Juju Charm - OpenStack dashboard
Go to file
Carlos Bravo ab66a192f4 Added OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED to config options
Starting from Openstack Bobcat (2023.2) Multi Factor Authentication
was added for Horizon. This change introduced a new variable called
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED, which if set to True will display
a new form requesting for the user's TOTP code for MFA enabled users.

This change provides the missing OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED
config option for the charm, allowing the user to enable from the
charm's configuration. If the value is set to True, the new bobcat
template will render the following values:
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED = True

AUTHENTICATION_PLUGINS = [
    'openstack_auth.plugin.totp.TotpPlugin',
    'openstack_auth.plugin.password.PasswordPlugin',
    'openstack_auth.plugin.token.TokenPlugin'
]

Closes-Bug: #2058689
Change-Id: Ifedf587356693b58612b1fc4d7404f0f446158ce
2024-03-27 21:57:28 -04:00
actions Add package-upgrade action 2023-05-26 16:55:30 +01:00
charmhelpers Updates for caracal testing support 2024-02-12 18:21:35 +00:00
docs Policyd override implementation 2019-11-20 14:40:03 +00:00
files Sync charm/ceph helpers, tox, and requirements 2019-09-30 21:43:41 -05:00
hooks Added OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED to config options 2024-03-27 21:57:28 -04:00
lib Update tox.ini files from release-tools gold copy 2016-09-09 19:22:14 +00:00
scripts Sync scripts/. 2013-04-09 11:40:10 -07:00
templates Added OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED to config options 2024-03-27 21:57:28 -04:00
tests Updates for caracal testing support 2024-02-12 18:21:35 +00:00
unit_tests Added OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED to config options 2024-03-27 21:57:28 -04:00
.gitignore Update to classic charms to build using charmcraft in CI 2022-02-15 17:05:06 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:34:47 +00:00
.project Rebase on trunk 2014-02-24 17:46:45 +00:00
.pydevproject Rebase on trunk 2014-02-24 17:46:45 +00:00
.stestr.conf Replace ostestr with stestr in testing framework. 2019-03-07 17:12:52 -05:00
.zuul.yaml Add Antelope support 2023-03-07 20:31:30 +00:00
LICENSE Re-license charm as Apache-2.0 2016-07-03 17:40:18 +01:00
Makefile Sync helpers for 20.05 2020-05-18 15:29:10 +02:00
README.md [DOC] Add details about custom theme folder structure 2022-09-22 15:23:12 -03:00
actions.yaml Fix typo in actions.yaml 2023-08-07 15:59:35 -04:00
bindep.txt Add Kinetic and Zed support 2022-08-26 18:40:42 +00:00
charm-helpers-hooks.yaml charmhelpers sync for yoga release 2022-04-07 12:29:23 +01:00
charmcraft.yaml Updates for caracal testing support 2024-02-12 18:21:35 +00:00
config.yaml Added OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED to config options 2024-03-27 21:57:28 -04:00
copyright Re-license charm as Apache-2.0 2016-07-03 17:40:18 +01:00
hardening.yaml Disable apache mod_status when hardening apache 2017-09-15 17:58:19 -04:00
icon.svg Update charm icon 2017-08-02 18:11:30 +01:00
metadata.yaml Updates for caracal testing support 2024-02-12 18:21:35 +00:00
osci.yaml Add 2023.2 Bobcat support 2023-08-02 14:19:50 -04:00
rename.sh Update to classic charms to build using charmcraft in CI 2022-02-15 17:05:06 +00:00
requirements.txt Add Kinetic and Zed support 2022-08-26 18:40:42 +00:00
revision added syslog functionality 2014-02-03 13:34:56 +01:00
setup.cfg setup.cfg: Replace dashes with underscores 2022-01-04 15:50:39 +00:00
test-requirements.txt Add Antelope support 2023-03-07 20:31:30 +00:00
tox.ini Updates for caracal tox.ini 2024-02-24 20:12:23 +00:00

README.md

Overview

The OpenStack Dashboard provides a Django based web interface for use by both administrators and users of an OpenStack Cloud.

It allows you to manage Nova, Glance, Cinder and Neutron resources within the cloud.

Usage

The OpenStack Dashboard is deployed and related to keystone:

juju deploy openstack-dashboard
juju add-relation openstack-dashboard:identity-service \
                  keystone:identity-service

The dashboard will use keystone for user authentication and authorization and to interact with the catalog of services within the cloud.

The dashboard is accessible on:

http(s)://service_unit_address/horizon

At a minimum, the cloud must provide Glance and Nova services.

SSL configuration

To fully secure your dashboard services, you can provide a SSL key and certificate for installation and configuration. These are provided as base64 encoded configuration options:

juju config openstack-dashboard ssl_key="$(base64 my.key)" \
    ssl_cert="$(base64 my.cert)"

The service will be reconfigured to use the supplied information.

High availability

When more than one unit is deployed with the hacluster application the charm will bring up an HA active/active cluster.

There are two mutually exclusive high availability options: using virtual IP(s) or DNS. In both cases the hacluster subordinate charm is used to provide the Corosync and Pacemaker backend HA functionality.

See OpenStack high availability in the OpenStack Charms Deployment Guide for details.

Note: Regardless of which HA method has been chosen, the secret option should be set to ensure that the Django secret is consistent across all units.

Keystone V3

If the charm is being deployed into a keystone v3 enabled environment then the charm needs to be related to a database to store session information. This is only supported for Mitaka or later.

Use with a Load Balancing Proxy

Instead of deploying with the hacluster charm for load balancing, its possible to also deploy the dashboard with load balancing proxy such as HAProxy:

juju deploy haproxy
juju add-relation haproxy openstack-dashboard
juju add-unit -n 2 openstack-dashboard

This option potentially provides better scale-out than using the charm in conjunction with the hacluster charm.

Custom Theme

This charm supports providing a custom theme as documented in the themes configuration. In order to enable this capability the configuration options 'ubuntu-theme' must be turned off and the option 'custom-theme' turned on.

juju config openstack-dashboard ubuntu-theme=no
juju config openstack-dashboard custom-theme=true

Once the option is enabled a custom theme can be provided via a juju resource. The resource should be a .tgz file with the contents of your custom theme. If the file 'local_settings.py' is included it will be sourced.

juju attach-resource openstack-dashboard theme=theme.tgz

Repeating the attach-resource will update the theme and turning off the custom-theme option will return to the default.

The extracted .tgz file should contain the root of the custom theme directory, where all static content is placed in a directory named 'static'. Here is an example directory structure:

theme.tgz
\ static - _styles.scss
|        | _variables.scss
|        \ img - favicon.ico
|              | logo.svg
|              \ logo-splash.svg
|
\ local_settings.py (optional)

A barebone custom theme would include only the files shown in the example above, where the '_styles.scss' file is empty, and the '_variables.scss' file contains:

$brand-primary: #772953; // the key brand color
$navbar-default-bg: $brand-primary;
$navbar-default-link-hover-bg: darken($navbar-default-bg, 15%);
$navbar-default-color: #fff;
$navbar-default-toggle-hover-bg: darken($navbar-default-bg, 10%);
$navbar-default-toggle-icon-bar-bg: #fff;
$navbar-height: 36px;
@import "/themes/default/variables";

Optionally, the uploaded custom theme can be set as the default theme.

juju config openstack-dashboard default-theme='custom'

Policy Overrides

Policy overrides is an advanced feature that allows an operator to override the default policy of an OpenStack service. The policies that the service supports, the defaults it implements in its code, and the defaults that a charm may include should all be clearly understood before proceeding.

Caution: It is possible to break the system (for tenants and other services) if policies are incorrectly applied to the service.

Policy statements are placed in a YAML file. This file (or files) is then placed into an appropriately-name directory (or directories) and (ZIP) compressed into a single file. This compressed file is then used as an application resource. Finally, the override is enabled via a Boolean charm option.

The directory names correspond to the OpenStack services that Horizon has policy override support for:

directory name service charm
compute Nova nova-cloud-controller
identity Keystone keystone
image Glance glance
network Neutron neutron-api
volume Cinder cinder

Important: The exact same overrides must also be implemented at the service level using the appropriate charm. See the Policy Overrides section of each charm's README.

For example, to provide overrides for Nova and Keystone, the compressed file should have a structure similar to the following (the YAML filenames are arbitrary):

\ compute - compute-override1.yaml
|         \ compute-override2.yaml
|
\ identity - identity-override1.yaml
           | identity-override2.yaml
           \ identity-override3.yaml

Here are the essential commands:

zip -r overrides.zip compute identity
juju attach-resource openstack-dashboard policyd-override=overrides.zip
juju config openstack-dashboard use-policyd-override=true

See appendix Policy Overrides in the OpenStack Charms Deployment Guide for a thorough treatment of this feature.

Bugs

Please report bugs on Launchpad.

For general charm questions refer to the OpenStack Charm Guide.