openstack dashboard #266

Supports: xenial bionic cosmic trusty

Add to new model

Description

The OpenStack Dashboard provides a full feature web interface for interacting
with instances, images, volumes and networks within an OpenStack deployment.


Overview

The OpenStack Dashboard provides a Django based web interface for use by both
administrators and users of an OpenStack Cloud.

It allows you to manage Nova, Glance, Cinder and Neutron resources within the
cloud.

Usage

The OpenStack Dashboard is deployed and related to keystone:

juju deploy openstack-dashboard
juju add-relation openstack-dashboard keystone

The dashboard will use keystone for user authentication and authorization and
to interact with the catalog of services within the cloud.

The dashboard is accessible on:

http(s)://service_unit_address/horizon

At a minimum, the cloud must provide Glance and Nova services.

SSL configuration

To fully secure your dashboard services, you can provide a SSL key and
certificate for installation and configuration. These are provided as
base64 encoded configuration options::

juju set openstack-dashboard ssl_key="$(base64 my.key)" \
    ssl_cert="$(base64 my.cert)"

The service will be reconfigured to use the supplied information.

HA/Clustering

There are two mutually exclusive high availability options: using virtual
IP(s) or DNS. In both cases, a relationship to hacluster is required which
provides the corosync back end HA functionality.

To use virtual IP(s) the clustered nodes must be on the same subnet such that
the VIP is a valid IP on the subnet for one of the node's interfaces and each
node has an interface in said subnet. The VIP becomes a highly-available API
endpoint.

At a minimum, the config option 'vip' must be set in order to use virtual IP
HA. If multiple networks are being used, a VIP should be provided for each
network, separated by spaces. Optionally, vip_iface or vip_cidr may be
specified.

To use DNS high availability there are several prerequisites. However, DNS HA
does not require the clustered nodes to be on the same subnet.
Currently the DNS HA feature is only available for MAAS 2.0 or greater
environments. MAAS 2.0 requires Juju 2.0 or greater. The clustered nodes must
have static or "reserved" IP addresses registered in MAAS. The DNS hostname(s)
must be pre-registered in MAAS before use with DNS HA.

At a minimum, the config option 'dns-ha' must be set to true and at least one
of 'os-public-hostname', 'os-internal-hostname' or 'os-internal-hostname' must
be set in order to use DNS HA. One or more of the above hostnames may be set.

The charm will throw an exception in the following circumstances:
If neither 'vip' nor 'dns-ha' is set and the charm is related to hacluster
If both 'vip' and 'dns-ha' are set as they are mutually exclusive
If 'dns-ha' is set and none of the os-{admin,internal,public}-hostname(s) are
set

Whichever method has been used to cluster the charm the 'secret' option
should be set to ensure that the Django secret is consistent across all units.

Keystone V3

If the charm is being deployed into a keystone v3 enabled environment then the
charm needs to be related to a database to store session information. This is
only supported for Mitaka or later.

Use with a Load Balancing Proxy

Instead of deploying with the hacluster charm for load balancing, its possible
to also deploy the dashboard with load balancing proxy such as HAProxy:

juju deploy haproxy
juju add-relation haproxy openstack-dashboard
juju add-unit -n 2 openstack-dashboard

This option potentially provides better scale-out than using the charm in
conjunction with the hacluster charm.

Custom Theme

This charm supports providing a custom theme as documented in the [themes
configuration]. In order to enable this capability the configuration options
'ubuntu-theme' and 'default-theme' must both be turned off and the option 'custom-theme' turned on.

Once the option is enabled a custom theme can be provided via a juju resource.
The resource should be a .tgz file with the contents of your custom theme. If
the file 'local_settings.py' is included it will be sourced.

juju attach-resource openstack-dashboard theme=theme.tgz

Repeating the attach-resource will update the theme and turning off the
custom-theme option will return to the default.


Configuration

action-managed-upgrade
(boolean) If True enables openstack upgrades for this charm via juju actions. You will still need to set openstack-origin to the new repository but instead of an upgrade running automatically across all units, it will wait for you to execute the openstack-upgrade action for this charm on each unit. If False it will revert to existing behavior of upgrading all units on config change.
allow-password-autocompletion
(boolean) Setting this to True will allow password form autocompletion by browser.
api-result-limit
(int) The maximum number of objects (e.g. Swift objects or Glance images) to display on a single page before providing a paging element (a “more” link) to paginate results.
cinder-backup
(boolean) Enable cinder backup panel.
custom-theme
(boolean) Use a custom theme supplied as a resource. NOTE: This setting is supported >= OpenStack Mitaka and this setting is mutually exclustive to ubuntu-theme and default-theme.
customization-module
(string) This option provides a means to enable customisation modules to modify existing dashboards and panels. This is available from Liberty onwards.
database
(string) Database name for Horizon (if enabled).
horizon
database-user
(string) Username for Horizon database access (if enabled).
horizon
debug
(string) Enable Django debug messages.
no
default-create-volume
(boolean) The default value for the option of creating a new volume in the workflow for image and instance snapshot sources when launching an instance. This option has an effect only to Ocata or newer releases.
True
default-domain
(string) Default domain when authenticating with Horizon. Disables the domain field in the login page.
default-role
(string) Default role for Horizon operations that will be created in Keystone upon introduction of an identity-service relation.
Member
default-theme
(string) Specify path to theme to use (relative to /usr/share/openstack-dashboard/openstack_dashboard/themes/). . NOTE: This setting is supported >= OpenStack Liberty and this setting is mutually exclusive to ubuntu-theme.
dns-ha
(boolean) Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings below.
endpoint-type
(string) Specifies the endpoint types to use for endpoints in the Keystone service catalog. Valid values are 'publicURL', 'internalURL', and 'adminURL'. Both the primary and secondary endpoint types can be specified by providing multiple comma delimited values.
enforce-ssl
(boolean) If True, redirects plain http requests to https port 443. For this option to have an effect, SSL must be configured.
ha-bindiface
(string) Default network interface on which HA cluster will bind to communication with the other members of the HA Cluster.
eth0
ha-mcastport
(int) Default multicast port number that will be used to communicate between HA Cluster nodes.
5410
haproxy-client-timeout
(int) Client timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
haproxy-connect-timeout
(int) Connect timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
haproxy-queue-timeout
(int) Queue timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
haproxy-server-timeout
(int) Server timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
harden
(string) Apply system hardening. Supports a space-delimited list of modules to run. Supported modules currently include os, ssh, apache and mysql.
hsts-max-age-seconds
(int) "max-age" parameter for HSTS(HTTP Strict Transport Security) header. Use with caution since once you set this option, browsers will remember it so they can only use HTTPS (HTTP connection won't be allowed) until max-age expires. . An example value is one year (31536000). However, a shorter max-age such as 24 hours (86400) is recommended during initial rollout in case of any mistakes. For more details on HSTS, refer to: https://developer.mozilla.org/docs/Web/Security/HTTP_strict_transport_security . For this option to have an effect, SSL must be configured and enforce-ssl option must be true.
image-formats
(string) The image-formats setting can be used to alter the default list of advertised image formats. Many installations cannot use all the formats that Glance recognizes, restricting the list here prevents unwanted formats from being listed in Horizon which can lead to confusion. . This setting takes a space separated list, for example: iso qcow2 raw . Supported formats are: aki, ami, ari, docker, iso, ova, qcow2, raw, vdi, vhd, vmdk. . If not provided, leave the option unconfigured which enables all of the above.
nagios_check_http_params
(string) Parameters to pass to the nrpe plugin check_http.
-H localhost -I 127.0.0.1 -u '/' -e 200,301,302
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: . juju-postgresql-0 . If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.
neutron-network-dvr
(boolean) Enable Neutron distributed virtual router (DVR) feature in the Router panel.
neutron-network-firewall
(boolean) Enable neutron firewall service panel.
neutron-network-l3ha
(boolean) Enable HA (High Availability) mode in Neutron virtual router in the Router panel.
neutron-network-lb
(boolean) Enable neutron load balancer service panel.
neutron-network-vpn
(boolean) Enable neutron vpn service panel.
offline-compression
(string) Use pre-generated Less compiled JS and CSS.
yes
openstack-origin
(string) Repository from which to install. May be one of the following: distro (default), ppa:somecustom/ppa, a deb url sources entry, or a supported Ubuntu Cloud Archive e.g. . cloud:<series>-<openstack-release> cloud:<series>-<openstack-release>/updates cloud:<series>-<openstack-release>/staging cloud:<series>-<openstack-release>/proposed . See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which cloud archives are available and supported. . NOTE: updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade unless action-managed-upgrade is set to True.
distro
os-admin-hostname
(string) [DEPRECATED] Use os-public-hostname to specify a hostname for openstack-dashboard. . The hostname or address of the admin endpoints created for openstack-dashboard. . This value will be used for admin endpoints. For example, an os-admin-hostname set to 'horizon.admin.example.com' with will create the following admin endpoint for the swift-proxy: . https://horizon.admin.example.com/horizon
os-internal-hostname
(string) [DEPRECATED] Use os-public-hostname to specify a hostname for openstack-dashboard. . The hostname or address of the internal endpoints created for openstack-dashboard. . This value will be used for internal endpoints. For example, an os-internal-hostname set to 'horizon.internal.example.com' with will create the following internal endpoint for the swift-proxy: . https://horizon.internal.example.com/horizon
os-public-hostname
(string) The hostname or address of the public endpoints created for openstack-dashboard. . This value will be used for public endpoints. For example, an os-public-hostname set to 'horizon.example.com' with will create the following public endpoint for the swift-proxy: . https://horizon.example.com/horizon
password-retrieve
(boolean) Enable "Retrieve password" instance action.
prefer-ipv6
(boolean) If True enables IPv6 support. The charm will expect network interfaces to be configured with an IPv6 address. If set to False (default) IPv4 is expected. . NOTE: these charms do not currently support IPv6 privacy extension. In order for this charm to function correctly, the privacy extension must be disabled and a non-temporary address must be configured/available on your network interface.
profile
(string) Default profile for the dashboard. Eg. cisco.
secret
(string) Secret for Horizon to use when securing internal data; set this when using multiple dashboard units.
ssl_ca
(string) Base64-encoded certificate authority. This CA is used in conjunction with keystone https endpoints and must, therefore, be the same CA used by any endpoint configured as https/ssl.
ssl_cert
(string) Base64-encoded SSL certificate to install and use for Horizon. . juju set openstack-dashboard ssl_cert="$(cat cert| base64)" \ ssl_key="$(cat key| base64)"
ssl_key
(string) Base64-encoded SSL key to use with certificate specified as ssl_cert.
ubuntu-theme
(string) Use Ubuntu theme for the dashboard.
yes
use-syslog
(boolean) Setting this to True will allow supporting services to log to syslog.
vip
(string) Virtual IP to use to front openstack dashboard ha configuration.
vip_cidr
(int) Default CIDR netmask to use for HA vip when it cannot be automatically determined.
24
vip_iface
(string) Default network interface to use for HA vip when it cannot be automatically determined.
eth0
webroot
(string) Directory where application will be accessible, relative to http://$hostname/.
/horizon
worker-multiplier
(float) The CPU core multiplier to use when configuring worker processes for Horizon. By default, the number of workers for each daemon is set to twice the number of CPU cores a service unit has. When deployed in a LXD container, this default value will be capped to 4 workers unless this configuration option is set.