is True.\n# For more information see:\n# http://tinyurl.com/anticlickjack\nhorizon_disallow_iframe_embed: true\n\n# WSGI tuning parameters\n# horizon_wsgi_processes: 4\n# horizon_wsgi_threads: 4\n\n## Cap the maximun number of threads / workers when a user value is unspecified.\nhorizon_wsgi_threads_max: 16\nhorizon_wsgi_threads: \"{{ [[ansible_facts['processor_vcpus'] | default(2) // 2, 1] | max, horizon_wsgi_threads_max] | min }}\"\n\n## Horizon SSL\nhorizon_ssl_protocol: \"{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1') }}\"\n# TLS v1.2 and below\nhorizon_ssl_cipher_suite_tls12: >-\n  {{ horizon_ssl_cipher_suite | default(ssl_cipher_suite | default('ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM')) }}\n# TLS v1.3\nhorizon_ssl_cipher_suite_tls13: \"{{ ssl_cipher_suite_tls13 | default('TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256') }}\"\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\n# NOTE(damiandabrowski): Remove backward compatibility with horizon_enable_ssl in 2024.1\nhorizon_backend_ssl: \"{{ horizon_enable_ssl | default(openstack_service_backend_ssl | default(False)) }}\"\n\n# Toggle whether horizon is served via an external device, like a load\n# balancer. This enables the use of the horizon_secure_proxy_ssl_header\n# in the web server configuration.\n# Note (odyssey4me):\n# This variable is actually badly named, as it applies\n# settings which have nothing to do with SSL.\nhorizon_external_ssl: \"{{ (openstack_external_ssl | default(False)) | bool }}\"\n\n# Set this to the header that your device sets when doing ssl termination\n# Note (odyssey4me):\n# This variable is actually badly named, as it applies\n# settings which have nothing to do with SSL.\nhorizon_secure_proxy_ssl_header: \"X-Forwarded-Proto\"\nhorizon_secure_proxy_ssl_header_django: \"HTTP_{{ horizon_secure_proxy_ssl_header | replace('-', '_') | upper }}\"\n\n# For multiple regions uncomment this configuration, and\n# add the extra endpoints below the first list item.\n# horizon_available_regions:\n#   - { url: \"{{ keystone_service_internalurl }}\", name: \"{{ keystone_service_region }}\" }\n#   - { url: \"http://cluster1.example.com:5000/v2.0\", name: \"RegionTwo\" }\n\n## Horizon's keystone endpoint settings\nhorizon_keystone_endpoint: \"{{ keystone_service_internalurl }}\"\n\n## Horizon Multi-Domain Support\n# these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint\nhorizon_keystone_multidomain_support: false\n# It is strongly advised NOT to enable dropdown for public clouds, as advertising enabled domains\n# to unauthenticated customers irresponsibly exposes private information.\nhorizon_keystone_multidomain_dropdown: false\n\nhorizon_keystone_default_domain: Default\n\n# Option to set the available domains to choose from. This is\n# a list of pairs whose first value is the domain name and the\n# second is the display name.\nhorizon_keystone_multidomain_choices: \"(('{{ horizon_keystone_default_domain }}', '{{ horizon_keystone_default_domain }}'),)\"\n\n### Set the cacert pem for Keystone if you'd like Horizon to verify it.\n# horizon_cacert_pem: /path/to/cacert.pem\n\n## alternatively, you can set horizon to turn off ssl verification for Keystone\nhorizon_ssl_no_verify: \"{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}\"\n\n## Horizon Cross-Site Request Forgery Trusted Hosts\n# add a list of domains that are trusted when evaluated requests for Cross-Site Request Forgery\n# This is useful when terminating SSL outside of the cloud on a domain that isn't directly tied\n# to the hosts that are operating the cloud.\nhorizon_ssl_csrf_trusted_origins: []\n\n## The role which Horizon should use as a default for users\nhorizon_default_role_name: member\n\n## Launch instance\nhorizon_launch_instance_legacy: false\nhorizon_launch_instance_ng: true\nhorizon_launch_instance_defaults:\n  config_drive: false\n  enable_scheduler_hints: true\n  disable_image: false\n  disable_instance_snapshot: false\n  disable_volume: false\n  disable_volume_snapshot: false\n  create_volume: true\n  hide_create_volume: false\n\n## Adjutant UI Panel\nhorizon_enable_adjutant_ui: \"{{ (groups['adjutant_all'] is defined) and (groups['adjutant_all'] | length > 0) }}\"\n\n## Barbican UI Panel\n### Barbican UI is just a cookie-cutter scaffolding and does not provide any functionality at this time.\nhorizon_enable_barbican_ui: false\n\n## Blazar UI Panel\nhorizon_enable_blazar_ui: \"{{ (groups['blazar_all'] is defined) and (groups['blazar_all'] | length > 0) }}\"\n\n## Cloudkitty UI Panel\nhorizon_enable_cloudkitty_ui: \"{{ (groups['cloudkitty_all'] is defined) and (groups['cloudkitty_all'] | length > 0) }}\"\n\n## Designate UI Panel\nhorizon_enable_designate_ui: \"{{ (groups['designate_all'] is defined) and (groups['designate_all'] | length > 0) }}\"\n\n## Heat UI Panel\nhorizon_enable_heat_ui: \"{{ (groups['heat_all'] is defined) and (groups['heat_all'] | length > 0) }}\"\n\n## Ironic UI Panel\nhorizon_enable_ironic_ui: \"{{ (groups['ironic_all'] is defined) and (groups['ironic_all'] | length > 0) }}\"\n\n## Magnum UI Panel\nhorizon_enable_magnum_ui: \"{{ (groups['magnum_all'] is defined) and (groups['magnum_all'] | length > 0) }}\"\n\n## Masakari UI Panel\nhorizon_enable_masakari_ui: \"{{ (groups['masakari_all'] is defined) and (groups['masakari_all'] | length > 0) }}\"\n\n## Manila UI Panel\nhorizon_enable_manila_ui: \"{{ (groups['manila_all'] is defined) and (groups['manila_all'] | length > 0) }}\"\n\n## Mistral Ui Panel\nhorizon_enable_mistral_ui: \"{{ (groups['mistral_all'] is defined) and (groups['mistral_all'] | length > 0) }}\"\n\n## Neutron features to enable\nhorizon_enable_neutron_vpnaas: >-\n  {{ neutron_plugin_base is defined and ('vpnaas' in neutron_plugin_base or 'ovn-vpnaas' in neutron_plugin_base) }}\n\nhorizon_enable_neutron_fwaas: >-\n  {{ neutron_plugin_base is defined and ('firewall_v2' in neutron_plugin_base) }}\n\n## Octavia UI Panel\nhorizon_enable_octavia_ui: \"{{ (groups['octavia_all'] is defined) and (groups['octavia_all'] | length > 0) }}\"\n\n## Tacker UI Panel\nhorizon_enable_tacker_ui: \"{{ (groups['tacker_all'] is defined) and (groups['tacker_all'] | length > 0) }}\"\n\n## Trove UI Panel\nhorizon_enable_trove_ui: \"{{ (groups['trove_all'] is defined) and (groups['trove_all'] | length > 0) }}\"\n\n## Watcher UI Panel\nhorizon_enable_watcher_ui: false\n\n## Zun UI Panel\nhorizon_enable_zun_ui: \"{{ (groups['zun_all'] is defined) and (groups['zun_all'] | length > 0) }}\"\n\n## Swift\nhorizon_swift_file_transfer_chunk_size: 524288\n\n## Panel\nhorizon_default_panel: overview\n\n# For blacklisting certain Nova extensions uncomment this configuration,\n# and add necessary list items.\n# horizon_nova_extensions_blacklist:\n#   - \"SimpleTenantUsage\"\n\n## Customization module\n## See https://docs.openstack.org/horizon/latest/configuration/customizing.html#horizon-customization-module-overrides\n# horizon_customization_module: /local/path/to/customization_module.py\n\n## Replace default theme files with your own\n# horizon_custom_uploads:\n#   logo:\n#     src: \"path_on_deployment_host_of_your_custom_logo.svg\"\n#     dest: \"img/logo.svg\"\n#   logo_splash:\n#     src: \"path_on_deployment_host_of_your_custom_logo-splash.svg\"\n#     dest: \"img/logo-splash.svg\"\n\n_horizon_available_themes:\n  default:\n    theme_name: \"default\"\n    theme_label: \"Default\"\n    theme_path: \"themes/default\"\n  material:\n    theme_name: \"material\"\n    theme_label: \"Material\"\n    theme_path: \"themes/material\"\n\n# Add custom themes. Deployers need to place the archive, with the theme inside,\n# into the directory, which is specified by theme_src_archive key.\n# It should be an absolute path to the archive on the deployment host.\n# Leading folders are not expected in the archive.\n# Following archive formats are supported:\n# .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2\n# See https://docs.openstack.org/horizon/latest/configuration/themes.html\n# for more details on custom themes\n# Example:\n#\n# horizon_custom_themes:\n#   custom_theme:\n#     theme_name: \"custom\"\n#     theme_label: \"Custom\"\n#     theme_path: \"themes/custom\"\n#     theme_src_archive: \"/etc/openstack_deploy/horizon/themes/custom.tar.gz\"\n#\nhorizon_custom_themes: {}\n\n# Which of the available themes will be used by default\n# value is the theme_name from the vars above\nhorizon_default_theme: \"default\"\n\n# URI through which Horizon will be available.\n# If Skyline is not deployed defaults to `/`, `/horizon` otherwise.\nhorizon_webroot: \"{{ (groups['skyline_all'] | default([])) | ternary('/horizon', '/') }}\"\n\nhorizon_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\n\nhorizon_listen_ports:\n  http: \"80\"\n  https: \"443\"\n\nhorizon_pip_packages:\n  - \"git+{{ horizon_git_repo }}@{{ horizon_git_install_branch }}#egg=horizon\"\n  - \"git+{{ openstack_github_base_url }}/Kronuz/pyScss@60414f5d573315a8458b5fbcdf69e5c648c44a9a\" # needed for python>=3.11\n  - pymemcache\n  - python-memcached\n\n# Memcached override\nhorizon_memcached_servers: \"{{ memcached_servers }}\"\n\n# Specific pip packages provided by the user\nhorizon_user_pip_packages: []\n\n# Optional pip packages for additional dashboards\n# TODO(odyssey4me):\n# Simplify this when we are no longer using the py_pkgs plugin\nhorizon_adjutant_optional_pip_packages:\n  - \"git+{{ adjutant_dashboard_git_repo }}@{{ adjutant_dashboard_git_install_branch }}#egg=adjutant-ui\"\nhorizon_barbican_optional_pip_packages:\n  - \"git+{{ barbican_dashboard_git_repo }}@{{ barbican_dashboard_git_install_branch }}#egg=barbican-ui\"\nhorizon_blazar_optional_pip_packages:\n  - \"git+{{ blazar_dashboard_git_repo }}@{{ blazar_dashboard_git_install_branch }}#egg=blazar-dashboard\"\nhorizon_cloudkitty_optional_pip_packages:\n  - \"git+{{ cloudkitty_dashboard_git_repo }}@{{ cloudkitty_dashboard_git_install_branch }}#egg=cloudkitty_dashboard\"\nhorizon_designate_optional_pip_packages:\n  - \"git+{{ designate_dashboard_git_repo }}@{{ designate_dashboard_git_install_branch }}#egg=designate_dashboard\"\nhorizon_heat_optional_pip_packages:\n  - \"git+{{ heat_dashboard_git_repo }}@{{ heat_dashboard_git_install_branch }}#egg=heat_dashboard\"\nhorizon_ironic_optional_pip_packages:\n  - \"git+{{ ironic_dashboard_git_repo }}@{{ ironic_dashboard_git_install_branch }}#egg=ironic-ui\"\nhorizon_magnum_optional_pip_packages:\n  - \"git+{{ magnum_dashboard_git_repo }}@{{ magnum_dashboard_git_install_branch }}#egg=magnum-ui\"\nhorizon_manila_optional_pip_packages:\n  - \"git+{{ manila_dashboard_git_repo }}@{{ manila_dashboard_git_install_branch }}#egg=manila-ui\"\nhorizon_masakari_optional_pip_packages:\n  - \"git+{{ masakari_dashboard_git_repo }}@{{ masakari_dashboard_git_install_branch }}#egg=masakari_dashboard\"\nhorizon_mistral_optional_pip_packages:\n  - \"git+{{ mistral_dashboard_git_repo }}@{{ mistral_dashboard_git_install_branch }}#egg=mistral-dashboard\"\nhorizon_neutron_vpnaas_optional_pip_packages:\n  - \"git+{{ neutron_vpnaas_dashboard_git_repo }}@{{ neutron_vpnaas_dashboard_git_install_branch }}#egg=neutron_vpnaas_dashboard\"\nhorizon_neutron_fwaas_optional_pip_packages:\n  - \"git+{{ neutron_fwaas_dashboard_git_repo }}@{{ neutron_fwaas_dashboard_git_install_branch }}#egg=neutron_fwaas_dashboard\"\nhorizon_octavia_optional_pip_packages:\n  - \"git+{{ octavia_dashboard_git_repo }}@{{ octavia_dashboard_git_install_branch }}#egg=octavia_dashboard\"\nhorizon_tacker_optional_pip_packages:\n  - \"git+{{ tacker_dashboard_git_repo }}@{{ tacker_dashboard_git_install_branch }}#egg=tacker_horizon\"\nhorizon_trove_optional_pip_packages:\n  - \"git+{{ trove_dashboard_git_repo }}@{{ trove_dashboard_git_install_branch }}#egg=trove_dashboard\"\nhorizon_watcher_optional_pip_packages:\n  - \"git+{{ watcher_dashboard_git_repo }}@{{ watcher_dashboard_git_install_branch }}#egg=watcher_dashboard\"\nhorizon_zun_optional_pip_packages:\n  - \"git+{{ zun_dashboard_git_repo }}@{{ zun_dashboard_git_install_branch }}#egg=zun_ui\"\n\n# This variable is used to install additional pip packages\n# that could be needed for additional dashboards required\n# which are not part of the standard set above.\nhorizon_optional_pip_packages: []\n\n# This variable is used to update the horizon translations from\n# Zanata, this can be set to \"True\" when testing translations,\n# but should otherwise be left as False.\nhorizon_translations_update: false\n\n# This variable is used to define the version of the project\n# (horizon) to pull from Zanata. Default value is master,\n# other possibly values are stable/pike, stable/queens...\nhorizon_translations_project_version: \"master\"\n\n# This variable is used to be able to fully override or\n# partially union/intersect lists in order to change the\n# behaviour of the pull of the translations per component.\nhorizon_translations_pull: \"{{ _horizon_translations_pull }}\"\n\n# Set arbitrary horizon configuration options\nhorizon_config_overrides: {}\nhorizon_extra_local_settings: {}\n\n# Set overrides for horizon embedded policies\n# horizon_policy_overrides:\n#   cinder:\n#     \"volume:create\": \"rule:admin_or_owner\"\nhorizon_policy_overrides: {}\n\nhorizon_init_overrides: {}\nhorizon_uwsgi_ini_overrides: {}\n\nhorizon_keystone_admin_roles:\n  - admin\n\n# Set the \"credentials\" authentication choice to show as default.\n# The list of authentication mechanisms which include keystone\n# federation protocols and identity provider/federation protocol\n# horizon_websso_keystone_url: \"{{ horizon_keystone_endpoint }}\"\nhorizon_websso_initial_choice: \"credentials\"\nhorizon_websso_default_redirect: false\nhorizon_websso_default_redirect_region: \"{{ horizon_websso_keystone_url | default(horizon_keystone_endpoint) }}\"\nhorizon_websso_default_redirect_logout: \"\"\nhorizon_websso_use_http_referer: true\n\n###\n### Backend TLS\n###\n\n# Storage location for SSL certificate authority\nhorizon_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\nhorizon_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# horizon server certificate\nhorizon_pki_regen_cert: \"\"\nhorizon_pki_san: \"{{ openstack_pki_san | default({'dns': [ansible_facts['hostname']], 'ip': [management_address]}) }}\"\n\n# Define user-provided SSL certificates\nhorizon_user_ssl_cert: \"\"\nhorizon_user_ssl_key: \"\"\nhorizon_user_ssl_ca_cert: \"\"\n\nhorizon_sysctl_file: \"{{ openstack_sysctl_file | default('/etc/sysctl.conf') }}\"\n","created":"2025-12-08T13:39:59.333608Z","updated":"2025-12-08T13:39:59.333639Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_horizon/defaults/main.yml"}