b1a693d0a3
Closes-Bug: #2049807 Change-Id: I9beb1c1e7ba2d8c0378d4eabe8dbd05ffeb06c69 |
||
---|---|---|
.vscode | ||
container | ||
devstack | ||
doc | ||
etc | ||
kolla | ||
playbooks/devstack | ||
releasenotes | ||
skyline_apiserver | ||
spec | ||
tools | ||
.dockerignore | ||
.gitignore | ||
.gitreview | ||
.isort.cfg | ||
.zuul.yaml | ||
bindep.txt | ||
LICENSE | ||
Makefile | ||
MANIFEST.in | ||
mypy.ini | ||
pytest.ini | ||
README-zh_CN.rst | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
swagger.json | ||
test-requirements.txt | ||
tox.ini |
Skyline API Server
English | 简体中文
Skyline is an OpenStack dashboard optimized by UI and UE, support OpenStack Train+. It has a modern technology stack and ecology, is easier for developers to maintain and operate by users, and has higher concurrency performance.
Skyline's mascot is the nine-color deer. The nine-color deer comes from Dunhuang mural “the nine-color king deer”, whose moral is Buddhist cause-effect and gratefulness, which is consistent with 99cloud's philosophy of embracing and feedback community since its inception. We also hope Skyline can keep light, elegant and powerful as the nine-color deer, to provide a better dashboard for the openstack community and users.
Table of contents
Resources
Quick Start
Prerequisites
- An OpenStack environment that runs at least core components and can access OpenStack components through Keystone endpoints
- A Linux server with container engine (docker or podman) installed
Configure
Edit the
/etc/skyline/skyline.yaml
file in linux serverYou can refer to the sample file, and modify the following parameters according to the actual environment
- database_url
- keystone_url
- default_region
- interface_type
- system_project_domain
- system_project
- system_user_domain
- system_user_name
- system_user_password
Deployment with Sqlite
Run the skyline_bootstrap container to bootstrap
rm -rf /tmp/skyline && mkdir /tmp/skyline && mkdir /var/log/skyline docker run -d --name skyline_bootstrap -e KOLLA_BOOTSTRAP="" -v /var/log/skyline:/var/log/skyline -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml -v /tmp/skyline:/tmp --net=host 99cloud/skyline:latest # Check bootstrap is normal `exit 0` docker logs skyline_bootstrap
Run the skyline service after bootstrap is complete
docker rm -f skyline_bootstrap
If you need to modify skyline port, add
-e LISTEN_ADDRESS=<ip:port>
in the following commandLISTEN_ADDRESS
defaults to0.0.0.0:9999
If you need to modify the policy rules of a service, add
-v /etc/skyline/policy:/etc/skyline/policy
in the following commandRename the service policy yaml file to
<service_name>_policy.yaml
, and place it in/etc/skyline/policy
folderdocker run -d --name skyline --restart=always -v /var/log/skyline:/var/log/skyline -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml -v /tmp/skyline:/tmp --net=host 99cloud/skyline:latest
Deployment with MariaDB
https://docs.openstack.org/skyline-apiserver/latest/install/docker-install-ubuntu.html
API Doc
You can visit the API doc
https://<ip_address>:9999/api/openstack/skyline/docs
Test Access
You can now access the dashboard:
https://<ip_address>:9999
Develop Skyline-apiserver
Support Linux & Mac OS (Recommend Linux OS) (Because uvloop & cython)
Dependent tools
Use the new feature Context Variables of python37 & uvloop(0.15.0+ requires python37). Considering that most systems do not support python37, we choose to support python38 at least.
- make >= 3.82
- python >= 3.8
- node >= 10.22.0 (Optional if you only develop with apiserver)
- yarn >= 1.22.4 (Optional if you only develop with apiserver)
Install & Run
Installing dependency packages
tox -e venv
Set skyline.yaml config file
cp etc/skyline.yaml.sample etc/skyline.yaml export OS_CONFIG_DIR=$(pwd)/etc
Maybe you should change the params with your real environment as followed:
- database_url - keystone_url - default_region - interface_type - system_project_domain - system_project - system_user_domain - system_user_name - system_user_password
If you set such as
sqlite:////tmp/skyline.db
fordatabase_url
, just do as followed. If you set such asmysql://root:root@localhost:3306/skyline
fordatabase_url
, you should refer to steps1
and2
of the chapterDeployment with MariaDB
at first.Init skyline database
source .tox/venv/bin/activate make db_sync deactivate
Run skyline-apiserver
$ source .tox/venv/bin/activate $ uvicorn --reload --reload-dir skyline_apiserver --port 28000 --log-level debug skyline_apiserver.main:app INFO: Uvicorn running on http://127.0.0.1:28000 (Press CTRL+C to quit) INFO: Started reloader process [154033] using statreload INFO: Started server process [154037] INFO: Waiting for application startup. INFO: Application startup complete.
You can now access the online API documentation:
http://127.0.0.1:28000/docs
.Or, you can launch debugger with
.vscode/lauch.json
with vscode.Build Image
make build
Devstack Integration
Fast integration with Devstack to build an environment.
Kolla Ansible Deployment
Kolla Ansible to build an environment.
FAQ
Policy
- Q: Why common user could login, but could list the nova servers?
Symptom: ----------------------------------- 1. Login Horizon with common user A, list servers OK. 2. Login Skyline with same common user A, could list the nova servers, F12 show no http requests sent from network, however webpage show 401, do not allow to list servers Root Cause Analysis: ----------------------------------- 1. Horizon don't know whether a user could do an action at a resource or not. It simply pass request to recording service, & service (Nova) do the check by its policy file. So it works. 2. Skyline check the action by itself, with /policy API. If you do not configure it, the default value follows community, like: https://docs.openstack.org/nova/2023.2/configuration/sample-policy.html How to fix: ----------------------------------- 1. By default, list servers need "project_reader_api": "role:reader and project_id:%(project_id)s" 2. You should config your customized role, for example: member, _member_, projectAdmin, etc, create implied reader role. "openstack implied role create --implied-role member projectAdmin", or "openstack implied role create --implied-role reader _member_" # openstack implied role list +----------------------------------+-----------------+----------------------------------+-------------------+ | Prior Role ID | Prior Role Name | Implied Role ID | Implied Role Name | +----------------------------------+-----------------+----------------------------------+-------------------+ | fe21c5a0d17149c2a7b02bf39154d110 | admin | 4376fc38ba6a44e794671af0a9c60ef5 | member | | 4376fc38ba6a44e794671af0a9c60ef5 | member | e081e01b7a4345bc85f8d3210b95362d | reader | | bee8fa36149e434ebb69b61d12113031 | projectAdmin | 4376fc38ba6a44e794671af0a9c60ef5 | member | | 77cec9fc7e764bd4bf60581869c048de | _member_ | e081e01b7a4345bc85f8d3210b95362d | reader | +----------------------------------+-----------------+----------------------------------+-------------------+