Advanced portal customization
The Triton user portal can be customized in order to provide any additional security, functionality, or load balancing required by an operator. This document reviews the most common customizations.
How to use a DNS name versus an IP address for the portal
For production deployments, a reverse proxy server such as nginx, haproxy, or apache is recommended as a "front door" to the portal insance. This instance can then be assigned a DNS name. This configuration allows for the easy addition of multiple portal instances if required for load balancing or for high availability.
Note that it is currently not possible to use SSL to connect directly to the portal (piranha) zone; future versions of the portal will include a stud proxy in order to handle SSL termination within the zone.
How to make SSO listen on a different port
To use a different port number for the SSO endpoint, there are two changes required.
-
In the sdcsso zone, modify the port number to the desired one in
/opt/smartdc/sdcsso/cfg/config.json
and restart the single sign-on server viasvcadm restart sdcsso
once the change has been made."port" : 443,
-
In the portal (piranha) zone, modify the sso endpoint to the same value in in
/opt/portal/site/config/config.pro.json
and restart the portal service viasvcadm restart portal
oncet he change has been made."sso": { "url": "https://10.88.88.161", # <- in the case of port 443, simply remove 3443, else replace it with the new one "keyPath": "/opt/portal/site/config/sso_auth_key",
How to use a DNS name versus an IP address for SSO
If using DNS for the SSO endpoint you will need to update the sso endpoint in the portal (piranha) /opt/portal/site/config/config.pro.json
to reference the new hostname, and then restart the portal service via svcadm restart portal
.
"sso": {
"url": "https://tritonsso.company.com:3443",
"keyPath": "/opt/portal/site/config/sso_auth_key",
How to make portal listen on a different port number
To use a different port number in the portal endpoint, in the piranha zone, add the section "server" to /opt/portal/site/config/config.pro.json
as shown below, followed by a restart of the portal service via sdcadm restart portal
.
"server": {
"port": 80
},
How to change the name of the sdcsso, portal (piranha), or storage zone
To customize the name of any of the three zones, modify the setGlobalConfig function section in the install portal script:
function setGlobalConfig
{
echo "\nValidating setup and pre-requisites..."
SSO_ZONENAME=sdcsso # customizable
SSO_IMAGENAME=sdcsso
STORAGE_ZONENAME=storage # customizable
STORAGE_IMAGENAME=storage
PORTAL_ZONENAME=piranha # customizable
PORTAL_IMAGENAME=piranha
Note that Image names should not be customized. They need to stay as sdcsso, storage, and piranha to in order to work with the deployment scripts.
Note that once the zone names have been customized, you will have to reapply the change to any new versions of the install script. Otherwise, new zones will be provisioned with the default zone names, instead of existing zones being re-provisioned for the upgrades.
Configuring portal for multiple data centers
Unlike the operators portal, which is a designed to function at the data center level, the user portal is designed to operate across multiple data centers. This allows the end-user of Triton to be presented with a unified view of all available resources, and allows orchestration to be performed across multiple data centers from one interface.
This procedure assumes you have already completed the overall portal installation procedure at Installing the end-user portal. Note that this is currently a manaul procedure; subsequent updates to the portal software will automate much of this process.
Ensure data centers are linked
Portal can only be configured for multiple data centers if the data centers have been UFDS linked. Because of it's use of UFDS accounts, it is not possible to use portal across multiple data centers unless this has been done. For more information on UFDS linking of data centers, please see the guide entitled Linking Data Centers.
Configure CloudAPI for multiple data centers
The first step is to configure CloudAPI for multiple data centers. This requires that you update the SAPI metadata that lists the available data centers and provides their CloudAPI endpoints.
For example, given the following datacenters:
- Datacenter mxpc with a CloudAPI endpoint of https://cloudapi.mxpc.example.com
- Datacenter mxpa with a CloudAPI endpoint of https://cloudapi.mxpc.example.com
You would run the following command
headnode# echo '{ "metadata": { "CLOUDAPI_DATACENTERS": "{\"mxpc\":\"https://cloudapi.mxpc.example.com\", \"mxpa\":\"https://151.1.224.8\"}" }}' \
| sapiadm update $(sdc-sapi /services?name=cloudapi | json -H 0.uuid)
Then check from the head node
headnode# sdc-sapi /services?name=cloudapi | json -Hag metadata.CLOUDAPI_DATACENTERS
{
"mxpc": "https://cloudapi.mxpc.example.com",
"mxpa": "https://151.1.224.8"
}
Configure Portal for Docker
The end-user portal is managed via a zone named piranha, and in order to adjust the portal configuration you will need to log directly into that zone. To do so, you can follow the steps below
headnode# zlogin $(sdc-vmname piranha)
(pirahna)# cd /opt/portal/site/config/
The config.pro.json
file contains the configuration options and parameters for portal. In order to add new data centers, you will need to update this file to include additional sdcDocker
and networkingDatacenters
entries. Each linked data center will require one entry.
Important Notes:
-
You will need the Docker API IP address from each data center that has Docker installed; this address must be reachable from the piranha zone (ie, you must use the external address, not the admin address).
-
The special field
ID
must increment by 1 for each data center; this is used internally by the portal software to manage data centers. - For every data center that has Fabrics enabled you must add an entry to
networkingDatacenters
.
A full example is shown below - this is a stanza from the config.pro.json
file.
"sdcDocker": [
{
"id": "00000000-0000-0000-0000-000000000000",
"ip": "151.1.224.145",
"name": "mxpc Docker Host",
"datacenter": "mxpc",
"fullDataCenter": false,
"packagePrefix": "sample-"
},
{
"id": "00000000-0000-0000-0000-000000000001",
"ip": "151.1.224.11",
"name": "mxpa Docker Host",
"datacenter": "mxpa",
"fullDataCenter": false,
"packagePrefix": "sample-"
}],
"networkingDatacenters": [
"mxpc",
"mxpa"
],
Once these changes have been made you must restart the portal service before the changes are reflected in portal. To do this, you can run svcadm restart portal
in the piranha zone. From this point you can log back into portal and test - you should now see all the data centers you have added represented.