openstack/horizon
Code Issues Proposed changes

import the admin guide content from openstack-manuals

Browse Source 
Change-Id: Ifd2bb6badc778368ca641cd0889dd2ed19b8cc41
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This commit is contained in:
Doug Hellmann 2017-06-15 17:59:11 -04:00 committed by Akihiro Motoki
parent 58d46bda7f
commit 585974e4c7
21 changed files with 1858 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
doc/source/admin/admin-manage-roles.rst Normal file
View File

@ -0,0 +1,59 @@
=======================
Create and manage roles
=======================
A role is a personality that a user assumes to perform a specific set
of operations. A role includes a set of rights and privileges. A user
assumes that role inherits those rights and privileges.
.. note::
OpenStack Identity service defines a user's role on a
project, but it is completely up to the individual service
to define what that role means. This is referred to as the
service's policy. To get details about what the privileges
for each role are, refer to the ``policy.json`` file
available for each service in the
``/etc/SERVICE/policy.json`` file. For example, the
policy defined for OpenStack Identity service is defined
in the ``/etc/keystone/policy.json`` file.
Create a role
~~~~~~~~~~~~~
#. Log in to the dashboard and select the :guilabel:`admin` project from the
drop-down list.
#. On the :guilabel:`Identity` tab, click the :guilabel:`Roles` category.
#. Click the :guilabel:`Create Role` button.
In the :guilabel:`Create Role` window, enter a name for the role.
#. Click the :guilabel:`Create Role` button to confirm your changes.
Edit a role
~~~~~~~~~~~
#. Log in to the dashboard and select the :guilabel:`Identity` project from the
drop-down list.
#. On the :guilabel:`Identity` tab, click the :guilabel:`Roles` category.
#. Click the :guilabel:`Edit` button.
In the :guilabel:`Update Role` window, enter a new name for the role.
#. Click the :guilabel:`Update Role` button to confirm your changes.
.. note::
Using the dashboard, you can edit only the name assigned to
a role.
Delete a role
~~~~~~~~~~~~~
#. Log in to the dashboard and select the :guilabel:`Identity` project from the
drop-down list.
#. On the :guilabel:`Identity` tab, click the :guilabel:`Roles` category.
#. Select the role you want to delete and click the :guilabel:`Delete
Roles` button.
#. In the :guilabel:`Confirm Delete Roles` window, click :guilabel:`Delete
Roles` to confirm the deletion.
You cannot undo this action.

34
doc/source/admin/admin-manage-stacks.rst Normal file
View File

@ -0,0 +1,34 @@
============================================
Launch and manage stacks using the Dashboard
============================================
The Orchestration service provides a template-based
orchestration engine for the OpenStack cloud. Orchestration
services create and manage cloud infrastructure
resources such as storage, networking, instances, and
applications as a repeatable running environment.
Administrators use templates to create stacks, which are
collections of resources. For example, a stack might
include instances, floating IPs, volumes,
security groups, or users. The Orchestration service
offers access to all OpenStack
core services via a single modular template, with additional
orchestration capabilities such as auto-scaling and basic
high availability.
For information about:
* administrative tasks on the command-line, see
the `OpenStack Administrator Guide
<https://docs.openstack.org/admin-guide/cli-admin-manage-stacks.html>`__.
.. note::
There are no administration-specific tasks that can be done through
the Dashboard.
* the basic creation and deletion of Orchestration stacks, refer to
the `OpenStack End User Guide
<https://docs.openstack.org/user-guide/dashboard-stacks.html>`__.

450
doc/source/admin/customize-configure.rst Normal file
View File

@ -0,0 +1,450 @@
=====================================
Customize and configure the Dashboard
=====================================
Once you have the Dashboard installed, you can customize the way
it looks and feels to suit the needs of your environment, your
project, or your business.
You can also configure the Dashboard for a secure HTTPS deployment, or
an HTTP deployment. The standard OpenStack installation uses a non-encrypted
HTTP channel, but you can enable SSL support for the Dashboard.
For information on configuring HTTPS or HTTP, see :ref:`configure_dashboard`.
.. This content is out of date as of the Mitaka release, and needs an
.. update to reflect the most recent work on themeing - JR -.
Customize the Dashboard
~~~~~~~~~~~~~~~~~~~~~~~
The OpenStack Dashboard on Ubuntu installs the
``openstack-dashboard-ubuntu-theme`` package by default. If you do not
want to use this theme, remove it and its dependencies:
.. code-block:: console
# apt-get remove --auto-remove openstack-dashboard-ubuntu-theme
.. note::
This guide focuses on the ``local_settings.py`` file.
The following Dashboard content can be customized to suit your needs:
* Logo
* Site colors
* HTML title
* Logo link
* Help URL
Logo and site colors
--------------------
#. Create two PNG logo files with transparent backgrounds using
the following sizes:
- Login screen: 365 x 50
- Logged in banner: 216 x 35
#. Upload your new images to
``/usr/share/openstack-dashboard/openstack_dashboard/static/dashboard/img/``.
#. Create a CSS style sheet in
``/usr/share/openstack-dashboard/openstack_dashboard/static/dashboard/scss/``.
#. Change the colors and image file names as appropriate. Ensure the
relative directory paths are the same. The following example file
shows you how to customize your CSS file:
.. code-block:: css
/*
* New theme colors for dashboard that override the defaults:
* dark blue: #355796 / rgb(53, 87, 150)
* light blue: #BAD3E1 / rgb(186, 211, 225)
*
* By Preston Lee <plee@tgen.org>
*/
h1.brand {
background: #355796 repeat-x top left;
border-bottom: 2px solid #BAD3E1;
}
h1.brand a {
background: url(../img/my_cloud_logo_small.png) top left no-repeat;
}
#splash .login {
background: #355796 url(../img/my_cloud_logo_medium.png) no-repeat center 35px;
}
#splash .login .modal-header {
border-top: 1px solid #BAD3E1;
}
.btn-primary {
background-image: none !important;
background-color: #355796 !important;
border: none !important;
box-shadow: none;
}
.btn-primary:hover,
.btn-primary:active {
border: none;
box-shadow: none;
background-color: #BAD3E1 !important;
text-decoration: none;
}
#. Open the following HTML template in an editor of your choice:
.. code-block:: console
/usr/share/openstack-dashboard/openstack_dashboard/templates/_stylesheets.html
#. Add a line to include your newly created style sheet. For example,
``custom.css`` file:
.. code-block:: html
<link href='{{ STATIC_URL }}bootstrap/css/bootstrap.min.css' media='screen' rel='stylesheet' />
<link href='{{ STATIC_URL }}dashboard/css/{% choose_css %}' media='screen' rel='stylesheet' />
<link href='{{ STATIC_URL }}dashboard/css/custom.css' media='screen' rel='stylesheet' />
#. Restart the Apache service.
#. To view your changes, reload your Dashboard. If necessary, go back
and modify your CSS file as appropriate.
HTML title
----------
#. Set the HTML title, which appears at the top of the browser window, by
adding the following line to ``local_settings.py``:
.. code-block:: python
SITE_BRANDING = "Example, Inc. Cloud"
#. Restart Apache for this change to take effect.
Logo link
---------
#. The logo also acts as a hyperlink. The default behavior is to redirect
to ``horizon:user_home``. To change this, add the following attribute to
``local_settings.py``:
.. code-block:: python
SITE_BRANDING_LINK = "http://example.com"
#. Restart Apache for this change to take effect.
Help URL
--------
#. By default, the help URL points to https://docs.openstack.org. To change
this, edit the following attribute in ``local_settings.py``:
.. code-block:: python
HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
#. Restart Apache for this change to take effect.
.. _configure_dashboard:
Configure the Dashboard
~~~~~~~~~~~~~~~~~~~~~~~
The following section on configuring the Dashboard for a
secure HTTPS deployment, or a HTTP deployment, uses concrete
examples to ensure the procedure is clear. The file path varies
by distribution, however. If needed, you can also configure
the VNC window size in the Dashboard.
Configure the Dashboard for HTTP
--------------------------------
You can configure the Dashboard for a simple HTTP deployment.
The standard installation uses a non-encrypted HTTP channel.
#. Specify the host for your Identity service endpoint in the
``local_settings.py`` file with the ``OPENSTACK_HOST`` setting.
The following example shows this setting:
.. code-block:: python
import os
from django.utils.translation import ugettext_lazy as _
DEBUG = False
TEMPLATE_DEBUG = DEBUG
PROD = True
USE_SSL = False
SITE_BRANDING = 'OpenStack Dashboard'
# Ubuntu-specific: Enables an extra panel in the 'Settings' section
# that easily generates a Juju environments.yaml for download,
# preconfigured with endpoints and credentials required for bootstrap
# and service deployment.
ENABLE_JUJU_PANEL = True
# Note: You should change this value
SECRET_KEY = 'elj1IWiLoWHgryYxFT6j7cM5fGOOxWY0'
# Specify a regular expression to validate user passwords.
# HORIZON_CONFIG = {
# "password_validator": {
# "regex": '.*',
# "help_text": _("Your password does not meet the requirements.")
# }
# }
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '127.0.0.1:11211'
}
}
# Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Or send them to /dev/null
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
# Configure these for your outgoing email host
# EMAIL_HOST = 'smtp.my-company.com'
# EMAIL_PORT = 25
# EMAIL_HOST_USER = 'djangomail'
# EMAIL_HOST_PASSWORD = 'top-secret!'
# For multiple regions uncomment this configuration, and add (endpoint, title).
# AVAILABLE_REGIONS = [
# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
# ]
OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
# capabilities of the auth backend for Keystone.
# If Keystone has been configured to use LDAP as the auth backend then set
# can_edit_user to False and name to 'ldap'.
#
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True
}
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is 'internalURL'.
#OPENSTACK_ENDPOINT_TYPE = "publicURL"
# The number of Swift containers and objects to display on a single page before
# providing a paging element (a "more" link) to paginate results.
API_RESULT_LIMIT = 1000
# If you have external monitoring links, eg:
# EXTERNAL_MONITORING = [
# ['Nagios','http://foo.com'],
# ['Ganglia','http://bar.com'],
# ]
LOGGING = {
'version': 1,
# When set to True this will disable all logging except
# for loggers specified in this configuration dictionary. Note that
# if nothing is specified here and disable_existing_loggers is True,
# django.db.backends will still log unless it is disabled explicitly.
'disable_existing_loggers': False,
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'django.utils.log.NullHandler',
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'INFO',
'class': 'logging.StreamHandler',
},
},
'loggers': {
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'horizon': {
'handlers': ['console'],
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'propagate': False,
},
'nose.plugins.manager': {
'handlers': ['console'],
'propagate': False,
}
}
}
The service catalog configuration in the Identity service determines
whether a service appears in the Dashboard.
For the full listing, see `Horizon Settings and Configuration
<https://docs.openstack.org/developer/horizon/topics/settings.html>`_.
#. Restart the Apache HTTP Server.
#. Restart ``memcached``.
Configure the Dashboard for HTTPS
---------------------------------
You can configure the Dashboard for a secured HTTPS deployment.
While the standard installation uses a non-encrypted HTTP channel,
you can enable SSL support for the Dashboard.
This example uses the ``http://openstack.example.com`` domain.
Use a domain that fits your current setup.
#. In the ``local_settings.py`` file, update the following options:
.. code-block:: python
USE_SSL = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
To enable HTTPS, the ``USE_SSL = True`` option is required.
The other options require that HTTPS is enabled;
these options defend against cross-site scripting.
#. Edit the ``openstack-dashboard.conf`` file as shown in the
**Example After**:
**Example Before**
.. code-block:: apacheconf
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
# For Apache http server 2.2 and earlier:
Order allow,deny
Allow from all
# For Apache http server 2.4 and later:
# Require all granted
</Directory>
**Example After**
.. code-block:: none
<VirtualHost *:80>
ServerName openstack.example.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
<IfModule !mod_rewrite.c>
RedirectPermanent / https://openstack.example.com
</IfModule>
</VirtualHost>
<VirtualHost *:443>
ServerName openstack.example.com
SSLEngine On
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
# HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
# For Apache http server 2.2 and earlier:
<ifVersion <2.4>
Order allow,deny
Allow from all
</ifVersion>
# For Apache http server 2.4 and later:
<ifVersion >=2.4>
#The following two lines have been added by bms for error "AH01630: client denied
#by server configuration:
#/usr/share/openstack-dashboard/openstack_dashboard/static/dashboard/cssa"
Options All
AllowOverride All
Require all granted
</ifVersion>
</Directory>
<Directory /usr/share/openstack-dashboard/static>
<ifVersion >=2.4>
Options All
AllowOverride All
Require all granted
</ifVersion>
</Directory>
</VirtualHost>
In this configuration, the Apache HTTP Server listens on port 443 and
redirects all non-secure requests to the HTTPS protocol. The secured
section defines the private key, public key, and certificate to use.
#. Restart the Apache HTTP Server.
#. Restart ``memcached``.
If you try to access the Dashboard through HTTP, the browser redirects
you to the HTTPS page.
.. note::
Configuring the Dashboard for HTTPS also requires enabling SSL for
the noVNC proxy service. On the controller node, add the following
additional options to the ``[DEFAULT]`` section of the
``/etc/nova/nova.conf`` file:
.. code-block:: ini
[DEFAULT]
# ...
ssl_only = true
cert = /etc/apache2/SSL/openstack.example.com.crt
key = /etc/apache2/SSL/openstack.example.com.key
On the compute nodes, ensure the ``nonvncproxy_base_url`` option
points to a URL with an HTTPS scheme:
.. code-block:: ini
[DEFAULT]
# ...
novncproxy_base_url = https://controller:6080/vnc_auto.html

BIN
doc/source/admin/figures/change_instance_state.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
doc/source/admin/figures/create_flavor.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
doc/source/admin/figures/create_image.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
doc/source/admin/figures/create_volume_type_encryption.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 85 KiB

38
doc/source/admin/index.rst Normal file
View File

@ -0,0 +1,38 @@
====================
Administration Guide
====================
The OpenStack Dashboard is a web-based interface that allows you to
manage OpenStack resources and services. The Dashboard allows you to
interact with the OpenStack Compute cloud controller using the OpenStack
APIs. For more information about installing and configuring the
Dashboard, see the `Installation Tutorials and Guides
<https://docs.openstack.org/project-install-guide/ocata/>`__
for your operating system.
.. toctree::
:maxdepth: 2
customize-configure.rst
sessions.rst
manage-images.rst
admin-manage-roles.rst
manage-projects-and-users.rst
manage-instances.rst
manage-flavors.rst
manage-volumes.rst
manage-shares.rst
set-quotas.rst
manage-resources.rst
manage-host-aggregates.rst
admin-manage-stacks.rst
- To deploy the dashboard, see the `OpenStack dashboard documentation
<https://docs.openstack.org/developer/horizon/topics/deployment.html>`__.
- To launch instances with the dashboard as an end user, see the
`Launch and manage instances
<https://docs.openstack.org/user-guide/launch-instances.html>`__.
in the OpenStack End User Guide.
- To create and manage ports, see the `Create and manage networks
<https://docs.openstack.org/user-guide/dashboard-create-networks.html#create-a-port>`__
section of the OpenStack End User Guide.

167
doc/source/admin/manage-flavors.rst Normal file
View File

@ -0,0 +1,167 @@
==============
Manage flavors
==============
In OpenStack, a flavor defines the compute, memory, and storage
capacity of a virtual server, also known as an instance. As an
administrative user, you can create, edit, and delete flavors.
As of Newton, there are no default flavors. The following table
lists the default flavors for Mitaka and earlier.
============ ========= =============== =============
Flavor VCPUs Disk (in GB) RAM (in MB)
============ ========= =============== =============
m1.tiny 1 1 512
m1.small 1 20 2048
m1.medium 2 40 4096
m1.large 4 80 8192
m1.xlarge 8 160 16384
============ ========= =============== =============
Create flavors
~~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. In the :guilabel:`Admin` tab, open the :guilabel:`System`
tab and click the :guilabel:`Flavors` category.
#. Click :guilabel:`Create Flavor`.
#. In the :guilabel:`Create Flavor` window, enter or select the
parameters for the flavor in the :guilabel:`Flavor Information` tab.
.. figure:: figures/create_flavor.png
**Dashboard — Create Flavor**
========================= =======================================
**Name** Enter the flavor name.
**ID** Unique ID (integer or UUID) for the
new flavor. If specifying 'auto', a
UUID will be automatically generated.
**VCPUs** Enter the number of virtual CPUs to
use.
**RAM (MB)** Enter the amount of RAM to use, in
megabytes.
**Root Disk (GB)** Enter the amount of disk space in
gigabytes to use for the root (/)
partition.
**Ephemeral Disk (GB)** Enter the amount of disk space in
gigabytes to use for the ephemeral
partition. If unspecified, the value
is 0 by default.
Ephemeral disks offer machine local
disk storage linked to the lifecycle
of a VM instance. When a VM is
terminated, all data on the ephemeral
disk is lost. Ephemeral disks are not
included in any snapshots.
**Swap Disk (MB)** Enter the amount of swap space (in
megabytes) to use. If unspecified,
the default is 0.
**RX/TX Factor** Optional property allows servers with
a different bandwidth to be created
with the RX/TX Factor. The default
value is 1. That is, the new bandwidth
is the same as that of the attached
network.
========================= =======================================
#. In the :guilabel:`Flavor Access` tab, you can control access to
the flavor by moving projects from the :guilabel:`All Projects`
column to the :guilabel:`Selected Projects` column.
Only projects in the :guilabel:`Selected Projects` column can
use the flavor. If there are no projects in the right column,
all projects can use the flavor.
#. Click :guilabel:`Create Flavor`.
Update flavors
~~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. In the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Flavors` category.
#. Select the flavor that you want to edit. Click :guilabel:`Edit
Flavor`.
#. In the :guilabel:`Edit Flavor` window, you can change the flavor
name, VCPUs, RAM, root disk, ephemeral disk, and swap disk values.
#. Click :guilabel:`Save`.
Update Metadata
~~~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. In the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Flavors` category.
#. Select the flavor that you want to update. In the drop-down
list, click :guilabel:`Update Metadata` or click :guilabel:`No` or
:guilabel:`Yes` in the :guilabel:`Metadata` column.
#. In the :guilabel:`Update Flavor Metadata` window, you can customize
some metadata keys, then add it to this flavor and set them values.
#. Click :guilabel:`Save`.
**Optional metadata keys**
+-------------------------------+-------------------------------+
| | quota:cpu_shares |
| +-------------------------------+
| **CPU limits** | quota:cpu_period |
| +-------------------------------+
| | quota:cpu_limit |
| +-------------------------------+
| | quota:cpu_reservation |
| +-------------------------------+
| | quota:cpu_quota |
+-------------------------------+-------------------------------+
| | quota:disk_read_bytes_sec |
| +-------------------------------+
| **Disk tuning** | quota:disk_read_iops_sec |
| +-------------------------------+
| | quota:disk_write_bytes_sec |
| +-------------------------------+
| | quota:disk_write_iops_sec |
| +-------------------------------+
| | quota:disk_total_bytes_sec |
| +-------------------------------+
| | quota:disk_total_iops_sec |
+-------------------------------+-------------------------------+
| | quota:vif_inbound_average |
| +-------------------------------+
| **Bandwidth I/O** | quota:vif_inbound_burst |
| +-------------------------------+
| | quota:vif_inbound_peak |
| +-------------------------------+
| | quota:vif_outbound_average |
| +-------------------------------+
| | quota:vif_outbound_burst |
| +-------------------------------+
| | quota:vif_outbound_peak |
+-------------------------------+-------------------------------+
| **Watchdog behavior** | hw:watchdog_action |
+-------------------------------+-------------------------------+
| | hw_rng:allowed |
| +-------------------------------+
| **Random-number generator** | hw_rng:rate_bytes |
| +-------------------------------+
| | hw_rng:rate_period |
+-------------------------------+-------------------------------+
For information about supporting metadata keys, see the
the Compute service documentation.
Delete flavors
~~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. In the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Flavors` category.
#. Select the flavors that you want to delete.
#. Click :guilabel:`Delete Flavors`.
#. In the :guilabel:`Confirm Delete Flavors` window, click
:guilabel:`Delete Flavors` to confirm the deletion. You cannot
undo this action.

77
doc/source/admin/manage-host-aggregates.rst Normal file
View File

@ -0,0 +1,77 @@
=================================
Create and manage host aggregates
=================================
Host aggregates enable administrative users to assign key-value pairs to
groups of machines.
Each node can have multiple aggregates and each aggregate can have
multiple key-value pairs. You can assign the same key-value pair to
multiple aggregates.
The scheduler uses this information to make scheduling decisions.
For information, see
`Scheduling <https://docs.openstack.org/ocata/config-reference/compute/schedulers.html>`__.
To create a host aggregate
~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab and click
the :guilabel:`Host Aggregates` category.
#. Click :guilabel:`Create Host Aggregate`.
#. In the :guilabel:`Create Host Aggregate` dialog box, enter or select the
following values on the :guilabel:`Host Aggregate Information` tab:
- :guilabel:`Name`: The host aggregate name.
- :guilabel:`Availability Zone`: The cloud provider defines the default
availability zone, such as ``us-west``, ``apac-south``, or
``nova``. You can target the host aggregate, as follows:
- When the host aggregate is exposed as an availability zone,
select the availability zone when you launch an instance.
- When the host aggregate is not exposed as an availability zone,
select a flavor and its extra specs to target the host
aggregate.
#. Assign hosts to the aggregate using the :guilabel:`Manage Hosts within
Aggregate` tab in the same dialog box.
To assign a host to the aggregate, click **+** for the host. The host
moves from the :guilabel:`All available hosts` list to the
:guilabel:`Selected hosts` list.
You can add one host to one or more aggregates. To add a host to an
existing aggregate, edit the aggregate.
To manage host aggregates
~~~~~~~~~~~~~~~~~~~~~~~~~
#. Select the :guilabel:`admin` project from the drop-down list at the top
of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab and click
the :guilabel:`Host Aggregates` category.
- To edit host aggregates, select the host aggregate that you want
to edit. Click :guilabel:`Edit Host Aggregate`.
In the :guilabel:`Edit Host Aggregate` dialog box, you can change the
name and availability zone for the aggregate.
- To manage hosts, locate the host aggregate that you want to edit
in the table. Click :guilabel:`More` and select :guilabel:`Manage Hosts`.
In the :guilabel:`Add/Remove Hosts to Aggregate` dialog box,
click **+** to assign a host to an aggregate. Click **-** to
remove a host that is assigned to an aggregate.
- To delete host aggregates, locate the host aggregate that you want
to edit in the table. Click :guilabel:`More` and select
:guilabel:`Delete Host Aggregate`.

115
doc/source/admin/manage-images.rst Normal file
View File

@ -0,0 +1,115 @@
========================
Create and manage images
========================
As an administrative user, you can create and manage images
for the projects to which you belong. You can also create
and manage images for users in all projects to which you have
access.
To create and manage images in specified projects as an end
user, see the `upload and manage images with Dashboard in
OpenStack End User Guide
<https://docs.openstack.org/user-guide/dashboard-manage-images.html>`_
and `manage images with CLI in OpenStack End User Guide
<https://docs.openstack.org/user-guide/common/cli-manage-images.html>`_ .
To create and manage images as an administrator for other
users, use the following procedures.
Create images
~~~~~~~~~~~~~
For details about image creation, see the `Virtual Machine Image
Guide <https://docs.openstack.org/image-guide/>`_.
#. Log in to the Dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Images` category. The images that you
can administer for cloud users appear on this page.
#. Click :guilabel:`Create Image`, which opens the
:guilabel:`Create An Image` window.
.. figure:: figures/create_image.png
**Figure Dashboard — Create Image**
#. In the :guilabel:`Create An Image` window, enter or select the
following values:
+-------------------------------+---------------------------------+
| :guilabel:`Name` | Enter a name for the image. |
+-------------------------------+---------------------------------+
| :guilabel:`Description` | Enter a brief description of |
| | the image. |
+-------------------------------+---------------------------------+
| :guilabel:`Image Source` | Choose the image source from |
| | the dropdown list. Your choices |
| | are :guilabel:`Image Location` |
| | and :guilabel:`Image File`. |
+-------------------------------+---------------------------------+
| :guilabel:`Image File` or | Based on your selection, there |
| :guilabel:`Image Location` | is an :guilabel:`Image File` or |
| | :guilabel:`Image Location` |
| | field. You can include the |
| | location URL or browse for the |
| | image file on your file system |
| | and add it. |
+-------------------------------+---------------------------------+
| :guilabel:`Format` | Select the image format. |
+-------------------------------+---------------------------------+
| :guilabel:`Architecture` | Specify the architecture. For |
| | example, ``i386`` for a 32-bit |
| | architecture or ``x86_64`` for |
| | a 64-bit architecture. |
+-------------------------------+---------------------------------+
| :guilabel:`Minimum Disk (GB)` | Leave this field empty. |
+-------------------------------+---------------------------------+
| :guilabel:`Minimum RAM (MB)` | Leave this field empty. |
+-------------------------------+---------------------------------+
| :guilabel:`Copy Data` | Specify this option to copy |
| | image data to the Image service.|
+-------------------------------+---------------------------------+
| :guilabel:`Public` | Select this option to make the |
| | image public to all users. |
+-------------------------------+---------------------------------+
| :guilabel:`Protected` | Select this option to ensure |
| | that only users with |
| | permissions can delete it. |
+-------------------------------+---------------------------------+
#. Click :guilabel:`Create Image`.
The image is queued to be uploaded. It might take several minutes
before the status changes from ``Queued`` to ``Active``.
Update images
~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project from the
drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Images` category.
#. Select the images that you want to edit. Click :guilabel:`Edit Image`.
#. In the :guilabel:`Edit Image` window, you can change the image name.
Select the :guilabel:`Public` check box to make the image public.
Clear this check box to make the image private. You cannot change
the :guilabel:`Kernel ID`, :guilabel:`Ramdisk ID`, or
:guilabel:`Architecture` attributes for an image.
#. Click :guilabel:`Edit Image`.
Delete images
~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project from the
drop-down list.
#. On the :guilabel:`Admin tab`, open the :guilabel:`System` tab
and click the :guilabel:`Images` category.
#. Select the images that you want to delete.
#. Click :guilabel:`Delete Images`.
#. In the :guilabel:`Confirm Delete Images` window, click :guilabel:`Delete
Images` to confirm the deletion.
You cannot undo this action.

77
doc/source/admin/manage-instances.rst Normal file
View File

@ -0,0 +1,77 @@
================
Manage instances
================
As an administrative user, you can manage instances for users in various
projects. You can view, terminate, edit, perform a soft or hard reboot,
create a snapshot from, and migrate instances. You can also view the
logs for instances or launch a VNC console for an instance.
For information about using the Dashboard to launch instances as an end
user, see the `OpenStack End User Guide <https://docs.openstack.org/user-guide/dashboard-launch-instances.html>`__.
Create instance snapshots
~~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project from the
drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Instances` category.
#. Select an instance to create a snapshot from it. From the
Actions drop-down list, select :guilabel:`Create Snapshot`.
#. In the :guilabel:`Create Snapshot` window, enter a name for the snapshot.
#. Click :guilabel:`Create Snapshot`. The Dashboard shows the instance snapshot
in the :guilabel:`Images` category.
#. To launch an instance from the snapshot, select the snapshot and
click :guilabel:`Launch`. For information about launching
instances, see the
`OpenStack End User Guide <https://docs.openstack.org/user-guide/dashboard-launch-instances.html>`__.
Control the state of an instance
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and select the :guilabel:`admin` project from the
drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Instances` category.
#. Select the instance for which you want to change the state.
#. From the drop-down list in the Actions column,
select the state.
Depending on the current state of the instance, you can perform various
actions on the instance. For example, pause, un-pause, suspend, resume,
soft or hard reboot, or terminate (actions in red are dangerous).
.. figure:: figures/change_instance_state.png
:width: 100%
**Figure Dashboard — Instance Actions**
Track usage
~~~~~~~~~~~
Use the :guilabel:`Overview` category to track usage of instances
for each project.
You can track costs per month by showing meters like number of VCPUs,
disks, RAM, and uptime of all your instances.
#. Log in to the Dashboard and select the :guilabel:`admin` project from the
drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Overview` category.
#. Select a month and click :guilabel:`Submit` to query the instance usage for
that month.
#. Click :guilabel:`Download CSV Summary` to download a CSV summary.

102
doc/source/admin/manage-projects-and-users.rst Normal file
View File

@ -0,0 +1,102 @@
Manage projects and users
=========================
OpenStack administrators can create projects, and create accounts for new users
using the OpenStack Dasboard. Projects own specific resources in your
OpenStack environment. You can associate users with roles, projects, or both.
Add a new project
~~~~~~~~~~~~~~~~~
#. Log into the OpenStack Dashboard as the Admin user.
#. Click on the :guilabel:`Identity` label on the left column, and click
:guilabel:`Projects`.
#. Select the :guilabel:`Create Project` push button.
The :guilabel:`Create Project` window will open.
#. Enter the Project name and description. Leave the :guilabel:`Domain ID`
field set at *default*.
#. Click :guilabel:`Create Project`.
.. note::
Your new project will appear in the list of projects displayed under the
:guilabel:`Projects` page of the dashboard. Projects are listed in
alphabetical order, and you can check on the **Project ID**, **Domain
name**, and status of the project in this section.
Delete a project
~~~~~~~~~~~~~~~~
#. Log into the OpenStack Dashboard as the Admin user.
#. Click on the :guilabel:`Identity` label on the left column, and click
:guilabel:`Projects`.
#. Select the checkbox to the left of the project you would like to delete.
#. Click on the :guilabel:`Delete Projects` push button.
Update a project
~~~~~~~~~~~~~~~~
#. Log into the OpenStack Dashboard as the Admin user.
#. Click on the :guilabel:`Identity` label on the left column, and click
:guilabel:`Projects`.
#. Locate the project you wish to update, and under the :guilabel:`Actions`
column click on the drop down arrow next to the :guilabel:`Manage Members`
push button. The :guilabel:`Update Project` window will open.
#. Update the name of the project, enable the project, or disable the project
as needed.
Add a new user
~~~~~~~~~~~~~~
#. Log into the OpenStack Dashboard as the Admin user.
#. Click on the :guilabel:`Identity` label on the left column, and click
:guilabel:`Users`.
#. Click :guilabel:`Create User`.
#. Enter a :guilabel:`Domain Name`, the :guilabel:`Username`, and a
:guilabel:`password` for the new user. Enter an email for the new user,
and specify which :guilabel:`Primary Project` they belong to. Leave the
:guilabel:`Domain ID` field set at *default*. You can also enter a
decription for the new user.
#. Click the :guilabel:`Create User` push button.
.. note::
The new user will then appear in the list of projects displayed under
the :guilabel:`Users` page of the dashboard. You can check on the
**User Name**, **User ID**, **Domain name**, and the User status in this
section.
Delete a new user
~~~~~~~~~~~~~~~~~
#. Log into the OpenStack Dashboard as the Admin user.
#. Click on the :guilabel:`Identity` label on the left column, and click
:guilabel:`Users`.
#. Select the checkbox to the left of the user you would like to delete.
#. Click on the :guilabel:`Delete Users` push button.
Update a user
~~~~~~~~~~~~~
#. Log into the OpenStack Dashboard as the Admin user.
#. Click on the :guilabel:`Identity` label on the left column, and click
:guilabel:`Users`.
#. Locate the User you would like to update, and select the :guilabel:`Edit`
push button under the :guilabel:`Actions` column.
#. Adjust the :guilabel:`Domain Name`, :guilabel:`User Name`,
:guilabel:`Description`, :guilabel:`Email`, and :guilabel:`Primary Project`.
Enable or disable a user
------------------------
#. Log into the OpenStack Dashboard as the Admin user.
#. Click on the :guilabel:`Identity` label on the left column, and click
:guilabel:`Users`.
#. Locate the User you would like to update, and select the arrow to the right
of the :guilabel:`Edit` push button. This will open a drop down menu.
#. Select :guilabel:`Disable User`.
.. note::
To reactivate a disabled user, select :guilabel:`Enable User` under
the drop down menu.

10
doc/source/admin/manage-resources.rst Normal file
View File

@ -0,0 +1,10 @@
====================
View cloud resources
====================
.. toctree::
:maxdepth: 2
manage-services.rst
view-cloud-resources.rst

37
doc/source/admin/manage-services.rst Normal file
View File

@ -0,0 +1,37 @@
=========================
View services information
=========================
As an administrative user, you can view information for OpenStack services.
#. Log in to the Dashboard and select the
:guilabel:`admin` project from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`System Information` category.
View the following information on these tabs:
* :guilabel:`Services`:
Displays the internal name and the public OpenStack name
for each service, the host on which the service runs,
and whether or not the service is enabled.
* :guilabel:`Compute Services`:
Displays information specific to the Compute service. Both host
and zone are listed for each service, as well as its
activation status.
* :guilabel:`Block Storage Services`:
Displays information specific to the Block Storage service. Both host
and zone are listed for each service, as well as its
activation status.
* :guilabel:`Network Agents`:
Displays the network agents active within the cluster, such as L3 and
DHCP agents, and the status of each agent.
* :guilabel:`Orchestration Services`:
Displays information specific to the Orchestration service. Name,
engine id, host and topic are listed for each service, as well as its
activation status.

149
doc/source/admin/manage-shares.rst Normal file
View File

@ -0,0 +1,149 @@
=============================
Manage shares and share types
=============================
Shares are file storage that instances can access. Users can
allow or deny a running instance to have access to a share at any time.
For information about using the Dashboard to create and manage shares as
an end user, see the
`OpenStack End User Guide <https://docs.openstack.org/user-guide/dashboard-manage-shares.html>`_.
As an administrative user, you can manage shares and share types for users
in various projects. You can create and delete share types, and view
or delete shares.
.. _create-a-share-type:
Create a share type
~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and choose the :guilabel:`admin`
project from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Shares` category.
#. Click the :guilabel:`Share Types` tab, and click
:guilabel:`Create Share Type` button. In the
:guilabel:`Create Share Type` window, enter or select the
following values.
:guilabel:`Name`: Enter a name for the share type.
:guilabel:`Driver handles share servers`: Choose True or False
:guilabel:`Extra specs`: To add extra specs, use key=value.
#. Click :guilabel:`Create Share Type` button to confirm your changes.
.. note::
A message indicates whether the action succeeded.
Update share type
~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and choose the :guilabel:`admin` project from
the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Shares` category.
#. Click the :guilabel:`Share Types` tab, select the share type
that you want to update.
#. Select :guilabel:`Update Share Type` from Actions.
#. In the :guilabel:`Update Share Type` window, update extra specs.
:guilabel:`Extra specs`: To add extra specs, use key=value.
To unset extra specs, use key.
#. Click :guilabel:`Update Share Type` button to confirm your changes.
.. note::
A message indicates whether the action succeeded.
Delete share types
~~~~~~~~~~~~~~~~~~
When you delete a share type, shares of that type are not deleted.
#. Log in to the Dashboard and choose the :guilabel:`admin` project from
the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Shares` category.
#. Click the :guilabel:`Share Types` tab, select the share type
or types that you want to delete.
#. Click :guilabel:`Delete Share Types` button.
#. In the :guilabel:`Confirm Delete Share Types` window, click the
:guilabel:`Delete Share Types` button to confirm the action.
.. note::
A message indicates whether the action succeeded.
Delete shares
~~~~~~~~~~~~~
#. Log in to the Dashboard and choose the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Shares` category.
#. Select the share or shares that you want to delete.
#. Click :guilabel:`Delete Shares` button.
#. In the :guilabel:`Confirm Delete Shares` window, click the
:guilabel:`Delete Shares` button to confirm the action.
.. note::
A message indicates whether the action succeeded.
Delete share server
~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and choose the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Share Servers` category.
#. Select the share that you want to delete.
#. Click :guilabel:`Delete Share Server` button.
#. In the :guilabel:`Confirm Delete Share Server` window, click the
:guilabel:`Delete Share Server` button to confirm the action.
.. note::
A message indicates whether the action succeeded.
Delete share networks
~~~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and choose the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Share Networks` category.
#. Select the share network or share networks that you want to delete.
#. Click :guilabel:`Delete Share Networks` button.
#. In the :guilabel:`Confirm Delete Share Networks` window, click the
:guilabel:`Delete Share Networks` button to confirm the action.
.. note::
A message indicates whether the action succeeded.

168
doc/source/admin/manage-volumes.rst Normal file
View File

@ -0,0 +1,168 @@
===============================
Manage volumes and volume types
===============================
Volumes are the Block Storage devices that you attach to instances to enable
persistent storage. Users can attach a volume to a running instance or detach
a volume and attach it to another instance at any time. For information about
using the dashboard to create and manage volumes as an end user, see the
`OpenStack End User Guide <https://docs.openstack.org/user-guide/dashboard-manage-volumes.html>`_.
As an administrative user, you can manage volumes and volume types for users
in various projects. You can create and delete volume types, and you can view
and delete volumes. Note that a volume can be encrypted by using the steps
outlined below.
.. _create-a-volume-type:
Create a volume type
~~~~~~~~~~~~~~~~~~~~
#. Log in to the dashboard and select the :guilabel:`admin`
project from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Volumes` category.
#. Click the :guilabel:`Volume Types` tab, and click
:guilabel:`Create Volume Type` button. In the
:guilabel:`Create Volume Type` window, enter a name for the volume type.
#. Click :guilabel:`Create Volume Type` button to confirm your changes.
.. note::
A message indicates whether the action succeeded.
Create an encrypted volume type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Create a volume type using the steps above for :ref:`create-a-volume-type`.
#. Click :guilabel:`Create Encryption` in the Actions column of the newly
created volume type.
#. Configure the encrypted volume by setting the parameters below from
available options (see table):
Provider
Specifies the class responsible for configuring the encryption.
Control Location
Specifies whether the encryption is from the front end (nova) or the
back end (cinder).
Cipher
Specifies the encryption algorithm.
Key Size (bits)
Specifies the encryption key size.
#. Click :guilabel:`Create Volume Type Encryption`.
.. figure:: figures/create_volume_type_encryption.png
**Encryption Options**
The table below provides a few alternatives available for creating encrypted
volumes.
+--------------------+-----------------------+----------------------------+
| Encryption | Parameter | Comments |
| parameters | options | |
+====================+=======================+============================+
| Provider |nova.volume.encryptors.|Allows easier import and |
| |luks.LuksEncryptor |migration of imported |
| |(Recommended) |encrypted volumes, and |
| | |allows access key to be |
| | |changed without |
| | |re-encrypting the volume |
+ +-----------------------+----------------------------+
| |nova.volume.encryptors.|Less disk overhead than |
| |cryptsetup. |LUKS |
| |CryptsetupEncryptor | |
+--------------------+-----------------------+----------------------------+
| Control Location | front-end |The encryption occurs within|
| | (Recommended) |nova so that the data |
| | |transmitted over the network|
| | |is encrypted |
| | | |
+ +-----------------------+----------------------------+
| | back-end |This could be selected if a |
| | |cinder plug-in supporting |
| | |an encrypted back-end block |
| | |storage device becomes |
| | |available in the future. |
| | |TLS or other network |
| | |encryption would also be |
| | |needed to protect data as it|
| | |traverses the network |
+--------------------+-----------------------+----------------------------+
| Cipher | aes-xts-plain64 |See NIST reference below |
| | (Recommended) |to see advantages* |
+ +-----------------------+----------------------------+
| | aes-cbc-essiv |Note: On the command line, |
| | |type 'cryptsetup benchmark' |
| | |for additional options |
+--------------------+-----------------------+----------------------------+
| Key Size (bits)| 512 (Recommended for |Using this selection for |
| | aes-xts-plain64. 256 |aes-xts, the underlying key |
| | should be used for |size would only be 256-bits*|
| | aes-cbc-essiv) | |
+ +-----------------------+----------------------------+
| | 256 |Using this selection for |
| | |aes-xts, the underlying key |
| | |size would only be 128-bits*|
+--------------------+-----------------------+----------------------------+
`*` Source `NIST SP 800-38E <http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf>`_
.. note::
To see further information and CLI instructions, see
`Create an encrypted volume type
<https://docs.openstack.org/ocata/config-reference/block-storage/volume-encryption.html>`_
in the OpenStack Configuration Reference.
Delete volume types
~~~~~~~~~~~~~~~~~~~
When you delete a volume type, volumes of that type are not deleted.
#. Log in to the dashboard and select the :guilabel:`admin` project from
the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Volumes` category.
#. Click the :guilabel:`Volume Types` tab, select the volume type
or types that you want to delete.
#. Click :guilabel:`Delete Volume Types` button.
#. In the :guilabel:`Confirm Delete Volume Types` window, click the
:guilabel:`Delete Volume Types` button to confirm the action.
.. note::
A message indicates whether the action succeeded.
Delete volumes
~~~~~~~~~~~~~~
When you delete an instance, the data of its attached volumes is not
destroyed.
#. Log in to the dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Volumes` category.
#. Select the volume or volumes that you want to delete.
#. Click :guilabel:`Delete Volumes` button.
#. In the :guilabel:`Confirm Delete Volumes` window, click the
:guilabel:`Delete Volumes` button to confirm the action.
.. note::
A message indicates whether the action succeeded.

216
doc/source/admin/sessions.rst Normal file
View File

@ -0,0 +1,216 @@
========================================
Set up session storage for the Dashboard
========================================
The Dashboard uses `Django sessions
framework <https://docs.djangoproject.com/en/dev/topics/http/sessions/>`__
to handle user session data. However, you can use any available session
back end. You customize the session back end through the
``SESSION_ENGINE`` setting in your ``local_settings.py`` file.
After architecting and implementing the core OpenStack
services and other required services, combined with the Dashboard
service steps below, users and administrators can use
the OpenStack dashboard. Refer to the `OpenStack Dashboard
<https://docs.openstack.org/user-guide/dashboard.html>`__
chapter of the OpenStack End User Guide for
further instructions on logging in to the Dashboard.
The following sections describe the pros and cons of each option as it
pertains to deploying the Dashboard.
Local memory cache
~~~~~~~~~~~~~~~~~~
Local memory storage is the quickest and easiest session back end to set
up, as it has no external dependencies whatsoever. It has the following
significant drawbacks:
- No shared storage across processes or workers.
- No persistence after a process terminates.
The local memory back end is enabled as the default for Horizon solely
because it has no dependencies. It is not recommended for production
use, or even for serious development work.
.. code-block:: python
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default' : {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'
}
}
You can use applications such as ``Memcached`` or ``Redis`` for external
caching. These applications offer persistence and shared storage and are
useful for small-scale deployments and development.
Memcached
---------
Memcached is a high-performance and distributed memory object caching
system providing in-memory key-value store for small chunks of arbitrary
data.
Requirements:
- Memcached service running and accessible.
- Python module ``python-memcached`` installed.
.. code-block:: python
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'my_memcached_host:11211',
}
}
Redis
-----
Redis is an open source, BSD licensed, advanced key-value store. It is
often referred to as a data structure server.
Requirements:
- Redis service running and accessible.
- Python modules ``redis`` and ``django-redis`` installed.
.. code-block:: python
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
"default": {
"BACKEND": "redis_cache.cache.RedisCache",
"LOCATION": "127.0.0.1:6379:1",
"OPTIONS": {
"CLIENT_CLASS": "redis_cache.client.DefaultClient",
}
}
}
Initialize and configure the database
-------------------------------------
Database-backed sessions are scalable, persistent, and can be made
high-concurrency and highly available.
However, database-backed sessions are one of the slower session storages
and incur a high overhead under heavy usage. Proper configuration of
your database deployment can also be a substantial undertaking and is
far beyond the scope of this documentation.
#. Start the MySQL command-line client.
.. code-block:: console
$ mysql -u root -p
#. Enter the MySQL root user's password when prompted.
#. To configure the MySQL database, create the dash database.
.. code-block:: console
mysql> CREATE DATABASE dash;
#. Create a MySQL user for the newly created dash database that has full
control of the database. Replace DASH\_DBPASS with a password for the
new user.
.. code-block:: console
mysql> GRANT ALL PRIVILEGES ON dash.* TO 'dash'@'%' IDENTIFIED BY 'DASH_DBPASS';
mysql> GRANT ALL PRIVILEGES ON dash.* TO 'dash'@'localhost' IDENTIFIED BY 'DASH_DBPASS';
#. Enter ``quit`` at the ``mysql>`` prompt to exit MySQL.
#. In the ``local_settings.py`` file, change these options:
.. code-block:: python
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
DATABASES = {
'default': {
# Database configuration here
'ENGINE': 'django.db.backends.mysql',
'NAME': 'dash',
'USER': 'dash',
'PASSWORD': 'DASH_DBPASS',
'HOST': 'localhost',
'default-character-set': 'utf8'
}
}
#. After configuring the ``local_settings.py`` file as shown, you can run the
:command:`manage.py syncdb` command to populate this newly created
database.
.. code-block:: console
# /usr/share/openstack-dashboard/manage.py syncdb
#. The following output is returned:
.. code-block:: console
Installing custom SQL ...
Installing indexes ...
DEBUG:django.db.backends:(0.008) CREATE INDEX `django_session_c25c2c28` ON `django_session` (`expire_date`);; args=()
No fixtures found.
#. To avoid a warning when you restart Apache on Ubuntu, create a
``blackhole`` directory in the Dashboard directory, as follows.
.. code-block:: console
# mkdir -p /var/lib/dash/.blackhole
#. Restart the Apache service.
#. On Ubuntu, restart the ``nova-api`` service to ensure that the API server
can connect to the Dashboard without error.
.. code-block:: console
# service nova-api restart
Cached database
~~~~~~~~~~~~~~~
To mitigate the performance issues of database queries, you can use the
Django ``cached_db`` session back end, which utilizes both your database
and caching infrastructure to perform write-through caching and
efficient retrieval.
Enable this hybrid setting by configuring both your database and cache,
as discussed previously. Then, set the following value:
.. code-block:: python
SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"
Cookies
~~~~~~~
If you use Django 1.4 or later, the ``signed_cookies`` back end avoids
server load and scaling problems.
This back end stores session data in a cookie, which is stored by the
user's browser. The back end uses a cryptographic signing technique to
ensure session data is not tampered with during transport. This is not
the same as encryption; session data is still readable by an attacker.
The pros of this engine are that it requires no additional dependencies
or infrastructure overhead, and it scales indefinitely as long as the
quantity of session data being stored fits into a normal cookie.
The biggest downside is that it places session data into storage on the
user's machine and transports it over the wire. It also limits the
quantity of session data that can be stored.
See the Django `cookie-based
sessions <https://docs.djangoproject.com/en/dev/topics/http/sessions/#using-cookie-based-sessions>`__
documentation.

117
doc/source/admin/set-quotas.rst Normal file
View File

@ -0,0 +1,117 @@
.. _dashboard-set-quotas:
======================
View and manage quotas
======================
.. |nbsp| unicode:: 0xA0 .. nbsp
:trim:
To prevent system capacities from being exhausted without notification,
you can set up quotas. Quotas are operational limits. For example, the
number of gigabytes allowed for each project can be controlled so that
cloud resources are optimized. Quotas can be enforced at both the project
and the project-user level.
Typically, you change quotas when a project needs more than ten
volumes or 1 |nbsp| TB on a compute node.
Using the Dashboard, you can view default Compute and Block Storage
quotas for new projects, as well as update quotas for existing projects.
.. note::
Using the command-line interface, you can manage quotas for the
OpenStack Compute service, the OpenStack Block Storage service, and
the OpenStack Networking service (see `OpenStack Administrator Guide
<https://docs.openstack.org/admin-guide/cli-set-quotas.html>`_).
Additionally, you can update Compute service quotas for
project users.
The following table describes the Compute and Block Storage service quotas:
.. _compute_quotas:
**Quota Descriptions**
+--------------------+------------------------------------+---------------+
| Quota Name | Defines the number of | Service |
+====================+====================================+===============+
| Gigabytes | Volume gigabytes allowed for | Block Storage |
| | each project. | |
+--------------------+------------------------------------+---------------+
| Instances | Instances allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Injected Files | Injected files allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Injected File | Content bytes allowed for each | Compute |
| Content Bytes | injected file. | |
+--------------------+------------------------------------+---------------+
| Keypairs | Number of keypairs. | Compute |
+--------------------+------------------------------------+---------------+
| Metadata Items | Metadata items allowed for each | Compute |
| | instance. | |
+--------------------+------------------------------------+---------------+
| RAM (MB) | RAM megabytes allowed for | Compute |
| | each instance. | |
+--------------------+------------------------------------+---------------+
| Security Groups | Security groups allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Security Group | Security group rules allowed for | Compute |
| Rules | each project. | |
+--------------------+------------------------------------+---------------+
| Snapshots | Volume snapshots allowed for | Block Storage |
| | each project. | |
+--------------------+------------------------------------+---------------+
| VCPUs | Instance cores allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Volumes | Volumes allowed for each | Block Storage |
| | project. | |
+--------------------+------------------------------------+---------------+
.. _dashboard_view_quotas_procedure:
View default project quotas
~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Defaults` category.
#. The default quota values are displayed.
.. note::
You can sort the table by clicking on either the
:guilabel:`Quota Name` or :guilabel:`Limit` column headers.
.. _dashboard_update_project_quotas:
Update project quotas
~~~~~~~~~~~~~~~~~~~~~
#. Log in to the dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Defaults` category.
#. Click the :guilabel:`Update Defaults` button.
#. In the :guilabel:`Update Default Quotas` window,
you can edit the default quota values.
#. Click the :guilabel:`Update Defaults` button.
.. note::
The dashboard does not show all possible project quotas.
To view and update the quotas for a service, use its
command-line client. See `OpenStack Administrator Guide
<https://docs.openstack.org/admin-guide/cli-set-quotas.html>`_.

41
doc/source/admin/view-cloud-resources.rst Normal file
View File

@ -0,0 +1,41 @@
===========================
View cloud usage statistics
===========================
The Telemetry service provides user-level usage data for
OpenStack-based clouds, which can be used for customer billing, system
monitoring, or alerts. Data can be collected by notifications sent by
existing OpenStack components (for example, usage events emitted from
Compute) or by polling the infrastructure (for example, libvirt).
.. note::
You can only view metering statistics on the dashboard (available
only to administrators).
The Telemetry service must be set up and administered through the
:command:`ceilometer` command-line interface (CLI).
For basic administration information, refer to the `Measure Cloud
Resources <https://docs.openstack.org/user-guide/cli-ceilometer.html>`_
chapter in the OpenStack End User Guide.
.. _dashboard-view-resource-stats:
View resource statistics
~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the dashboard and select the :guilabel:`admin` project
from the drop-down list.
#. On the :guilabel:`Admin` tab, click the :guilabel:`Resource Usage` category.
#. Click the:
* :guilabel:`Usage Report` tab to view a usage report per project
by specifying the time period (or even use a calendar to define
a date range).
* :guilabel:`Stats` tab to view a multi-series line chart with
user-defined meters. You group by project, define the value type
(min, max, avg, or sum), and specify the time period (or even use
a calendar to define a date range).

1
doc/source/index.rst
View File

@ -40,6 +40,7 @@ How to use Horizon in your own projects.
install/index install/index
user/index user/index
admin/index
Contributor Docs Contributor Docs
================ ================