Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove generic docs and update contents #53

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Remove generic docs and update contents #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
df1168e
Bump copyright year
seunghun1ee May 29, 2024
0c5ff09
Remove generic docs
seunghun1ee May 29, 2024
348b7b0
Update docs Q2 2024
seunghun1ee May 29, 2024
3318ba6
Add physical network doc again
seunghun1ee May 29, 2024
14fdc2a
Update baremental management doc
seunghun1ee Jun 17, 2024
5aeb29f
Remove unnecessary label
seunghun1ee Jun 17, 2024
afbfdb0
Add beokay kayobe env support and simplfy vault secret section
seunghun1ee Nov 4, 2024
c34db7e
Fix note syntax error
seunghun1ee Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 134 additions & 0 deletions source/access_to_services.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
.. include:: vars.rst

==================
Access to Services
==================

Openstack Services
==================

Accessing to Horizon
--------------------

The OpenStack web UI is available at: |horizon_url|

This site is accessible |horizon_access|.

Accessing the OpenStack CLI
---------------------------

A simple way to get started with accessing the OpenStack command-line
interface.

This can be done from |public_api_access_host| (for example), or any machine
that has access to |public_vip|:

.. code-block:: console

openstack# python3 -m venv openstack-venv
openstack# source openstack-venv/bin/activate
openstack# pip install -U pip
openstack# pip install python-openstackclient
openstack# source <project>-openrc.sh

The `<project>-openrc.sh` file can be downloaded from the OpenStack Dashboard
(Horizon):

.. image:: _static/openrc.png
:alt: Downloading an openrc file from Horizon
:class: no-scaled-link
:width: 200

Now it should be possible to run OpenStack commands:

.. code-block:: console

openstack# openstack server list

Accessing Deployed Instances
----------------------------

The external network of OpenStack, called |public_network|, connects to the
subnet |public_subnet|. This network is accessible |floating_ip_access|.

Any OpenStack instance can make outgoing connections to this network, via a
router that connects the internal network of the project to the
|public_network| network.

To enable incoming connections (e.g. SSH), a floating IP is required. A
floating IP is allocated and associated via OpenStack. Security groups must be
set to permit the kind of connectivity required (i.e. to define the ports that
must be opened).

Monitoring Services
===================

Access to Opensearch Dashboard
------------------------------

OpenStack control plane logs are aggregated from all servers by Fluentd and
stored in OpenSearch. The control plane logs can be accessed from
OpenSearch using Opensearch Dashboard, which is available at the following URL:
|opensearch_dashboard_url|

To log in, use the ``opensearch`` user. The password is auto-generated by
Kolla-Ansible and can be extracted from the encrypted passwords file
(|kolla_passwords|):

.. code-block:: console
:substitutions:

kayobe# ansible-vault view ${KAYOBE_CONFIG_PATH}/kolla/passwords.yml --vault-password-file |vault_password_file_path| | grep ^opensearch

Access to Grafana
-----------------

Control plane metrics can be visualised in Grafana dashboards. Grafana can be
found at the following address: |grafana_url|

To log in, use the |grafana_username| user. The password is auto-generated by
Kolla-Ansible and can be extracted from the encrypted passwords file
(|kolla_passwords|):

.. code-block:: console
:substitutions:

kayobe# ansible-vault view ${KAYOBE_CONFIG_PATH}/kolla/passwords.yml --vault-password-file |vault_password_file_path| | grep ^grafana_admin_password

Access to Prometheus Alertmanager
---------------------------------

Control plane alerts can be visualised and managed in Alertmanager, which can
be found at the following address: |alertmanager_url|

To log in, use the ``admin`` user. The password is auto-generated by
Kolla-Ansible and can be extracted from the encrypted passwords file
(|kolla_passwords|):

.. code-block:: console
:substitutions:

kayobe# ansible-vault view ${KAYOBE_CONFIG_PATH}/kolla/passwords.yml --vault-password-file |vault_password_file_path| | grep ^prometheus_alertmanager_password


.. ifconfig:: deployment['wazuh']

Access to Wazuh Manager
-----------------------

To access the Wazuh Manager dashboard, navigate to the ip address
of |wazuh_manager_name| (|wazuh_manager_url|).

You can login to the dashboard with the username ``admin``. The
password for ``admin`` is defined in the secret
``opendistro_admin_password`` which can be found within
``etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-secrets.yml``.

.. note::

Use ``ansible-vault`` to view Wazuh secrets:

.. code-block:: console
:substitutions:

kayobe# ansible-vault view --vault-password-file |vault_password_file_path| $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml
Loading
Loading