openstack dashboard #251

Description

The OpenStack Dashboard provides a full feature web interface for interacting
with instances, images, volumes and networks within an OpenStack deployment.

Overview

The OpenStack Dashboard provides a Django based web interface for use by both
administrators and users of an OpenStack Cloud.

It allows you to manage Nova, Glance, Cinder and Neutron resources within the
cloud.

Usage

The OpenStack Dashboard is deployed and related to keystone:

juju deploy openstack-dashboard
juju add-relation openstack-dashboard keystone

The dashboard will use keystone for user authentication and authorization and
to interact with the catalog of services within the cloud.

The dashboard is accessible on:

http(s)://service_unit_address/horizon

At a minimum, the cloud must provide Glance and Nova services.

SSL configuration

To fully secure your dashboard services, you can provide a SSL key and
certificate for installation and configuration. These are provided as
base64 encoded configuration options::

juju set openstack-dashboard ssl_key="$(base64 my.key)" \
    ssl_cert="$(base64 my.cert)"

The service will be reconfigured to use the supplied information.

HA/Clustering

There are two mutually exclusive high availability options: using virtual
IP(s) or DNS. In both cases, a relationship to hacluster is required which
provides the corosync back end HA functionality.

To use virtual IP(s) the clustered nodes must be on the same subnet such that
the VIP is a valid IP on the subnet for one of the node's interfaces and each
node has an interface in said subnet. The VIP becomes a highly-available API
endpoint.

At a minimum, the config option 'vip' must be set in order to use virtual IP
HA. If multiple networks are being used, a VIP should be provided for each
network, separated by spaces. Optionally, vip_iface or vip_cidr may be
specified.

To use DNS high availability there are several prerequisites. However, DNS HA
does not require the clustered nodes to be on the same subnet.
Currently the DNS HA feature is only available for MAAS 2.0 or greater
environments. MAAS 2.0 requires Juju 2.0 or greater. The clustered nodes must
have static or "reserved" IP addresses registered in MAAS. The DNS hostname(s)
must be pre-registered in MAAS before use with DNS HA.

At a minimum, the config option 'dns-ha' must be set to true and at least one
of 'os-public-hostname', 'os-internal-hostname' or 'os-internal-hostname' must
be set in order to use DNS HA. One or more of the above hostnames may be set.

The charm will throw an exception in the following circumstances:
If neither 'vip' nor 'dns-ha' is set and the charm is related to hacluster
If both 'vip' and 'dns-ha' are set as they are mutually exclusive
If 'dns-ha' is set and none of the os-{admin,internal,public}-hostname(s) are
set

Whichever method has been used to cluster the charm the 'secret' option
should be set to ensure that the Django secret is consistent across all units.

Keystone V3

If the charm is being deployed into a keystone v3 enabled environment then the
charm needs to be related to a database to store session information. This is
only supported for Mitaka or later.

Use with a Load Balancing Proxy

Instead of deploying with the hacluster charm for load balancing, its possible
to also deploy the dashboard with load balancing proxy such as HAProxy:

juju deploy haproxy
juju add-relation haproxy openstack-dashboard
juju add-unit -n 2 openstack-dashboard

This option potentially provides better scale-out than using the charm in
conjunction with the hacluster charm.

Configuration

profile
(string) Default profile for the dashboard. Eg. cisco.
vip_iface
(string) Default network interface to use for HA vip when it cannot be automatically determined.
eth0
neutron-network-vpn
(boolean) Enable neutron vpn service panel.
neutron-network-lb
(boolean) Enable neutron load balancer service panel.
haproxy-server-timeout
(int) Server timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 30000ms is used.
harden
(string) Apply system hardening. Supports a space-delimited list of modules to run. Supported modules currently include os, ssh, apache and mysql.
vip
(string) Virtual IP to use to front openstack dashboard ha configuration.
neutron-network-firewall
(boolean) Enable neutron firewall service panel.
ssl_key
(string) Base64-encoded SSL key to use with certificate specified as ssl_cert.
ubuntu-theme
(string) Use Ubuntu theme for the dashboard.
yes
customization-module
(string) This option provides a means to enable customisation modules to modify existing dashboards and panels. This is available from Liberty onwards.
haproxy-queue-timeout
(int) Queue timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 5000ms is used.
password-retrieve
(boolean) Enable "Retrieve password" instance action.
ssl_cert
(string) Base64-encoded SSL certificate to install and use for Horizon. . juju set openstack-dashboard ssl_cert="$(cat cert| base64)" \ ssl_key="$(cat key| base64)"
prefer-ipv6
(boolean) If True enables IPv6 support. The charm will expect network interfaces to be configured with an IPv6 address. If set to False (default) IPv4 is expected. . NOTE: these charms do not currently support IPv6 privacy extension. In order for this charm to function correctly, the privacy extension must be disabled and a non-temporary address must be configured/available on your network interface.
secret
(string) Secret for Horizon to use when securing internal data; set this when using multiple dashboard units.
ha-mcastport
(int) Default multicast port number that will be used to communicate between HA Cluster nodes.
5410
use-syslog
(boolean) Setting this to True will allow supporting services to log to syslog.
ha-bindiface
(string) Default network interface on which HA cluster will bind to communication with the other members of the HA Cluster.
eth0
nagios_check_http_params
(string) Parameters to pass to the nrpe plugin check_http.
-H localhost -I 127.0.0.1 -u '/' -e 200,301,302
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.
openstack-origin
(string) Repository from which to install. May be one of the following: distro (default), ppa:somecustom/ppa, a deb url sources entry, or a supported Ubuntu Cloud Archive e.g. . cloud:<series>-<openstack-release> cloud:<series>-<openstack-release>/updates cloud:<series>-<openstack-release>/staging cloud:<series>-<openstack-release>/proposed . See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which cloud archives are available and supported. . NOTE: updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade unless action-managed-upgrade is set to True.
distro
haproxy-client-timeout
(int) Client timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 30000ms is used.
cinder-backup
(boolean) Enable cinder backup panel.
endpoint-type
(string) Specifies the endpoint types to use for endpoints in the Keystone service catalog. Valid values are 'publicURL', 'internalURL', and 'adminURL'. Both the primary and secondary endpoint types can be specified by providing multiple comma delimited values.
os-public-hostname
(string) The hostname or address of the public endpoints created for openstack-dashboard. . This value will be used for public endpoints. For example, an os-public-hostname set to 'horizon.example.com' with will create the following public endpoint for the swift-proxy: . https://horizon.example.com/horizon
action-managed-upgrade
(boolean) If True enables openstack upgrades for this charm via juju actions. You will still need to set openstack-origin to the new repository but instead of an upgrade running automatically across all units, it will wait for you to execute the openstack-upgrade action for this charm on each unit. If False it will revert to existing behavior of upgrading all units on config change.
neutron-network-l3ha
(boolean) Enable HA (High Availability) mode in Neutron virtual router in the Router panel.
default-theme
(string) Specify path to theme to use (relative to /usr/share/openstack-dashboard/openstack_dashboard/themes/). . NOTE: This setting is supported >= OpenStack Liberty and this setting is mutually exclusive to ubuntu-theme.
default-role
(string) Default role for Horizon operations that will be created in Keystone upon introduction of an identity-service relation.
Member
dns-ha
(boolean) Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings below.
offline-compression
(string) Use pre-generated Less compiled JS and CSS.
yes
database
(string) Database name for Horizon (if enabled).
horizon
openstack-origin-git
(string) Specifies a default OpenStack release name, or a YAML dictionary listing the git repositories to install from. . The default Openstack release name may be one of the following, where the corresponding OpenStack github branch will be used: * liberty * mitaka * newton * master . The YAML must minimally include requirements and horizon repositories, and may also include repositories for other dependencies: repositories: - {name: requirements, repository: 'git://github.com/openstack/requirements', branch: master} - {name: horizon, repository: 'git://github.com/openstack/horizon', branch: master} release: master
vip_cidr
(int) Default CIDR netmask to use for HA vip when it cannot be automatically determined.
24
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: . juju-postgresql-0 . If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
neutron-network-dvr
(boolean) Enable Neutron distributed virtual router (DVR) feature in the Router panel.
ssl_ca
(string) Base64-encoded certificate authority. This CA is used in conjunction with keystone https endpoints and must, therefore, be the same CA used by any endpoint configured as https/ssl.
enforce-ssl
(boolean) If True, redirects plain http requests to https port 443. For this option to have an effect, SSL must be configured.
webroot
(string) Directory where application will be accessible, relative to http://$hostname/.
/horizon
os-admin-hostname
(string) The hostname or address of the admin endpoints created for openstack-dashboard. . This value will be used for admin endpoints. For example, an os-admin-hostname set to 'horizon.admin.example.com' with will create the following admin endpoint for the swift-proxy: . https://horizon.admin.example.com/horizon
debug
(string) Enable Django debug messages.
no
os-internal-hostname
(string) The hostname or address of the internal endpoints created for openstack-dashboard. . This value will be used for internal endpoints. For example, an os-internal-hostname set to 'horizon.internal.example.com' with will create the following internal endpoint for the swift-proxy: . https://horizon.internal.example.com/horizon
haproxy-connect-timeout
(int) Connect timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 5000ms is used.
database-user
(string) Username for Horizon database access (if enabled).
horizon