-
Notifications
You must be signed in to change notification settings - Fork 1
user ui 3.2 design
The Eucalyptus UI (EUI) is a new component that offers an extensible user console for Eucalyptus.
The design can be broken down into two main components, the client user interface (in the browser) and a UI Proxy that will be installed on 1 or more servers (and could be co-located with the CLC for POC). The UI toolkit will be jQuery (http://jqueryui.com/) which provides a rich set of user interface components and supporting code for AJAX calls. The user will authenticate in the browser with the same username and password as they use for the Eucalyptus admin interface (on the CLC). The UI Proxy will be a separate component that is a light-weight proxy between the user interface and the CLC. The proxy will handle session management and provide a set of rest interfaces that the UI will use to get information from the CLC via API calls (EC2, S3, etc). The only state held in the proxy will be some access credentials for the API calls stored in the session. Those will be discarded when the session expires. Specific details of the design will be addressed in the sections below.
The only state maintained in each proxy is the session id and its associated Eucalyptus credentials. [HA] Because of its statelessness, multiple proxy instances can be setup and take over each other when one instance becomes unavailable. Switching the instance will require the clients to login again with the new instance and we assume this is the acceptable consequence. [SCALABITLITY] We consider round-robin dns as the way to address multiple proxy instances. In this case, the session affinity can be implemented by returning the IP address of the proxy that the client initially authenticates with and using the IP for subsequent client operations. When the proxy becomes unavailable, the browser will redirect the client to the log-in page using the DNS name. Although not stated in the requirements, the design does not preclude the caching resource states at the proxy-level. This can reduce the number of message exchanges between the proxy and CLC, thereby helping the CLC to scale. It will also help reducing the response time from the browser. There could be configurable, poll frequency, parameter at the proxy.
On the browser, the JQuery-based implementation will heavily use Ajax to partially update the state changes. The frequency of the state update will be configurable in order to help customers to balance scalability vs. accuracy. The proxy will be a thin layer that translates from the EC2/S3 messages to the light-weight JSON objects. The REST interface between the proxy and the JQuery will emulate the corresponding EC2/S3 operations such that the translation is a straightforward operation. The latency when interacting with the UI will be predictable (assuming the latency of the CLC's operation is predictable) and in general is bounded with respect to the amount of client's resources.
The proxy will use EC2/S3 libraries that is established to work with Eucalyptus (e.g., boto). The proxy will be able to switch to a different version of the library across releases. As we use JQuery, it will be possible to modify the presentation and the behavior of the UI between the system's restarts. IF we choose to base the server-side implementation on python framework (tornado, flask, django), entire UI application will be modifiable without re-compilation. [I18N] JQuery's i18n libraries (http://code.google.com/p/jquery-i18n-properties/) will be used to implement the i18n .We will provide customers the path to translate the English strings in UI to their langauges and to plug-in the translation to the application. The UI application will provide the interface to customize the UI (e.g., logos, strings, etc) and document the procedure. In addition the customers will be able to tweak the CSS to suit their needs.
The UI proxy will be built with a layer internally that abstracts the calls to the CLC. This layer can be implemented with a mock that provides static data for testing. This will allow the UI components to be tested independently of the cloud (CLC). The REST calls that the UI proxy implements will be callable from test code that would authenticate and maintain a session, thereby allowing testing of the UI proxy and back end without the browser. The browser components will maintain consistent identification (ids) to allow a test framework (likely Selenium) to perform tests in a sustainable way. The goal with the REST apis the UI calls will also be to maintain backwards compatibility for the purpose of not breaking tests.
There are 2 aspects that will be addressed to offer a secure user interface. Those are around access and authentication, and around security attack prevention. The user will authenticate in the browser using their username and password. These are the same as used by the CLC admin UI and the same as created by the euare-usercreate and euare-useraddloginprofile commands. The login process will follow this sequence;
- User enters username and password in the browser and presses the "login" button.
- The request is sent to the UI proxy which forwards the values to the CLC authentication REST call (to be created by the CLC team).
- The CLC will validate the user and if authorized, look up the access id and secret key which it returns to the UI proxy.
- The UI proxy creates a session and stores the access id and secret key in the session.
- The session ID is stored in a cookie which is stored in the client browser when the login response is sent to the user.
The EUI will require the same deployment mechanisms as other components in the system. It will not require any special methods or procedures. The general sequence is this;
- install package(s)
- edit configuration file
- start service
The intent will be to provide the entire EUI (client side and proxy) in a package called eucalyptus-ui. This will be able to install separately on distinct machines, combined with the CLC or deployed on instances running inside the Eucalyptus cloud. The packaging and release methodologies will be consistent with other packages offered for Eucalyptus. The interfaces between the UI proxy and CLC will be mostly the standard web service APIs used by euca2ools with the exception of the authorization REST call. This call should not have to change and will provide only a very specific function to help reduce the chance for changes which might affect backward compatibility. In general, the EUI will be designed to match the features available in the same version of Eucalyptus (even if that is not initially the case). Changes or updates the the eucalyptus-ui package will not fundamentally require any changes or restarts to other Eucalyptus packages or services.
tag:rls-3.2
- Contact Info
- email: [email protected]
- IRC: #eucalyptus-devel (freenode)
- Twitter: @grrrze
- Other Links