Integrating CloudPortal Business Manager with Apache CloudStack for Single Sign-on

 
 
 
 
As an Admin user, if you want to wish to block direct UI and API access to ACS and redirect it through CPBM API proxy, perform the following steps on CloudStack node(s), run install.sh. This will show the following menu:
# ./install.sh  Welcome to the Accelerite CloudPortal Business Manager Installer.  What would you like to do?  D) Install the database server  I) Install & Configure CloudPortal Business Manager  C) Integrate with Accelerite CloudPlatform  Q) Quit  > C  
 

Choose option C and press Enter and wait for the process to complete. This operation will place files within CloudStack that are needed for single sign-on integration with CloudPortal. Choose option Q to exit the installer.

 

Go to the scripts folder of CloudStack management (usually found in /usr/share/cloud/management/webapps/client/scripts or /usr/share/cloudstack-management/webapps/client/scripts).

 
Make the following changes:
  1. In cloud.core.callbacks.js:
    1. Replace first occurance of clientApiUrl=/client/api with clientApiUrl=/portal/client/apis/<APISUFFIX_OF_ACS>
    2. Replace first occurance of clientConsoleUrl=/client/console with clientConsoleUrl=/portal/client/apis/<APISUFFIX_OF_ACS>/console
    3. Replace var url = "/client/api?command=login&domainid=" + credentials.domainid + "&response=json&timestamp=" + credentials.timestamp + "&username=" + credentials.username + "&signature=" + credentials.signature; with var url = "/portal/client/apis/<APISUFFIX_OF_ACS>?command=login&domainid=" + credentials.domainid + "&response=json&timestamp=" + credentials.timestamp + "&username=" + credentials.username + "&signature=" + credentials.signature;
  2. In cloud.core.init.js:
    1. Replace url: "/client/api" to url: "/portal/client/apis/<APISUFFIX_OF_ACS>"
Note: After the above changes, you will no longer be able to access the CloudStack management server using http://<ACS_IP>:8080/client. It is recommended to access the CloudStack management UI by logging in to CloudPortal and clicking the "Launch Cloud Console" button on the dashboard. As an alternative, the CloudStack management UI can be accessed directly by using http://<ACS_IP>:8080/client/?direct=true.
 

Refer to the Proxy Server configuration in Installation Guide > Setting up CloudPortal > Installing and Configuring CloudPortal Business Manager > Setting up a Proxy Server, before proceeding further.

 
If the proxy server is configured, make the following changes in the cloud.conf file:
  1. For a two-node installation where Apache and CloudPortal are run on separate nodes, append the following rules:
    1. ProxyPass /client/api http://<CloudPortalNode>:8080/portal/client/apis/<APISUFFIX_OF_ACS>
    2. ProxyPass /client http://<ACS-IP>:8080/client
  2. For a three-node installation where Apache is on one node and CloudPortal is on two additional nodes, append the following rules:
    1. ProxyPass /client/api balancer://portalcluster/portal/client/apis/<APISUFFIX_OF_ACS> stickysession=rte
    2. ProxyPass /client http://<ACS-IP>:8080/client
 
After these rules are added do either of the following to bring the new rules in effect:
# apachectl graceful or # service httpd restart
 
Note: ACS-IP is the internal ip of ACS, APISUFFIX_OF_ACS is the api suffix which was given while adding the ACS service instance in CPBM. CloudPortalNode is the internal IP of CPBM. Also make sure the public protocol, host and port of the ACS service instance should be same as CPBM's public protocol, host and port.
 
他にご質問がございましたら、リクエストを送信してください

コメント

 
Adding comment, please wait....

Provide Feedback on Article:

Subject:
Comments:*
Powered by Zendesk