pierre/VirtWeb
1
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity
f82925dbcb
VirtWeb/virtweb_docs/SETUP_PROD.md

4.9 KiB
Raw Blame History

Setup for prod

Build VirtWeb for production

Open a terminal in the root directory of the VirtWeb project, and run the following command:

make

The release file will be available in virtweb_backend/target/release/virtweb_backend.

This is the only artifcat that must be copied to the server. It is recommended to copy it to the /usr/local/bin directory.

Install requirements

In order to work properly, VirtWeb relies on libvirt, qemu and kvm:

sudo apt install qemu-kvm libvirt-daemon-system libvirt0 libvirt-clients libvirt-daemon bridge-utils

Dedicated user

It is recommended to have a dedicated non-root user to run LibVirt:

sudo adduser --disabled-login virtweb
sudo adduser virtweb libvirt
sudo adduser virtweb kvm

When executing this command as this user, it is possible to use the following command:;

sudo -u virtweb bash

Create Virtweb configuration & storage directory

Inside the newly created user, create an environment file that will contain the configuration of the VirtWeb software:

sudo touch /home/virtweb/virtweb-env
sudo chmod 600 /home/virtweb/virtweb-env
sudo chown virtweb:virtweb /home/virtweb/virtweb-env

sudo mkdir /home/virtweb/storage
sudo chown virtweb:kvm /home/virtweb/storage

# Fix storage access permission issue
sudo chmod a+rx /home/virtweb

Edit the configuration content:

LISTEN_ADDRESS=0.0.0.0:8000
WEBSITE_ORIGIN=http://localhost:8000
SECRET=<rand>
AUTH_USERNAME=user
AUTH_PASSWORD=changeme
DISABLE_OIDC=true
STORAGE=/home/virtweb/storage
HYPERVISOR_URI=qemu:///system

Note: HYPERVISOR_URI=qemu:///system is used to sepcify that we want to use the main hypervisor.

Register Virtweb service

Before registering service, check that the configuration works correctly:

sudo -u virtweb virtweb_backend -c /home/virtweb/virtweb-env

Create now a service in the file /etc/systemd/system/virtweb.service:

[Unit]
Description=VirtWeb
After=syslog.target
After=network.target

[Service]
RestartSec=2s
Type=simple
User=virtweb
Group=virtweb
WorkingDirectory=/home/virtweb
ExecStart=/usr/local/bin/virtweb_backend -c /home/virtweb/virtweb-env
Restart=always
Environment=USER=virtweb 
HOME=/home/virtweb

[Install]
WantedBy=multi-user.target

Enable and start the created service:

sudo systemctl enable virtweb
sudo systemctl start virtweb

You should now be able to create VMs!

Manual port forwarding without a LibVirt HOOK

  • Allow ip forwarding in the kernel: edit /etc/sysctl.conf and uncomment the following line:
net.ipv4.ip_forward=1
  • To reload sysctl without reboot:
sudo sysctl -p /etc/sysctl.conf
  • Create the following IPTables rules:
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
 tr -d ' ')
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
echo "$UP_DEV -> $LOCAL_DEV"

GUEST_IP=192.168.25.189
HOST_PORT=8085
GUEST_PORT=8085

# connections from outside
sudo iptables -I FORWARD -o $LOCAL_DEV -d  $GUEST_IP -j ACCEPT
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
  • Theses rules can be persisted using iptables-save then, or using a libvirt hook.

Manual port forwarding with a LibVirt HOOK

  • Allow ip forwarding in the kernel: edit /etc/sysctl.conf and uncomment the following line:
net.ipv4.ip_forward=1
  • To reload sysctl without reboot:
sudo sysctl -p /etc/sysctl.conf

  • Get the following information, using the web ui or virsh:

    • The name of the target guest
    • The IP and port of the guest who will receive the connection
    • The port of the host that will be forwarded to the guest

  • Stop the guest if its running, either using virsh or from the web ui

  • Create or append the following content to the file /etc/libvirt/hooks/qemu:

#!/bin/bash

# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
# In order to create rules to other VMs, just duplicate the below block and configure
# it accordingly.
if [ "${1}" = "VM NAME" ]; then

 # Update the following variables to fit your setup
 GUEST_IP=
 GUEST_PORT=
 HOST_PORT=

 if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
  /sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
  /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
 fi
 if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
  /sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
  /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
 fi
fi
  • Make the hook executable:
sudo chmod +x /etc/libvirt/hooks/qemu
  • Restart the libvirtd service:
sudo systemctl restart libvirtd.service
  • Start the guest

Note: this guide is based on https://wiki.libvirt.org/Networking.html