Simple deployment (HTTP)
Specify the host for your OpenStack Identity Service endpoint in the
/etc/openstack-dashboard/local_settings.py
file with the OPENSTACK_HOST setting. An example is included:import os from django.utils.translation import ugettext_lazy as _ DEBUG = False TEMPLATE_DEBUG = DEBUG PROD = True USE_SSL = False SITE_BRANDING = 'OpenStack Dashboard' # Ubuntu-specific: Enables an extra panel in the 'Settings' section # that easily generates a Juju environments.yaml for download, # preconfigured with endpoints and credentials required for bootstrap # and service deployment. ENABLE_JUJU_PANEL = True # Note: You should change this value SECRET_KEY = 'elj1IWiLoWHgryYxFT6j7cM5fGOOxWY0' # Specify a regular expression to validate user passwords. # HORIZON_CONFIG = { # "password_validator": { # "regex": '.*', # "help_text": _("Your password does not meet the requirements.") # } # } LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) CACHES = { 'default': { 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION' : '127.0.0.1:11211' } } # Send email to the console by default EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # Or send them to /dev/null #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' # Configure these for your outgoing email host # EMAIL_HOST = 'smtp.my-company.com' # EMAIL_PORT = 25 # EMAIL_HOST_USER = 'djangomail' # EMAIL_HOST_PASSWORD = 'top-secret!' # For multiple regions uncomment this configuration, and add (endpoint, title). # AVAILABLE_REGIONS = [ # ('http://cluster1.example.com:5000/v2.0', 'cluster1'), # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), # ] OPENSTACK_HOST = "127.0.0.1" OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member" # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the # capabilities of the auth backend for Keystone. # If Keystone has been configured to use LDAP as the auth backend then set # can_edit_user to False and name to 'ldap'. # # TODO(tres): Remove these once Keystone has an API to identify auth backend. OPENSTACK_KEYSTONE_BACKEND = { 'name': 'native', 'can_edit_user': True } # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints # in the Keystone service catalog. Use this setting when Horizon is running # external to the OpenStack environment. The default is 'internalURL'. #OPENSTACK_ENDPOINT_TYPE = "publicURL" # The number of Swift containers and objects to display on a single page before # providing a paging element (a "more" link) to paginate results. API_RESULT_LIMIT = 1000 # If you have external monitoring links, eg: # EXTERNAL_MONITORING = [ # ['Nagios','http://foo.com'], # ['Ganglia','http://bar.com'], # ] LOGGING = { 'version': 1, # When set to True this will disable all logging except # for loggers specified in this configuration dictionary. Note that # if nothing is specified here and disable_existing_loggers is True, # django.db.backends will still log unless it is disabled explicitly. 'disable_existing_loggers': False, 'handlers': { 'null': { 'level': 'DEBUG', 'class': 'django.utils.log.NullHandler', }, 'console': { # Set the level to "DEBUG" for verbose output logging. 'level': 'INFO', 'class': 'logging.StreamHandler', }, }, 'loggers': { # Logging from django.db.backends is VERY verbose, send to null # by default. 'django.db.backends': { 'handlers': ['null'], 'propagate': False, }, 'horizon': { 'handlers': ['console'], 'propagate': False, }, 'novaclient': { 'handlers': ['console'], 'propagate': False, }, 'keystoneclient': { 'handlers': ['console'], 'propagate': False, }, 'nose.plugins.manager': { 'handlers': ['console'], 'propagate': False, } } }
The HORIZON_CONFIG dictionary contains all the settings for the Dashboard. Whether or not a service is in the Dashboard depends on the Service Catalog configuration in the Identity service. Refer to Horizon Settings and Configuration for the full listing.
Secured deployment (HTTPS)
While the standard installation uses a non-encrypted channel (HTTP), it is possible to enable the SSL support for the OpenStack Dashboard. In the following example, we use the domain "http://openstack.example.com", make sure to use one that fits your current setup.
In
/etc/openstack-dashboard/local_settings.py
update the following directive:USE_SSL = True
Edit
/etc/apache2/ports.conf
and add the following line:NameVirtualHost *:443
Edit
/etc/apache2/conf.d/openstack-dashboard.conf:
Before:
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Order allow,deny Allow from all </Directory>
After:
<VirtualHost *:80> ServerName openstack.example.com RedirectPermanent / https://openstack.example.com </VirtualHost> <VirtualHost *:443> ServerName openstack.example.com SSLEngine On SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Order allow,deny Allow from all </Directory> </VirtualHost>
In this configuration, we instruct Apache to listen on the port 443 and to redirect all the hits to the HTTPs protocol for all the non-secured requests. In the secured section, we define as well the private key, the public key, and the certificate to use.
Finally restart Apache and memcached:
# service apache2 restart # service memcached restart
You should now be redirected to the HTTPs page if you call the HTTP version of the dashboard via your browser.