English (US) Français 日本語 한국어 Português
Login/Register
 
 
Back to top
 
Other links
 
  1. Persistent Support
  2. CloudPortal Business Manager 2.5
  3. Installation Guide
 
 

Installing and Configuring CloudPortal Business Manager

Download

Download the CloudPortal Business Manager software.

System Preparation

All the operations listed below should be run as root.

Unarchive Install Package

To unarchive the install package tarball, run (where x.y.z is the version you have downloaded):

# tar -xvf CloudPortal-x.y.z-centos.tar.gz

Then navigate into the newly created CloudPortal-x.y.z-centos folder:

# cd CloudPortal-x.y.z-centos

Installing MySQL 5.6

The MySQL database may be installed on the same node as CloudPortal Business Manager or a different node.
Note: You must have a MySQL database administrator tune the MySQL database for optimal performance. MySQL's default configuration will use a small amount of RAM and does limited amount of caching. CloudPortal uses the InnoDB storage engine.
  1. Run the ./install.sh script and choose option "D" to install the MySQL 5.6 database server.

    Accept the license agreement before selecting the "D" option.

     # ./install.sh  Welcome to the Accelerite CloudPortal Business Manager Installer. What would you like to do?  D) Install/Upgrade the database server  I) Install & Configure CloudPortal Business Manager  C) Integrate with Accelerite CloudPlatform  Q) Quit  > D
  2. When prompted, provide a user name and password. You can set these to any desired value that is valid for a MySQL database. This step creates a new user account that CloudPortal will use to access the database.
    Note: Database password is mandatory.
  3. Exit the installation setup: 
    Welcome to the Accelerite CloudPortal Business Manager Installer. What would you like to do? D) Install/Upgrade the database server I) Install & Configure CloudPortal Business Manager C) Integrate with Accelerite CloudPlatform Q) Quit > Q
  4. Stop mysql service:

    service mysqld stop

  5. Edit the file /etc/my.cnf and add the following line under the [mysqld] section:: 
     max_connections=400 
     Note: To set the binary logs configuration and save disk space, see FAQ.
  6. Ensure that MySQL DB encoding format is UTF-8 MB4 Character Set (4-Byte UTF-8 Unicode Encoding) and confirm the following under the [mysqld] section: 
     [mysqld]  character-set-client-handshake = FALSE  character-set-server=utf8mb4  collation-server=utf8mb4_unicode_ci
  7. Start the MySQL service. 
     # service mysqld start
    Note: Use the following command to check if the database encoding format is UTF-8 MB4: 
     mysql>show variables like  "%char%";     mysql>show variables like  "%coll%";

Language Settings for Linux

The default language setting for CloudPortal Business Manager is English.

To set the language
  1. Open the file /etc/sysconfig/i18n
  2. Set the value LANG="en_US.UTF-8"

Installing CloudPortal Business Manager

For each CloudPortal Business Manager node, run the install.sh script from the package. Select option I:

Accept the license agreement before selecting the "I" option.

# ./install.sh  Welcome to the Accelerite CloudPortal Business Manager Installer. What would you like to do?  D) Install/Upgrade the database server  I) Install & Configure CloudPortal Business Manager  C) Integrate with Accelerite CloudPlatform  Q) Quit  > I

Enter Y to confirm that you have upgraded your mysql server before continuing.

Enter Y if you want Central Authentication Service (CAS) installed along with CloudPortal Business Manager, and N if you want to install only CloudPortal.

Would you like to install CAS with CloudPortal (Y/N)?  > Y
Note: If you require CAS authentication, then you must select Y.
If yes, refer to Enabling CAS authentication to enable CAS after you finish the installation of CPBM.

Installation begins. CloudPortal Business Manager checks for the Java version in the system and installs Oracle JRE 1.7. Enter Y to accept the Oracle license agreement for Java SE to download and install JRE 1.7.

JAVA_HOME path is automatically updated.
Note: If you install Java manually, update JAVA_HOME path in the /etc/init.d/cloud-portal script.
It is recommended to run all servers on UTC. This server is currently running on IST. 
Do you wish to change this server to run on the UTC timezone (y/N)?
Select the required option.

CloudPortal Business Manager installation is complete.

The CloudPortal Business Manager Configuration Tool starts automatically once the installation is complete.

If you have skipped the configuration step, use the command below to start the Configuration Tool. 
  You've successfully installed CloudPortal Business Manager.   Now proceed to configure the CloudPortal Business Manager. Welcome to the Accelerite CloudPortal Business Manager Configuration Tool.     D) Install/Upgrade the database server  G) Configure CloudPortal Business Manager  C) Integrate with Accelerite CloudPlatform  Q) Quit    > G
  1. Provide CloudPortal database configuration details:
    • Host name or IP
    • Database user
      Note: Enter the user name that you have specified while installing MYSQL database.
    • Database password - <Your Password used for cloud_portal DB user>
      Note:
      • Database password is not visible. Enter the password that you have specified while installing MYSQL database.
      • If you have a separate database node, mysql-client package will be installed to check the version of the database server.
  2. Do you want to configure CloudPortal startup Encryption Key [y/N]:
    Configure the CloudPortal Start-up Encryption key. The length of the encryption key must be 16 characters. For security reasons, you need to provide the encryption key during CloudPortal start-up. This key will be used to encrypt password fields in cloud.properties file.
    Note: If you select the encryption key option, you must remember the encryption key because you will need to enter the key every time you start the CloudPortal Business Manager. The start-up CloudPortal option will be disabled as mentioned below: However, if you do not select the encryption key option, you will NOT be asked to enter the key when you start CloudPortal. The following startup cloud-portal options are enabled as mentioned below running mode. So, when you reboot the system, Cloud-Portal service will start by default in the following mentioned running modes ( 3,4,5).
  3. Configure the CloudPortal Database Encryption key. The length of the encryption key must be 16 characters.
  4. Provide mail sender (SMTP/SMTPS) configuration details:
    • Mail protocol - smtp
    • Mail host
    • Mail port
    • Mail user
    • Mail password
    Note: If SMTPS is enabled, ensure that the following lines are present in cloud.properties: 
    mail.smtp.auth=false  mail.smtps.auth=true  mail.debug=false   mail.smtp.starttls.enable=true  mail.smtp.starttls.required=true
  5. Do you want to configure LDAP [y/N]:
    By default, it is N. If you select the option "y", then provide the following information:
    • LDAP Host Name[localhost]
    • LDAP Base[dc=cloud,dc=com]
    • LDAP Userdn[cn=Manager,dc=cloud,dc=com]
    • LDAP Password
  6. Enter the tax percentage: 
    Tax Percentage[10.00]:
    This is the tax percentage applied while billing the customers/tenants for the use of cloud services.
  7. Provide all the active currencies (maximum six active currencies): 
    For example: USD, INR, GBP, EUR
  8. Select one default currency for your installation from the active currency code displayed.
  9. Enter the recaptcha configuration details (you can proceed with the default values, if required):
    • Recaptcha public key
    • Recaptcha private key

    You can generate your own recaptcha keys (public key and private key) from http://www.google.com/recaptcha using your Google account.

  10. Quit the installation: 
    Welcome to the Accelerite CloudPortal Business Manager Configuration Tool.     D) Install/Upgrade the database server  G) Configure CloudPortal Business Manager  C) Integrate with Accelerite CloudPlatform  Q) Quit  > Q

The initial setup of CloudPortal Business Manager is completed.

You can start CPBM using the command: 
service cloud-portal start
(If you have configured the CPBM startup encryption key, you will be prompted for the key.)
Note: Post-installation requisite: After CPBM installation, you have to configure the CloudPortal public server information, such as the public Host name or IP and public host port, from Administration > Configuration > Portal > Settings > protocol, host, and port. The CPBM UI is accessible using the URL: http://<your IP or hostname>:8080/portal/

Ensure that the hostname provided is a valid hostname and is resolvable either in /etc/hosts or in DNS.

Note: CPBM Log file: The CPBM log file is located at /var/log/cloud/portal/cpbm-server.log. You can use this file to debug any issues with the installation and also for further debugging.

Enabling Network Security for Administrator Login

CloudPortal Business Manager provides a security mechanism using which login to CloudPortal Business Manager for administrators can be restricted to only a fixed set (or range) of IP addresses.
  1. Log in as root to the host running CloudPortal Business Manager.
  2. Edit the file /usr/share/vts3/repository/prop/cloud.properties and set value to the property "network.ip.address.range" :

    For example: network.ip.address.range=10.147.18.1/24,10.103.1.1/24.

    You can specify comma separated list of CIDR. An empty value allows all ranges of IP addresses.

  3. Save the file.
  4. Restart CloudPortal Business Manager. 
    # service cloud-portal restart

Enabling CAS Authentication

CloudPortal supports the use of Central Authentication Service (CAS) for single sign-on, which enables access to multiple password-protected systems after logging in just once. To make this work, you need to update CAS with the location of the cloud_portal database and list the services with which CAS will be used.

  1. Log in as root to the host running CloudPortal Business Manager.
  2. Edit the file /usr/share/vts3/repository/prop/cloud.properties and set these parameters.
    • Un-comment the following property to enable CAS. By default, native authentication is enabled. 
      vmops.authentication.service=cas
    • Replace localhost:8080 in the following lines with the <public Host name or IP>:<public host port> as shown below: 
      • # URL to the CAS login page used for single sign on.  cas.login.url=http://<public Host name or IP>:<public host port>/cas  
      • # URL for CAS single sign out.  cas.logout.url=http://<public Host name or IP>:<public host port>/cas/logout  
      • # Callback URL used by CAS to redirect back to CloudPortal.  cas.service.url=http://<public Host name or IP>:<public host port>/portal/portal/j_spring_cas_security_check
    • cas.login.url: Full public URL (including http:// or https://, hostname, optional port, and path) of the login page displayed to the user for single signon. For example, http:// mypublichostname:8080/cas.
    • cas.logout.url: Full public URL of the page where a user can log out of single sign-on. For example, http://mypublichostname:8080/cas/logout.
    • cas.service.url: Full public callback URL used by CAS to redirect back to CloudPortal Business Manager. For example, http://mypublichostname:8080/portal/j_spring_cas_security_check.
    • cas.validator.url: Full private URL used in internal calls from CloudPortal Business Manager server to CAS server to validate the CAS ticket. This should be a URL that is not accessible from outside your installation. If using HTTPS, this site must have a valid certificate issued by a trusted certificate authority. For example, http://myprivatehostname:8080/cas.
  3. If any other application needs to be authenticated via CAS, then edit the /usr/share/vts3/repository/prop/deployerConfigContext.xml file. Refer to Adding a new service to CAS.
  4. Restart CloudPortal Business Manager. 
    # service cloud-portal restart

Integration with CloudPlatform

To integrate CloudPortal with CloudPlatform, run the ./install.sh script on each CloudPlatform server, and then select Integrate with Accelerite CloudPlatform from the menu. This will place files within CloudPlatform that are required for single sign-on integration with CloudPortal. Note that after the files are copied over for integration, you will no longer be able to access the CloudPlatform management server using http://<hostname>:8080/client. It is recommended that you access the CloudPlatform management UI by first logging into CloudPortal and then clicking the Launch Cloud Console button on the dashboard. Alternatively, you can access the CloudPlatform management UI directly by using http://<hostname>:8080/client/?direct=true.

# ./install.sh  Welcome to the Accelerite CloudPortal Business Manager Installer. What would you like to do?    D) Install/Upgrade the database server  I) Install & Configure CloudPortal Business Manager  C) Integrate with Accelerite CloudPlatform  Q) Quit  > C

Multinode Installation

For multinode installation:
Note: Installation of database server is not required for subsequent installation of CPBM because all the CPBM servers use the same database server.
  1. Install CPBM on the required servers
  2. After installation, make sure that configuration values provided under "Accelerite CloudPortal Business Manager Configuration Tool" are same across all the servers
  3. Log in to the OS console of each CPBM server and change the following lines in /usr/share/vts3/repository/prop/cloud.properties 
    vmops.jms.url=tcp://<Your IP or hostname>:9125  vmops.jms.client.url=failover:(tcp://<your IP or hostname>:9125,   tcp://< CPBM Server 1 IP or hostname>:9125,   tcp://< CPBM Server 2 IP or hostname>:9125)

    where <your IP or hostname> is the IP/hostname of the server from where you are entering the value and you must specify the IP/hostname of all the CPBM servers separated by comma.

    Make sure that port 9125 is open on all the CPBM servers.

Setting up a Proxy Server

In order to add a proxy server to front CloudPortal servers, the steps given below must be followed.

The proxy server can be added in a variety of ways. The steps given below illustrate one typical technique using Apache HTTP Server running on CentOS 6.x.

  • On the Apache server, install the module that provides SSL and TLS support. 
     # yum install httpd mod_ssl
  • Create the file /etc/httpd/conf.d/cloud.conf, and add proxying (and, if needed, load balancing) directives

    For a two-node installation where Apache and CloudPortal are run on separate nodes, use rules like the following. Replace CloudPortalNode with the private hostname or IP of your own machines.

    HTTP Proxy configuration: 
     ProxyPreserveHost on  ProxyPass /portal http://CloudPortalNode:8080/portal  ProxyPass /cas http://CloudPortalNode:8080/cas  ProxyPassReverse /cas http://CloudPortalNode:8080/cas  ProxyPass / http://CloudPortalNode:8080/portal
    AJP Proxy configuration: 
     ProxyPass /portal ajp://CloudPortalNode:20410/portal  ProxyPass /cas ajp://CloudPortalNode:20410/cas  ProxyPass / ajp://CloudPortalNode:20410/portal
    Note: CloudPortalNode will display 8009 as the default value. Edit the file /usr/share/vts3/config/tomcat-server.xml and change the value of the port from 8009 to 20410 at this line: 
     <Connector port="20410" protocol="AJP/1.3"  redirectPort="8443"  URIEncoding="UTF-8"/>
    For a three-node installation where Apache is on one node and CloudPortal is on two additional nodes, use directives like the following. Replace the CloudPortalNode placeholders below with the private hostnames or IPs of your own machines. 
     <Location /portal>   Header add Set-Cookie "rte=.%{BALANCER_WORKER_ROUTE}e; path=/portal; HttpOnly" env=BALANCER_ROUTE_CHANGED  Header edit Set-Cookie (.*) "$1; Secure" </Location>   <Proxy balancer://portalcluster>   BalancerMember ajp://CloudPortalNode1:20410 route=ps1  BalancerMember ajp://CloudPortalNode2:20410 route=ps2  </Proxy>   ProxyPass /portal balancer://portalcluster/portal stickysession=rte 
     If SSL is enabled on the proxy server, then add the below configuration to redirect all requests made over HTTP to HTTPS: 
     RewriteEngine On  RewriteCond %{HTTPS} off  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

    Recommended settings: These settings are to mitigate attacks pertaining to POODLE (Padding Oracle On Downgraded Legacy Encryption).

    You need to edit the Apache configuration located at /etc/httpd/conf.d/ssl.conf.
    1. Add the following line to your Apache configuration with other SSL directives.
      • For httpd version 2.2.23 and newer, specify all protocols except SSLv2 and SSLv3: 
         SSLProtocol ALL -SSLv2 -SSLv3
      • For httpd version 2.2.22 and older, only specify TLSv1. This is treated as a wildcard for all TLS versions: 
         SSLProtocol TLSv1
    2. Once done, restart your Apache HTTP Server: 
       sudo service httpd restart
    In order to check that the connection does not go through via SSLv3, run: 
     openssl s_client -connect <ip-address>:<port> -ssl3
  • Add the following lines to configure CAS 
     <Location /cas>    Header add Set-Cookie "rte=.%{BALANCER_WORKER_ROUTE}e; path=/cas; HttpOnly" env=BALANCER_ROUTE_CHANGED Header edit Set-Cookie (.*) "$1; Secure" </Location>   ProxyPass /cas ajp://CloudPortalNode:20410/cas

  • Add the following line to avoid CSRF related errors:

     ProxyPreserveHost on
  • If you modify the configuration later, such as to add more nodes, use this command to reload the configuration: 
     # apachectl graceful or # service httpd restart
    Note: If you front the Tomcat server with an Apache proxy, set the ProxyPreserveHost parameter to ON to avoid logon issues.

    Recommended settings: The KeepAlive parameter is set to ON in the /etc/httpd/conf/httpd.conf file.

  • [Optional] Add the lines given below to enable compression of the response: 
     SetOutputFilter DEFLATE  AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml text/json application/x-javascript

    It is recommended that you enable compression of response at reverse proxy server (web server). It improves the page load time.

Logging In

You should now be able to access CloudPortal from the Web browser. Go to http://<your IP or hostname>:8080/portal/. Use the following credentials to login:

User name: root

Password: Portal123#

Export invoice PDF

If there is a need to export the invoice pdf in Korean, Japanese, or Chinese languages, then install that particular language:

For Japanese fonts: 
# yum install "@Japanese Support"
For Korean fonts: 
# yum install "@Korean Support"
For Chinese fonts: 
# yum install "@Chinese Support"

Configuring LDAP

Refer to Integrating the Directory Server.

 
Created By : Pankaj Paliwal -

Comments