64b6c9261e
Current folder name New folder name Book title ---------------------------------------------------------- basic-install DELETE cli-guide DELETE common common NEW admin-guide-cloud Cloud Administrators Guide docbkx-example DELETE openstack-block-storage-admin DELETE openstack-compute-admin DELETE openstack-config config-reference OpenStack Configuration Reference openstack-ha high-availability-guide OpenStack High Availabilty Guide openstack-image image-guide OpenStack Virtual Machine Image Guide openstack-install install-guide OpenStack Installation Guide openstack-network-connectivity-admin admin-guide-network OpenStack Networking Administration Guide openstack-object-storage-admin DELETE openstack-security security-guide OpenStack Security Guide openstack-training training-guide OpenStack Training Guide openstack-user user-guide OpenStack End User Guide openstack-user-admin user-guide-admin OpenStack Admin User Guide glossary NEW OpenStack Glossary bug: #1220407 Change-Id: Id5ffc774b966ba7b9a591743a877aa10ab3094c7 author: diane fleming
228 lines
11 KiB
XML
228 lines
11 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE section [
|
|
<!-- Some useful entities borrowed from HTML -->
|
|
<!ENTITY ndash "–">
|
|
<!ENTITY mdash "—">
|
|
<!ENTITY hellip "…">
|
|
]>
|
|
<section xml:id="installing-openstack-dashboard"
|
|
xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
|
|
<title>Install and configure the dashboard</title>
|
|
<para>Before you can install and configure the dashboard, meet the
|
|
requirements in <xref linkend="dashboard-system-requirements"/>.</para>
|
|
<para>For more information about how to deploy the dashboard, see <link
|
|
xlink:href="http://docs.openstack.org/developer/horizon/topics/deployment.html"
|
|
>Deploying Horizon</link>.</para>
|
|
<procedure>
|
|
<title>To install the dashboard</title>
|
|
<step>
|
|
<para>Install the dashboard on the node that can contact the
|
|
Identity Service as root:</para>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install memcached libapache2-mod-wsgi openstack-dashboard</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install memcached python-memcached mod_wsgi openstack-dashboard</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Modify the value of
|
|
<literal>CACHES['default']['LOCATION']</literal> in
|
|
<filename os="ubuntu"
|
|
>/etc/openstack-dashboard/local_settings.py</filename><filename
|
|
os="centos;fedora;rhel"
|
|
>/etc/openstack-dashboard/local_settings</filename> to match
|
|
the ones set in <filename os="ubuntu"
|
|
>/etc/memcached.conf</filename><filename
|
|
os="centos;fedora;rhel"
|
|
>/etc/sysconfig/memcached.conf</filename>.</para>
|
|
<para>Open <filename os="ubuntu"
|
|
>/etc/openstack-dashboard/local_settings.py</filename><filename
|
|
os="centos;fedora;rhel"
|
|
>/etc/openstack-dashboard/local_settings</filename> and look
|
|
for this line:</para>
|
|
<programlisting language="bash" linenumbering="unnumbered">CACHES = {
|
|
'default': {
|
|
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
|
|
'LOCATION' : '127.0.0.1:11211'
|
|
}
|
|
}</programlisting>
|
|
<note xlink:href="#installing-openstack-dashboard"
|
|
xlink:title="Notes">
|
|
<title>Notes</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>The address and port must match the ones set in
|
|
<filename os="ubuntu"
|
|
>/etc/memcached.conf</filename><filename
|
|
os="centos;fedora;rhel"
|
|
>/etc/sysconfig/memcached</filename>.</para>
|
|
<para>If you change the memcached settings, you must
|
|
restart the Apache web server for the changes to
|
|
take effect.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>You can use options other than memcached option
|
|
for session storage. Set the session back-end
|
|
through the <parameter>SESSION_ENGINE</parameter>
|
|
option.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>To change the timezone, use the dashboard or edit
|
|
the <filename os="centos;fedora;rhel"
|
|
>/etc/openstack-dashboard/local_settings</filename><filename
|
|
os="ubuntu"
|
|
>/etc/openstack-dashboard/local_settings.py</filename>
|
|
file.</para>
|
|
<para>Change the following parameter: <code>TIME_ZONE =
|
|
"UTC"</code>
|
|
</para>
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Make sure that the web browser on your local machine supports
|
|
HTML5.</para>
|
|
<para>Enable cookies and JavaScript.</para>
|
|
<note>
|
|
<para>To use the VNC client with the dashboard, the browser must
|
|
support HTML5 Canvas and HTML5 WebSockets.</para>
|
|
<para>For details about browsers that support noVNC, see <link
|
|
xlink:href="https://github.com/kanaka/noVNC/blob/master/README.md"
|
|
>https://github.com/kanaka/noVNC/blob/master/README.md</link>,
|
|
and <link
|
|
xlink:href="https://github.com/kanaka/noVNC/wiki/Browser-support"
|
|
>https://github.com/kanaka/noVNC/wiki/Browser-support</link>.</para>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
<para>You can configure the dashboard for a simple HTTP deployment
|
|
or a secured HTTPS deployment. While the standard installation
|
|
uses a non-encrypted HTTP channel, you can enable SSL support
|
|
for the dashboard.</para>
|
|
<procedure xml:id="dashboard-config-http">
|
|
<title>To configure the dashboard for HTTP</title>
|
|
<step>
|
|
<para>Specify the host for your OpenStack Identity
|
|
Service endpoint in the
|
|
<filename>/etc/openstack-dashboard/local_settings.py</filename>
|
|
file with the <literal>OPENSTACK_HOST</literal>
|
|
setting.</para>
|
|
<para>The following example shows this setting:</para>
|
|
<programlisting language="python"><?db-font-size 65%?><xi:include parse="text" href="samples/local_settings.py"/></programlisting>
|
|
<para>The service catalog configuration in the
|
|
Identity Service determines whether a service appears
|
|
in the dashboard. For the full listing, see <link
|
|
xlink:href="http://docs.openstack.org/developer/horizon/topics/settings.html"
|
|
>Horizon Settings and Configuration</link>.</para>
|
|
</step>
|
|
<step>
|
|
<para>Restart Apache and memcached:</para>
|
|
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
|
|
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
<procedure xml:id="dashboard-config-https">
|
|
<title>To configure the dashboard for HTTPS</title>
|
|
<para>The following example uses the domain,
|
|
"http://openstack.example.com." Use a domain that fits
|
|
your current setup.</para>
|
|
<step>
|
|
<para>In<filename>/etc/openstack-dashboard/local_settings.py</filename>
|
|
update the following
|
|
directives:<programlisting>USE_SSL = True
|
|
CSRF_COOKIE_SECURE = True
|
|
SESSION_COOKIE_SECURE = True
|
|
SESSION_COOKIE_HTTPONLY = True</programlisting></para>
|
|
<para>The first option is required to enable HTTPS.
|
|
The other recommended settings defend against
|
|
cross-site scripting and require HTTPS.</para>
|
|
</step>
|
|
<step>
|
|
<para>Edit
|
|
<filename>/etc/apache2/ports.conf</filename>
|
|
and add the following line:</para>
|
|
<programlisting>NameVirtualHost *:443</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Edit
|
|
<filename>/etc/apache2/conf.d/openstack-dashboard.conf:</filename></para>
|
|
|
|
<para>Before:</para>
|
|
<programlisting><?db-font-size 65%?>WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
|
|
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
|
|
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
|
|
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory></programlisting>
|
|
|
|
<para>After:</para>
|
|
<programlisting><?db-font-size 65%?><VirtualHost *:80>
|
|
ServerName openstack.example.com
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} off
|
|
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
|
</IfModule>
|
|
<IfModule !mod_rewrite.c>
|
|
RedirectPermanent / https://openstack.example.com
|
|
</IfModule>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName openstack.example.com
|
|
|
|
SSLEngine On
|
|
# Remember to replace certificates and keys with valid paths in your environment
|
|
SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt
|
|
SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt
|
|
SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key
|
|
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|
|
|
|
# HTTP Strict Transport Security (HSTS) enforces that all communications
|
|
# with a server go over SSL. This mitigates the threat from attacks such
|
|
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
|
|
# and potentially allowing an attacker to view confidential information on the
|
|
# wire
|
|
Header add Strict-Transport-Security "max-age=15768000"
|
|
|
|
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
|
|
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
|
|
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
|
|
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory>
|
|
</VirtualHost></programlisting>
|
|
<para>In this configuration, Apache listens on the
|
|
port 443 and redirects all the hits to the HTTPS
|
|
protocol for all the non-secured requests. The secured
|
|
section defines the private key, public key, and
|
|
certificate to use.</para>
|
|
</step>
|
|
<step>
|
|
<para>Restart Apache and memcached:</para>
|
|
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
|
|
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
|
|
<para>If you try to access the dashboard through HTTP,
|
|
the browser redirects you to the HTTPS page.</para>
|
|
</step>
|
|
</procedure>
|
|
<procedure xml:id="adjust-vnc-window">
|
|
<title>To adjust the dimensions of the VNC window in the
|
|
Dashboard</title>
|
|
<para>The <filename>_detail_vnc.html</filename> file defines
|
|
the size of the VNC window. To change the window size, edit
|
|
this file.</para>
|
|
<step>
|
|
<para>Edit
|
|
<filename>/usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html.</filename></para>
|
|
</step>
|
|
<step>
|
|
<para>Modify the <literal>width</literal> and
|
|
<literal>height</literal> parameters, as follows:</para>
|
|
<programlisting><iframe src="{{ vnc_url }}" width="720" height="430"></iframe></programlisting>
|
|
</step>
|
|
</procedure>
|
|
</section>
|