ganetimgr DocumentationRelease 1.4.1

GRNET NOC, GRNET S.A

May 23, 2014

Contents

1 What is ganetimgr? 1

2 Compatibility 3

3 Installation 53.1 ganetimgr installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53.2 ganetimgr admin guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

i

ii

CHAPTER 1

What is ganetimgr?

ganetimgr is a web platform that eases the provisioning of virtual machines over miltiple ganeti clusters. In essence,ganetimgr aims to be the frontend of a VPS service. A simplified architecture of ganetimgr is depicted here:

+------------------------+ +---------------+| | | || | +-----+ ganeti cluster|| Django | | | || | | +---------------+| | | ...+------------------------+ | ...| gevent watcher | | ...| | | +---------------++------------------------+ | | || Caching |ganeti REST +-----+ + ganeti cluster|| |API client +-----------+ |+-----------+------------+ +---------------+

1

ganetimgr Documentation, Release 1.4.1

2 Chapter 1. What is ganetimgr?

CHAPTER 2

Compatibility

ganetimgr has been tested with ganeti versions 2.4-2.9. Unless something really big has changed with the ganeti RESTAPI client, ganetimgr should be able to interoperate with later versions.

3

ganetimgr Documentation, Release 1.4.1

4 Chapter 2. Compatibility

CHAPTER 3

Installation

You can go through the installation at the Install ganetimgr section.

3.1 ganetimgr installation

Note: This guide assumes a clean debian wheezy (stable) installation

Attention: If updating from a squeeze installation, pay attention to changes in setting.py

3.1.1 Install packages

Update and install the required packages (you will be asked for a mysql username and password):

apt-get updateapt-get upgradeapt-get install git nginx mysql-server python-mysqldb python-django python-redis python-django-south python-django-registration python-paramiko python-simplejson python-daemon python-setproctitle python-pycurl python-recaptcha python-ipaddr beanstalkdapt-get install redis-serverapt-get install gunicorn python-gevent

3.1.2 Database Setup

Login to the mysql interface:

mysql -u <your username> -p

Create database and user:

mysql> CREATE DATABASE ganetimgr CHARACTER SET utf8;mysql> CREATE USER ’ganetimgr’@’localhost’ IDENTIFIED BY ’12345’;mysql> GRANT ALL PRIVILEGES ON ganetimgr.* TO ’ganetimgr’;mysql> flush privileges;

Excellent!

5

ganetimgr Documentation, Release 1.4.1

3.1.3 Pre-Setup

Get the source and checkout to latest stable:

mkdir /srv/www/cd /srv/www/git clone https://code.grnet.gr/git/ganetimgrcd ganetimgrgit checkout stable

Create a settings file for the django application:

cp settings.py.dist settings.pycp urls.py.dist urls.py

Edit the settings.py file and change the django database config to match your setup. Pay attention to the following:

Change STATIC_URL to the url serving your static files, eg. STATIC_URL = ’https://example.com/static’and STATIC_ROOT to STATIC_ROOT = ’/srv/www/ganetimgr/static/’TEMPLATE_DIRS to TEMPLATE_DIRS = (

’/srv/www/ganetimgr/templates’,)

Then set your cache backend:

CACHE_BACKEND to CACHE_BACKEND = "redis_cache.cache://127.0.0.1:6379/?timeout=1500"

Set your supported operating systems via the corresponding OPERATING_SYSTEMS dict-of-dicts variable.

Set your re-CAPTCHA keys. Generate a key pair here: http://www.google.com/recaptcha

RECAPTCHA_PUBLIC_KEY = ’<key>’RECAPTCHA_PRIVATE_KEY = ’<key>’

to match your API key.

If desired, enable LDAP authentication via the AUTH_LDAP_* variables.

If you deploy a servermon instance (https://github.com/servermon/servermon) that generates statistics for your clusternodes instances, enter its url at:

SERVER_MONITORING_URL

to link a node with its servermon page.

If you deploy a Jira installation then you can append a tab on the left of ganetimgr web interface via an issue collectionplugin that can be setup via:

HELPDESK_INTEGRATION_JAVASCRIPT_URLHELPDESK_INTEGRATION_JAVASCRIPT_PARAMS

If you want to embed collectd statistics in ganetimgr instance page fill the:

COLLECTD_URL

You can limit the whitelisted subnets (in case of isolated instances) available via:

WHITELIST_IP_MAX_SUBNET_V4WHITELIST_IP_MAX_SUBNET_V6

parameters

If you want to keep your users updated with the latest news around the service, fill in an RSS feed url at:

6 Chapter 3. Installation

ganetimgr Documentation, Release 1.4.1

FEED_URL

You can change the logo, motto and some footer details via the:

BRANDING

dictionary. You can create your own logo starting with the static/branding/logo.* files.

3.1.4 Software Setup

Attention: When running the syncdb command that follows DO NOT create a superuser yet!

Run the following commands to create the database entries:

python manage.py syncdbpython manage.py migrate

and the superuser:

python manage.py createsuperuser

Attention: If installing for the first time and want to have analytics, alter the templates/analytics.html file. Setyour prefered (we suggest piwik) analytics inclussion script or leave the file as is (commented) if no analytics isdesired/available.

To get the admin interface files, invoke collectstatic:

python manage.py collectstatic

Ganetimgr provides 3 flatpages - Service Info, Terms of Service and FAQ. Flatpages can be enabled or disabled viathe:

FLATPAGES

dictionary.

We provide 6 flatpages placeholders (3 flatpages x 2 languages - English and Greek) for the flatpages mentioned. Byinvoking the command:

python manage.py loaddata flatpages.json

the flatpages placeholders are inserted in the database and become available for editing via the admin interface (FlatPages).

Run the watcher.py:

mkdir /var/log/ganetimgr./watcher.py

Edit /etc/gunicorn.d/ganetimgr:

CONFIG = {’mode’: ’django’,’working_dir’: ’/srv/www/ganetimgr’,’user’: ’www-data’,’group’: ’www-data’,’args’: (

’--bind=127.0.0.1:8088’,

3.1. ganetimgr installation 7

ganetimgr Documentation, Release 1.4.1

’--workers=2’,’--worker-class=egg:gunicorn#gevent’,’--timeout=30’,’--debug’,’--log-level=debug’,’--log-file=/var/log/ganetimgr.log’,

),}

Add to your nginx config:

location /static {root /srv/www/ganetimgr;

}

location / {proxy_pass http://127.0.0.1:8088;

}

location /admin {proxy_pass http://127.0.0.1:8088;

}

Restart nginx and gunicorn:

service nginx restartservice gunicorn restart

Analytics Setup

If installing for the first time do not forget to alter templates/analytics.html to suit your needs.

If you do not wish to use analytics, leave this file intact (it is commented with Django template comments).

Set your preferred (we use piwik) analytics inclusion script in templates/analytics.html. Eg:

<!-- Piwik --><script type="text/javascript">

var _paq = _paq || [];_paq.push([’trackPageView’]);_paq.push([’enableLinkTracking’]);(function() {var u=(("https:" == document.location.protocol) ? "https" : "http") + "://piwik.example.com//";_paq.push([’setTrackerUrl’, u+’piwik.php’]);_paq.push([’setSiteId’, 1]);var d=document, g=d.createElement(’script’), s=d.getElementsByTagName(’script’)[0]; g.type=’text/javascript’;g.defer=true; g.async=true; g.src=u+’piwik.js’; s.parentNode.insertBefore(g,s);

})();</script><noscript><p><img src="http://piwik.example.com/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript><!-- End Piwik Code -->

WebSockets

To enable WebSocket support you will need to install VNCAuthProxy following the guidesof OSL: https://github.com/osuosl/twisted_vncauthproxy and https://code.osuosl.org/projects/ganeti-webmgr/wiki/VNC#VNC-AuthProxy

8 Chapter 3. Installation

ganetimgr Documentation, Release 1.4.1

You will also need at least the following packages: python-twisted, python-openssl

Start your twisted-vncauthproxy with:

twistd --pidfile=/tmp/proxy.pid -n vncap -c tcp:8888:interface=0.0.0.0

Make sure your setup fullfils all the required firewall rules (https://code.osuosl.org/projects/ganeti-webmgr/wiki/VNC#Firewall-Rules)

The relevant options in settings.py are:

WEBSOCK_VNC_ENABLED = TrueNOVNC_PROXY = "example.domain.com:8888"

Modern browsers block ws:// connections initiated from HTTPS websites, so if you want to open wss:// connectionsand encrypt your noVNC sessions you need to edit settings.py and set:

NOVNC_USE_TLS = True

Then you will also need signed a certificate for the ‘example.domain.com’ host and place it under twisted-vncauthproxy/keys directory. The paths are currently hardcoded so one needs to install these 2 files (keep the file-names):

twisted_vncauthproxy/keys/vncap.crttwisted_vncauthproxy/keys/vncap.key

IPv6 Warning

Since twisted (at least until version 12) does not support IPv6, make sure the host running twisted-vncauthproxy doesnot advertise any AAAA records, else your clients won’t be able to connect.

3.1.5 Now what?

You are done!!!

If you visit your webserver’s address you should see ganetimgr welcome page

Now it’s time to through the Admin guide to setup your application.

3.1.6 Administration

ganetimgr admin guide

ganeti admin

We create the /var/lib/ganeti/rapi/users at the ganeti master node with:

<user> <pass> write

Login to the ganetimgr platform. From the side menu select Admin

3.1. ganetimgr installation 9

ganetimgr Documentation, Release 1.4.1

Click at the “Admin” link. You should see the admin interface. Now it’s time to add one or more clusters.

Select the “Add” cluster option

edit the details

10 Chapter 3. Installation

ganetimgr Documentation, Release 1.4.1

then add the network

You are done!

3.2 ganetimgr admin guide

3.2.1 ganeti admin

We create the /var/lib/ganeti/rapi/users at the ganeti master node with:

<user> <pass> write

Login to the ganetimgr platform. From the side menu select Admin

Click at the “Admin” link. You should see the admin interface. Now it’s time to add one or more clusters.

3.2. ganetimgr admin guide 11

ganetimgr Documentation, Release 1.4.1

Select the “Add” cluster option

edit the details

then add the network

You are done!

12 Chapter 3. Installation