Changes for a federated dashboard.

horizon/Dockerfile

@@ -16,20 +16,29 @@ RUN set -x \
                           python-openstackclient \
     && apt-get -y clean
 
-EXPOSE 80
+
+EXPOSE 80 443
+
+COPY openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.conf
 
 COPY local_settings.py /etc/openstack-dashboard/local_settings.py
 
 # Add a redirect to /keystone instead of the "It works! page"
 COPY 000-default.conf /etc/apache2/sites-available
 
+COPY run.sh /etc/run.sh
+
 RUN chown -R www-data: /var/lib/openstack-dashboard/
 
 RUN touch /var/log/horizon.log
 
 RUN chown www-data: /var/log/horizon.log
 
-RUN chown horizon: /var/lib/openstack-dashboard/secret_key
+RUN a2enmod ssl
+RUN a2enmod headers
+RUN a2enmod rewrite
 
-CMD apachectl -DFOREGROUND
+RUN  chown /var/lib/openstack-dashboard/secret_key horizon
+
+CMD /etc/run.sh
 

horizon/local_settings.py

@@ -37,7 +37,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 #EMAIL_HOST_PASSWORD = 'top-secret!'
 
 OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
-OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_URL = "https://%s:5000/v3" % OPENSTACK_HOST
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
 
 
@@ -266,7 +266,6 @@ TIME_ZONE = "UTC"
 #    ('default', 'Default', 'themes/default'),
 #    ('material', 'Material', 'themes/material'),
 #]
-
 LOGGING = {
     'version': 1,
     # When set to True this will disable all logging except
@@ -288,11 +287,12 @@ LOGGING = {
         },
         'console': {
             # Set the level to "DEBUG" for verbose output logging.
-            'level': 'INFO',
-            'class': 'logging.StreamHandler',
+            'level': 'DEBUG',
+            'class': 'logging.FileHandler',
+            'filename': '/var/log/horizon.log',
         },
         'operation': {
-            'level': 'INFO',
+            'level': 'DEBUG',
             'class': 'logging.StreamHandler',
             'formatter': 'operation',
         },
@@ -516,3 +516,12 @@ ALLOWED_HOSTS = '*'
 COMPRESS_OFFLINE = True
 
 ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
+
+WEBSSO_ENABLED = True
+
+WEBSSO_CHOICES = (
+      ("credentials", _("Keystone Credentials")),
+      ("mapped", _("Security Assertion Markup Language"))
+    )
+
+WEBSSO_INITIAL_CHOICE = "mapped"

horizon/openstack-dashboard.conf

@@ -0,0 +1,35 @@
+<VirtualHost *:80>
+    RedirectMatch    "^/$"  "/horizon"
+    ServerName oscloudtest01.hpc.rug.nl
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+<VirtualHost *:443>
+    RedirectMatch    "^/$"  "/horizon"
+    ServerName oscloudtest01.hpc.rug.nl
+
+    SSLEngine On
+    SSLCertificateFile "/certs/oscloudtest01.hpc.rug.nl.crt"
+    SSLCertificateKeyFile "/certs/oscloudtest01.hpc.rug.nl.key"
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+
+    # HTTP Strict Transport Security (HSTS) enforces that all communications
+    # with a server go over SSL. This mitigates the threat from attacks such
+    # as SSL-Strip which replaces links on the wire, stripping away https prefixes
+    # and potentially allowing an attacker to view confidential information on the
+    # wire
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    Alias /horizon/static /var/lib/openstack-dashboard/static/
+    Alias /static /var/lib/openstack-dashboard/static/
+
+    <Directory /var/lib/openstack-dashboard/static>
+        Require all granted
+    </Directory>
+
+    WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi process-group=horizon
+    WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 display-name=%{GROUP}
+    WSGIProcessGroup horizon
+</VirtualHost>
+

horizon/run.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+#Making the console log console again...
+tail -f /var/log/horizon.log &
+
+apachectl -DFOREGROUND