Advanced portal customization

Modified: 08 Sep 2022 04:28 UTC

The Triton user portal can be customized in order to provide any additional security, functionality, or load balancing required by an operator. This document reviews the most common customizations.

How to use a DNS name versus an IP address for the portal

For production deployments, a reverse proxy server such as nginx, haproxy, or apache is recommended as a "front door" to the portal insance. This instance can then be assigned a DNS name. This configuration allows for the easy addition of multiple portal instances if required for load balancing or for high availability.

Note that it is currently not possible to use SSL to connect directly to the portal (piranha) zone; future versions of the portal will include a stud proxy in order to handle SSL termination within the zone.

How to make SSO listen on a different port

To use a different port number for the SSO endpoint, there are two changes required.

  1. In the sdcsso zone, modify the port number to the desired one in /opt/smartdc/sdcsso/cfg/config.json and restart the single sign-on server via svcadm restart sdcsso once the change has been made.

    "port" : 443,
  2. In the portal (piranha) zone, modify the sso endpoint to the same value in in /opt/portal/site/config/config.pro.json and restart the portal service via svcadm restart portal oncet he change has been made.

        "sso": {
            "url": "https://10.88.88.161",         # <- in the case of port 443, simply remove 3443, else replace it with the new one
            "keyPath": "/opt/portal/site/config/sso_auth_key",

How to use a DNS name versus an IP address for SSO

If using DNS for the SSO endpoint you will need to update the sso endpoint in the portal (piranha) /opt/portal/site/config/config.pro.json to reference the new hostname, and then restart the portal service via svcadm restart portal.

"sso": {
        "url": "https://tritonsso.company.com:3443",
        "keyPath": "/opt/portal/site/config/sso_auth_key",

How to make portal listen on a different port number

To use a different port number in the portal endpoint, in the piranha zone, add the section "server" to /opt/portal/site/config/config.pro.json as shown below, followed by a restart of the portal service via sdcadm restart portal.

  "server": {
    "port": 80
  },

How to change the name of the sdcsso, portal (piranha), or storage zone

To customize the name of any of the three zones, modify the setGlobalConfig function section in the install portal script:

function setGlobalConfig
{
    echo "\nValidating setup and pre-requisites..."

    SSO_ZONENAME=sdcsso                 # customizable
    SSO_IMAGENAME=sdcsso
    STORAGE_ZONENAME=storage                 # customizable
    STORAGE_IMAGENAME=storage
    PORTAL_ZONENAME=piranha                 # customizable
    PORTAL_IMAGENAME=piranha

Note that Image names should not be customized. They need to stay as sdcsso, storage, and piranha to in order to work with the deployment scripts.

Note that once the zone names have been customized, you will have to reapply the change to any new versions of the install script. Otherwise, new zones will be provisioned with the default zone names, instead of existing zones being re-provisioned for the upgrades.

Configuring portal for multiple data centers

Unlike the operators portal, which is a designed to function at the data center level, the user portal is designed to operate across multiple data centers. This allows the end-user of Triton to be presented with a unified view of all available resources, and allows orchestration to be performed across multiple data centers from one interface.

This procedure assumes you have already completed the overall portal installation procedure at Installing the end-user portal. Note that this is currently a manaul procedure; subsequent updates to the portal software will automate much of this process.

Ensure data centers are linked

Portal can only be configured for multiple data centers if the data centers have been UFDS linked. Because of it's use of UFDS accounts, it is not possible to use portal across multiple data centers unless this has been done. For more information on UFDS linking of data centers, please see the guide entitled Linking Data Centers.

Configure CloudAPI for multiple data centers

The first step is to configure CloudAPI for multiple data centers. This requires that you update the SAPI metadata that lists the available data centers and provides their CloudAPI endpoints.

For example, given the following datacenters:

You would run the following command

headnode# echo '{ "metadata": { "CLOUDAPI_DATACENTERS": "{\"mxpc\":\"https://cloudapi.mxpc.joyent.us\", \"mxpa\":\"https://151.1.224.8\"}" }}' \
 | sapiadm update $(sdc-sapi /services?name=cloudapi | json -H 0.uuid)

Then check from the head node

headnode# sdc-sapi /services?name=cloudapi | json -Hag metadata.CLOUDAPI_DATACENTERS
{
  "mxpc": "https://cloudapi.mxpc.joyent.us",
  "mxpa": "https://151.1.224.8"
}

Configure Portal for Docker

The end-user portal is managed via a zone named piranha, and in order to adjust the portal configuration you will need to log directly into that zone. To do so, you can follow the steps below

headnode# zlogin $(sdc-vmname piranha)
(pirahna)# cd /opt/portal/site/config/

The config.pro.json file contains the configuration options and parameters for portal. In order to add new data centers, you will need to update this file to include additional sdcDocker and networkingDatacenters entries. Each linked data center will require one entry.

Important Notes:

A full example is shown below - this is a stanza from the config.pro.json file.

"sdcDocker": [

{
    "id": "00000000-0000-0000-0000-000000000000",
    "ip": "151.1.224.145",
    "name": "mxpc Docker Host",
    "datacenter": "mxpc",
    "fullDataCenter": false,
    "packagePrefix": "sample-"
},
{
    "id": "00000000-0000-0000-0000-000000000001",
    "ip": "151.1.224.11",
    "name": "mxpa Docker Host",
    "datacenter": "mxpa",
    "fullDataCenter": false,
    "packagePrefix": "sample-"
}],
"networkingDatacenters": [
    "mxpc",
    "mxpa"
],

Once these changes have been made you must restart the portal service before the changes are reflected in portal. To do this, you can run svcadm restart portal in the piranha zone. From this point you can log back into portal and test - you should now see all the data centers you have added represented.