Provisioning Network

Latest response

Hi,

Forgive my ignorance but can someone explain me what is the method for accessing the Director WEB UI? Normally the undercloud public vip is used to access the web ui but the provisioning network does not allow any remote connections as explained below in the doc. But the external NIC doesnt allow access to the WEBUI. So I can only do a VNC or console thru the iLO to get to the undercloud (red hat) and run the local firefox to access to the GUI. I will appreciate if someone can explain me how to access the director web ui using another method.

Make sure the Provisioning network NIC is not the same NIC used for remote connectivity on the director machine. The director installation creates a bridge using the Provisioning NIC, which drops any remote connections. Use the External NIC for remote connections to the director system.

thanks

Responses

I will appreciate any comments from anyone with Director GUI experience, about how to access the GUI from provisioning network which is closed for any remote connection

Hello, can you SSH -X to the Undercloud, then from there another SSH -X to the machine with the Director web UI? Then start a browser?

If there is NAT in place preventing that, then creating a tunnel out to your machine is an option. You then have to point the browser to a local end-point of the tunnel.

Hi Stephen,

The Director Web UI is on the undercloud. So I SSH-X to the external network of undercloud and start a browser there to connect to the public vip ip (as described in the undercloud.conf) but is it not an difficult way to access to a WEB UI? A webUI is supposed to be accessible from external world no?

  1. why doesnt the webui listens on the external interface?
  2. why is the provisionng network is closed for remote connection?

I had these questions but thought that maybe I have done something wrong when deploying the undercloud.

Hello, I am not involved in the design of OpenStack so I cannot answer question 1. As to question 2, speaking generally, I think that there a number of security reasons for keeping a provisioning network private. For example, when a host first boots up it might not have a firewall configured, it will not be patched, or hardened.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.