VirtWeb/virtweb_docs/SETUP_PROD.md
Pierre HUBERT ba2b3494cf
All checks were successful
continuous-integration/drone/push Build is passing
Fix typo
2024-08-15 12:18:30 +02:00

3.3 KiB

Setup for prod

Build VirtWeb for production

Open a terminal in the root directory of the VirtWeb project, and run the following command:

make

The release file will be available in virtweb_backend/target/release/virtweb_backend.

This is the only artifact that must be copied to the server. It is recommended to copy it to the /usr/local/bin directory.

Install requirements

In order to work properly, VirtWeb relies on libvirt, qemu and kvm:

sudo apt install qemu-kvm libvirt-daemon-system libvirt0 libvirt-clients libvirt-daemon bridge-utils

Dedicated user

It is recommended to have a dedicated non-root user to run LibVirt:

sudo adduser --disabled-login virtweb
sudo adduser virtweb libvirt
sudo adduser virtweb kvm

When executing this command as this user, it is possible to use the following command:;

sudo -u virtweb bash

Create Virtweb configuration & storage directory

Inside the newly created user, create an environment file that will contain the configuration of the VirtWeb software:

sudo touch /home/virtweb/virtweb-env
sudo chmod 600 /home/virtweb/virtweb-env
sudo chown virtweb:virtweb /home/virtweb/virtweb-env

sudo mkdir /home/virtweb/storage
sudo chown virtweb:kvm /home/virtweb/storage

# Fix storage access permission issue
sudo chmod a+rx /home/virtweb

Edit the configuration content:

LISTEN_ADDRESS=0.0.0.0:8000
WEBSITE_ORIGIN=http://localhost:8000
SECRET=<rand>
AUTH_USERNAME=user
AUTH_PASSWORD=changeme
DISABLE_OIDC=true
STORAGE=/home/virtweb/storage
HYPERVISOR_URI=qemu:///system

Note: HYPERVISOR_URI=qemu:///system is used to sepcify that we want to use the main hypervisor.

Register Virtweb service

Before registering service, check that the configuration works correctly:

sudo -u virtweb virtweb_backend -c /home/virtweb/virtweb-env

Create now a service in the file /etc/systemd/system/virtweb.service:

[Unit]
Description=VirtWeb
After=syslog.target
After=network.target

[Service]
RestartSec=2s
Type=simple
User=virtweb
Group=virtweb
WorkingDirectory=/home/virtweb
ExecStart=/usr/local/bin/virtweb_backend -c /home/virtweb/virtweb-env
Restart=always
Environment=USER=virtweb 
HOME=/home/virtweb

[Install]
WantedBy=multi-user.target

Enable and start the created service:

sudo systemctl enable virtweb
sudo systemctl start virtweb

You should now be able to create VMs!

Configure port forwarding

  • Allow ip forwarding in the kernel: edit /etc/sysctl.conf and uncomment the following line:
net.ipv4.ip_forward=1
  • To reload sysctl without reboot:
sudo sysctl -p /etc/sysctl.conf
  • Configure apparmore service. Create or update a file named /etc/apparmor.d/local/usr.sbin.libvirtd with the following content:
/usr/local/bin/virtweb_backend ux,
  • Update Apparmor configuration:
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd
  • Create VirtWeb hook. Set the following content inside /etc/libvirt/hooks/network:
#!/bin/bash
NAT_MODE=1 /usr/local/bin/virtweb_backend --storage /home/virtweb/storage --network-name "$1" --operation "$2" --sub-operation "$3"
  • Make the script executable:
sudo chmod +x /etc/libvirt/hooks/network
  • Restart libvirtd and VirtWeb:
sudo systemctl restart libvirtd
sudo systemctl restart virtweb