Access the OpenContrail web UI

Access the OpenContrail web UIΒΆ

Your OpenContrail cluster may not use SSH overall because of not having a certificate authority available. By default, OpenContrail uses SSL and requires certificate authentication. If you attempt to access the OpenContrail UI through the proxy with such configuration, the UI will accept your credentials but will end up in logging you out immediately. As a workaround, you can use HTTP directly to the OpenContrail web UI management VIP bypassing the proxy.

To access the OpenContrail web UI:

  1. Obtain the Administrator credentials. Select from the following options depending on your cluster type:

    • For OpenStack:

      1. Log in to the Salt Master node.

      2. Apply the following state:

        salt 'ctl01*' 'cat /root/keystonerc'
      3. From the output of the command above, record the values of OS_USERNAME and OS_PASSWORD.

    • For Kubernetes:

      1. Log in to any OpenContrail controller node.

      2. Run the following command:

        cat /etc/contrail/contrail-webui-userauth.js | grep "auth.admin"'
      3. From the output of the command above, record the values of auth.admin_user and auth.admin_password.

  2. In a browser, type either the OpenStack controller node VIP or the Kubernetes controller node VIP on port 8143. For example,

  3. On the page that opens, configure your web browser to trust the certificate if you have not done so yet:

    • In Google Chrome or Chromium, click Advanced > Proceed to <URL> (unsafe).
    • In Mozilla Firefox, navigate to Advanced > Add Exception, enter the URL in the Location field, and click Confirm Security Exception.


    For other web browsers, the steps may vary slightly.

  4. Enter the Administrator credentials obtained in the step 1. Leave the Domain field empty unless the default configuration was customized.

  5. Click Sign in.