How to access Kibana from outside cloud using ELB?


Currently to access Kibana dashboard of CSS Service, a user has to login to OTC consoleand navigate to Kibana login page.

To make the access convenient a user can utilize the provided python script which willconfigure the Dedicated Loadbalancer of OTC and a user would be able to access Kibanadashboard with a public IP.

ELB Configuration Script

Script to Configure ELB to be able to access CSS Kibana Dashboard in https mode. ThisScript will create a Dedicated Loadbalancer with a HTTPS Listener which will be forwardingthe traffic to CSS nodes at 5601 port in order to access Kibana Dashboard.

Download Script

Installing Dependency

The script depends on otcextensions library.

If you already have Python with pip installed, you can simply run:

pip install otcextensions
  • To know more details about using otcextensions library you can check otcextensions docs.

    A file called clouds.yaml holds all necessary configuration parameters. The file can beplaced either in the local directory, below the user home directory in .config/openstack orin the system-wide directory /etc/openstack. You may use a second file secure.yaml in thesame directories to extra protect clear-text password credentials. For more details see thesection configuration in the official documentation.

    Minimal sample clouds.yaml file:

            profile: otc
              username: '<USER_NAME>'
              password: '<PASSWORD>'
              project_name: '<eu-de_project>'
              # or project_id: '<123456_PROJECT_ID>'
              user_domain_name: 'OTC00000000001000000xxx'
              # or user_domain_id: '<123456_DOMAIN_ID>'
              auth_url: ''

    With this configuration you can start using the CLI with openstack --os-cloud otc *command* or by export OS_CLOUD=otc; openstack *command*.

  • Environment variables: Authentication using username/password is often used:

    export OS_AUTH_URL=<url-to-openstack-identity>
    export OS_PROJECT_NAME=<project-name>
    export OS_USERNAME=<username>
    export OS_PASSWORD=<password>
    export OS_USER_DOMAIN_NAME=<user-domain-name>

In addition to that a regular clouds.yaml configuration file can be used.

More information is available at:


The Script requires ID of a CSS Cluster and Certificate ID for creating a HTTPS listener.

  • You can get a CSS Cluster ID by visiting the OTC console -> CSS Dashboard ->Clusters page, and click on your CSS Cluster to get its details.

  • To learn more about Creating and Getting a TLS Certificate, check ELB User Guide

Generating a TSL Certificate with openssl command.

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout private.key -out certificate.crt


When adding the certificate and private key, Certificate Type must be "Server Certificate".

Running The Script

Once you have certificate_id and cluster_id, you are ready to run the script.

List ELB Flavors

python3 elb-flavors

This will print the L7 Flavors supported by Dedicated Loadbalancer. To print all types of flavors supported you may add --all argument to the command. But we need only L7 flavor type, that's why --all argument is set as optional.

Configure ELB

python3 elb-configure --cluster-id <cluster_id> --certificate-id <certificate_id>

Argument --certificate-id is optional, if it's not provided then Loadbalancer will be configured with HTTP listener.

Configure ELB with specific Flavor

  • By default ELB will be configured with smallest L7 flavor type. But if you want to have some specific flavor of your choice, follow below commands.

  • Only L7 flavor type must be used since we are creating HTTPS listener.

# Prints list of Loadbalancer flavor Types
  python3 elb-flavors

# Run the script
  python3 elb-configure --cluster-id <cluster_id> --certificate-id <certificate_id> --flavor-id <flavor_id>

Delete ELB

python3 elb-delete <loadbalancer_name_or_id>

Delete ELB and Release Public EIP

python3 elb-delete <loadbalancer_id> --release-public-ip


Please use the elb-delete command with caution.


When you run the script a log file is created with name debug.log where you can find details of all the API requests.