2.2 CloudStack User Interface Customization

Similar documents
603: Enhancing mobile device experience with NetScaler MobileStream Hands-on Lab Exercise Guide

Aras Innovator Authentication Setup

DocuSign for SharePoint Online v2.4

Policy Guide Access Manager 3.1 SP5 January 2013

Administering Jive for Outlook

Gateway Apps - Security Summary SECURITY SUMMARY

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

CA Spectrum and CA Service Desk

Siteminder Integration Guide

Adobe Marketing Cloud Bloodhound for Mac 3.0

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

Load testing with. WAPT Cloud. Quick Start Guide

Use Enterprise SSO as the Credential Server for Protected Sites

Manual. CollabNet Subversion Connector to HP Quality Center. Version 1.2

Working with RD Web Access in Windows Server 2012

Active Directory Requirements and Setup

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

Criteria for web application security check. Version

User Management Tool 1.6

An Insight into Cookie Security

CA APM Cloud Monitor. Scripting Guide. Release 8.2

Intel Retail Client Manager

Web Same-Origin-Policy Exploration Lab

CA Nimsoft Service Desk

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

DocuSign for SharePoint

CA Technologies SiteMinder

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Integrating idrac7 With Microsoft Active Directory

CA Single Sign-On Migration Guide

Portals and Hosted Files

Quick Start Guide. Installation and Setup

Contents Jive for Outlook

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

CloudStack Release Notes

AD Phonebook 2.2. Installation and configuration. Dovestones Software

Manage Workflows. Workflows and Workflow Actions

Telephony Toolbar Corporate. User Guide

Installing and Sending with DocuSign for NetSuite v2.2

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

Configuring Single Sign-on for WebVPN

Setup Guide Access Manager 3.2 SP3

Secure Coding SSL, SOAP and REST. Astha Singhal Product Security Engineer salesforce.com

RoomWizard Synchronization Software Manual Installation Instructions

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, Integration Guide IBM

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Contents Release Notes System Requirements Administering Jive for Office

Working With Virtual Hosts on Pramati Server

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

JTouch Mobile Extension for Joomla! User Guide

SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

Google Apps Deployment Guide

ShareFile On-Demand Sync can be installed via EXE or MSI. Both installation types can be downloaded from

Cloud.com CloudStack Release Notes

GpsGate Server. Installation and Administration Guide. Version: 2.2 Rev: 2

Installing and Configuring vcloud Connector

EMC Documentum Connector for Microsoft SharePoint

Deploying RSA ClearTrust with the FirePass controller

ConvincingMail.com Marketing Solution Manual. Contents

Secure Messaging Server Console... 2

Security Assertion Markup Language (SAML) Site Manager Setup

Using SAML for Single Sign-On in the SOA Software Platform

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

Instant Chime for IBM Sametime Installation Guide for Apache Tomcat and Microsoft SQL

Configuring IBM Cognos Controller 8 to use Single Sign- On

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Eucalyptus User Console Guide

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

BlackShield ID Agent for Remote Web Workplace

CA Performance Center

Application Interface Services Server for Mobile Enterprise Applications Configuration Guide Tools Release 9.2

Installing Microsoft Exchange Integration for LifeSize Control

ProgressBook CentralAdmin User Guide

Adeptia Suite LDAP Integration Guide

Virtual Contact Center

CA NetQoS Performance Center

Agent Configuration Guide

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Content Filtering Client Policy & Reporting Administrator s Guide

ShopWindow Integration and Setup Guide

OrgPublisher EChart Security

User Management Tool 1.5

CA Performance Center

About This Document 3. Integration Overview 4. Prerequisites and Requirements 6

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

Copyright

Perceptive Experience Single Sign-On Solutions

Web Work Module User s Guide

Web Page Redirect. Application Note

Sophos Mobile Control Startup guide. Product version: 3.5

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Feith Dashboard iq Server Version 8.1 Install Guide

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Creating a generic user-password application profile

Transcription:

2.2 CloudStack User Interface Customization Revised March 6, 2012 1

Specifications are subject to change without notice. Citrix Systems, Inc., the Citrix logo, Citrix XenServer, Citrix XenCenter, and CloudStack are trademarks or registered trademarks of Citrix Systems, Inc. All other brands or products are trademarks or registered trademarks of their respective holders. 2

Contents 1 Introduction... 4 1.1 License... 4 1.2 Support... 4 2 Customization... 5 2.1 Getting Started... 5 2.2 Simple Branding... 6 2.3 Advanced Customizations... 6 2.3.1 Changing the API URL... 6 2.3.2 Localization... 8 2.3.3 Changing Session Timeout... 8 2.4 Single Sign-on Integration... 8 2.4.1 Traditional... 9 2.4.2 Shared Key... 9 2.5 Cross Site Request Forgery (CSRF)... 9 3 Contacting Support... 11 3

1 Introduction The CloudStack User Interface (UI) is a rich AJAX client interface that allows you to manage all aspect of the cloud and is a complete reference implementation of the CloudStack API (for more information on the CloudStack API, see below). The CloudStack UI supports three access roles. Root Admin. Access to all features of the cloud, including both virtual and physical resource management. You can access the 2.2. API via the link : http://download.cloud.com/releases/2.2/api/html/toc_global_admin.html Domain-Admin. Access to only the virtual resources of the clouds that belong to the administrator s domain. You can access the 2.2 API via the link : http://download.cloud.com/releases/2.2/api/html/toc_domain_admin.html User. Access to only the features that allow management of the user s virtual instances, storage, and network. You can access the 2.2 API via the link : http://download.cloud.com/releases/2.2/api/html/toc_user.html The following document describes the various methods of user interface customization from simple branding to a complete redesign. 1.1 License The entire user interface is released under the GNU General Public License v3 or later. It is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses. 1.2 Support Per our license, you are welcome to modify, add, or reuse any part of the CloudStack UI to suit your needs. However, once modified, Cloud.com can no longer support any defects resulting from the customization nor can Cloud.com support any upgrade process to future releases of the CloudStack Management Server. 4

2 Customization The CloudStack UI is built entirely on HTML/JSP, CSS, Javascript, and uses jquery 1.4 as the Javascript Library for all AJAX calls, event handling, and animations. You can find the latest jquery reference API at http://api.jquery.com/. Cloud.com recommends that any changes be made by someone with development experience in the listed above technologies. Cloud.com also recommends using a web development tool such as Firebug for Firefox to help inspect the various elements of the UI for easier modification. 2.1 Getting Started To get started, log into your CloudStack Management Server and go to the following directory to find all the files and resources that make up the user interface. /usr/share/cloud/management/webapps/client/ The following table will describe all the major file or files located in the directory used to build the user interface. File Description index.jsp The main HTML/JSP page. This is where all CSS and Javascripts are specified. favicon.ico Default Cloud.com favicon. Replace this to suit your needs. /images/*.* Folder that contains all the images used by the CloudStack UI. /css/main.css Main CSS file that contains most of the CSS definitions used by the CloudStack UI. /css/ jquery-ui.custom.css CSS file used by the jquery UI library. All default user interface dialog CSS definition are located in this file. /custom/*.* Directory that includes all the out-of-box custom HTML, CSS, and Javascript for the default UI. /jsp/*.jsp JSP pages that correspond to each major element presented in the user interface. /script/jquery*.js Javascript libraries used by the CloudStack UI. You should not have to modify any of these files. /script/cloud.core.callback.js Javascript file that you can modify if you wish to integrate the CloudStack UI as a single sign-on solution with your existing website/portal. /script/cloud.core.js Javascript file that contains the common functions used by the CloudStack UI. /script/cloud.core.init.js Javascript file that contains the default initialization logic for the CloudStack UI. This is also the location where you need to specify the default API URL for AJAX calls if you decide to change the 5

default URL. /script/cloud.core.*.js Javascript files that correspond to each major element presented in the CloudStack UI. 2.2 Simple Branding Simple branding is defined as the replacement of the header logo and all major color schemes in the CloudStack UI to match your company s logo and colors. This includes modification of the color of the header, tabs, grid header, and all dialogs. To make these changes, use the reference CSS files found in /custom/custom*/css. You can also replace the favicon.ico and /images/cloud_logo.gif to replace the default Cloud.com images. The diagram below identifies some of the major CSS definitions which are typically modified in simple branding. 2.3 Advanced Customizations The following describes various customizations that can be applied to the user interface. 2.3.1 Changing the API URL The default host URL on a new installation of the CloudStack Management Service is http://<server>:<port>/client. Please refer to http://tomcat.apache.org/tomcat-5.5-doc/index.html for documentation on how to change default host URL. An API URL may need to be changed for the following reasons. 6

The default configuration of the Tomcat engine has been changed to your desired URL. You have a load balancer or proxy server that is fronting a public host URL that is different from what is currently configured as the default API URL. If at any point the public API URL is different than what is configured by default, you will need to reconfigure your setup by changing the API path and modifying the cloud.core.init.js file. Use the following sections to make these changes. 2.3.1.1 To Edit the API Path By default, the API URL as configured in the user interface is client/api which is relative to the default host DNS/IP. If you would like to change API path, use the following steps. 1. Edit the following file. /usr/share/cloud/management/webapps/client/web-inf/web.xml 2. Within the file, find the following XML tag: <servlet-mapping> <servlet-name>apiservlet</servlet-name> <url-pattern>/api/*</url-pattern> </servlet-mapping> 3. Change the <url-pattern> tag to the desired API URL. Once you have changed the API path, proceed to the next section for steps to modify the cloud.core.init.js file. 2.3.1.2 To Modify the cloud.core.init.js File If the default API URL has changed from client/api, use the following steps to modify the cloud.core.init.js file. 1. Edit the following file. /usr/share/cloud/management/webapps/client/scripts/cloud.core.init.js 2. Find the following jquery definition in the file: $.ajaxsetup({ url: "/client/api", datatype: "json", cache: false, error: function(xmlhttpresponse) { handleerror(xmlhttpresponse); }, beforesend: function(xmlhttprequest) { if (g_mysession == $.cookie("jsessionid")) { return true; } else { $("#dialog_session_expired").dialog("open"); return false; } } }); 3. Modify the URL option (this option is highlighted in red in the above example) to your desired URL. 7

Once this has been modified, all subsequent AJAX calls will be made to the new URL. You may need to refresh the browser to update any cached Javascript files for the new settings to take place. 2.3.2 Localization The process of localizing the CloudStack User Interface requires a two step process: 1. Adding a new properties file for the language you wish to localize your UI to. The file must be copied over to the following directory in your management server: /usr/share/cloud/management/webapps/client/web-inf/classes/resources. The default installation of CloudStack contains sample property files for simplified Chinese, Japanese, and Spanish. Simply make a copy of messages.properties and rename the new file using the naming convention of messages_<lang_code>_<country_code>.properties. Edit the file and translate the English text to your language of choice. The valid language codes can be found at http://www.ics.uci.edu/pub/ietf/http/related/iso639.txt. The valid country codes can be found at http://www.chemie.fu-berlin.de/diverse/doc/iso_3166.html. 2. The second thing that is required is to make sure that you set the cookie, lang to be your language + country code. You can either modify the current UI to accommodate the new language or just ensure that you set the cookie yourself. To modify the UI, you would need to edit index.jsp, find the language drop down menu by searching for lang_menu, and finally adding a new <li> item to match your new language. Example: For example, if you wish to add a French localization, you would make a copy of messages.properties and rename it to messages_fr.properties. Edit the new file and translate the English text. You would then edit index.jsp, and add <li id="fr"><fmt:message key="label.lang.french"/></li> to the dropdown menu. 2.3.3 Changing Session Timeout The default session timeout for the User Interface is 30 minutes as configured within Tomcat. If you wish to increase this timeout period, use the following steps. 1. Edit the following file. /usr/share/cloud/management/webapps/client/web-inf/web.xml 2. Within the file, add the following XML tag or modify if it s already there to the desired timeout period in minutes: <session-config> <session-timeout>60</session-timeout> </ session-config> 3. Reboot the Tomcat container: # service cloud-management restart 2.4 Single Sign-on Integration The user interface is created entirely using the session-based CloudStack API. Once a user account has successfully logged in, a JSESSIONID cookie is sent back as part of the authorization process that can be used until the session has expired on the server. As a result, there are multiple ways that single sign-on can be integrated. Two of these methods are discussed in detail in the following sections. Please feel free to email support@cloud.com if you wish to discuss single sign-on integration that is unique to your environment if the below scenarios do not apply to you. 8

The two methods of integrating your portal to CloudStack depend on the modification of the cloud.core.callbacks.js. This file includes a method, onlogoutcallback(), that can be implemented to redirect the user to your portal if the session times out. The other half of this file include a sample AJAX login API call to the CloudStack management server. You must make the login API from the CloudStack domain or the browser will reject any cross-browser script calls for security reasons. If your CloudStack Management Server and Portal exist within the same domain, you do not have to worry about this. Simply make the login API call from anywhere. 2.4.1 Traditional The traditional way of integrating an existing portal with CloudStack is to execute the API command login on behalf of the user. Using this method, you would need to construct the login command and pass in the required parameters such as the username, account, domain, and password. Upon a successful response, you would only need to ensure that the global variable g_loginresponse is set to the JSON response of the login API call. A typical client side single sign-on implementation would look like the following: Portal has a link (or iframe) to the CloudStack interface. That link should contain enough information to contruct a proper login API call. A modified cloud.core.callbacks.js intercepts the referred link, constructs the login call, and executes it against /client/api URL. Upon a successful response, the JESSIONID cookie will be automatically set by the browser, and the global variable g_loginresponse should be set to the JSON response. 2.4.2 Shared Key The shared key method is very similar to the traditional way except for the additional security by hashing the URL with a shared secret key when making the same login API command. The actual process of signing is very similar to the process described at http://download.cloud.com/releases/2.2/api/html/global_admin/2.2api_security_details.html under the API/Secret key security section with the following exceptions: You do not need to pass in the API Key The four parameters that must be passed in for the login command are domainid, username, timestamp, and signature. A sample login request: Error! Hyperlink reference not valid.> To get the single sign-on secret key, you must retrieve it from the CloudStack database under the configuration table for the key security.singlesignon.key. Copy this key to the application you wish to integrate CloudStack with and follow the above instructions to sign the login command. The timestamp parameter is simply the current system time in milliseconds. There is also a fault tolerance configurable value in the configuration table, security.singlesignon.tolerance.millis that can be changed to suit your preference. The timestamp passed in as part of the login request needs to be within the CloudStack Management Server time plus the fault tolerance time. 2.5 Cross Site Request Forgery (CSRF) The CloudStack Management User Interface protects itself from CSRF attacks. Additional information about this can be found at http://www.owasp.org/index.php/cross-site_request_forgery_(csrf). To protect the User Interface from CSRF attacks, a sessionkey response value is returned upon a successful login attempt. This sessionkey is then passed with all subsequent API command calls. This is different from the JESSSIONID and should never be stored in a cookie. If you plan on implementing your own User Interface on top of the CloudStack Query API, you must ensure the following when using the sessionkey: 9

Should *not* be stored as a cookie Must be returned with every request, for example Error! Hyperlink reference not valid. If you send any subsequent requests without a valid sessionkey, a 401 Unauthorized HTTP error code will be returned. 10

3 Contacting Support Open-source community A variety of channels are available for getting help with CloudStack, from forums to IRC chat and more. For details, see http://cloudstack.org/discuss/. Commercial customers The CloudStack support team is available to help commercial customers plan and execute their installations. To contact the support team, log in to the support portal at https://na6.salesforce.com/sserv/login.jsp?orgid=00d80000000lwom using the account credentials you received when you purchased your support contract. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information