Scyld Cloud Portal

The SCM portal is a web-based user interface that enables a user to create and manage virtual machines, called server-instances, along with optional management of storage volumes, Unix users and groups, and SSH keys. The SCM portal also enables robust reporting of server-instance utilization and, when enabled, storage and compute cluster core-hour utilization. This is a sample screen image:

../../_images/portal.png

All capabilities present within the SCM portal are built upon the SCM APIs, which are documented in the “SCM API Guide.”

Scyld Cloud Portal Settings

Configuration settings for the Scyld Cloud Portal can be found in the cloudportal.ini file. See the cloudportal.ini file for an exhaustive list of settings along with explanations; in most cases the default value is appropriate.

User Registration/Login

New users are created by registering on the portal. There are two workflows defined: LDAP integration and self-registration with email validation. The preferred workflow is indicated in the settings file (cloudportal.ini) via the userauth.driver setting. Other important registration settings are:

  • registration.type - Leave blank for unrestricted registration or specify whitelist to indicate whitelist-restricted registration
  • default_user_role - Leave blank or set to account_owner. See roles for more information.

LDAP Integration

When using LDAP as an authentication and authorization backend, users bypass registration and simply log in to the portal. If it is their first login, some setup occurs transparently to the user. Their cloudauth account is established and any default roles or SCM resources are configured.

Administrators may use LDAP attributes to limit SCM access by specifying a group DN in the ldap settings (ldap.auth_require_group). Only users belonging to this group may access the portal and SCM resources. If site-wide system (Unix) usernames are maintained in LDAP, the ldap.uname_attr setting should indicate the attribute name.

Important LDAP settings are listed below:

  • ldap.hosts - Space-separated list of ldap servers
  • ldap.timeout - Timeout, in seconds, before the next server in the list of ldap.hosts is tried.
  • ldap.cert_file - Path to TLS certificate.
  • ldap.cacert_file - Path to TLS certificate chain file.
  • ldap.cacert_dir - Path to directory of TLS certificates.
  • ldap.bind_uname - Username of LDAP bind user.
  • ldap.bind_pw - Password for bind user.
  • ldap.user_search_dn - Search string for use in resolving a user DN.
  • ldap.uid_attr - LDAP attribute name for the userid.
  • ldap.mail_attr - LDAP attribute for the user’s email address.
  • ldap.require_group - Groupname if group membership is required.
  • ldap.require_attr - LDAP attribute name that must be valued, if listed, for LDAP eligibility.
  • ldap.uname_attr - LDAP attribute indicating user’s system username.

Self Registration

In this workflow, users register for an account by filling out some basic user information after validating their email address.

Registration Whitelist

The registration.type setting, if set to whitelist will enable the administrator to restrict the ability to register to a specific list of users. This setting may be applied when either registration workflow is used. The “Manage Whitelist” link in the administrative menu will allow the administrator to manage this list.

CloudController Integration

Each SCM installation will have at least one cloudcontroller instance. Each cloudcontroller that the portal will communicate with needs to be listed in the cloudportal.ini file with its particular id.

  • cloudcon.<id>.driver - Leave this setting “scm”. Other values are strictly for testing.
  • cloudcon.<id>.name - The name displayed in the portal for this cloudcontroller.
  • cloudcon.<id>.description -The description of this cloudcontroller.
  • cloudcon.<id>.api_version - Cloudcontroller API version number.
  • cloudcon.<id>.api_endpoint - hostname:port for the cloudcontroller
  • cloudcon.<id>.api_ssl - Whether or not the cloudcontroller uses SSL.
  • cloudcon.<id>.report_queues - A space-separated list of scheduler queues to be visible in the portal, if supported (i.e. cluster integration exists)

Other SCM Options

Other options include the ability for SCM to support integrated storage and support for ssh key management when supporting public key access to VMs. Relevant settings are listed here:

  • scm.ssh_key_mgmt - Support for ssh key management
  • scm.storage_mgmt - Support for storage integration.
  • scm.cc_storage_driver - Type of storage support.