# Setup for prod

## Build VirtWeb for production
Open a terminal in the root directory of the VirtWeb project, and run the following command:

```bash
make
```

The release file will be available in `virtweb_backend/target/release/virtweb_backend`. 

This is the only artifact that must be copied to the server. It is recommended to copy it to the `/usr/local/bin` directory.

## Install requirements
In order to work properly, VirtWeb relies on `libvirt`, `qemu` and `kvm`:

```bash
sudo apt install qemu-kvm libvirt-daemon-system libvirt0 libvirt-clients libvirt-daemon bridge-utils
```

## Dedicated user
It is recommended to have a dedicated non-root user to run LibVirt:

```bash
sudo adduser --disabled-login virtweb
sudo adduser virtweb libvirt
sudo adduser virtweb kvm
```

When executing this command as this user, it is possible to use the following command:;

```bash
sudo -u virtweb bash
```

## Create Virtweb configuration & storage directory
Inside the newly created user, create an environment file that will contain the configuration of the VirtWeb software:

```bash
sudo touch /home/virtweb/virtweb-env
sudo chmod 600 /home/virtweb/virtweb-env
sudo chown virtweb:virtweb /home/virtweb/virtweb-env

sudo mkdir /home/virtweb/storage
sudo chown virtweb:kvm /home/virtweb/storage

# Fix storage access permission issue
sudo chmod a+rx /home/virtweb
```

Edit the configuration content:

```conf
LISTEN_ADDRESS=0.0.0.0:8000
WEBSITE_ORIGIN=http://localhost:8000
SECRET=<rand>
AUTH_USERNAME=user
AUTH_PASSWORD=changeme
DISABLE_OIDC=true
STORAGE=/home/virtweb/storage
HYPERVISOR_URI=qemu:///system
```

> Note: `HYPERVISOR_URI=qemu:///system` is used to sepcify that we want to use the main hypervisor.

## Register Virtweb service
Before registering service, check that the configuration works correctly:

```bash
sudo -u virtweb virtweb_backend -c /home/virtweb/virtweb-env
```

Create now a service in the file `/etc/systemd/system/virtweb.service`:

```conf
[Unit]
Description=VirtWeb
After=syslog.target
After=network.target

[Service]
RestartSec=2s
Type=simple
User=virtweb
Group=virtweb
WorkingDirectory=/home/virtweb
ExecStart=/usr/local/bin/virtweb_backend -c /home/virtweb/virtweb-env
Restart=always
Environment=USER=virtweb 
HOME=/home/virtweb

[Install]
WantedBy=multi-user.target
```

Enable and start the created service:

```bash
sudo systemctl enable virtweb
sudo systemctl start virtweb
```

You should now be able to create VMs!


## Configure port forwarding
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:

```
net.ipv4.ip_forward=1
```

* To reload `sysctl` without reboot:

```
sudo sysctl -p /etc/sysctl.conf
```

* Configure apparmore service. Create or update a file named `/etc/apparmor.d/local/usr.sbin.libvirtd` with the following content:

```
/usr/local/bin/virtweb_backend ux,
```

* Update Apparmor configuration:

```bash
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd
```

* Create VirtWeb hook. Set the following content inside `/etc/libvirt/hooks/network`:

```bash
#!/bin/bash
NAT_MODE=1 /usr/local/bin/virtweb_backend --storage /home/virtweb/storage --network-name "$1" --operation "$2" --sub-operation "$3"
```

* Make the script executable:

```bash
sudo chmod +x /etc/libvirt/hooks/network
```

* Restart `libvirtd` and `VirtWeb`:

```bash
sudo systemctl restart libvirtd
sudo systemctl restart virtweb
```