# Setup for prod ## Build VirtWeb for production Open a terminal in the root directory of the VirtWeb project, and run the following command: ```bash make ``` The release file will be available in `virtweb_backend/target/release/virtweb_backend`. This is the only artifact that must be copied to the server. It is recommended to copy it to the `/usr/local/bin` directory. ## Install requirements In order to work properly, VirtWeb relies on `libvirt`, `qemu` and `kvm`: ```bash sudo apt install qemu-kvm libvirt-daemon-system libvirt0 libvirt-clients libvirt-daemon bridge-utils ``` ## Dedicated user It is recommended to have a dedicated non-root user to run LibVirt: ```bash sudo adduser --disabled-login virtweb sudo adduser virtweb libvirt sudo adduser virtweb kvm ``` When executing this command as this user, it is possible to use the following command:; ```bash sudo -u virtweb bash ``` ## Create Virtweb configuration & storage directory Inside the newly created user, create an environment file that will contain the configuration of the VirtWeb software: ```bash sudo touch /home/virtweb/virtweb-env sudo chmod 600 /home/virtweb/virtweb-env sudo chown virtweb:virtweb /home/virtweb/virtweb-env sudo mkdir /home/virtweb/storage sudo chown virtweb:kvm /home/virtweb/storage # Fix storage access permission issue sudo chmod a+rx /home/virtweb ``` Edit the configuration content: ```conf LISTEN_ADDRESS=0.0.0.0:8000 WEBSITE_ORIGIN=http://localhost:8000 SECRET= AUTH_USERNAME=user AUTH_PASSWORD=changeme DISABLE_OIDC=true STORAGE=/home/virtweb/storage HYPERVISOR_URI=qemu:///system ``` > Note: `HYPERVISOR_URI=qemu:///system` is used to sepcify that we want to use the main hypervisor. ## Register Virtweb service Before registering service, check that the configuration works correctly: ```bash sudo -u virtweb virtweb_backend -c /home/virtweb/virtweb-env ``` Create now a service in the file `/etc/systemd/system/virtweb.service`: ```conf [Unit] Description=VirtWeb After=syslog.target After=network.target [Service] RestartSec=2s Type=simple User=virtweb Group=virtweb WorkingDirectory=/home/virtweb ExecStart=/usr/local/bin/virtweb_backend -c /home/virtweb/virtweb-env Restart=always Environment=USER=virtweb HOME=/home/virtweb [Install] WantedBy=multi-user.target ``` Enable and start the created service: ```bash sudo systemctl enable virtweb sudo systemctl start virtweb ``` You should now be able to create VMs! ## Configure port forwarding * Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line: ``` net.ipv4.ip_forward=1 ``` * To reload `sysctl` without reboot: ``` sudo sysctl -p /etc/sysctl.conf ``` * Configure apparmore service. Create or update a file named `/etc/apparmor.d/local/usr.sbin.libvirtd` with the following content: ``` /usr/local/bin/virtweb_backend ux, ``` * Update Apparmor configuration: ```bash sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd ``` * Create VirtWeb hook. Set the following content inside `/etc/libvirt/hooks/network`: ```bash #!/bin/bash NAT_MODE=1 /usr/local/bin/virtweb_backend --storage /home/virtweb/storage --network-name "$1" --operation "$2" --sub-operation "$3" ``` * Make the script executable: ```bash sudo chmod +x /etc/libvirt/hooks/network ``` * Restart `libvirtd` and `VirtWeb`: ```bash sudo systemctl restart libvirtd sudo systemctl restart virtweb ```