Adding the self-service interface to a deployed topology

IBM® Cloud Manager with OpenStack features an easy to use self-service user interface for performing cloud operations, IBM Cloud Manager - Self Service. Deploying a cloud environment with IBM Cloud Manager - Self Service is optional. After you deploy your cloud environment, you can add IBM Cloud Manager - Self Service.

1. Log in to the deployment system as the root user.
   This is the system where IBM Cloud Manager with OpenStack was installed.
2. Update the following JSON attribute in your environment file your-environment-name.json. If you have a multi-region cloud environment, then you must update the attribute in the environment file for each region.

   ibm-sce.service.enabled: true

   For the HA controller +n compute topology, set the following attributes:

   • ibm-sce.host.ipaddress: Set this attribute to the IP address of your primary HA controller node (that is, the HA controller node that is tagged as “ibm-os-deploy-ha-primary” in your topology). The IBM Cloud Manager - Self Service back-end service will be installed on this node. Run the knife node show command against each HA controller node in your topology to find the node that is tagged as “ibm-os-deploy-ha-primary”.
   • ibm-sce.self-service.bind_interface: Set this attribute to 127.0.0.1. The deployment process automatically configures the bind address for the IBM Cloud Manager - Self Service user interface based on your HA controller nodes.

   This attribute configures the self-service user interface for use with OpenStack.

3. Choose a node in your environment on which to deploy IBM Cloud Manager - Self Service. Typically, the self-service interface is co-located with the single controller node or is installed on a stand-alone node. Append the ibm-sce-node role to this node in your topology file your-topology-name.json. If you have a multi-region cloud environment, only one self-service interface is installed to manage the multiple regions. This step is not applicable for the HA controller +n compute topology.
   For example, in a minimal topology file, you would append role[ibm-sce-node] to the run list for the node:

   "runlist":[
     "role[ibm-os-allinone-kvm]",
     "role[ibm-sce-node]"
   ]

4. Update your cloud environment to add the self-service user interface. If you have a multi-region cloud environment, then you must complete these steps for each region, starting with the region that contains the shared OpenStack Keystone server.
   1. Upload the updated environment file.

      $ knife environment from file your-environment-name.json

   2. Update the topology.

      $ knife os manage update topology your-topology-name.json

      Note: When you enable IBM Cloud Manager - Self Service, the following configuration changes are made:

      • Modified OpenStack policy files are installed instead of the default OpenStack policy files. The policy files that are modified for IBM Cloud Manager - Self Service ensure that the user role security model is consistent between what the self-service user interface allows and OpenStack. For more information, see Overview of project membership roles.
      • IBM Cloud Manager - Self Service users, roles and projects are pushed into the OpenStack Keystone identity service. For more information, see Project management with OpenStack and User management with OpenStack.
      • The OpenStack cloud connection is configured in IBM Cloud Manager - Self Service.
5. After the update is complete, IBM Cloud Manager - Self Service is available at https://node.fqdn.com:8080/login.html, where node.fqdn.com is the fully qualified domain name for the node on which you deployed IBM Cloud Manager - Self Service. For the HA controller +n compute topology, where node.fqdn.com is the cloud virtual IP address. You can log in using your current cloud administrator (admin) user.