Horizon serves as the web portal for OpenStack. The following procedure assumes regular HTTP access to Horizon instead of SSL/TLS.
controller# pkg install horizon
Your configuration uses HTTP.
Provide settings to the /etc/openstack_dashboard/local_settings.py script.
controller# gsed -i -e s@SECURE_PROXY_SSL_HEADER@#SECURE_PROXY_SSL_HEADER@ \ -e s@CSRF_COOKIE_SECURE@#CSRF_COOKIE_SECURE@ \ -e s@SESSION_COOKIE_SECURE@#SESSION_COOKIE_SECURE@ \ /etc/openstack_dashboard/local_settings.py
Copy the HTTP version of the http.conf file for OpenStack.
controller# cp /etc/apache2/2.2/samples-conf.d/openstack-dashboard-http.conf \ /etc/apache24/2.2/conf.d/
Your configuration uses SSL/TLS.
Generate certificates for use by Horizon.
The following commands generate self-signed certificates for use by Horizon and copy the OpenStack dashboard configuration file to the Apache configuration file directory. For more information about creating self-signed certificates, see the Apache SSL/TLS Strong Encryption: FAQ.
controller# export DASHBOARD=/etc/openstack_dashboard controller# openssl req -new -x509 -nodes \ -out horizon.crt -keyout horizon.key controller# mv horizon.crt horizon.key ${DASHBOARD} controller# chmod 0600 ${DASHBOARD}/horizon.* controller# sed \ -e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:" \ -e "/SSLCACertificateFile/d" \ -e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:" \ < /etc/apache2/2.2/samples-conf.d/openstack-dashboard-tls.conf \ > /etc/apache2/2.2/conf.d/openstack-dashboard-tls.conf
In the ~/conf.d/openstack-dashboard-tls.conf file, specify the site address and server name of the Horizon package on the following parameters:
RedirectPermanent=controller-IP ServerName=controller-name
controller# svcadm enable apache22