Openstack Horizon installation with SSL on Ubuntu

29-05-2014 | Remy van Elst


openStack Logo

This is a guide on installing the Openstack Horizon dashboard on Ubuntu 12.04 or 14.04, including SSL setup. It features nice screenshots and even an Ansible playbook to automate it all. We will set up the Icehouse version of Horizon.

Openstack is one of those cloudy cloud projects. Warning, keep your buzzword bingo cards ready for the Wikipedia definition:

OpenStack is a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution. The technology consists of a series of interrelated projects that control pools of processing, storage, and networking resources throughout a data center, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API. It is released under the terms of the Apache License.

This tutorial does not cover a full openstack cluster setup, just the Dashboard. In this tutorial my Dashboard talks to the CloudVPS Openstack service, change this for your own Openstack installation.

You can see all my Openstack related tutorials here. For example, how to use Duplicity to create Encrypted backups to the Openstack Swift Object Store.

openstack

Requirements

  • Ubuntu 12.04 or 14.04 machine
  • An Openstack cluster with at least:
    • compute (kvm)
    • keystone (identity)
    • glance (images)
    • cinder (block storage)
    • neutron/classic networking

Just swift (object store) and keystone are also OK, just to manage Object storage.

I'll be using the CloudVPS public Openstack cloud in this example.

If you order a VPS or Objectstore at CloudVPS, please mention my name or this article. I'll get a little referal bonus, which will be used to keep this awesome website running.

Note that this article is not sponsored nor endorsed by CloudVPS, nor am I speaking for or as CloudVPS.

Install packages

Because Ubuntu 14.04 has Cloudy Support (as in, Openstack Icehouse in the main repo) we can just install it. First update the system:

apt-get update

Then install the packages required:

apt-get install -y apache2 memcached libapache2-mod-wsgi openstack-dashboard

Remove the ubuntu dashboard theme, this prevents the network map, translations and some menu's from working:

apt-get remove -y --purge openstack-dashboard-ubuntu-theme

Here's a picture of Horizon with the Ubuntu theme:

openstack

If you run 12.04 you should add the Icehouse Openstack repository first:

apt-get install python-software-properties
add-apt-repository cloud-archive:icehouse
apt-get update

If you only want the dashboard you don't need the backported kernel on 12.04. Otherwise, install the following extra packages: linux-image-generic-lts-saucy linux-headers-generic-lts-saucy and reboot.

Configure Apache

Make sure the Horizon dashboard config is enabled:

a2enconf openstack-dashboard

On 12.04 this is not needed. The config is already enabled there in /etc/apache2/conf.d/.

Enable HTTPS:

a2ensite default-ssl
a2enmod ssl

If you want to redirect all traffic from HTTP to HTTPS, which you should, enable mod_rewrite:

a2enmod rewrite

Edit /etc/apache2/sites-enabled/000-default.conf:

vim /etc/apache2/sites-enabled/000-default.conf

On 12.04 the file is named without .conf:

vim /etc/apache2/sites-enabled/000-default

And add the following:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Somewhere in the <Virtualhost> part.

Make sure to set up a correct certificate if you are going to run HTTPS in production. If you need tips to Set up strong SSL security on Apache, see my tutorial.

Don't forget to restart Apache:

service apache2 restart

Configure Horizon

Edit the dashboard config:

vim /etc/openstack-dashboard/local_settings.py

Add the following if you are using SSL:

CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
USE_SSL = True

Configure the Openstack host by setting the following variables:

OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"

I'm using CloudVPS's Openstack service, so for me the variables are like this:

OPENSTACK_KEYSTONE_URL = "https://identity.stack.cloudvps.com/v2.0"

Thats it. Visit the Dasboard at http://$IPADDRESS/horizon and login.

Here's another screenshot showing the Swift (Object Storage) part of Horizon:

openstack

Ansible Playbook

I've also written an simple Ansible playbook to install a Horizon instance. You can find it in this Github repository.


Tags: cloud, compute, dashboard, gpg, horizon, keystone, openstack, python, ubuntu,