[ English | 한국어 (대한민국) | português (Brasil) | français | español | English (United Kingdom) | русский | 中文 (简体, 中国) | Esperanto | Deutsch | Indonesia | नेपाली ]
自定义和配置仪表盘¶
安装了仪表盘后,您可以自定义其外观和感觉,以适应您的环境、项目或业务需求。
您还可以配置仪表盘以进行安全的 HTTPS 部署,或 HTTP 部署。标准的 OpenStack 安装使用非加密的 HTTP 通道,但您可以为仪表盘启用 SSL 支持。
有关配置 HTTPS 或 HTTP 的信息,请参阅 配置仪表盘。
自定义仪表盘¶
OpenStack Dashboard 在 Ubuntu 上安装 openstack-dashboard-ubuntu-theme 包作为默认设置。如果您不想使用此主题,请将其及其依赖项删除。
# apt-get remove --auto-remove openstack-dashboard-ubuntu-theme
注意
本指南重点介绍 local_settings.py 文件。
以下仪表盘内容可以自定义以满足您的需求:
Logo
站点颜色
HTML 标题
Logo 链接
帮助 URL
Logo 和站点颜色¶
使用以下尺寸创建带有透明背景的两个 PNG logo 文件:
登录屏幕:365 x 50
登录后横幅:216 x 35
将您的新图像上传到
/usr/share/openstack-dashboard/openstack_dashboard/static/dashboard/img/。在
/usr/share/openstack-dashboard/openstack_dashboard/static/dashboard/scss/中创建一个 CSS 样式表。根据需要更改颜色和图像文件名。确保相对目录路径相同。以下示例文件显示了如何自定义您的 CSS 文件:
/* * New theme colors for dashboard that override the defaults: * dark blue: #355796 / rgb(53, 87, 150) * light blue: #BAD3E1 / rgb(186, 211, 225) * * By Preston Lee <plee@tgen.org> */ h1.brand { background: #355796 repeat-x top left; border-bottom: 2px solid #BAD3E1; } h1.brand a { background: url(../img/my_cloud_logo_small.png) top left no-repeat; } #splash .login { background: #355796 url(../img/my_cloud_logo_medium.png) no-repeat center 35px; } #splash .login .modal-header { border-top: 1px solid #BAD3E1; } .btn-primary { background-image: none !important; background-color: #355796 !important; border: none !important; box-shadow: none; } .btn-primary:hover, .btn-primary:active { border: none; box-shadow: none; background-color: #BAD3E1 !important; text-decoration: none; }
在您选择的编辑器中打开以下 HTML 模板:
/usr/share/openstack-dashboard/openstack_dashboard/templates/_stylesheets.html添加一行以包含您新创建的样式表。例如,
custom.css文件:<link href='{{ STATIC_URL }}bootstrap/css/bootstrap.min.css' media='screen' rel='stylesheet' /> <link href='{{ STATIC_URL }}dashboard/css/{% choose_css %}' media='screen' rel='stylesheet' /> <link href='{{ STATIC_URL }}dashboard/css/custom.css' media='screen' rel='stylesheet' />
重新启动 Apache 服务。
要查看您的更改,请重新加载您的仪表盘。如有必要,返回并根据需要修改您的 CSS 文件。
HTML 标题¶
通过将以下行添加到
local_settings.py来设置 HTML 标题,该标题显示在浏览器窗口的顶部:SITE_BRANDING = "Example, Inc. Cloud"
重新启动 Apache 以使此更改生效。
Logo 链接¶
Logo 充当超链接。默认行为是重定向到
horizon:user_home。要更改此设置,请将以下属性添加到local_settings.py:SITE_BRANDING_LINK = "http://example.com"
重新启动 Apache 以使此更改生效。
帮助 URL¶
默认情况下,帮助 URL 指向 https://docs.openstack.org。要更改此设置,请编辑
local_settings.py中的以下属性:HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
重新启动 Apache 以使此更改生效。
配置仪表盘¶
以下关于配置仪表盘以进行安全的 HTTPS 部署或 HTTP 部署的部分,使用具体的示例来确保过程清晰。但是,文件路径因发行版而异。如果需要,您还可以在仪表盘中配置 VNC 窗口大小。
配置仪表盘以进行 HTTP¶
您可以配置仪表盘以进行简单的 HTTP 部署。标准安装使用非加密的 HTTP 通道。
在
local_settings.py文件中使用OPENSTACK_HOST设置指定您的 Identity 服务端点的 host:以下示例显示此设置:
import os from django.utils.translation import gettext_lazy as _ DEBUG = False TEMPLATE_DEBUG = DEBUG PROD = True SITE_BRANDING = 'OpenStack Dashboard' # Ubuntu-specific: Enables an extra panel in the 'Settings' section # that easily generates a Juju environments.yaml for download, # preconfigured with endpoints and credentials required for bootstrap # and service deployment. ENABLE_JUJU_PANEL = True # Note: You should change this value SECRET_KEY = 'elj1IWiLoWHgryYxFT6j7cM5fGOOxWY0' # Specify a regular expression to validate user passwords. # HORIZON_CONFIG = { # "password_validator": { # "regex": '.*', # "help_text": _("Your password does not meet the requirements.") # } # } LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) CACHES = { 'default': { 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION' : '127.0.0.1:11211' } } # Send email to the console by default EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # Or send them to /dev/null #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' # Configure these for your outgoing email host # EMAIL_HOST = 'smtp.my-company.com' # EMAIL_PORT = 25 # EMAIL_HOST_USER = 'djangomail' # EMAIL_HOST_PASSWORD = 'top-secret!' # For multiple regions uncomment this configuration, and add (endpoint, title). # AVAILABLE_REGIONS = [ # ('http://cluster1.example.com/identity/v3', 'cluster1'), # ('http://cluster2.example.com/identity/v3', 'cluster2'), # ] OPENSTACK_HOST = "127.0.0.1" OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member" # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the # capabilities of the auth backend for Keystone. # If Keystone has been configured to use LDAP as the auth backend then set # can_edit_user to False and name to 'ldap'. # # TODO(tres): Remove these once Keystone has an API to identify auth backend. OPENSTACK_KEYSTONE_BACKEND = { 'name': 'native', 'can_edit_user': True } # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints # in the Keystone service catalog. Use this setting when Horizon is running # external to the OpenStack environment. The default is 'internalURL'. #OPENSTACK_ENDPOINT_TYPE = "publicURL" # The number of Swift containers and objects to display on a single page before # providing a paging element (a "more" link) to paginate results. API_RESULT_LIMIT = 1000 # If you have external monitoring links, eg: # EXTERNAL_MONITORING = [ # ['Nagios','http://foo.com'], # ['Ganglia','http://bar.com'], # ] LOGGING = { 'version': 1, # When set to True this will disable all logging except # for loggers specified in this configuration dictionary. Note that # if nothing is specified here and disable_existing_loggers is True, # django.db.backends will still log unless it is disabled explicitly. 'disable_existing_loggers': False, 'handlers': { 'null': { 'level': 'DEBUG', 'class': 'logging.NullHandler', }, 'console': { # Set the level to "DEBUG" for verbose output logging. 'level': 'INFO', 'class': 'logging.StreamHandler', }, }, 'loggers': { # Logging from django.db.backends is VERY verbose, send to null # by default. 'django.db.backends': { 'handlers': ['null'], 'propagate': False, }, 'horizon': { 'handlers': ['console'], 'propagate': False, }, 'novaclient': { 'handlers': ['console'], 'propagate': False, }, 'keystoneclient': { 'handlers': ['console'], 'propagate': False, } } }
Identity 服务中的服务目录配置决定了服务是否出现在仪表盘中。有关完整列表,请参阅 设置参考。
重新启动 Apache HTTP Server。
重新启动
memcached。
配置仪表盘以进行 HTTPS¶
您可以配置仪表盘以进行安全的 HTTPS 部署。虽然标准安装使用非加密的 HTTP 通道,但您可以为仪表盘启用 SSL 支持。
本示例使用 http://openstack.example.com 域名。使用适合您当前设置的域名。
在
local_settings.py文件中,更新以下选项:CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True SESSION_COOKIE_HTTPONLY = True
其他选项要求启用 HTTPS;这些选项可以防御跨站点脚本攻击。
如 修改后示例 中所示,编辑
openstack-dashboard.conf文件:修改前示例
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Location /> <ifVersion >=2.4> Require all granted </ifVersion> <ifVersion <2.4> Order allow,deny Allow from all </ifVersion> </Location>修改后示例
<VirtualHost *:80> ServerName openstack.example.com <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> <IfModule !mod_rewrite.c> RedirectPermanent / https://openstack.example.com </IfModule> </VirtualHost> <VirtualHost *:443> ServerName openstack.example.com SSLEngine On # Remember to replace certificates and keys with valid paths in your environment SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown # HTTP Strict Transport Security (HSTS) enforces that all communications # with a server go over SSL. This mitigates the threat from attacks such # as SSL-Strip which replaces links on the wire, stripping away https prefixes # and potentially allowing an attacker to view confidential information on the # wire Header add Strict-Transport-Security "max-age=15768000" WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Location /> Options None AllowOverride None # For Apache http server 2.4 and later: <ifVersion >=2.4> Require all granted </ifVersion> # For Apache http server 2.2 and earlier: <ifVersion <2.4> Order allow,deny Allow from all </ifVersion> </Location> </VirtualHost>在此配置中,Apache HTTP Server 侦听 443 端口,并将所有非安全请求重定向到 HTTPS 协议。安全部分定义了要使用的私钥、公钥和证书。
重新启动 Apache HTTP Server。
重新启动
memcached。如果您尝试通过 HTTP 访问仪表盘,浏览器会将您重定向到 HTTPS 页面。
注意
将仪表盘配置为 HTTPS 还要求为 noVNC 代理服务启用 SSL。在控制器节点上,将以下附加选项添加到
/etc/nova/nova.conf文件的[DEFAULT]部分:[DEFAULT] # ... ssl_only = true cert = /etc/apache2/SSL/openstack.example.com.crt key = /etc/apache2/SSL/openstack.example.com.key
在计算节点上,确保
nonvncproxy_base_url选项指向具有 HTTPS 方案的 URL:[DEFAULT] # ... novncproxy_base_url = https://controller:6080/vnc_auto.html
