Deploy Horizon (any releases) from tarballs with Apache for isolated user in virtual environment.

If your company use OpenStack clouds without ‘Horizon Dashboard’ interface, you may wish to deploy your own horizon instance. Or you can use this method for permanent deploy any version of Horizont in your clouds.

However, your concern is that http might be insecure… especially if hosted on a VM or machine accessible from the Internet. So you want an SSL connection. It is will be in next parts of articles


Create an “horizon” user:

On Centos/RHEL:

$ useradd homitaka

sudo permissions for the horizon user:

If you want to be able to “sudo” from the horizon user (for convenience):

$ sudo su -c "echo 'homitakaALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/horizon"
$ sudo chmod 0440 /etc/sudoers.d/horizon

Get the Horizon source:

1 – You can clone horizon sources from git in format of tree of git.

2 – You can to get horizon sources in format of tarball files – You can to get horizon sources in format of tarball files – or for each release –

Variant with git

Add 2 variables into environment:

# su - homitaka
$ cd ~
$ egrep export .bashrc
export PATH=.:$HOME/.local/bin:$HOME/bin:$PATH
export PYTHONPATH=$HOME/.local/lib/python2.7
export DJANGO_SETTINGS_MODULE='openstack_dashboard.settings'
umask 022
pyclean () {
    find . -type f -name "*.py[co]" -delete
    find . -type d -name "__pycache__" -delete

To get and install pip and virtualenv locally:

$ wget --no-check-certificate
$ python --user

$ which pip
$ ./local/bin/pip

$ pip install --user virtualenv
Collecting virtualenv
  Downloading virtualenv-15.1.0-py2.py3-none-any.whl (1.8MB)
    100% |████████████████████████████████| 1.8MB 302kB/s
Installing collected packages: virtualenv
Successfully installed virtualenv-15.1.0

$ which virtualenv

To get clone of master repository. After clonning, you will now see an horizon directory in point of `pwd`.

$ cd public_html
$ git clone
$ cd horizont

Horizon needs python dependencies which may not be provided in the proper version by your OS’s packaging system, so the best is to use a virtual environment to install the python packages without any conflicts with your distribution’s packages:

$ virtualenv --no-site-packages .venv
New python executable in /home/homitaka/public_html/horizon/.venv/bin/python
Installing setuptools, pip, wheel...done.

$ pyclean

$ source .venv/bin/activate
(.venv) $ sed -i 's/^python-novaclient.*/python-novaclient!=2.33.0,>=2.29.0,<=6.0.0' requirements.txt
FOR VERSION OF HORIZON 11.0.1 on Mitaka 
(.venv) $ sed -i 's/^python-novaclient.*/python-novaclient<8.0.0,>6.0.1 # Apache-2.0' requirements.txt

(.venv) $ pip install -Ur requirements.txt
(.venv) $ LC_ALL=C pip install -Ur requirements.txt

Configure your local_settings:

cd ~/public_html/horizon/openstack_dashboard/local
cp -av ~/ .

and open file for changes of any options.

Get the apache configuration script:

If the Web deployment configuration script isn’t yet merged (see Change I6397ba01: Created a make_web_conf command.) you can cherry-pick it:

git checkout -b web-conf-generation-script
git fetch refs/changes/68/82468/6 && git cherry-pick FETCH_HEAD

This patch adds a django_admin management command allowing to create a wsgi file with virtual environment detection, and an apache configuration file. We will use this command. Go back the directory where the file is located. For creating the wsgi file, I use the Web deployment configuration script:

(.venv) $ python make_web_conf --wsgi
Generated "/home/homitaka/public_html/horizon/openstack_dashboard/wsgi/horizon.wsgi"
(.venv) $

Collect static files:

We gather all the static files which apache will have to serve (they will be placed in the directory defined by


in the file):

$ python collectstatic

Compile .pyc files:

If apache does not have write access it won’t be able to write ‘.pyc’ files during code execution, and this drastically slows down python’s performances. Instead of relying on the code execution to compile the bytecode ‘.pyc’ files, I can create them manually. Of course, in reality all process of my horizon will be under own user account.

$ python -m compileall .

Getting localization for ru, de and etc


(.venv) $ cd $HOME/public_html/horizon/openstack_dashboard
(.venv) $ python ../ makemessages -l ru
(.venv) $ python ../ makemessages -d djangojs -l ru
(.venv) $ python ../ compilemessages

(.venv) $ cd $HOME/public_html/horizon/horizon
(.venv) $ python ../ makemessages -l ru
(.venv) $ python ../ makemessages -d djangojs -l ru
(.venv) $ python ../ compilemessages

FOR VERSION OF HORIZON 11.0.1 on Mitaka 

(.venv) $ cd $HOME/public_html/horizon/openstack_dashboard
(.venv) $ python ../ makemessages -l ru
(.venv) $ python ../ compilemessages

(.venv) $ cd $HOME/public_html/horizon/horizon
(.venv) $ python ../ makemessages -l ru
(.venv) $ python ../ compilemessages

Give apache some permissions:

I can give apache read access to files, execution permission on directories, and write permission to static files directory, only if will not be use options in wsgi configuration for owner of process:

sudo chmod -R g+r ~/
find ~/ -type d -exec sudo chmod g+x {} \;
find ~/horizon/static -type d -exec chmod g+w {} \;

Create your apache configuration file:

I can use the Web deployment configuration script again:

python make_web_conf --apache --ssl \
--sslcert=/home/horizon/easy-rsa/keys/My_Server_Name.crt \
--sslkey=/home/horizon/easy-rsa/keys/My_Server_Name.key \ > apache_horizon.conf

Now I can use content of this file for change of configuration of some virtual host

Notes about unscoped tokens:

Some cloud companies do not let you log in with an unscoped token and horizon logs will tell you your login failed even though you entered the proper password. If this is the case, you may need to modify your .venv/lib/python2.7/site-packages/openstack_auth/ (or .venv/lib/python2.6/site-packages/openstack_auth/ file like this:

change the


block line 134:

   client = keystone_client.Client(,


   client = keystone_client.Client(,

Keep up to date:

Once Horizon deployed, staying up to date is easy:

git checkout master
git remote update && git pull --ff-only origin master
source .venv/bin/activate
pip install -Ur requirements.txt  # you might need to redo the unscoped tokens change
find . -name "*.pyc" -delete
python -m compileall .
python collectstatic
chmod -R g+r ~/horizon
find ~/horizon -type d -exec chmod g+x {} \;
find ~/horizon/static -type d -exec chmod g+w {} \;

And restart apache.

Enjoy your Horizon GUI

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *


Scroll to top