[rdo-list] gui port
Dan Sneddon
dsneddon at redhat.com
Tue May 17 18:52:58 UTC 2016
On 05/16/2016 11:13 AM, Paras pradhan wrote:
> How do we access the undercloud dashboard?
>
>
> _______________________________________________
> rdo-list mailing list
> rdo-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rdo-list
>
> To unsubscribe: rdo-list-unsubscribe at redhat.com
>
The undercloud dashboard listens on port 8080 on the control plane
interface (br-ctlplane). This IP may not be reachable remotely,
especially if the default route on the Undercloud is a different
interface, or if the Undercloud is actually a VM running in a virt-host.
In those cases, I usually set up local port forwarding via SSH. This
allows me to access the Horizon dashboard, and provides encryption so
the username/password doesn't traverse the wire in cleartext (when not
running SSL on the Undercloud).
ssh -L 9000:<br-ctlplane_ip>:8080 stack at undercloud_external_ip
Then you can connect to http://localhost:9000/ to access the dashboard.
You can even nest these if you are using a virtualized Undercloud:
>From virt-host:
ssh -L 9500:<br-ctlplane_ip>:8080 stack at undercloud_external_ip
>From your workstation:
ssh -L 9000:localhost:9500 stack at virt-host
Then when you connect to port 9000 locally it gets forwarded to port
9050 on the virt-host, which is a tunnel to port 8080 on the Undercloud VM.
You can add "-nNT" before the -L in the ssh commands if you just want
to create the tunnel without connecting to a remote shell when you
issue the ssh command.
The other (potentially less secure) option is to reconfigure Apache on
the Undercloud to listen on all interfaces, and then connect directly
to the IP on the Undercloud interface with the default route. A similar
option is to disable reverse path filtering [1], and then connect
directly to the br-ctlplane interface. This will only work if the
Undercloud is directly reachable (usually not possible if using a VM
undercloud). These methods should only be used in production when SSL
is enabled, because the passwords shouldn't be sent in the clear.
[1] - https://access.redhat.com/solutions/53031
--
Dan Sneddon | Principal OpenStack Engineer
dsneddon at redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter
More information about the dev
mailing list