Add deploy prod instructions
This commit is contained in:
parent
aa81c7f979
commit
cd55e6867e
121
README.md
121
README.md
@ -1,123 +1,8 @@
|
|||||||
# VirtWEB
|
# VirtWEB
|
||||||
WIP project
|
WIP project
|
||||||
|
|
||||||
## Development requirements
|
## Setup for dev
|
||||||
1. The `libvirt-dev` package must be installed:
|
Please refer to this guide: [virtweb_docs/SETUP_DEV.md](virtweb_docs/SETUP_DEV.md)
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo apt install libvirt-dev
|
|
||||||
```
|
|
||||||
|
|
||||||
2. Libvirt must also be installed:
|
|
||||||
```bash
|
|
||||||
sudo apt install qemu-kvm libvirt-daemon-system
|
|
||||||
```
|
|
||||||
|
|
||||||
3. Allow the current user to manage VMs:
|
|
||||||
```
|
|
||||||
sudo adduser $USER libvirt
|
|
||||||
sudo adduser $USER kvm
|
|
||||||
```
|
|
||||||
|
|
||||||
> Note: You will need to login again for this change to take effect.
|
|
||||||
|
|
||||||
|
|
||||||
## Production requirements
|
## Production requirements
|
||||||
### TODO
|
Please refer to this guide: [virtweb_docs/SETUP_PROD.md](virtweb_docs/SETUP_PROD.md)
|
||||||
TODO
|
|
||||||
|
|
||||||
### Manual port forwarding without a LibVirt HOOK
|
|
||||||
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
|
||||||
|
|
||||||
```
|
|
||||||
net.ipv4.ip_forward=1
|
|
||||||
```
|
|
||||||
|
|
||||||
* To reload `sysctl` without reboot:
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo sysctl -p /etc/sysctl.conf
|
|
||||||
```
|
|
||||||
|
|
||||||
* Create the following IPTables rules:
|
|
||||||
|
|
||||||
```
|
|
||||||
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
|
|
||||||
tr -d ' ')
|
|
||||||
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
|
|
||||||
echo "$UP_DEV -> $LOCAL_DEV"
|
|
||||||
|
|
||||||
GUEST_IP=192.168.25.189
|
|
||||||
HOST_PORT=8085
|
|
||||||
GUEST_PORT=8085
|
|
||||||
|
|
||||||
# connections from outside
|
|
||||||
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
|
||||||
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
|
||||||
```
|
|
||||||
|
|
||||||
* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook.
|
|
||||||
|
|
||||||
|
|
||||||
### Manual port forwarding with a LibVirt HOOK
|
|
||||||
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
|
||||||
|
|
||||||
```
|
|
||||||
net.ipv4.ip_forward=1
|
|
||||||
```
|
|
||||||
|
|
||||||
* To reload `sysctl` without reboot:
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo sysctl -p /etc/sysctl.conf
|
|
||||||
```
|
|
||||||
|
|
||||||
* Get the following information, using the web ui or `virsh`:
|
|
||||||
* The name of the target guest
|
|
||||||
* The IP and port of the guest who will receive the connection
|
|
||||||
* The port of the host that will be forwarded to the guest
|
|
||||||
|
|
||||||
* Stop the guest if its running, either using `virsh` or from the web ui
|
|
||||||
|
|
||||||
* Create or append the following content to the file `/etc/libvirt/hooks/qemu`:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
|
|
||||||
# In order to create rules to other VMs, just duplicate the below block and configure
|
|
||||||
# it accordingly.
|
|
||||||
if [ "${1}" = "VM NAME" ]; then
|
|
||||||
|
|
||||||
# Update the following variables to fit your setup
|
|
||||||
GUEST_IP=
|
|
||||||
GUEST_PORT=
|
|
||||||
HOST_PORT=
|
|
||||||
|
|
||||||
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
|
|
||||||
/sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
|
||||||
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
|
||||||
fi
|
|
||||||
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
|
|
||||||
/sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
|
||||||
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
```
|
|
||||||
|
|
||||||
* Make the hook executable:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo chmod +x /etc/libvirt/hooks/qemu
|
|
||||||
```
|
|
||||||
|
|
||||||
* Restart the `libvirtd` service:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo systemctl restart libvirtd.service
|
|
||||||
```
|
|
||||||
|
|
||||||
* Start the guest
|
|
||||||
|
|
||||||
|
|
||||||
> Note: this guide is based on https://wiki.libvirt.org/Networking.html
|
|
23
virtweb_docs/SETUP_DEV.md
Normal file
23
virtweb_docs/SETUP_DEV.md
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Setup for developpment
|
||||||
|
1. The `libvirt-dev` package must be installed:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt install libvirt-dev
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Libvirt must also be installed:
|
||||||
|
```bash
|
||||||
|
sudo apt install qemu-kvm libvirt-daemon-system
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Allow the current user to manage VMs:
|
||||||
|
```
|
||||||
|
sudo adduser $USER libvirt
|
||||||
|
sudo adduser $USER kvm
|
||||||
|
```
|
||||||
|
|
||||||
|
> Note: You will need to login again for this change to take effect.
|
||||||
|
|
||||||
|
4. Install required developpment tools:
|
||||||
|
* Rust: https://www.rust-lang.org/learn/get-started
|
||||||
|
* NodeJS: https://nodejs.org/en/download/current
|
193
virtweb_docs/SETUP_PROD.md
Normal file
193
virtweb_docs/SETUP_PROD.md
Normal file
@ -0,0 +1,193 @@
|
|||||||
|
# Setup for prod
|
||||||
|
|
||||||
|
## Build VirtWeb for production
|
||||||
|
Open a terminal in the root directory of the VirtWeb project, and run the following command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
make
|
||||||
|
```
|
||||||
|
|
||||||
|
The release file will be available in `virtweb_backend/target/release/virtweb_backend`.
|
||||||
|
|
||||||
|
This is the only artifcat that must be copied to the server. It is recommended to copy it to the `/usr/local/bin` directory.
|
||||||
|
|
||||||
|
## Install requirements
|
||||||
|
In order to work properly, VirtWeb relies on `libvirt`, `qemu` and `kvm`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt install qemu-kvm libvirt-daemon-system libvirt0 libvirt-clients libvirt-daemon bridge-utils
|
||||||
|
```
|
||||||
|
|
||||||
|
## Dedicated user
|
||||||
|
It is recommended to have a dedicated non-root user to run LibVirt:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo adduser --disabled-login virtweb
|
||||||
|
sudo adduser virtweb libvirt
|
||||||
|
sudo adduser virtweb kvm
|
||||||
|
```
|
||||||
|
|
||||||
|
When executing this command as this user, it is possible to use the following command:;
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u virtweb bash
|
||||||
|
```
|
||||||
|
|
||||||
|
## Create Virtweb configuration & storage directory
|
||||||
|
Inside the newly created user, create an environment file that will contain the configuration of the VirtWeb software:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo touch /home/virtweb/virtweb-env
|
||||||
|
sudo chmod 600 /home/virtweb/virtweb-env
|
||||||
|
sudo chown virtweb:virtweb /home/virtweb/virtweb-env
|
||||||
|
|
||||||
|
sudo mkdir /home/virtweb/storage
|
||||||
|
sudo chown virtweb:kvm /home/virtweb/storage
|
||||||
|
```
|
||||||
|
|
||||||
|
Edit the configuration content:
|
||||||
|
|
||||||
|
```conf
|
||||||
|
LISTEN_ADDRESS=0.0.0.0:8000
|
||||||
|
WEBSITE_ORIGIN=http://localhost:8000
|
||||||
|
SECRET=<rand>
|
||||||
|
AUTH_USERNAME=user
|
||||||
|
AUTH_PASSWORD=changeme
|
||||||
|
DISABLE_OIDC=true
|
||||||
|
STORAGE=/home/virtweb/storage
|
||||||
|
```
|
||||||
|
|
||||||
|
## Register Virtweb service
|
||||||
|
Before registering service, check that the configuration works correctly:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u virtweb virtweb_backend -c /home/virtweb/virtweb-env
|
||||||
|
```
|
||||||
|
|
||||||
|
Create now a service in the file `/etc/systemd/system/virtweb.service`:
|
||||||
|
|
||||||
|
```conf
|
||||||
|
[Unit]
|
||||||
|
Description=VirtWeb
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
RestartSec=2s
|
||||||
|
Type=simple
|
||||||
|
User=virtweb
|
||||||
|
Group=virtweb
|
||||||
|
WorkingDirectory=/home/virtweb
|
||||||
|
ExecStart=/usr/local/bin/virtweb_backend -c /home/virtweb/virtweb-env
|
||||||
|
Restart=always
|
||||||
|
Environment=USER=virtweb
|
||||||
|
HOME=/home/virtweb
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
|
||||||
|
Enable and start the created service:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl enable virtweb
|
||||||
|
sudo systemctl start virtweb
|
||||||
|
```
|
||||||
|
|
||||||
|
You should now be able to create VMs!
|
||||||
|
|
||||||
|
### Manual port forwarding without a LibVirt HOOK
|
||||||
|
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
||||||
|
|
||||||
|
```
|
||||||
|
net.ipv4.ip_forward=1
|
||||||
|
```
|
||||||
|
|
||||||
|
* To reload `sysctl` without reboot:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo sysctl -p /etc/sysctl.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
* Create the following IPTables rules:
|
||||||
|
|
||||||
|
```
|
||||||
|
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
|
||||||
|
tr -d ' ')
|
||||||
|
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
|
||||||
|
echo "$UP_DEV -> $LOCAL_DEV"
|
||||||
|
|
||||||
|
GUEST_IP=192.168.25.189
|
||||||
|
HOST_PORT=8085
|
||||||
|
GUEST_PORT=8085
|
||||||
|
|
||||||
|
# connections from outside
|
||||||
|
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
||||||
|
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
||||||
|
```
|
||||||
|
|
||||||
|
* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook.
|
||||||
|
|
||||||
|
|
||||||
|
### Manual port forwarding with a LibVirt HOOK
|
||||||
|
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
||||||
|
|
||||||
|
```
|
||||||
|
net.ipv4.ip_forward=1
|
||||||
|
```
|
||||||
|
|
||||||
|
* To reload `sysctl` without reboot:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo sysctl -p /etc/sysctl.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
* Get the following information, using the web ui or `virsh`:
|
||||||
|
* The name of the target guest
|
||||||
|
* The IP and port of the guest who will receive the connection
|
||||||
|
* The port of the host that will be forwarded to the guest
|
||||||
|
|
||||||
|
* Stop the guest if its running, either using `virsh` or from the web ui
|
||||||
|
|
||||||
|
* Create or append the following content to the file `/etc/libvirt/hooks/qemu`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
|
||||||
|
# In order to create rules to other VMs, just duplicate the below block and configure
|
||||||
|
# it accordingly.
|
||||||
|
if [ "${1}" = "VM NAME" ]; then
|
||||||
|
|
||||||
|
# Update the following variables to fit your setup
|
||||||
|
GUEST_IP=
|
||||||
|
GUEST_PORT=
|
||||||
|
HOST_PORT=
|
||||||
|
|
||||||
|
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
|
||||||
|
/sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
||||||
|
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
||||||
|
fi
|
||||||
|
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
|
||||||
|
/sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
||||||
|
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
```
|
||||||
|
|
||||||
|
* Make the hook executable:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo chmod +x /etc/libvirt/hooks/qemu
|
||||||
|
```
|
||||||
|
|
||||||
|
* Restart the `libvirtd` service:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl restart libvirtd.service
|
||||||
|
```
|
||||||
|
|
||||||
|
* Start the guest
|
||||||
|
|
||||||
|
|
||||||
|
> Note: this guide is based on https://wiki.libvirt.org/Networking.html
|
Loading…
Reference in New Issue
Block a user