If your company use OpenStack clouds without ‘Horizon Dashboard’ interface, you may wish to deploy your own horizon instance. Or you can use this method for permanent deploy any version of Horizont in your clouds.
However, your concern is that http might be insecure… especially if hosted on a VM or machine accessible from the Internet. So you want an SSL connection. It is will be in next parts of articles
ref: https://docs.openstack.org/developer/horizon/topics/install.html
Create an “horizon” user:
On Centos/RHEL:
$ useradd homitaka
sudo permissions for the horizon user:
If you want to be able to “sudo” from the horizon user (for convenience):
$ sudo su -c "echo 'homitakaALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/horizon" $ sudo chmod 0440 /etc/sudoers.d/horizon
Get the Horizon source:
1 – You can clone horizon sources from git in format of tree of git.
2 – You can to get horizon sources in format of tarball files – You can to get horizon sources in format of tarball files – http://tarballs.openstack.org or for each release – https://releases.openstack.org/mitaka/index.html#mitaka-horizon
Variant with git
Add 2 variables into environment:
# su - homitaka
$ cd ~
$ egrep export .bashrc
...
export PATH=.:$HOME/.local/bin:$HOME/bin:$PATH
export PYTHONPATH=$HOME/.local/lib/python2.7
export DJANGO_SETTINGS_MODULE='openstack_dashboard.settings'
umask 022
pyclean () {
find . -type f -name "*.py[co]" -delete
find . -type d -name "__pycache__" -delete
}
$
To get and install pip and virtualenv locally:
$ wget --no-check-certificate https://bootstrap.pypa.io/get-pip.py
$ python get-pip.py --user
$ which pip
$ ./local/bin/pip
$ pip install --user virtualenv
Collecting virtualenv
Downloading virtualenv-15.1.0-py2.py3-none-any.whl (1.8MB)
100% |████████████████████████████████| 1.8MB 302kB/s
Installing collected packages: virtualenv
Successfully installed virtualenv-15.1.0
$ which virtualenv
~/.local/bin/virtualenv
To get clone of master repository. After clonning, you will now see an horizon directory in point of `pwd`.
$ cd public_html $ git clone http://git.openstack.org/openstack/horizon.git $ cd horizont
Horizon needs python dependencies which may not be provided in the proper version by your OS’s packaging system, so the best is to use a virtual environment to install the python packages without any conflicts with your distribution’s packages:
$ virtualenv --no-site-packages .venv New python executable in /home/homitaka/public_html/horizon/.venv/bin/python Installing setuptools, pip, wheel...done. $ pyclean $ source .venv/bin/activate FOR VERSION OF HORIZON 9.1.2 on Mitaka (.venv) $ sed -i 's/^python-novaclient.*/python-novaclient!=2.33.0,>=2.29.0,<=6.0.0' requirements.txt FOR VERSION OF HORIZON 11.0.1 on Mitaka (.venv) $ sed -i 's/^python-novaclient.*/python-novaclient<8.0.0,>6.0.1 # Apache-2.0' requirements.txt (.venv) $ pip install -Ur requirements.txt OR (.venv) $ LC_ALL=C pip install -Ur requirements.txt
Configure your local_settings:
cd ~/public_html/horizon/openstack_dashboard/local cp -av ~/local_settings.py .
and open file for changes of any options.
Get the apache configuration script:
If the Web deployment configuration script isn’t yet merged (see Change I6397ba01: Created a make_web_conf command.) you can cherry-pick it:
git checkout -b web-conf-generation-script git fetch https://review.openstack.org/openstack/horizon refs/changes/68/82468/6 && git cherry-pick FETCH_HEAD
This patch adds a django_admin management command allowing to create a wsgi file with virtual environment detection, and an apache configuration file. We will use this command. Go back the directory where the manage.py file is located. For creating the wsgi file, I use the Web deployment configuration script:
(.venv) $ python manage.py make_web_conf --wsgi Generated "/home/homitaka/public_html/horizon/openstack_dashboard/wsgi/horizon.wsgi" (.venv) $
Collect static files:
We gather all the static files which apache will have to serve (they will be placed in the directory defined by
1 | STATIC_ROOT |
in the local_settings.py file):
$ python manage.py collectstatic
Compile .pyc files:
If apache does not have write access it won’t be able to write ‘.pyc’ files during code execution, and this drastically slows down python’s performances. Instead of relying on the code execution to compile the bytecode ‘.pyc’ files, I can create them manually. Of course, in reality all process of my horizon will be under own user account.
$ python -m compileall .
Getting localization for ru, de and etc
FOR VERSION OF HORIZON 9.1.2 on Mitaka (.venv) $ cd $HOME/public_html/horizon/openstack_dashboard (.venv) $ python ../manage.py makemessages -l ru (.venv) $ python ../manage.py makemessages -d djangojs -l ru (.venv) $ python ../manage.py compilemessages (.venv) $ cd $HOME/public_html/horizon/horizon (.venv) $ python ../manage.py makemessages -l ru (.venv) $ python ../manage.py makemessages -d djangojs -l ru (.venv) $ python ../manage.py compilemessages FOR VERSION OF HORIZON 11.0.1 on Mitaka (.venv) $ cd $HOME/public_html/horizon/openstack_dashboard (.venv) $ python ../manage.py makemessages -l ru (.venv) $ python ../manage.py compilemessages (.venv) $ cd $HOME/public_html/horizon/horizon (.venv) $ python ../manage.py makemessages -l ru (.venv) $ python ../manage.py compilemessages
Give apache some permissions:
I can give apache read access to files, execution permission on directories, and write permission to static files directory, only if will not be use options in wsgi configuration for owner of process:
sudo chmod -R g+r ~/
find ~/ -type d -exec sudo chmod g+x {} \;
find ~/horizon/static -type d -exec chmod g+w {} \;
Create your apache configuration file:
I can use the Web deployment configuration script again:
python manage.py make_web_conf --apache --ssl \ --sslcert=/home/horizon/easy-rsa/keys/My_Server_Name.crt \ --sslkey=/home/horizon/easy-rsa/keys/My_Server_Name.key \ --mail=your.email@youdomain.com > apache_horizon.conf
Now I can use content of this file for change of configuration of some virtual host
Notes about unscoped tokens:
Some cloud companies do not let you log in with an unscoped token and horizon logs will tell you your login failed even though you entered the proper password. If this is the case, you may need to modify your .venv/lib/python2.7/site-packages/openstack_auth/backend.py (or .venv/lib/python2.6/site-packages/openstack_auth/backend.py) file like this:
change the
1 | try |
block line 134:
try:
client = keystone_client.Client(
tenant_id=project.id,
token=unscoped_auth_ref.auth_token,
auth_url=auth_url,
insecure=insecure,
cacert=ca_cert,
debug=settings.DEBUG)
to:
try:
client = keystone_client.Client(
tenant_id=project.id,
#token=unscoped_auth_ref.auth_token,
user_domain_name=user_domain_name,
username=username,
password=password,
auth_url=auth_url,
insecure=insecure,
debug=settings.DEBUG)
Keep up to date:
Once Horizon deployed, staying up to date is easy:
git checkout master
git remote update && git pull --ff-only origin master
source .venv/bin/activate
pip install -Ur requirements.txt # you might need to redo the unscoped tokens change
find . -name "*.pyc" -delete
python -m compileall .
python manage.py collectstatic
chmod -R g+r ~/horizon
find ~/horizon -type d -exec chmod g+x {} \;
find ~/horizon/static -type d -exec chmod g+w {} \;
And restart apache.
Enjoy your Horizon GUI