|
| 1 | +.. include:: vars.rst |
| 2 | + |
| 3 | +================== |
| 4 | +Access to Services |
| 5 | +================== |
| 6 | + |
| 7 | +Openstack Services |
| 8 | +================== |
| 9 | + |
| 10 | +Accessing to Horizon |
| 11 | +-------------------- |
| 12 | + |
| 13 | +The OpenStack web UI is available at: |horizon_url| |
| 14 | + |
| 15 | +This site is accessible |horizon_access|. |
| 16 | + |
| 17 | +Accessing the OpenStack CLI |
| 18 | +--------------------------- |
| 19 | + |
| 20 | +A simple way to get started with accessing the OpenStack command-line |
| 21 | +interface. |
| 22 | + |
| 23 | +This can be done from |public_api_access_host| (for example), or any machine |
| 24 | +that has access to |public_vip|: |
| 25 | + |
| 26 | +.. code-block:: console |
| 27 | +
|
| 28 | + openstack# python3 -m venv openstack-venv |
| 29 | + openstack# source openstack-venv/bin/activate |
| 30 | + openstack# pip install -U pip |
| 31 | + openstack# pip install python-openstackclient |
| 32 | + openstack# source <project>-openrc.sh |
| 33 | +
|
| 34 | +The `<project>-openrc.sh` file can be downloaded from the OpenStack Dashboard |
| 35 | +(Horizon): |
| 36 | + |
| 37 | +.. image:: _static/openrc.png |
| 38 | + :alt: Downloading an openrc file from Horizon |
| 39 | + :class: no-scaled-link |
| 40 | + :width: 200 |
| 41 | + |
| 42 | +Now it should be possible to run OpenStack commands: |
| 43 | + |
| 44 | +.. code-block:: console |
| 45 | +
|
| 46 | + openstack# openstack server list |
| 47 | +
|
| 48 | +Accessing Deployed Instances |
| 49 | +---------------------------- |
| 50 | + |
| 51 | +The external network of OpenStack, called |public_network|, connects to the |
| 52 | +subnet |public_subnet|. This network is accessible |floating_ip_access|. |
| 53 | + |
| 54 | +Any OpenStack instance can make outgoing connections to this network, via a |
| 55 | +router that connects the internal network of the project to the |
| 56 | +|public_network| network. |
| 57 | + |
| 58 | +To enable incoming connections (e.g. SSH), a floating IP is required. A |
| 59 | +floating IP is allocated and associated via OpenStack. Security groups must be |
| 60 | +set to permit the kind of connectivity required (i.e. to define the ports that |
| 61 | +must be opened). |
| 62 | + |
| 63 | +Monitoring Services |
| 64 | +=================== |
| 65 | + |
| 66 | +Access to Opensearch Dashboard |
| 67 | +------------------------------ |
| 68 | + |
| 69 | +OpenStack control plane logs are aggregated from all servers by Fluentd and |
| 70 | +stored in OpenSearch. The control plane logs can be accessed from |
| 71 | +OpenSearch using Opensearch Dashboard, which is available at the following URL: |
| 72 | +|opensearch_dashboard_url| |
| 73 | + |
| 74 | +To log in, use the ``opensearch`` user. The password is auto-generated by |
| 75 | +Kolla-Ansible and can be extracted from the encrypted passwords file |
| 76 | +(|kolla_passwords|): |
| 77 | + |
| 78 | +.. code-block:: console |
| 79 | + :substitutions: |
| 80 | +
|
| 81 | + kayobe# ansible-vault view ${KAYOBE_CONFIG_PATH}/kolla/passwords.yml --vault-password-file |vault_password_file_path| | grep ^opensearch |
| 82 | +
|
| 83 | +Access to Grafana |
| 84 | +----------------- |
| 85 | + |
| 86 | +Control plane metrics can be visualised in Grafana dashboards. Grafana can be |
| 87 | +found at the following address: |grafana_url| |
| 88 | + |
| 89 | +To log in, use the |grafana_username| user. The password is auto-generated by |
| 90 | +Kolla-Ansible and can be extracted from the encrypted passwords file |
| 91 | +(|kolla_passwords|): |
| 92 | + |
| 93 | +.. code-block:: console |
| 94 | + :substitutions: |
| 95 | +
|
| 96 | + kayobe# ansible-vault view ${KAYOBE_CONFIG_PATH}/kolla/passwords.yml --vault-password-file |vault_password_file_path| | grep ^grafana_admin_password |
| 97 | +
|
| 98 | +.. _prometheus-alertmanager: |
| 99 | + |
| 100 | +Access to Prometheus Alertmanager |
| 101 | +--------------------------------- |
| 102 | + |
| 103 | +Control plane alerts can be visualised and managed in Alertmanager, which can |
| 104 | +be found at the following address: |alertmanager_url| |
| 105 | + |
| 106 | +To log in, use the ``admin`` user. The password is auto-generated by |
| 107 | +Kolla-Ansible and can be extracted from the encrypted passwords file |
| 108 | +(|kolla_passwords|): |
| 109 | + |
| 110 | +.. code-block:: console |
| 111 | + :substitutions: |
| 112 | +
|
| 113 | + kayobe# ansible-vault view ${KAYOBE_CONFIG_PATH}/kolla/passwords.yml --vault-password-file |vault_password_file_path| | grep ^prometheus_alertmanager_password |
| 114 | +
|
| 115 | +
|
| 116 | +.. ifconfig:: deployment['wazuh'] |
| 117 | + |
| 118 | + Access to Wazuh Manager |
| 119 | + ----------------------- |
| 120 | + |
| 121 | + To access the Wazuh Manager dashboard, navigate to the ip address |
| 122 | + of |wazuh_manager_name| (|wazuh_manager_url|). |
| 123 | + |
| 124 | + You can login to the dashboard with the username ``admin``. The |
| 125 | + password for ``admin`` is defined in the secret |
| 126 | + ``opendistro_admin_password`` which can be found within |
| 127 | + ``etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-secrets.yml``. |
| 128 | + |
| 129 | + .. note:: Use ``ansible-vault`` to view Wazuh secrets: |
| 130 | + :substitutions: |
| 131 | + |
| 132 | + ``ansible-vault view --vault-password-file |vault_password_file_path| $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml`` |
0 commit comments