pierre/VirtWeb
1
0
Fork 0
Code Issues Pull Requests 5 Packages Projects Releases Wiki Activity

Add deploy prod instructions

Browse Source
This commit is contained in:
Pierre HUBERT 2023-12-20 09:44:54 +01:00
parent aa81c7f979
commit cd55e6867e
3 changed files with 219 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
README.md
View File

@ -1,123 +1,8 @@
# VirtWEB # VirtWEB
WIP project WIP project
## Development requirements ## Setup for dev
1. The `libvirt-dev` package must be installed: Please refer to this guide: [virtweb_docs/SETUP_DEV.md](virtweb_docs/SETUP_DEV.md)
```bash
sudo apt install libvirt-dev
```
2. Libvirt must also be installed:
```bash
sudo apt install qemu-kvm libvirt-daemon-system
```
3. Allow the current user to manage VMs:
```
sudo adduser $USER libvirt
sudo adduser $USER kvm
```
> Note: You will need to login again for this change to take effect.
## Production requirements ## Production requirements
### TODO Please refer to this guide: [virtweb_docs/SETUP_PROD.md](virtweb_docs/SETUP_PROD.md)
TODO
### Manual port forwarding without a LibVirt HOOK
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
```
net.ipv4.ip_forward=1
```
* To reload `sysctl` without reboot:
```
sudo sysctl -p /etc/sysctl.conf
```
* Create the following IPTables rules:
```
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
tr -d ' ')
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
echo "$UP_DEV -> $LOCAL_DEV"
GUEST_IP=192.168.25.189
HOST_PORT=8085
GUEST_PORT=8085
# connections from outside
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
```
* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook.
### Manual port forwarding with a LibVirt HOOK
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
```
net.ipv4.ip_forward=1
```
* To reload `sysctl` without reboot:
```
sudo sysctl -p /etc/sysctl.conf
```
* Get the following information, using the web ui or `virsh`:
* The name of the target guest
* The IP and port of the guest who will receive the connection
* The port of the host that will be forwarded to the guest
* Stop the guest if its running, either using `virsh` or from the web ui
* Create or append the following content to the file `/etc/libvirt/hooks/qemu`:
```bash
#!/bin/bash
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
# In order to create rules to other VMs, just duplicate the below block and configure
# it accordingly.
if [ "${1}" = "VM NAME" ]; then
# Update the following variables to fit your setup
GUEST_IP=
GUEST_PORT=
HOST_PORT=
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
fi
```
* Make the hook executable:
```bash
sudo chmod +x /etc/libvirt/hooks/qemu
```
* Restart the `libvirtd` service:
```bash
sudo systemctl restart libvirtd.service
```
* Start the guest
> Note: this guide is based on https://wiki.libvirt.org/Networking.html

23
virtweb_docs/SETUP_DEV.md Normal file
View File

@ -0,0 +1,23 @@
# Setup for developpment
1. The `libvirt-dev` package must be installed:
```bash
sudo apt install libvirt-dev
```
2. Libvirt must also be installed:
```bash
sudo apt install qemu-kvm libvirt-daemon-system
```
3. Allow the current user to manage VMs:
```
sudo adduser $USER libvirt
sudo adduser $USER kvm
```
> Note: You will need to login again for this change to take effect.
4. Install required developpment tools:
* Rust: https://www.rust-lang.org/learn/get-started
* NodeJS: https://nodejs.org/en/download/current

193
virtweb_docs/SETUP_PROD.md Normal file
View File

@ -0,0 +1,193 @@
# Setup for prod
## Build VirtWeb for production
Open a terminal in the root directory of the VirtWeb project, and run the following command:
```bash
make
```
The release file will be available in `virtweb_backend/target/release/virtweb_backend`.
This is the only artifcat that must be copied to the server. It is recommended to copy it to the `/usr/local/bin` directory.
## Install requirements
In order to work properly, VirtWeb relies on `libvirt`, `qemu` and `kvm`:
```bash
sudo apt install qemu-kvm libvirt-daemon-system libvirt0 libvirt-clients libvirt-daemon bridge-utils
```
## Dedicated user
It is recommended to have a dedicated non-root user to run LibVirt:
```bash
sudo adduser --disabled-login virtweb
sudo adduser virtweb libvirt
sudo adduser virtweb kvm
```
When executing this command as this user, it is possible to use the following command:;
```bash
sudo -u virtweb bash
```
## Create Virtweb configuration & storage directory
Inside the newly created user, create an environment file that will contain the configuration of the VirtWeb software:
```bash
sudo touch /home/virtweb/virtweb-env
sudo chmod 600 /home/virtweb/virtweb-env
sudo chown virtweb:virtweb /home/virtweb/virtweb-env
sudo mkdir /home/virtweb/storage
sudo chown virtweb:kvm /home/virtweb/storage
```
Edit the configuration content:
```conf
LISTEN_ADDRESS=0.0.0.0:8000
WEBSITE_ORIGIN=http://localhost:8000
SECRET=<rand>
AUTH_USERNAME=user
AUTH_PASSWORD=changeme
DISABLE_OIDC=true
STORAGE=/home/virtweb/storage
```
## Register Virtweb service
Before registering service, check that the configuration works correctly:
```bash
sudo -u virtweb virtweb_backend -c /home/virtweb/virtweb-env
```
Create now a service in the file `/etc/systemd/system/virtweb.service`:
```conf
[Unit]
Description=VirtWeb
After=syslog.target
After=network.target
[Service]
RestartSec=2s
Type=simple
User=virtweb
Group=virtweb
WorkingDirectory=/home/virtweb
ExecStart=/usr/local/bin/virtweb_backend -c /home/virtweb/virtweb-env
Restart=always
Environment=USER=virtweb
HOME=/home/virtweb
[Install]
WantedBy=multi-user.target
```
Enable and start the created service:
```bash
sudo systemctl enable virtweb
sudo systemctl start virtweb
```
You should now be able to create VMs!
### Manual port forwarding without a LibVirt HOOK
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
```
net.ipv4.ip_forward=1
```
* To reload `sysctl` without reboot:
```
sudo sysctl -p /etc/sysctl.conf
```
* Create the following IPTables rules:
```
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
tr -d ' ')
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
echo "$UP_DEV -> $LOCAL_DEV"
GUEST_IP=192.168.25.189
HOST_PORT=8085
GUEST_PORT=8085
# connections from outside
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
```
* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook.
### Manual port forwarding with a LibVirt HOOK
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
```
net.ipv4.ip_forward=1
```
* To reload `sysctl` without reboot:
```
sudo sysctl -p /etc/sysctl.conf
```
* Get the following information, using the web ui or `virsh`:
* The name of the target guest
* The IP and port of the guest who will receive the connection
* The port of the host that will be forwarded to the guest
* Stop the guest if its running, either using `virsh` or from the web ui
* Create or append the following content to the file `/etc/libvirt/hooks/qemu`:
```bash
#!/bin/bash
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
# In order to create rules to other VMs, just duplicate the below block and configure
# it accordingly.
if [ "${1}" = "VM NAME" ]; then
# Update the following variables to fit your setup
GUEST_IP=
GUEST_PORT=
HOST_PORT=
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
fi
```
* Make the hook executable:
```bash
sudo chmod +x /etc/libvirt/hooks/qemu
```
* Restart the `libvirtd` service:
```bash
sudo systemctl restart libvirtd.service
```
* Start the guest
> Note: this guide is based on https://wiki.libvirt.org/Networking.html