When you try to install Open Source Mano on your Google Cloud Virtual Machine Instance following the Guide on OSM Wiki, you might met the problem of accessing UI, which is running in SO container and only has an local IP to access.
Since Open Source Mano THREE apply the new authentication mechanism, you could not access the login page for UI. The detailed reason is explained in the Wiki:
Please note that in OSM 3, authentication is performed using OpenIDConnect and OAuth2.0.
An identity provider has been added to the platform and provided as a service in the SO container running on port 8009.
This means both the browser and the UI server components (that run on the SO container) need to be able to access the SO container using identical URIs.
In short, the tuple of scheme://location:port needs to be reachable via both the browser accessing the system and the UI server running on the SO container (e.g. https://10.66.202.206:8009 for a sample deployment).
This means that if your SO container is behind a NAT that cannot reach the public address of the host, authentication and authorization will not be possible and you will not be able to proceed using the UI.
To by pass this problem, the principle is make your local machine be able to access the network created by lxd on your Google Cloud Host.
There are multiple ways to do that:
- Using Google Cloud VPN
- Good choice but might be overkilled, if you just have a laptop as your local machine.
- Setting up a VPN server on your Google Cloud Host
- Not Elegant, but simple and easy to achieve
- To set up an OpenVPN server and use your local machine to access it, check this post.
- Not Elegant, but simple and easy to achieve
Then you are good to login the UI.
I think this is a bug of OSM-THREE and hope they will fix it soon and then this post will finish its job and retired.