Ubuntu 22.04
Sponsored Link

OpenStack Zed : Configure Skyline
2022/10/14
 
Install OpenStack Dashboard Service (Skyline).
This example is based on the environment like follows.
------------+-----------------------------+-----------------------------+------------
            |                             |                             |
        eth0|10.0.0.30                eth0|10.0.0.50                eth0|10.0.0.51
+-----------+-----------+     +-----------+-----------+     +-----------+-----------+
|   [ dlp.srv.world ]   |     | [ network.srv.world ] |     |  [ node01.srv.world ] |
|     (Control Node)    |     |     (Network Node)    |     |     (Compute Node)    |
|                       |     |                       |     |                       |
|  MariaDB    RabbitMQ  |     |      Open vSwitch     |     |        Libvirt        |
|  Memcached  Nginx     |     |     Neutron Server    |     |      Nova Compute     |
|  Keystone   httpd     |     |      OVN-Northd       |     |      Open vSwitch     |
|  Glance     Nova API  |     |  Nginx  iSCSI Target  |     |   OVN Metadata Agent  |
|  Cinder API           |     |     Cinder Volume     |     |     OVN-Controller    |
|  Skyline API/Console  |     |    Heat API/Engine    |     |                       |
+-----------------------+     +-----------------------+     +-----------------------+

[1] Add users for Skyline in Keystone.
# create [skyline] user in [service] project

root@dlp ~(keystone)#
openstack user create --domain default --project service --password servicepassword skyline

+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | ee51c09c765e4a4d958c2bcc4dbb5665 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 397aaf564b8d45c1903b67a04b2ec152 |
| name                | skyline                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

# add [skyline] user in [admin] role

root@dlp ~(keystone)#
openstack role add --project service --user skyline admin
[2] Add a User and Database on MariaDB for Skyline.
root@dlp ~(keystone)#
mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 110
Server version: 10.6.7-MariaDB-2ubuntu1.1 Ubuntu 22.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database skyline; 
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on skyline.* to skyline@'localhost' identified by 'password'; 
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on skyline.* to skyline@'%' identified by 'password'; 
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges; 
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit 
Bye
[3] Configure Skyline API.
root@dlp ~(keystone)#
groupadd -g 64080 skyline

root@dlp ~(keystone)#
useradd -u 64080 -g skyline -d /var/lib/skyline -s /sbin/nologin skyline

root@dlp ~(keystone)#
mkdir -p /etc/skyline /var/lib/skyline /var/log/skyline

root@dlp ~(keystone)#
chmod 750 /etc/skyline /var/lib/skyline /var/log/skyline
root@dlp ~(keystone)#
pip3 install skyline-apiserver

root@dlp ~(keystone)#
git clone https://opendev.org/openstack/skyline-apiserver.git

root@dlp ~(keystone)#
cp ./skyline-apiserver/etc/gunicorn.py /etc/skyline/gunicorn.py

root@dlp ~(keystone)#
cp ./skyline-apiserver/etc/skyline.yaml.sample /etc/skyline/skyline.yaml

root@dlp ~(keystone)#
vi /etc/skyline/gunicorn.py
# line 17 : change

bind = "
127.0.0.1:28000
"
root@dlp ~(keystone)#
vi /etc/skyline/skyline.yaml
# line 5 : MariaDB connection info
database_url: mysql://skyline:password@dlp.srv.world/skyline

# line 7 : change
log_dir: /var/log

# line 26 : Keystone connection info
keystone_url: https://dlp.srv.world:5000

# line 58 : Slyline user7s password
  system_user_domain: Default
  system_user_name: skyline
  system_user_password: 'servicepassword'

root@dlp ~(keystone)#
cd ./skyline-apiserver

root@dlp skyline-apiserver(keystone)#
make db_sync

alembic -c skyline_apiserver/db/alembic/alembic.ini upgrade head
2022-10-14 10:10:32.021 | INFO     | alembic.runtime.migration:__init__:204 - Context impl MySQLImpl.
2022-10-14 10:10:32.021 | INFO     | alembic.runtime.migration:__init__:207 - Will assume non-transactional DDL.
2022-10-14 10:10:32.047 | INFO     | alembic.runtime.migration:run_migrations:618 - Running upgrade  -> 000, init

root@dlp skyline-apiserver(keystone)#
root@dlp ~(keystone)#
chown -R skyline. /etc/skyline /var/lib/skyline /var/log/skyline

root@dlp ~(keystone)#
vi /etc/systemd/system/skyline-apiserver.service
# create new

[Unit]
Description=OpenStack Skyline APIServer

[Service]
User=skyline
Group=skyline
Type=simple
ExecStart=/usr/local/bin/gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app
LimitNOFILE=32768
Restart=on-failure
TimeoutStopSec=15

[Install]
WantedBy=multi-user.target

root@dlp ~(keystone)#
systemctl daemon-reload

root@dlp ~(keystone)#
systemctl enable --now skyline-apiserver

[4] Configure Skyline Console.
root@dlp ~(keystone)#
apt -y install npm python-is-python3

root@dlp ~(keystone)#
npm install -g yarn
root@dlp ~(keystone)#
git clone https://opendev.org/openstack/skyline-console.git

root@dlp ~(keystone)#
cd ./skyline-console

root@dlp skyline-console(keystone)#
make package

root@dlp skyline-console(keystone)#
pip3 install --force-reinstall ./dist/skyline_console-*.whl

root@dlp skyline-console(keystone)#
root@dlp ~(keystone)#
vi /etc/nginx/conf.d/skyline.conf
# create new

upstream skyline {
    server 127.0.0.1:28000 fail_timeout=0;
}
server {
    listen       9999 ssl http2 default_server;
    server_name  dlp.srv.world;
    root         /usr/local/lib/python3.10/dist-packages/skyline_console/static;
    index        index.html;

    # replace to your certificate
    ssl_certificate "/etc/letsencrypt/live/dlp.srv.world/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/dlp.srv.world/privkey.pem";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;

    error_page 497 https://$http_host$request_uri;

    location / {
        try_files $uri $uri/ /index.html;
        expires 1d;
        add_header Cache-Control "public";
    }

    location /api/openstack/skyline/ {
        proxy_pass http://skyline/;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }

    # replace to your Nova Endpoint
    location /api/openstack/regionone/nova/ {
        proxy_pass https://dlp.srv.world:8774/;
        proxy_redirect https://dlp.srv.world:8774/ /api/openstack/regionone/nova/;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }

    # replace to your Keystone Endpoint
    location /api/openstack/regionone/keystone/ {
        proxy_pass https://dlp.srv.world:5000/;
        proxy_redirect https://dlp.srv.world:5000/ /api/openstack/regionone/keystone/;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }

    # replace to your Glance Endpoint
    location /api/openstack/regionone/glance/ {
        proxy_pass https://dlp.srv.world:9292/;
        proxy_redirect https://dlp.srv.world:9292/ /api/openstack/regionone/glance/;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }

    # replace to your Neutron Endpoint
    location /api/openstack/regionone/neutron/ {
        proxy_pass https://network.srv.world:9696/;
        proxy_redirect https://network.srv.world:9696/ /api/openstack/regionone/neutron/;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }

    # replace to your Heat Endpoint
    location /api/openstack/regionone/heat/ {
        proxy_pass https://network.srv.world:8004/;
        proxy_redirect https://network.srv.world:8004/ /api/openstack/regionone/heat/;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }

    # replace to your Placement Endpoint
    location /api/openstack/regionone/placement/ {
        proxy_pass https://dlp.srv.world:8778/;
        proxy_redirect https://dlp.srv.world:8778/ /api/openstack/regionone/placement/;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }

    # replace to your Cinder Endpoint
    location /api/openstack/regionone/cinder/ {
        proxy_pass https://dlp.srv.world:8776/;
        proxy_redirect https://dlp.srv.world:8776/ /api/openstack/regionone/cinder/;
        proxy_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
    }
}

root@dlp ~(keystone)#
systemctl restart nginx

[5] If you login to Skyline Dashboard as an user who is not in Openstack default role like admin or member, but who is in roles you added by yourself,
then the user can not get information of instances or volumes and others, (it's no ploblem with the same settings on Horizon Dashboard, though)
so add such users in [member] role.
root@dlp ~(keystone)#
openstack project list

+----------------------------------+-----------+
| ID                               | Name      |
+----------------------------------+-----------+
| 231a529f51394426b07c56f2c5ec580e | admin     |
| 4dd1e1f6bac441ff9c77002c3ab4c58a | hiroshima |
| ee51c09c765e4a4d958c2bcc4dbb5665 | service   |
+----------------------------------+-----------+

root@dlp ~(keystone)#
openstack user list

+----------------------------------+-------------------+
| ID                               | Name              |
+----------------------------------+-------------------+
| 7c9dbb0cdc284113964d618b24cc722e | admin             |
| 0aef0c555a4f4cc885c80dd0eb4f7c72 | glance            |
| 4d912be26a4149d590dbfb7bc8b015fa | nova              |
| b3ad6ca00649400a8eae75d64a1c2181 | placement         |
| bcf45964c78c40fba4c125e31dee3721 | neutron           |
| 9345b7f4de21427abf31ad308cf952f8 | serverworld       |
| 3042ebda5502448097dd0bbbe3058812 | cinder            |
| 1bfd1646d0e04371a3c6199bc98d152f | heat              |
| b477de75cfbe4a5e863bc4d7ea1d2d5f | heat_domain_admin |
| 55ad9ce9899d415ea9fba4d31a12597d | barbican          |
| 397aaf564b8d45c1903b67a04b2ec152 | skyline           |
+----------------------------------+-------------------+

root@dlp ~(keystone)#
openstack role list

+----------------------------------+------------------+
| ID                               | Name             |
+----------------------------------+------------------+
| 1df48dad71a745849c2847a3b5ec1785 | reader           |
| 384ed6af259c4fa88083f811393f0567 | heat_stack_user  |
| 452c8bdf83534aba852b732c7a149096 | member           |
| 4dc68cf727eb44f0b69e905ff64f3a29 | heat_stack_owner |
| 5b696b9d402f4545b4592aa3f7733c68 | CloudUser        |
| 5c0c4dc038b5441f9b64345ea113f3cb | admin            |
+----------------------------------+------------------+

root@dlp ~(keystone)#
openstack role add --project hiroshima --user serverworld member

[6]
Access to the URL below with any web browser.
⇒ https://(Dashboard server's hostname - the same name registered in certificate):9999/
After accessing, following Skyline login form is displayed, you can login with any user in Keystone.
[7] After login successfully, Skyline Dashboard is displayed.
[8] Try to create an instance to verify settings.
Select [Instances] on the left pane and click [Create Instance] button on the right pane.
[9] Configure image and disk for instance.
[10] Configure network and security group for instance.
[11] Configure instance name and key-paier for instance.
[12] Confirm settings and click [Confirm] button.
[13] That's OK if instance has been created successfully and the [Status] turns to [Active].
Matched Content