Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
ganetimgr DocumentationRelease 1.4.1
GRNET NOC, GRNET S.A
May 23, 2014
Contents
1 What is ganetimgr? 1
2 Compatibility 3
3 Installation 53.1 ganetimgr installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53.2 ganetimgr admin guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
i
ii
CHAPTER 1
What is ganetimgr?
ganetimgr is a web platform that eases the provisioning of virtual machines over miltiple ganeti clusters. In essence,ganetimgr aims to be the frontend of a VPS service. A simplified architecture of ganetimgr is depicted here:
+------------------------+ +---------------+| | | || | +-----+ ganeti cluster|| Django | | | || | | +---------------+| | | ...+------------------------+ | ...| gevent watcher | | ...| | | +---------------++------------------------+ | | || Caching |ganeti REST +-----+ + ganeti cluster|| |API client +-----------+ |+-----------+------------+ +---------------+
1
ganetimgr Documentation, Release 1.4.1
2 Chapter 1. What is ganetimgr?
CHAPTER 2
Compatibility
ganetimgr has been tested with ganeti versions 2.4-2.9. Unless something really big has changed with the ganeti RESTAPI client, ganetimgr should be able to interoperate with later versions.
3
ganetimgr Documentation, Release 1.4.1
4 Chapter 2. Compatibility
CHAPTER 3
Installation
You can go through the installation at the Install ganetimgr section.
3.1 ganetimgr installation
Note: This guide assumes a clean debian wheezy (stable) installation
Attention: If updating from a squeeze installation, pay attention to changes in setting.py
3.1.1 Install packages
Update and install the required packages (you will be asked for a mysql username and password):
apt-get updateapt-get upgradeapt-get install git nginx mysql-server python-mysqldb python-django python-redis python-django-south python-django-registration python-paramiko python-simplejson python-daemon python-setproctitle python-pycurl python-recaptcha python-ipaddr beanstalkdapt-get install redis-serverapt-get install gunicorn python-gevent
3.1.2 Database Setup
Login to the mysql interface:
mysql -u <your username> -p
Create database and user:
mysql> CREATE DATABASE ganetimgr CHARACTER SET utf8;mysql> CREATE USER ’ganetimgr’@’localhost’ IDENTIFIED BY ’12345’;mysql> GRANT ALL PRIVILEGES ON ganetimgr.* TO ’ganetimgr’;mysql> flush privileges;
Excellent!
5
ganetimgr Documentation, Release 1.4.1
3.1.3 Pre-Setup
Get the source and checkout to latest stable:
mkdir /srv/www/cd /srv/www/git clone https://code.grnet.gr/git/ganetimgrcd ganetimgrgit checkout stable
Create a settings file for the django application:
cp settings.py.dist settings.pycp urls.py.dist urls.py
Edit the settings.py file and change the django database config to match your setup. Pay attention to the following:
Change STATIC_URL to the url serving your static files, eg. STATIC_URL = ’https://example.com/static’and STATIC_ROOT to STATIC_ROOT = ’/srv/www/ganetimgr/static/’TEMPLATE_DIRS to TEMPLATE_DIRS = (
’/srv/www/ganetimgr/templates’,)
Then set your cache backend:
CACHE_BACKEND to CACHE_BACKEND = "redis_cache.cache://127.0.0.1:6379/?timeout=1500"
Set your supported operating systems via the corresponding OPERATING_SYSTEMS dict-of-dicts variable.
Set your re-CAPTCHA keys. Generate a key pair here: http://www.google.com/recaptcha
RECAPTCHA_PUBLIC_KEY = ’<key>’RECAPTCHA_PRIVATE_KEY = ’<key>’
to match your API key.
If desired, enable LDAP authentication via the AUTH_LDAP_* variables.
If you deploy a servermon instance (https://github.com/servermon/servermon) that generates statistics for your clusternodes instances, enter its url at:
SERVER_MONITORING_URL
to link a node with its servermon page.
If you deploy a Jira installation then you can append a tab on the left of ganetimgr web interface via an issue collectionplugin that can be setup via:
HELPDESK_INTEGRATION_JAVASCRIPT_URLHELPDESK_INTEGRATION_JAVASCRIPT_PARAMS
If you want to embed collectd statistics in ganetimgr instance page fill the:
COLLECTD_URL
You can limit the whitelisted subnets (in case of isolated instances) available via:
WHITELIST_IP_MAX_SUBNET_V4WHITELIST_IP_MAX_SUBNET_V6
parameters
If you want to keep your users updated with the latest news around the service, fill in an RSS feed url at:
6 Chapter 3. Installation
ganetimgr Documentation, Release 1.4.1
FEED_URL
You can change the logo, motto and some footer details via the:
BRANDING
dictionary. You can create your own logo starting with the static/branding/logo.* files.
3.1.4 Software Setup
Attention: When running the syncdb command that follows DO NOT create a superuser yet!
Run the following commands to create the database entries:
python manage.py syncdbpython manage.py migrate
and the superuser:
python manage.py createsuperuser
Attention: If installing for the first time and want to have analytics, alter the templates/analytics.html file. Setyour prefered (we suggest piwik) analytics inclussion script or leave the file as is (commented) if no analytics isdesired/available.
To get the admin interface files, invoke collectstatic:
python manage.py collectstatic
Ganetimgr provides 3 flatpages - Service Info, Terms of Service and FAQ. Flatpages can be enabled or disabled viathe:
FLATPAGES
dictionary.
We provide 6 flatpages placeholders (3 flatpages x 2 languages - English and Greek) for the flatpages mentioned. Byinvoking the command:
python manage.py loaddata flatpages.json
the flatpages placeholders are inserted in the database and become available for editing via the admin interface (FlatPages).
Run the watcher.py:
mkdir /var/log/ganetimgr./watcher.py
Edit /etc/gunicorn.d/ganetimgr:
CONFIG = {’mode’: ’django’,’working_dir’: ’/srv/www/ganetimgr’,’user’: ’www-data’,’group’: ’www-data’,’args’: (
’--bind=127.0.0.1:8088’,
3.1. ganetimgr installation 7
ganetimgr Documentation, Release 1.4.1
’--workers=2’,’--worker-class=egg:gunicorn#gevent’,’--timeout=30’,’--debug’,’--log-level=debug’,’--log-file=/var/log/ganetimgr.log’,
),}
Add to your nginx config:
location /static {root /srv/www/ganetimgr;
}
location / {proxy_pass http://127.0.0.1:8088;
}
location /admin {proxy_pass http://127.0.0.1:8088;
}
Restart nginx and gunicorn:
service nginx restartservice gunicorn restart
Analytics Setup
If installing for the first time do not forget to alter templates/analytics.html to suit your needs.
If you do not wish to use analytics, leave this file intact (it is commented with Django template comments).
Set your preferred (we use piwik) analytics inclusion script in templates/analytics.html. Eg:
<!-- Piwik --><script type="text/javascript">
var _paq = _paq || [];_paq.push([’trackPageView’]);_paq.push([’enableLinkTracking’]);(function() {var u=(("https:" == document.location.protocol) ? "https" : "http") + "://piwik.example.com//";_paq.push([’setTrackerUrl’, u+’piwik.php’]);_paq.push([’setSiteId’, 1]);var d=document, g=d.createElement(’script’), s=d.getElementsByTagName(’script’)[0]; g.type=’text/javascript’;g.defer=true; g.async=true; g.src=u+’piwik.js’; s.parentNode.insertBefore(g,s);
})();</script><noscript><p><img src="http://piwik.example.com/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript><!-- End Piwik Code -->
WebSockets
To enable WebSocket support you will need to install VNCAuthProxy following the guidesof OSL: https://github.com/osuosl/twisted_vncauthproxy and https://code.osuosl.org/projects/ganeti-webmgr/wiki/VNC#VNC-AuthProxy
8 Chapter 3. Installation
ganetimgr Documentation, Release 1.4.1
You will also need at least the following packages: python-twisted, python-openssl
Start your twisted-vncauthproxy with:
twistd --pidfile=/tmp/proxy.pid -n vncap -c tcp:8888:interface=0.0.0.0
Make sure your setup fullfils all the required firewall rules (https://code.osuosl.org/projects/ganeti-webmgr/wiki/VNC#Firewall-Rules)
The relevant options in settings.py are:
WEBSOCK_VNC_ENABLED = TrueNOVNC_PROXY = "example.domain.com:8888"
Modern browsers block ws:// connections initiated from HTTPS websites, so if you want to open wss:// connectionsand encrypt your noVNC sessions you need to edit settings.py and set:
NOVNC_USE_TLS = True
Then you will also need signed a certificate for the ‘example.domain.com’ host and place it under twisted-vncauthproxy/keys directory. The paths are currently hardcoded so one needs to install these 2 files (keep the file-names):
twisted_vncauthproxy/keys/vncap.crttwisted_vncauthproxy/keys/vncap.key
IPv6 Warning
Since twisted (at least until version 12) does not support IPv6, make sure the host running twisted-vncauthproxy doesnot advertise any AAAA records, else your clients won’t be able to connect.
3.1.5 Now what?
You are done!!!
If you visit your webserver’s address you should see ganetimgr welcome page
Now it’s time to through the Admin guide to setup your application.
3.1.6 Administration
ganetimgr admin guide
ganeti admin
We create the /var/lib/ganeti/rapi/users at the ganeti master node with:
<user> <pass> write
Login to the ganetimgr platform. From the side menu select Admin
3.1. ganetimgr installation 9
ganetimgr Documentation, Release 1.4.1
Click at the “Admin” link. You should see the admin interface. Now it’s time to add one or more clusters.
Select the “Add” cluster option
edit the details
10 Chapter 3. Installation
ganetimgr Documentation, Release 1.4.1
then add the network
You are done!
3.2 ganetimgr admin guide
3.2.1 ganeti admin
We create the /var/lib/ganeti/rapi/users at the ganeti master node with:
<user> <pass> write
Login to the ganetimgr platform. From the side menu select Admin
Click at the “Admin” link. You should see the admin interface. Now it’s time to add one or more clusters.
3.2. ganetimgr admin guide 11
ganetimgr Documentation, Release 1.4.1
Select the “Add” cluster option
edit the details
then add the network
You are done!
12 Chapter 3. Installation