Table of Contents
In last post of this series, I explained cloudian installation workflow. In this post I will cover the steps of configuring cloudian so that it can be integrated and consumed by VMware Cloud Director.
If you have landed directly on this post by mistake, I would recommend reading previous articles from this series:
1: Introduction & Architecture of VCD OSE
3: Installing Cloudian Hyperstore
Connect to cloudian server by typing https://<Cloudian-Fqdn>:8443/Cloudian and use credentials admin/public
1: Create Default Storage Policy
A storage policy is a method of storing and protecting S3 object data and object metadata.
To create a new storage policy, navigate to Cluster > Storage Policies tab and click on + Create Storage Policy option.
Provide name & Description for the policy
Leave the “Group Visibility” unspecified so that this policy is visible to all groups and click on save button.
Your new storage policy is created. Click on Enable button to activate the policy.
2: Enable SSO and provide a unique shared key for the Cloudian Management Console.
Edit the mts-ui.properties file and enable SSO and change default shared key
|
1 2 3 4 5 |
# vim /opt/tomcat/webapps/Cloudian/WEB-INF/classes/mts-ui.properties sso.enabled=true sso.shared.key=mjh4ss0s3cr3tk3y sso.cookie.cipher.key=882456312785497345329871 |
3: Enable Hyperstore Identity and Access Manager
IAM settings is enabled via common.csv file which is located at /etc/cloudian-<version>-puppet/manifests/extdata/common.csv
Make sure your common.csv file looks like as shown below:
|
1 2 3 4 5 6 7 |
[root@cloudian01 ~]# cat /etc/cloudian-7.2.1-puppet/manifests/extdata/common.csv | grep iam iam_service_enabled,true iam_port,16080 iam_secure,false iam_secure_port,16443 iam_service_endpoint,iam.rp1.vmw |
4: Enable TLS/SSL for S3 Endpoint
For the S3 Service, HTTPS is disabled by default and there is no default keystore. To set up HTTPS for the S3 Service, Connect to cloudian appliance over ssh and invoke the /opt/cloudian-staging/<version>/cloudianInstall.sh script
From the installer’s Advanced Configuration Options menu select “Advanced Configuration Options” by typing 4 in choice.
Type ‘e’ to select “Configure SSL for S3”.
Under S3 SSL Configuration sub-menu, type ‘a’ to select “Generate keystore for S3” option.
You can either accept the default values that will go into keystore or type ‘no’ to customize it as per your infrastructure.
Press any key to continue post keystore creation task. Make a note of the keystore location for future reference.
Type ‘b’ to enable HTTPS for S3
Type ‘yes’ to enable HTTPS settings for S3.
5: Enable Shared Bucket List
Shared bucket setting is controlled via mts.properties.erb file located in directory: /etc/cloudian-<version>-puppet/modules/cloudians3/templates/
# Add below parameter in mts.properties.erb file
|
1 |
cloudian.s3.enablesharedbucket = true |
6: Apply Configuration Changes
Return to installer main menu and select “Cluster Management” option
Select “Push Configuration Settings to Cluster” option
Press enter to push configuration changes to all nodes (one node in my example)
And that’s it for this post. In next post of this series I will demonstrate how to install VCD OSE and configure cloudian integration with VCD.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂