The web browser based management console allows for administration of the QUADStor system. For Linux installations, if you have SELinux enabled on the system, ensure that you follow the instructions mentioned under "SELINUX CONSIDERATIONS" in http://www.quadstor.com/support/123-installation-on-rhel-centos-sles-debian.html
Ensure that the httpd/apache2 server is running on the system.
In order to access the console, open a web browser and type the address of the QUADStor system. Ensure that javascript is enabled in your browser. (Javascript is by default enabled for browsers)
Once the HTML page loads you would be presented with a menu as shown in the following figure
Each menu "System", "Physical Storage", "Storage Pools" and "Virtual Disks" is a clickable link.
Securing access to the web interface
With out any additional setup, the web interface can be accessed by any one from a browser. Access can be restricted and secured by simply two steps.
- http authentication using htaccess and htpasswd or with the new daemon authentication
- SSL access
Setup is one-time only and is persistent across quadstor upgrades.
Daemon Authentication
Starting with version 3.2.20 the virtualization software daemon can authenticate users accessing the web interface. Unauthorized users are redirected to a login page. To enable daemon authenctiation
Add the following to /quadstor/etc/quadstor.conf. Create the file if it does not exist
EnableAuth=1
Run the following command to reload the configuration file
/quadstor/bin/vdconfig -r
Add a new user to access the web management interface. A new user can be added by
/quadstor/bin/vtuser --add --user <user name> --password <passwd>
Or with short options
/quadstor/bin/vtuser -a -u <username> --p <passwd>
Usernames and Passwords need to be a minimum of 8 characters can be up to 32 characters in length.
Usernames and passwords need to be ascii chars and can be _ or -
Read Only user
A read only user is a user with non administrator access. A read only
user can be created by
/quadstor/bin/vtuser -a -u <username> --p <passwd> -r Or /quadstor/bin/vtuser --add --user <user name> --password <passwd> --readonly
A logged in read only user can only view the VDisk configuration, disk configuration etc but cannot modify such as adding new users, new disks etc.
Listing users
/quadstor/bin/vtuser --list Or /quadstor/bin/vtuser -l
Deleting an user
/quadstor/bin/vtuser -x -u <user name>
htaccess setup
1. In the cgi-bin directory create a file called .htaccess
2. Add the following lines to the file
AuthName "QUADStor Authentication" AuthType Basic AuthUserFile /usr/local/www/apache22/cgi-bin/.htpasswd Require valid-user
Note that the "AuthUserFile" could be anywhere accessible by the web browser,but we chose the cgi-bin directory itself and the file needn't be named as .htpasswd
3. Create the .htpasswd file
htpasswd -s -b -c <htpasswd file> <username> <password>
For example
htpasswd -s -b -c /usr/local/www/apache22/cgi-bin/.htpasswd webadmin webadmin
4. Edit the httdp.conf and search for
<Directory ...cgi-bin> directory. For example on FreeBSD with apache22 it would be
<Directory "/usr/local/www/apache22/cgi-bin"> Options None Order allow,deny Allow from all </Directory>
Add the following line
AllowOverride AuthConfig Limit
For example the above configuration is now
<Directory "/usr/local/www/apache22/cgi-bin"> AllowOverride AuthConfig Limit Options None Order allow,deny Allow from all </Directory>
cgi-bin and httpd.conf paths
FreeBSD with apache22 /usr/local/www/apache22/cgi-bin /usr/local/etc/apache22/httpd.conf FreeBSD with apache1.x /usr/local/www/cgi-bin /usr/local/etc/apache/httpd.conf RHEL/CentOS 5.x/6.x /var/www/cgi-bin /etc/httpd/conf/httpd.conf Sles 11 /srv/www/cgi-bin /etc/httpd/conf/httpd.conf Debian Squeeze 6.x /usr/lib/cgi-bin /etc/httpd/conf/httpd.conf
Enabling SSL access
SSL access setup is out of scope of this document. Once you have ssl setup for your OS, access the web page using https:// instead of http://
Also add the SSLRequireSSL directive for the cgi-bin Directory section in httpd.conf. This would force ssl access every time you access the web interface.
For example
<Directory "/usr/local/www/apache22/cgi-bin"> AllowOverride AuthConfig Limit SSLRequireSSL Options None Order allow,deny Allow from all </Directory>