How to access Kibana from outside cloud using ELB?¶
Currently to access Kibana dashboard of CSS Service, a user has to login to OTC console and navigate to Kibana login page.
To make the access convenient a user can utilize the provided
python script which will configure the Dedicated Loadbalancer
of OTC and a user would be able to access Kibana dashboard with a
ELB Configuration Script¶
Script to Configure ELB to be able to access CSS Kibana Dashboard in https mode. This Script will create a Dedicated Loadbalancer with a HTTPS Listener which will be forwarding the traffic to CSS nodes at 5601 port in order to access Kibana Dashboard.
The script depends on
If you already have Python with pip installed, you can simply run:
pip install otcextensions
To know more details about using otcextensions library you can check otcextensions docs.
A file called clouds.yaml holds all necessary configuration parameters. The file can be placed either in the local directory, below the user home directory in .config/openstack or in the system-wide directory /etc/openstack. You may use a second file secure.yaml in the same directories to extra protect clear-text password credentials. For more details see the section configuration in the official documentation.
clouds: otc: profile: otc auth: username: '<USER_NAME>' password: '<PASSWORD>' project_name: '<eu-de_project>' # or project_id: '<123456_PROJECT_ID>' user_domain_name: 'OTC00000000001000000xxx' # or user_domain_id: '<123456_DOMAIN_ID>' auth_url: 'https://iam.eu-de.otc.t-systems.com:443/v3'
With this configuration you can start using the CLI with
openstack --os-cloud otc *command* or by
export OS_CLOUD=otc; openstack *command*.
Environment variables: Authentication using username/password is often used:
export OS_AUTH_URL=<url-to-openstack-identity> export OS_PROJECT_NAME=<project-name> export OS_USERNAME=<username> export OS_PASSWORD=<password> export OS_USER_DOMAIN_NAME=<user-domain-name> export OS_IDENTITY_API_VERSION=3
In addition to that a regular clouds.yaml configuration file can be used.
The Script requires ID of a CSS Cluster and Certificate ID for creating a HTTPS listener.
You can get a CSS Cluster ID by visiting the OTC console -> CSS Dashboard -> Clusters page, and click on your CSS Cluster to get its details.
To learn more about Creating and Getting a TLS Certificate, check ELB User Guide
Generating a TSL Certificate with openssl command.
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout private.key -out certificate.crt
Note - When adding the certificate and private key, Certificate Type must be "Server Certificate".
Running The Script¶
Once you have certificate_id and cluster_id, you are ready to run the script.
List ELB Flavors¶
python3 script.py elb-flavors
This will print the L7 Flavors supported by Dedicated Loadbalancer. To print all types of flavors supported you may add --all argument to the command. But we need only L7 flavor type, that's why --all argument is set as optional.
python3 script.py elb-configure --cluster-id <cluster_id> --certificate-id <certificate_id>
Argument --certificate-id is optional, if it's not provided then Loadbalancer will be configured with HTTP listener.
Configure ELB with specific Flavor
By default ELB will be configured with smallest L7 flavor type. But if you want to have some specific flavor of your choice, follow below commands.
Only L7 flavor type must be used since we are creating HTTPS listener.
# Prints list of Loadbalancer flavor Types python3 script.py elb-flavors # Run the script python3 script.py elb-configure --cluster-id <cluster_id> --certificate-id <certificate_id> --flavor-id <flavor_id>
python3 script.py elb-delete <loadbalancer_name_or_id>
Delete ELB and Release Public EIP
python3 script.py elb-delete <loadbalancer_id> --release-public-ip
Note - Please use the elb-delete command with caution.
When you run the script a log file is created with name
debug.logwhere you can find details of all the API requests.