Scyld Cloud Portal¶
The SCM portal is a web-based user interface that enables a user to create and manage virtual machines, called server-instances, along with optional management of storage volumes, Unix users and groups, and SSH keys. The SCM portal also enables robust reporting of server-instance utilization and, when enabled, storage and compute cluster core-hour utilization. This is a sample screen image:
All capabilities present within the SCM portal are built upon the SCM APIs, which are documented in the “SCM API Guide.”
Scyld Cloud Portal Settings¶
Configuration settings for the Scyld Cloud Portal can be found
cloudportal.ini file for an exhaustive list of settings
along with explanations;
in most cases the default value is appropriate.
New users are created by registering on the portal.
There are two workflows defined:
LDAP integration and self-registration with email validation.
The preferred workflow is indicated in the settings file
cloudportal.ini) via the
Other important registration settings are:
registration.type- Leave blank for unrestricted registration or specify
whitelistto indicate whitelist-restricted registration
default_user_role- Leave blank or set to
account_owner. See roles for more information.
When using LDAP as an authentication and authorization backend, users bypass registration and simply log in to the portal. If it is their first login, some setup occurs transparently to the user. Their cloudauth account is established and any default roles or SCM resources are configured.
Administrators may use LDAP attributes to limit SCM access by specifying a group DN in the ldap settings (ldap.auth_require_group). Only users belonging to this group may access the portal and SCM resources. If site-wide system (Unix) usernames are maintained in LDAP, the ldap.uname_attr setting should indicate the attribute name.
Important LDAP settings are listed below:
ldap.hosts- Space-separated list of ldap servers
ldap.timeout- Timeout, in seconds, before the next server in the list of ldap.hosts is tried.
ldap.cert_file- Path to TLS certificate.
ldap.cacert_file- Path to TLS certificate chain file.
ldap.cacert_dir- Path to directory of TLS certificates.
ldap.bind_uname- Username of LDAP bind user.
ldap.bind_pw- Password for bind user.
ldap.user_search_dn- Search string for use in resolving a user DN.
ldap.uid_attr- LDAP attribute name for the userid.
ldap.mail_attr- LDAP attribute for the user’s email address.
ldap.require_group- Groupname if group membership is required.
ldap.require_attr- LDAP attribute name that must be valued, if listed, for LDAP eligibility.
ldap.uname_attr- LDAP attribute indicating user’s system username.
In this workflow, users register for an account by filling out some basic user information after validating their email address.
The registration.type setting, if set to whitelist will enable the administrator to restrict the ability to register to a specific list of users. This setting may be applied when either registration workflow is used. The “Manage Whitelist” link in the administrative menu will allow the administrator to manage this list.
Each SCM installation will have at least one cloudcontroller instance. Each cloudcontroller that the portal will communicate with needs to be listed in the cloudportal.ini file with its particular id.
cloudcon.<id>.driver- Leave this setting “scm”. Other values are strictly for testing.
cloudcon.<id>.name- The name displayed in the portal for this cloudcontroller.
cloudcon.<id>.description-The description of this cloudcontroller.
cloudcon.<id>.api_version- Cloudcontroller API version number.
cloudcon.<id>.api_endpoint- hostname:port for the cloudcontroller
cloudcon.<id>.api_ssl- Whether or not the cloudcontroller uses SSL.
cloudcon.<id>.report_queues- A space-separated list of scheduler queues to be visible in the portal, if supported (i.e. cluster integration exists)
Other SCM Options¶
Other options include the ability for SCM to support integrated storage and support for ssh key management when supporting public key access to VMs. Relevant settings are listed here:
scm.ssh_key_mgmt- Support for ssh key management
scm.storage_mgmt- Support for storage integration.
scm.cc_storage_driver- Type of storage support.
Portal Branding and Customization¶
Customizing the look and feel of the SCM portal is possible using the settings
cloudportal.ini file. Details about usage and format can be found in the ini file.
site.title- appears in the top navigation bar and default page title
site.logo- logo file in the main page template
site.sidebar_lower- content (html format) that appears in lower sidebar typically used to display links to external resources, documentation, etc.
site.login_help_message- message appears on login page
Further customization is possible by editing the site templates directly. The site templates use a python library called mako. Care must be taken to avoid syntax errors which may result in broken pages or server errors.