starlingx/docs
Code Issues Proposed changes
78263d6d95
docs/doc/source/security/kubernetes/configure-http-and-https-ports-for-horizon-using-the-cli.rst
Rafael Jardim d95c80d36f Update Security 
Fixed merge conflict (RS)

Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com>
Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55
Signed-off-by: Ron Stone <ronald.stone@windriver.com>
2021-04-01 16:02:36 -04:00

2.5 KiB
Raw Blame History

Configure HTTP and HTTPS Ports for Horizon Using the CLI

You can configure the HTTP / HTTPS ports for accessing the Horizon Web interface using the CLI.

To access Horizon, use http://<external OAM IP>:8080. By default, the ports are HTTP=8080, and HTTPS=8443.

You can configure HTTP / HTTPS ports only when all hosts are unlocked and enabled.

Use the system service-parameter-list --service=http command to list the configured HTTP, and HTTPS ports.

~(keystone_admin)]$ system service-parameter-list --service http
+---------+----------+---------+------------+-------+------------+--------+
| uuid    | service  | section | name       | value |personality |Resource|
+---------+----------+---------+------------+-------+------------+--------+
| 4fc7... | http     | config  | http_port  | 8080  | None       |None    |
| 9618... | http     | config  | https_port | 8443  | None       |None    |
+---------+----------+---------+------------+-------+-------------+-------+

  1. Use the system service-parameter-modify command to configure a different port for HTTP, and HTTPS. For example,

    ~(keystone_admin)]$ system service-parameter-modify http config http_port=8090

~(keystone_admin)]$ system service-parameter-modify http config https_port=9443

  2. Apply the service parameter change.

    ~(keystone_admin)]$ system service-parameter-apply http
Applying http service parameters

    Note

    Do not use ports used by other services on the platform, OAM and management interfaces on the controllers, or in custom applications. For more information, see, : Default Firewall Rules <security-default-firewall-rules>.

    If you plan to run , do not reset the ports to 80/443, as these ports may be used by containerized OpenStack, by default.

A configuration out-of-date alarm is generated for each host. Wait for the configuration to be automatically applied to all nodes and the alarms to be cleared on all hosts before performing maintenance operations, such as rebooting or locking/unlocking a host.