第六篇horizon— Web管理界面

第六篇horizon— Web管理界面
一、horizon 介绍：
理解 horizon
Horizon 为 Openstack 提供一个 WEB 前端的管理界面 (UI 服务 )通过 Horizone 所提供的 DashBoard 服务 , 管理员可以使用通过 WEB UI 对 Openstack 整体云环境进行管理 , 并可直观看到各种操作结果与运行状态。

DashBoard 与其他组件的关系

登陆 Dashboard 界面
启动客户端浏览器，于地址栏输入：
http://Horizone_server_ip/dashboard

二、 dashbord 的配置文件：
vim /etc/openstack-dashboard/local_settings

-- coding: utf-8 --

import os

from django.utils.translation import ugettext_lazy as _

from openstack_dashboard.settings import HORIZON_CONFIG

DEBUG = False

WEBROOT is the location relative to Webserver root

should end with a slash.

WEBROOT = ‘/dashboard/’
#LOGIN_URL = WEBROOT + ‘auth/login/’
#LOGOUT_URL = WEBROOT + ‘auth/logout/’

LOGIN_REDIRECT_URL can be used as an alternative for

HORIZON_CONFIG.user_home, if user_home is not set.

Do not set it to ‘/home/’, as this will cause circular redirect loop

#LOGIN_REDIRECT_URL = WEBROOT

If horizon is running in production (DEBUG is False), set this

with the list of host/domain names that the application can serve.

For more information see:

https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts

ALLOWED_HOSTS = [‘horizon.example.com’, ‘localhost’,’*’]

Set SSL proxy settings:

Pass this header from the proxy after terminating the SSL,

and don’t forget to strip it from the client’s request.

For more information see:

https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header

#SECURE_PROXY_SSL_HEADER = (‘HTTP_X_FORWARDED_PROTO’, ‘https’)

If Horizon is being served through SSL, then uncomment the following two

settings to better secure the cookies from security exploits

#CSRF_COOKIE_SECURE = True
#SESSION_COOKIE_SECURE = True

The absolute path to the directory where message files are collected.

The message file must have a .json file extension. When the user logins to

horizon, the message files collected are processed and displayed to the user.

#MESSAGES_PATH=None

Overrides for OpenStack API versions. Use this setting to force the

OpenStack dashboard to use a specific API version for a given service API.

Versions specified here should be integers or floats, not strings.

NOTE: The version should be formatted as it appears in the URL for the

service API. For example, The identity service APIs have inconsistent

use of the decimal point, so valid options would be 2.0 or 3.

Minimum compute version to get the instance locked status is 2.9.

OPENSTACK_API_VERSIONS = {

“data-processing”: 1.1,

"identity": 3,
"image": 2,
"volume": 2,
"compute": 2,

}

Set this to True if running on a multi-domain model. When this is enabled, it

will require the user to enter the Domain name in addition to the username

for login.

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

Overrides the default domain used when running on single-domain model

with Keystone V3. All entities will be created in the default domain.

NOTE: This value must be the name of the default domain, NOT the ID.

Also, you will most likely have a value in the keystone policy file like this

“cloud_admin”: “rule:admin_required and domain_id:”

This value must be the name of the domain whose ID is specified there.

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = ‘Default’

Set this to True to enable panels that provide the ability for users to

manage Identity Providers (IdPs) and establish a set of rules to map

federation protocol attributes to Identity API attributes.

This extension requires v3.0+ of the Identity API.

#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False

Set Console type:

valid options are “AUTO”(default), “VNC”, “SPICE”, “RDP”, “SERIAL” or None

Set to None explicitly if you want to deactivate the console.

#CONSOLE_TYPE = “AUTO”

If provided, a “Report Bug” link will be displayed in the site header

which links to the value of this setting (ideally a URL containing

information on how to report issues).

#HORIZON_CONFIG[“bug_url”] = “http://bug-report.example.com”

Show backdrop element outside the modal, do not close the modal

after clicking on backdrop.

#HORIZON_CONFIG[“modal_backdrop”] = “static”

Specify a regular expression to validate user passwords.

#HORIZON_CONFIG[“password_validator”] = {

“regex”: ‘.*’,

“help_text”: _(“Your password does not meet the requirements.”),

#}

Disable simplified floating IP address management for deployments with

multiple floating IP pools or complex network requirements.

#HORIZON_CONFIG[“simple_ip_management”] = False

Turn off browser autocompletion for forms including the login form and

the database creation workflow if so desired.

#HORIZON_CONFIG[“password_autocomplete”] = “off”

Setting this to True will disable the reveal button for password fields,

including on the login form.

#HORIZON_CONFIG[“disable_password_reveal”] = False

LOCAL_PATH = ‘/tmp’

Set custom secret key:

You can either set it to a specific value or you can let horizon generate a

default secret key that is unique on this machine, e.i. regardless of the

amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,

there may be situations where you would want to set this explicitly, e.g.

when multiple dashboard instances are distributed on different machines

(usually behind a load-balancer). Either you have to make sure that a session

gets all requests routed to the same dashboard instance or you set the same

SECRET_KEY for all of them.

SECRET_KEY=‘852c7ef13d000ba1bf5d’

We recommend you use memcached for development; otherwise after every reload

of the django development server, you will have to login again. To use