Global Site
Displaying present location in the site.
November 1st, 2024
Machine translation is used partially for this article. See the Japanese version for the original article.
Introduction
The Cluster WebUI is the management GUI of EXPRESSCLUSTER. It provides the feature for restricting access and controlling the available user modes. This feature provides methods for control based on the IP address of the connecting client and authentication/control using a password.
In this article, we will introduce how to control the connection to the Cluster WebUI with a password.
Contents
- 1. Controlling Access by Passwords
- 1.1 Cluster Password Method
- 1.2 OS Authentication Method
- 2. Preparations for OS Authentication Method
- 2.1 Preparations for Windows
- 2.2 Preparations for Linux
- 3. Setting Procedure for EXPRESSCLUSTER
- 3.1 Backing Up the Configuration File
- 3.2 Password Setting Screen
- 3.3 Cluster Password Method
- 3.4 OS Authentication Method
- 4. Checking the Operation
1. Controlling Access by Passwords
The Cluster WebUI has four user modes for operating and configuring a cluster. The types of user modes are as follows:
| User mode | Description |
|---|---|
| Operation mode | Both status monitoring and operations of the cluster such as starting/stopping servers and resources can be performed. |
| Config mode | Editing, exporting and other actions for cluster configuration can be performed. |
| Verification mode | As in Operation mode, both status monitoring and operations can be performed. In addition, dummy failures can be performed in monitor resources to verify operation under error. |
| Reference mode | Monitoring status of the cluster can be performed but operations such as starting/stopping servers and resources are not allowed. |
When controlling access to the Cluster WebUI with a password, it is possible to control whether all user modes are available or only reference mode is available depending on the password used. Additionally, there are two authentication methods: the cluster password method and the OS authentication method. The cluster password method is available from EXPRESSCLUSTER X 4.0, and the OS authentication method is available from EXPRESSCLUSTER X 4.2.
1.1 Cluster Password Method
This method authenticates with the password for operation and password for reference set in Cluster WebUI. If authenticated with the password for operation, all user modes are available. If authenticated with the password for reference, only the reference mode is available.The password is saved in the configuration data of EXPRESSCLUSTER.
1.2 OS Authentication Method
Authenticates using the OS user and password. Changing the password is simply done by changing the password of the OS user, which simplifies the password setting process of EXPRESSCLUSTER.
Cluster operation rights are set per OS group, so users need to belong to such groups. By setting groups and operation rights to the cluster, the available user modes can be controlled per group. If operation rights are granted, all user modes are available; if not, only the reference mode is available.
- *In the case of OS authentication method, it is recommended to use HTTPS connections to prevent leakage of authentication information outside during communication between Cluster WebUI and the cluster server. For information on setting up HTTPS connections, please refer to the following article.
2. Preparations for OS Authentication Method
In the case of OS authentication method, prepare by creating the groups and users to be used for authentication. Existing groups and users can be used, but the following explains how to create new groups and users.
2.1 Preparations for Windows
In Windows, the setup method varies depending on whether the cluster server belongs to a workgroup or a domain.
2.1.1 If the Cluster Server Belongs to a Workgroup
Configure each cluster server so that the group names and user names are the same for all. Here, the default workgroup is used, and groups and users are created as follows:
■ Workgroup Name: WORKGROUP
- A group where all user modes are available
- Group Name: ecxgroup_admin
- User: work_user1
- Password: <any password>
- A group where all user modes are available
- Group Name: ecxgroup_user
- User: work_user2
- Password: <any password>
The steps to configure groups and users are as follows:
- 1. Click "Computer Management" in Windows Administrative Tools.
- 2. Create the user (work_user1) in "Local Users and Groups".
- 3. Create the group (ecxgroup_admin) and add the user (work_user1) created in step 2 to this group.
Create work_user2 and ecxgroup_user following the same procedure.
2.1.2 If the Cluster Server Belongs to a Domain
Set the groups and users in the domain environment on the Active Directory server (hereinafter called “AD server”). Pre-construct the AD/DNS server and add the cluster server to the domain. Here, we set the domain name to "example.com" and create the following groups and users:
■Domain Name: example.com
- A group where all user modes are available
- Group Name: ecxgroup_admin
- User: domain_user1
- Password: <any password>
- A group where all user modes are available
- Group Name: ecxgroup_user
- User: domain_user2
- Password: <any password>
- 1. Open Server Manager on the AD/DNS server and select "Active Directory Users and Computers" from Tools in the upper right.
- 2. Create the user (domain_user1) and the group (ecxgroup_admin).
- 3. Add the user to the created group (ecxgroup_admin).
Create domain_user2 and ecxgroup_user following the same procedure.
2.2 Preparations for Linux
In Linux, configure each cluster server so that the group names and user names are the same. The settings are performed by commands, which should be executed by a user with root privileges.
- A group where all user modes are available
- Group Name: ecxgroup_admin
- User: work_user1
- Password: <any password>
- A group where all user modes are available
- Group Name: ecxgroup_user
- User: work_user2
- Password: <any password>
The steps to configure groups and users are as follows:
- 1. Create the user (work_user1).
# adduser work_user1
- 2. Set the password for the user (work_user1).
# passwd work_user1
- 3. Create the group (ecxgroup_admin).
# groupadd ecxgroup_admin
- 4. Add the user (work_user1) to the created group (ecxgroup_admin).
# usermod -g ecxgroup_admin work_user1
Create work_user2 and ecxgroup_user following the same procedure.
3. Setting Procedure for EXPRESSCLUSTER
Enable the setting to control connections to the Cluster WebUI with a password. The setting procedure is the same for Windows and Linux. Here, the settings are performed in the following environment:
■Windows Environment
- Windows Server 2022
- EXPRESSCLUSTER X 5.2 for Windows (Internal Ver. 13.20)
■Linux Environment
- Red Hat Enterprise Linux 8.6.0
- EXPRESSCLUSTER X 5.2 for Windows (Internal Ver. 5.2.0-1)
- * The following Cluster WebUI screenshots are from CLUSTERPRO X 5.2 for Windows.
3.1 Backing Up the Configuration File
When enabling connection control with a password and losing the password or mistakenly deleting an OS group with access rights, you will be unable to log in to Cluster WebUI. Since settings cannot be changed in Cluster WebUI in such cases, it is recommended to back up the configuration file before setting passwords.
In ”Config mode”, click "Export" at the top left of the page.
The configuration file in zip format will be downloaded, completing the backup.
If you need to revert the settings, log in to the cluster server, save and extract the downloaded the configuration file (zip file) to an arbitrary location. Then, execute the clpcfctrl --push command to apply the configuration file from before setting the password. The command is common to Windows and Linux.
Example)
clpcfctrl --push -x <directory where the configuration file is stored>
- *If the cluster's OS is Linux and using EXPRESSCLUSTER X 4.3 or earlier, the -l or -w option is required. When using the configuration file saved in the Cluster WebUI on the Linux client, please use the -l option. For Windows client, please use the -w option.
The backed-up configuration file can be applied to each cluster server, allowing you to revert to the state before the password settings were applied.
3.2 Password Setting Screen
After backing up the configuration file, navigate to the setting screen for connection control with a password.
Switch to Config Mode in Cluster WebUI and click "Cluster Properties" (gear icon).
Move to the "WebManager" tab and click "Settings" next to "Control connection by using password".
3.3 Cluster Password Method
In the “Password Settings” screen, select "Cluster Password Method" and click "Change" next to the “Password for Operation” or “Password for Reference”.
Set the “New Password”. If a password has already been set, you need to enter the “Old Password”.
If only either the “Password for Operation” or “Password for Reference” is set, the other will remain unset, allowing connection without password input.
Once the configuration is complete, apply the settings to the cluster. After application, you will be disconnected from the Cluster WebUI, so please reload it in your browser.
3.4 OS Authentication Method
In the “Password Settings” screen, select "OS Authentication Method" and click "Add".
Set the group name. Enter the Group Name to which the added user belongs.
Here, enter the group created in "2. Preparation for OS Authentication Method" (such as ecxgroup_admin or ecxgroup_user).
After adding the group, set the operation rights for the group.
If the "Operation" checkbox is turned on, all user modes are available; If the checkbox is turned off, only Reference mode is available. At least one group must be granted operation rights.
Once the configuration is complete, apply the settings to the cluster. After application, you will be disconnected from the Cluster WebUI, so please reload it in your browser.
4. Checking the Operation
Log in to Cluster WebUI with the set user and password and confirm that the operations can be performed with the set permissions.
Connect to Cluster WebUI. A “Login“ screen prompting for user and password input will be displayed. The “Login“ screen differs between “Cluster Password Method” and “OS Authentication Method”.
- In the case of “Cluster Password Method”
Select the authority and enter the set password.
If "Operation mode" is selected, enter the “Password for Operation”; if "Reference only" is selected, enter the “Password for Reference”.
If logging in with a mode where the password is unset in "3.3 Cluster Password Method", log in without anything in the password field.
- In the case of “OS Authentication Method”
Enter the set user and password as follows:
■Windows
- User
- If workgroup:ecxgroup_admin
Example) work_user1 - if domain:<domain name>\<user name>
Example) example.com\domain_user1
- Password
- Password for the user belonging to the registered group
■Linux
- User
- User name belonging to the registered group
- Example) work_user1
- Password
- Password for the user belonging to the registered group
After logging in, confirm the operation rights (user mode).
- When you log in by entering the “Password for Operation” or log in as a user in a group with operation rights:
Confirm that the user mode is set to "Operation mode” and the cluster can be operated.
- When you log in by entering the “Password for Reference” or log in as a user in a group without operation rights:
Confirm that the user mode is set to “Reference mode” and only reference of cluster is available.
When you have set the “Cluster Password Method” and try to switch to “Operation mode“ after logging in with the “Password for Reference”, you will be need to enter the ”Password for Operation”.
Conclusion
This article introduced how to control connections to the Cluster WebUI via passwords.Please use the described settings method when connection control is required from a security perspective.
If you consider introducing the configuration described in this article, you can perform a validation with the 
trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.