OpenStack Zed : Configure Skyline2022/10/14 |
|
Install OpenStack Dashboard Service (Skyline).
This example is based on the environment like follows.
------------+-----------------------------+-----------------------------+------------
| | |
eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ dlp.srv.world ] | | [ network.srv.world ] | | [ node01.srv.world ] |
| (Control Node) | | (Network Node) | | (Compute Node) |
| | | | | |
| MariaDB RabbitMQ | | Open vSwitch | | Libvirt |
| Memcached Nginx | | Neutron Server | | Nova Compute |
| Keystone httpd | | OVN-Northd | | Open vSwitch |
| Glance Nova API | | Nginx iSCSI Target | | OVN Metadata Agent |
| Cinder API | | Cinder Volume | | OVN-Controller |
| Skyline API/Console | | Heat API/Engine | | |
+-----------------------+ +-----------------------+ +-----------------------+
|
| [1] | Add users for Skyline in Keystone. |
|
# create [skyline] user in [service] project root@dlp ~(keystone)# openstack user create --domain default --project service --password servicepassword skyline
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | ee51c09c765e4a4d958c2bcc4dbb5665 |
| domain_id | default |
| enabled | True |
| id | 397aaf564b8d45c1903b67a04b2ec152 |
| name | skyline |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
# add [skyline] user in [admin] role root@dlp ~(keystone)# openstack role add --project service --user skyline admin
|
| [2] | Add a User and Database on MariaDB for Skyline. |
|
root@dlp ~(keystone)# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 110 Server version: 10.6.7-MariaDB-2ubuntu1.1 Ubuntu 22.04 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database skyline; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on skyline.* to skyline@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on skyline.* to skyline@'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye |
| [3] | Configure Skyline API. |
|
root@dlp ~(keystone)#
groupadd -g 64080 skyline root@dlp ~(keystone)# useradd -u 64080 -g skyline -d /var/lib/skyline -s /sbin/nologin skyline root@dlp ~(keystone)# mkdir -p /etc/skyline /var/lib/skyline /var/log/skyline root@dlp ~(keystone)# chmod 750 /etc/skyline /var/lib/skyline /var/log/skyline
root@dlp ~(keystone)#
pip3 install skyline-apiserver root@dlp ~(keystone)# git clone https://opendev.org/openstack/skyline-apiserver.git root@dlp ~(keystone)# cp ./skyline-apiserver/etc/gunicorn.py /etc/skyline/gunicorn.py root@dlp ~(keystone)# cp ./skyline-apiserver/etc/skyline.yaml.sample /etc/skyline/skyline.yaml
root@dlp ~(keystone)#
vi /etc/skyline/gunicorn.py # line 17 : change bind = " 127.0.0.1:28000 "
root@dlp ~(keystone)#
vi /etc/skyline/skyline.yaml # line 5 : MariaDB connection info database_url: mysql://skyline:password@dlp.srv.world/skyline # line 7 : change log_dir: /var/log # line 26 : Keystone connection info keystone_url: https://dlp.srv.world:5000 # line 58 : Slyline user password system_user_domain: Default system_user_name: skyline system_user_password: 'servicepassword'root@dlp ~(keystone)# cd ./skyline-apiserver root@dlp skyline-apiserver(keystone)# make db_sync alembic -c skyline_apiserver/db/alembic/alembic.ini upgrade head 2022-10-14 10:10:32.021 | INFO | alembic.runtime.migration:__init__:204 - Context impl MySQLImpl. 2022-10-14 10:10:32.021 | INFO | alembic.runtime.migration:__init__:207 - Will assume non-transactional DDL. 2022-10-14 10:10:32.047 | INFO | alembic.runtime.migration:run_migrations:618 - Running upgrade -> 000, initroot@dlp skyline-apiserver(keystone)# root@dlp ~(keystone)# chown -R skyline. /etc/skyline /var/lib/skyline /var/log/skyline
root@dlp ~(keystone)#
vi /etc/systemd/system/skyline-apiserver.service # create new [Unit] Description=OpenStack Skyline APIServer [Service] User=skyline Group=skyline Type=simple ExecStart=/usr/local/bin/gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app LimitNOFILE=32768 Restart=on-failure TimeoutStopSec=15 [Install] WantedBy=multi-user.target systemctl daemon-reload root@dlp ~(keystone)# systemctl enable --now skyline-apiserver |
| [4] | Configure Skyline Console. |
|
root@dlp ~(keystone)#
root@dlp ~(keystone)# apt -y install npm python-is-python3 root@dlp ~(keystone)# npm install -g yarn
git clone https://opendev.org/openstack/skyline-console.git root@dlp ~(keystone)# cd ./skyline-console root@dlp skyline-console(keystone)# make package root@dlp skyline-console(keystone)# pip3 install --force-reinstall ./dist/skyline_console-*.whl root@dlp skyline-console(keystone)#
root@dlp ~(keystone)#
vi /etc/nginx/conf.d/skyline.conf # create new
upstream skyline {
server 127.0.0.1:28000 fail_timeout=0;
}
server {
listen 9999 ssl http2 default_server;
server_name dlp.srv.world;
root /usr/local/lib/python3.10/dist-packages/skyline_console/static;
index index.html;
# replace to your certificate
ssl_certificate "/etc/letsencrypt/live/dlp.srv.world/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/dlp.srv.world/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
error_page 497 https://$http_host$request_uri;
location / {
try_files $uri $uri/ /index.html;
expires 1d;
add_header Cache-Control "public";
}
location /api/openstack/skyline/ {
proxy_pass http://skyline/;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
# replace to your Nova Endpoint
location /api/openstack/regionone/nova/ {
proxy_pass https://dlp.srv.world:8774/;
proxy_redirect https://dlp.srv.world:8774/ /api/openstack/regionone/nova/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
# replace to your Keystone Endpoint
location /api/openstack/regionone/keystone/ {
proxy_pass https://dlp.srv.world:5000/;
proxy_redirect https://dlp.srv.world:5000/ /api/openstack/regionone/keystone/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
# replace to your Glance Endpoint
location /api/openstack/regionone/glance/ {
proxy_pass https://dlp.srv.world:9292/;
proxy_redirect https://dlp.srv.world:9292/ /api/openstack/regionone/glance/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
# replace to your Neutron Endpoint
location /api/openstack/regionone/neutron/ {
proxy_pass https://network.srv.world:9696/;
proxy_redirect https://network.srv.world:9696/ /api/openstack/regionone/neutron/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
# replace to your Heat Endpoint
location /api/openstack/regionone/heat/ {
proxy_pass https://network.srv.world:8004/;
proxy_redirect https://network.srv.world:8004/ /api/openstack/regionone/heat/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
# replace to your Placement Endpoint
location /api/openstack/regionone/placement/ {
proxy_pass https://dlp.srv.world:8778/;
proxy_redirect https://dlp.srv.world:8778/ /api/openstack/regionone/placement/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
# replace to your Cinder Endpoint
location /api/openstack/regionone/cinder/ {
proxy_pass https://dlp.srv.world:8776/;
proxy_redirect https://dlp.srv.world:8776/ /api/openstack/regionone/cinder/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
}
systemctl restart nginx |
| [5] | If you login to Skyline Dashboard as an user who is not in Openstack default role like admin or member, but who is in roles you added by yourself, then the user can not get information of instances or volumes and others, (it's no problem with the same settings on Horizon Dashboard, though) so add such users in [member] role. |
|
root@dlp ~(keystone)# openstack project list +----------------------------------+-----------+ | ID | Name | +----------------------------------+-----------+ | 231a529f51394426b07c56f2c5ec580e | admin | | 4dd1e1f6bac441ff9c77002c3ab4c58a | hiroshima | | ee51c09c765e4a4d958c2bcc4dbb5665 | service | +----------------------------------+-----------+root@dlp ~(keystone)# openstack user list +----------------------------------+-------------------+ | ID | Name | +----------------------------------+-------------------+ | 7c9dbb0cdc284113964d618b24cc722e | admin | | 0aef0c555a4f4cc885c80dd0eb4f7c72 | glance | | 4d912be26a4149d590dbfb7bc8b015fa | nova | | b3ad6ca00649400a8eae75d64a1c2181 | placement | | bcf45964c78c40fba4c125e31dee3721 | neutron | | 9345b7f4de21427abf31ad308cf952f8 | serverworld | | 3042ebda5502448097dd0bbbe3058812 | cinder | | 1bfd1646d0e04371a3c6199bc98d152f | heat | | b477de75cfbe4a5e863bc4d7ea1d2d5f | heat_domain_admin | | 55ad9ce9899d415ea9fba4d31a12597d | barbican | | 397aaf564b8d45c1903b67a04b2ec152 | skyline | +----------------------------------+-------------------+root@dlp ~(keystone)# openstack role list +----------------------------------+------------------+ | ID | Name | +----------------------------------+------------------+ | 1df48dad71a745849c2847a3b5ec1785 | reader | | 384ed6af259c4fa88083f811393f0567 | heat_stack_user | | 452c8bdf83534aba852b732c7a149096 | member | | 4dc68cf727eb44f0b69e905ff64f3a29 | heat_stack_owner | | 5b696b9d402f4545b4592aa3f7733c68 | CloudUser | | 5c0c4dc038b5441f9b64345ea113f3cb | admin | +----------------------------------+------------------+root@dlp ~(keystone)# openstack role add --project hiroshima --user serverworld member |
| [6] |
Access to the URL below with any web browser.
After accessing, following Skyline login form is displayed, you can login with any user in Keystone.
⇒ https://(Dashboard server's hostname - the same name registered in certificate):9999/ |
|
| [7] | After login successfully, Skyline Dashboard is displayed. |
|
| [8] | Try to create an instance to verify settings. Select [Instances] on the left pane and click [Create Instance] button on the right pane. |
|
| [9] | Configure image and disk for instance. |
|
| [10] | Configure network and security group for instance. |
|
| [11] | Configure instance name and key-pair for instance. |
|
| [12] | Confirm settings and click [Confirm] button. |
|
| [13] | That's OK if instance has been created successfully and the [Status] turns to [Active]. |
|
|
Matched Content