Pierre HUBERT
ba2b3494cf
All checks were successful
continuous-integration/drone/push Build is passing
149 lines
3.3 KiB
Markdown
149 lines
3.3 KiB
Markdown
# Setup for prod
|
|
|
|
## Build VirtWeb for production
|
|
Open a terminal in the root directory of the VirtWeb project, and run the following command:
|
|
|
|
```bash
|
|
make
|
|
```
|
|
|
|
The release file will be available in `virtweb_backend/target/release/virtweb_backend`.
|
|
|
|
This is the only artifact that must be copied to the server. It is recommended to copy it to the `/usr/local/bin` directory.
|
|
|
|
## Install requirements
|
|
In order to work properly, VirtWeb relies on `libvirt`, `qemu` and `kvm`:
|
|
|
|
```bash
|
|
sudo apt install qemu-kvm libvirt-daemon-system libvirt0 libvirt-clients libvirt-daemon bridge-utils
|
|
```
|
|
|
|
## Dedicated user
|
|
It is recommended to have a dedicated non-root user to run LibVirt:
|
|
|
|
```bash
|
|
sudo adduser --disabled-login virtweb
|
|
sudo adduser virtweb libvirt
|
|
sudo adduser virtweb kvm
|
|
```
|
|
|
|
When executing this command as this user, it is possible to use the following command:;
|
|
|
|
```bash
|
|
sudo -u virtweb bash
|
|
```
|
|
|
|
## Create Virtweb configuration & storage directory
|
|
Inside the newly created user, create an environment file that will contain the configuration of the VirtWeb software:
|
|
|
|
```bash
|
|
sudo touch /home/virtweb/virtweb-env
|
|
sudo chmod 600 /home/virtweb/virtweb-env
|
|
sudo chown virtweb:virtweb /home/virtweb/virtweb-env
|
|
|
|
sudo mkdir /home/virtweb/storage
|
|
sudo chown virtweb:kvm /home/virtweb/storage
|
|
|
|
# Fix storage access permission issue
|
|
sudo chmod a+rx /home/virtweb
|
|
```
|
|
|
|
Edit the configuration content:
|
|
|
|
```conf
|
|
LISTEN_ADDRESS=0.0.0.0:8000
|
|
WEBSITE_ORIGIN=http://localhost:8000
|
|
SECRET=<rand>
|
|
AUTH_USERNAME=user
|
|
AUTH_PASSWORD=changeme
|
|
DISABLE_OIDC=true
|
|
STORAGE=/home/virtweb/storage
|
|
HYPERVISOR_URI=qemu:///system
|
|
```
|
|
|
|
> Note: `HYPERVISOR_URI=qemu:///system` is used to sepcify that we want to use the main hypervisor.
|
|
|
|
## Register Virtweb service
|
|
Before registering service, check that the configuration works correctly:
|
|
|
|
```bash
|
|
sudo -u virtweb virtweb_backend -c /home/virtweb/virtweb-env
|
|
```
|
|
|
|
Create now a service in the file `/etc/systemd/system/virtweb.service`:
|
|
|
|
```conf
|
|
[Unit]
|
|
Description=VirtWeb
|
|
After=syslog.target
|
|
After=network.target
|
|
|
|
[Service]
|
|
RestartSec=2s
|
|
Type=simple
|
|
User=virtweb
|
|
Group=virtweb
|
|
WorkingDirectory=/home/virtweb
|
|
ExecStart=/usr/local/bin/virtweb_backend -c /home/virtweb/virtweb-env
|
|
Restart=always
|
|
Environment=USER=virtweb
|
|
HOME=/home/virtweb
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
|
|
Enable and start the created service:
|
|
|
|
```bash
|
|
sudo systemctl enable virtweb
|
|
sudo systemctl start virtweb
|
|
```
|
|
|
|
You should now be able to create VMs!
|
|
|
|
|
|
## Configure port forwarding
|
|
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
|
|
|
```
|
|
net.ipv4.ip_forward=1
|
|
```
|
|
|
|
* To reload `sysctl` without reboot:
|
|
|
|
```
|
|
sudo sysctl -p /etc/sysctl.conf
|
|
```
|
|
|
|
* Configure apparmore service. Create or update a file named `/etc/apparmor.d/local/usr.sbin.libvirtd` with the following content:
|
|
|
|
```
|
|
/usr/local/bin/virtweb_backend ux,
|
|
```
|
|
|
|
* Update Apparmor configuration:
|
|
|
|
```bash
|
|
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd
|
|
```
|
|
|
|
* Create VirtWeb hook. Set the following content inside `/etc/libvirt/hooks/network`:
|
|
|
|
```bash
|
|
#!/bin/bash
|
|
NAT_MODE=1 /usr/local/bin/virtweb_backend --storage /home/virtweb/storage --network-name "$1" --operation "$2" --sub-operation "$3"
|
|
```
|
|
|
|
* Make the script executable:
|
|
|
|
```bash
|
|
sudo chmod +x /etc/libvirt/hooks/network
|
|
```
|
|
|
|
* Restart `libvirtd` and `VirtWeb`:
|
|
|
|
```bash
|
|
sudo systemctl restart libvirtd
|
|
sudo systemctl restart virtweb
|
|
``` |