| Console Guide / Configure the Eucalyptus Management Console | |
The Eucalyptus Console configuration settings are stored in the console.ini file.
You should always start (or restart) the console when you make changes to the console configuration.
Start the console using the following command:
systemctl start eucaconsole.service
Restart the console using the following command:
systemctl restart eucaconsole.service
The configurable options in the [app:main] section of the console.ini file are:
| Property | Description | Required | Default Value |
|---|---|---|---|
| ufshost | Formerly clchost. The IP address or DNS name of the machine
running User-Facing Services (UFS), which can be different from the machine running
the CLC. For S3 downloads to work, ufshost may not be set to
localhost, but specified with the IP or DNS name instead. When the
console is used with a federated cloud, the ufshost must be set to
the DNS name of the UFS. For more information, see Set the Cloud Front End IP Address. |
yes | localhost |
| ufsport | Formerly clcport.The port of your cloud front end. | yes | 8773 |
| default.region | If the Eucalyptus cloud is configured for federation, set the default region. | no | -- |
| oidc.hostname | See OpenID Connect (OIDC) properties table below. | ||
| oidc.client.ini | See OpenID Connect (OIDC) properties table below. | ||
| oidc.scope | See OpenID Connect (OIDC) properties table below. | ||
| oidc.console.hostname | See OpenID Connect (OIDC) properties table below. | ||
| oidc.login.button.label | See OpenID Connect (OIDC) properties table below. | ||
| help.url | A URL that directs users who select 'help' on the account menu to a help page.
You can customize for your installation if you do not want to use the Eucalyptus help
system. For more information, see Set the Help Page URL. |
yes | https://support.eucalyptus.com/hc/en-us |
| support.url | A URL given to users who have trouble logging in. It may be used to direct them
to a cloud admin page or an e-mail address. For example:
support.url=http://your-cloud-admin-portal/
support.url=mailto: support@yourdomain.com For more information, see Set the Administrator Support URL. |
yes | -- |
| log.useractions | To log user interaction in the std console log, set this to true. | yes | false |
| aws.enabled | When set to true, the AWS tab displays on the login
screen. For more information, see Enable AWS Login. |
yes | true |
| aws.default.region | The name of the region to show by default when the user
logs into AWS. Use any value from the Region column recognized by AWS: http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
Note: If you log into a multi-region cloud, the system automatically sets a default region based on which ufshost the console is configured to connect to. The console administrator can specify a different value for a user's default region in order to override the natural default, if needed. |
yes | us-east-1 |
| aws.govcloud.enabled | Set to true to enable the AWS us-gov-west-1 region. | yes | false |
| static.cache.duration | Sets the cache control value for static assets in seconds; defaults to 12 hours. | no | 43200 |
| browser.password.save | Set to true to enable browser password saving. | yes | false |
| file.uploads.enabled | Defaults to true to enable file uploads for S3/Object Storage. | yes | true |
| connection.ssl.validation | Set to true to enable validation of the SSL certificate supplied by the ufshost (or other endpoint) to secure the connection to the service endpoint. Requires a properly-signed cert file. | yes | false |
| connection.ssl.certfile | If certificate validation is enabled, you can specify a different certificate file than the boto-supplied default. | no | cacerts.txt |
| cloudformation.samples.bucket | Set this to a public bucket that contains JSON templates. | no | sample-templates |
| cloudformation.url.whitelist | List wildcard patterns that represent acceptable URLs. | yes | http://*, https://* |
| connection.debug | Set to true to enable very detailed information about communication between the console server and service endpoints. Logs will become cluttered, so do not leave this on under normal operation. | yes | false |
| connection.retries | Sets the number of retires used when issuing requests to service endpoints. Adjusting this higher may reduce UI responsiveness. | yes | 2 |
| pyramid.default_locale_name | The default locale if none is specified by the browser user agent. For more information, see Set the Locale. |
no | en |
| session.key | The session cookie name, which defaults to 'eucaconsole_session'. | yes | eucaconsole_session |
| session.keyini | The location of a file that contains session encryption keys. | yes | /etc/eucaconsole/session-keys.ini |
| session.secure | Set to true to send session cookies over a secure connection (e.g., Nginx or a load balancer). Needs to be set to false if SSL is not configured. | yes | false |
| session.timeout | Sets the idle session timeout in seconds; defaults to 30 minutes. If null, never
times out. For more information, see Configure Session Timeouts. |
no | 1800 |
| session.cookie_expires | Sets the absolute session timeout in seconds; defaults to 12 hours. If null,
never expires. See http://beaker.readthedocs.org/en/latest/configuration.html for more information about session options. For more information, see Configure Session Timeouts. |
no | 43200 |
| cache.memory.url | Set the memory URL used for configuration of regions for dogpile.cache. | yes | /var/run/eucaconsole/memcached.sock |
| cache.short_term.expire | Minimum limit for cache expiry, in seconds. | yes | 60 |
| cache.default_term.expire | Default for cache expiry, in seconds. | yes | 300 |
| cache.long_term.expire | Longer term limit for cache expiry, in seconds. | yes | 3600 |
| cache.extra_long_term.expire | Maximum limit for cache expiry, in seconds. | yes | 43200 |
| cache.username | Sets a username to be used when SASL authentication is enabled for memcached. If not set, the memcached connection is unauthenticated. | no | -- |
| cache.password | Sets a password to be used when SASL authentication is enabled for memcached. If not set, the memcached connection is unauthenticated. | no | -- |
| cache.images.disable | If true, disable EC2 image cache on Eucalyptus. If false, EC2 image API fetches will be cached for cache.long_term.expire duration. | yes | true |
The configurable options for the OpenID Connect (OIDC) properties in the [app:main] section of the console.ini file are:
| Property | Description | Required | Default Value |
|---|---|---|---|
| oidc.hostname | The OpenID Connect (OIDC) hostname for the ident host. OIDC login functionality is enabled when a value is assigned. Once enabled, all other OIDC properties are required. This property is commented out by default. | no | -- |
| oidc.client.ini | The location of a file that contains the OIDC credentials. This file contains client id and secret that are generated by the ident provider. | yes | /etc/eucaconsole/oidc-credentials.ini |
| oidc.scope | The OIDC scope is specific to your ident provider and is used in a token API request. | yes | urn:globus:auth:scope:auth.globus.org:view_identities openid email profile |
| oidc.console.hostname | The OIDC return URL hostname. Required to be the hostname that this console runs as, so callback from the ident provider can return control back to this application. If the console is installed on the UFS host, this value would be the same as ufshost above. It may be different based on where the console is running. | yes | localhost |
| oidc.login.button.label | The text that appears on the login button. | yes | Sign in with Globus Auth |
The configurable options in the [server:main] section of the console.ini file are:
| Property | Description | Required | Default Value |
|---|---|---|---|
| host | Set to 0.0.0.0 to allow connections from any host. Set to 127.0.0.1 to allow connections from localhost only, which is preferred if running Nginx. | yes | 127.0.0.1 |
| port | The port on which the console can be reached. For more information, see Configure the UI Port. |
yes | 8888 |
| workers | The number of worker processes used to service requests. A rule of thumb is
double the number of cores plus one. For more information, see Configure Workers. |
yes | 4 |
| tmp_upload_dir | Specifies a different directory to be used for file uploads, if set. It should have plenty of space to handle large file uploads. Defaults to the system's temp directory. The 'eucaconsole' user must have write permission to the directory. | no | /var/tmp |
Logging configuration options are at the end of the console.ini file. For more information on these settings, see http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/logging.html.