Changes to System Configuration Pages
The User Workspace Management (UMW) web admin portal has been updated in the 1.5
release. In particular, the System Configuration pages have been improved by
-
providing a consistent look and feel with tool tips, sensible defaults, and a
're-apply' function
-
adding value checking / field validation (e.g. a pool address must fall into
the proper network range to be valid)
-
identifying the set of tasks required to apply the selected system
configuration changes, resulting in faster system configuration
changes
-
removing the core infrastructure settings from the UWM
-
The following infrastructure settings cannot be reconfigured
after the initial installation in CML 1.5 without a
reinstallation:
-
The CML server's / controller' hostname. (You may use any DNS
name for the CML server or controller node, but the hostname
itself cannot be changed.)
-
The (notional) domain name of the CML server or controller
node. It’s set in /etc/hosts, but it’s not used for much at
the moment.
-
The primary network interface (e.g., eth0).
-
The following infrastructure settings may be changed by the
virl_setup
script (see also the section on
Changing Core Infrastructure Settings below):
-
Whether the primary interface is configured for DHCP or
Static IP address.
-
The configuration settings related to the primary interface,
such as the netmask and default gateway when "Static IP" is
selected.
The tool tips of the individual fields provide good information about each field.
Consult the tool tips when in doubt about the meaning of an individual field or
about proper or valid values for the field.
New UWM System Configuration Tabs
The settings in the System Configuration page of the UWM have been regrouped
into a new set of tabs. Each tab holds a group of related settings. The new tabs on
the System Configuration tab are
-
Remote Connections
-
NTP server
-
Proxies
-
DNS rererenameservers
-
Hardware
-
Shared Networks
-
L3 SNAT
-
Service Ports
-
Ports used by web server, web services, etc.
-
Port ranges used for serial consoles of simulated nodes
-
Port ranges used for TCP connections (including packet captures) of
the simulations
-
Users
-
Primary (guest) user account settings
-
Password reset for infrastructure password and uwmadmin
account
-
Admin permission restrictions
-
Simulation Details
-
Open VPN
-
Cisco Call-Home
Changing Core Infrastructure Settings
Some core infrastructure settings have been removed from the UWM's System
Configuration pages. These settings are rarely changed, and separating them from the
other settings in the UWM's System Configuration pages makes the process of applying
system configuration changes from the UWM faster and more robust. Some of these core
infrastructure settings may still be changed on an existing installation by logging
into the back end as the virl user and running virl_setup
.
The virl_setup
script will present a menu of options. The Network
Configuration menu will permit switching between using a DHCP or static IP address
on the system's management interface, setting static IP address settings, and
setting the NTP server.
This image virl_setup_main_menu.png is not available in
preview/cisco.com
Permissions Restriction for Admin Users
By default, the primary (e.g., guest) user has always been configured as an admin
account. The admin privileges were needed so that the guest user could, for example,
run simulations that requested a static IP or static MAC address for an interface on
a management network or on a shared L2 FLAT / L3 SNAT network. (Note that since the
1.3 release, admin privileges are no longer required for a user's simulation to set
such a static IP or static MAC address.) As an admin account, the guest user also
used to be able to add "global" VM images instead of just user-level or
project-level VM images, make system configuration changes, and even upgrade the
entire system.
In the 1.5 release, the primary user created during installation is still granted an
admin role, but the UWM now restricts certain operations to the uwmadmin
system admin account only. By default, only the uwmadmin user will be permitted to
make changes in the pages of the UWM. Installing or upgrading software on the page or upgrading the system on the page will also be restricted to the uwmadmin user account. If you
would like to revert your 1.5 installation to the previous behavior, where the guest
user could perform these operations, use the uwmadmin account to change the
"Restrict System Configuration and Upgrades to System Admin" setting in the page.
By default, all user accounts in 1.5, including the primary user account created
during the installation, will still have permission to manage node resources. For
example, the guest user would be able to add or delete VM images. Users may also add
or edit LXC templates, subtypes, and flavors. You may restrict these pages to just
users with the admin role or just to the uwmadmin user. Use the uwmadmin account to
set the "Users allowed resource management" setting on the Users page to the desired value.