Your OpenContrail cluster may not use SSH overall because of not having a certificate authority available. By default, OpenContrail uses SSL and requires certificate authentication. If you attempt to access the OpenContrail UI through the proxy with such configuration, the UI will accept your credentials but will end up in logging you out immediately. As a workaround, you can use HTTP directly to the OpenContrail web UI management VIP bypassing the proxy.
To access the OpenContrail web UI:
Obtain the Administrator credentials. Select from the following options depending on your cluster type:
For OpenStack:
Log in to the Salt Master node.
Apply the following state:
salt 'ctl01*' cmd.run 'cat /root/keystonerc'
From the output of the command above, record the values of
OS_USERNAME
and OS_PASSWORD
.
For Kubernetes:
Log in to any OpenContrail controller node.
Run the following command:
cat /etc/contrail/contrail-webui-userauth.js | grep "auth.admin"'
From the output of the command above, record the values of
auth.admin_user
and auth.admin_password
.
In a browser, type either the OpenStack controller node VIP or the Kubernetes controller node VIP on port 8143. For example, https://172.31.110.30:8143.
On the page that opens, configure your web browser to trust the certificate if you have not done so yet:
Note
For other web browsers, the steps may vary slightly.
Enter the Administrator credentials obtained in the step 1. Leave the
Domain
field empty unless the default configuration was customized.
Click Sign in.