The web browser based management console allows for administration of the QUADStor system. For Linux installations, if you have SELinux enabled on the system, ensure that you follow the instructions mentioned under "SELINUX CONSIDERATIONS" in http://www.quadstor.com/support/123-installation-on-rhel-centos-sles-debian.html

Ensure that the httpd/apache2 server is running on the system.

In order to access the console, open a web browser and type the address of the QUADStor system. Ensure that javascript is enabled in your browser. (Javascript is by default enabled for browsers)

Once the HTML page loads you would be presented with a menu as shown in the following figure

QUADStor Web based Management

Each menu "System", "Physical Storage", "Storage Pools" and "Virtual Disks" is a clickable link.

Securing access to the web interface

With out any additional setup, the web interface can be accessed by any one from a browser. Access can be restricted and secured by simply two steps.

  1. http authentication using htaccess and htpasswd or with the new daemon authentication
  2. SSL access

Setup is one-time only and is persistent across quadstor upgrades.

Daemon Authentication

Starting with version 3.2.20 the virtualization software daemon can authenticate users accessing the web interface. Unauthorized users are redirected to a login page. To enable daemon authenctiation

Add the following to /quadstor/etc/quadstor.conf. Create the file if it does not exist

EnableAuth=1

Run the following command to reload the configuration file

/quadstor/bin/vdconfig -r

Add a new user to access the web management interface. A new user can be added by

/quadstor/bin/vtuser --add --user <user name> --password <passwd>

Or with short options

/quadstor/bin/vtuser -a -u <username> --p <passwd>

Usernames and Passwords need to be a minimum of 8 characters can be up to 32 characters in length.

Usernames and passwords need to be ascii chars and can be _ or -

Read Only user

A read only user is a user with non administrator access. A read only
user can be created by

/quadstor/bin/vtuser -a -u <username> --p <passwd> -r

Or

/quadstor/bin/vtuser --add --user <user name> --password <passwd> --readonly

A logged in read only user can only view the VDisk configuration, disk configuration etc but cannot modify such as adding new users, new disks etc.

Listing users

/quadstor/bin/vtuser --list
Or
/quadstor/bin/vtuser -l

Deleting an user

/quadstor/bin/vtuser -x -u <user name>

 

htaccess setup

1. In the cgi-bin directory create a file called .htaccess

2. Add the following lines to the file

AuthName "QUADStor Authentication"
AuthType Basic
AuthUserFile /usr/local/www/apache22/cgi-bin/.htpasswd
Require valid-user

Note that the "AuthUserFile" could be anywhere accessible by the web browser,but we chose the cgi-bin directory itself and the file needn't be named as .htpasswd

3. Create the .htpasswd file

htpasswd -s -b -c <htpasswd file> <username> <password>

For example

htpasswd -s -b -c /usr/local/www/apache22/cgi-bin/.htpasswd webadmin webadmin

4. Edit the httdp.conf and search for

<Directory ...cgi-bin> directory. For example on FreeBSD with apache22 it would be

<Directory "/usr/local/www/apache22/cgi-bin">
 Options None
 Order allow,deny
 Allow from all
</Directory>

Add the following line

AllowOverride AuthConfig Limit

For example the above configuration is now

<Directory "/usr/local/www/apache22/cgi-bin">
 AllowOverride AuthConfig Limit
 Options None
 Order allow,deny
 Allow from all
</Directory>

cgi-bin and httpd.conf paths

FreeBSD with apache22 
/usr/local/www/apache22/cgi-bin
/usr/local/etc/apache22/httpd.conf

FreeBSD with apache1.x
/usr/local/www/cgi-bin
/usr/local/etc/apache/httpd.conf

RHEL/CentOS 5.x/6.x
/var/www/cgi-bin
/etc/httpd/conf/httpd.conf

Sles 11
/srv/www/cgi-bin
/etc/httpd/conf/httpd.conf

Debian Squeeze 6.x
/usr/lib/cgi-bin
/etc/httpd/conf/httpd.conf

Enabling SSL access

SSL access setup is out of scope of this document. Once you have ssl setup for your OS, access the web page using https:// instead of http://

Also add the SSLRequireSSL directive for the cgi-bin Directory section in httpd.conf. This would force ssl access every time you access the web interface.

For example

<Directory "/usr/local/www/apache22/cgi-bin">
 AllowOverride AuthConfig Limit
 SSLRequireSSL
 Options None
 Order allow,deny
 Allow from all
</Directory>