]>

Before you can install and configure the dashboard, meet the requirements in . For more information about how to deploy the dashboard, see Deploying Horizon. Install the dashboard on the node that can contact the Identity Service as root: # apt-get install memcached libapache2-mod-wsgi openstack-dashboard # yum install memcached python-memcached mod_wsgi openstack-dashboard Modify the value of CACHES['default']['LOCATION'] in /etc/openstack-dashboard/local_settings.py/etc/openstack-dashboard/local_settings to match the ones set in /etc/memcached.conf/etc/sysconfig/memcached.conf. Open /etc/openstack-dashboard/local_settings.py/etc/openstack-dashboard/local_settings and look for this line: CACHES = { 'default': { 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION' : '127.0.0.1:11211' } } The address and port must match the ones set in /etc/memcached.conf/etc/sysconfig/memcached. If you change the memcached settings, you must restart the Apache web server for the changes to take effect. You can use options other than memcached option for session storage. Set the session back-end through the SESSION_ENGINE option. To change the timezone, use the dashboard or edit the /etc/openstack-dashboard/local_settings/etc/openstack-dashboard/local_settings.py file. Change the following parameter: TIME_ZONE = "UTC" Make sure that the web browser on your local machine supports HTML5. Enable cookies and JavaScript. To use the VNC client with the dashboard, the browser must support HTML5 Canvas and HTML5 WebSockets. For details about browsers that support noVNC, see https://github.com/kanaka/noVNC/blob/master/README.md, and https://github.com/kanaka/noVNC/wiki/Browser-support. You can configure the dashboard for a simple HTTP deployment or a secured HTTPS deployment. While the standard installation uses a non-encrypted HTTP channel, you can enable SSL support for the dashboard. Specify the host for your OpenStack Identity Service endpoint in the /etc/openstack-dashboard/local_settings.py file with the OPENSTACK_HOST setting. The following example shows this setting: The service catalog configuration in the Identity Service determines whether a service appears in the dashboard. For the full listing, see Horizon Settings and Configuration. Restart Apache and memcached: # service apache2 restart # service memcached restart The following example uses the domain, "http://openstack.example.com." Use a domain that fits your current setup. In/etc/openstack-dashboard/local_settings.py update the following directives:USE_SSL = True CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True SESSION_COOKIE_HTTPONLY = True The first option is required to enable HTTPS. The other recommended settings defend against cross-site scripting and require HTTPS. Edit /etc/apache2/ports.conf and add the following line: NameVirtualHost *:443 Edit /etc/apache2/conf.d/openstack-dashboard.conf: Before: WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Order allow,deny Allow from all </Directory> After: <VirtualHost *:80> ServerName openstack.example.com <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> <IfModule !mod_rewrite.c> RedirectPermanent / https://openstack.example.com </IfModule> </VirtualHost> <VirtualHost *:443> ServerName openstack.example.com SSLEngine On # Remember to replace certificates and keys with valid paths in your environment SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown # HTTP Strict Transport Security (HSTS) enforces that all communications # with a server go over SSL. This mitigates the threat from attacks such # as SSL-Strip which replaces links on the wire, stripping away https prefixes # and potentially allowing an attacker to view confidential information on the # wire Header add Strict-Transport-Security "max-age=15768000" WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Order allow,deny Allow from all </Directory> </VirtualHost> In this configuration, Apache listens on the port 443 and redirects all the hits to the HTTPS protocol for all the non-secured requests. The secured section defines the private key, public key, and certificate to use. Restart Apache and memcached: # service apache2 restart # service memcached restart If you try to access the dashboard through HTTP, the browser redirects you to the HTTPS page. The _detail_vnc.html file defines the size of the VNC window. To change the window size, edit this file. Edit /usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html. Modify the width and height parameters, as follows: <iframe src="{{ vnc_url }}" width="720" height="430"></iframe>