Ganeti Web Manager is a Django-based web application that allows administrators and clients access to their ganeti clusters.
Ganeti compatibility:
- >=2.4.x - supported
- 2.2.2 - mostly supported
- 2.3.1 - mostly supported
- 2.1.x - mostly supported
- 2.0.x - unsupported but may work
- 1.x - unsupported
Browser compatibility:
- Mozilla Firefox >= 3.x
- Chrome / Chromium
The VNC console requires WebSockets or flash support and HTML5 support in the browser.
- Project page
- Documentation
- Mailing List
- IRC:
#ganeti-webmgr
on freenode.net
Note
Installing via the setup.sh
script is now the preferred method. That
script does everything for you. However it's still possible to install GWM
in not-that-much automatic way.
Get setup.sh
from https://github.com/pbanaszkiewicz/ganeti_webmgr-setup.
Make it executable, run ./setup.sh -h
to get help message and then install
GWM. Notice, that this script can upgrade your installation in future.
Get yourself the virtualenvwrapper
. For your sanity. Then proceed with
installation:
$ mkvirtualenv gwm
(gwm)$ git clone git://git.osuosl.org/gitolite/ganeti/ganeti_webmgr
(gwm)$ cd ganeti_webmgr
(gwm)$ python setup.py develop
And that's it, you can now safely work on GWM.
- Install dependencies: Python, Pip, Virtualenv
- Get the Ganeti Web Manager code: Clone from the repository or download a release tarball
- Create a virtual environment in your desired location and install GWM in
there by issuing
python setup.py install
in GWM directory (after you unzipped the tarball or cloned the repository) - Configure settings: in directory
ganeti_webmgr/ganeti_web/settings
copyend_user.py.dist
toend_user.py
and make any modifications - Sync database, then run the server:
./ganeti_webmgr/manage.py syncdb --migrate
, then./ganeti_webmgr/manage.py runserver
- Troubleshoot an installation using Fabric
- More on manual installation
Ganeti Web Manager is compatible with the following:
- Ganeti
- Ganeti >= v2.2.x is supported. v2.1.x and v2.0.x are unsupported and sometimes work but can cause problems (see #8973). Lower versions are not supported.
- Browsers
Mozilla Firefox >= v3.x, Google Chrome or Chromium.
Other contemporary browsers may also work, but are not supported. (The web-based VNC console requires browser support of WebSockets and HTML5.
- Databases
- MySQL or SQLite. SQLite is not recommended in production environments.
- Operating systems
- GWM has been tested on Debian 7, Ubuntu 11.10, 12.04 and CentOs 5 and 6. Debian 6 is supported, provided the Pip, Virtualenv and Fabric packages are updated to the versions listed below.
- Python >=2.5, Python >=2.6 recommended
- Virtualenv >= 1.6.1
Other requirements are either Virtualenv dependencies or will get installed by setup script.
- install Virtualenv:
$ sudo apt-get install python-virtualenv
In the ganeti_webmgr/ganeti_web/settings
directory, you'll find a default
settings file called end_user.py.dist
. Copy it to end_user.py
:
$ cp end_user.py.dist end_user.py
If you want to use another database engine besides the default SQLite (not recommended for production), then in settings edit the following lines to reflect your wishes:
DATABASE_ENGINE = '' # <-- Change this to 'mysql', 'postgresql',
# 'postgresql_psycopg2' or 'sqlite3'
DATABASE_NAME = '' # <-- Change this to a database name, or a file for
# SQLite
DATABASE_USER = '' # <-- Change this (not needed for SQLite)
DATABASE_PASSWORD = '' # <-- Change this (not needed for SQLite)
DATABASE_HOST = '' # <-- Change this (not needed if database is
# localhost)
DATABASE_PORT = '' # <-- Change this (not needed if database is
# localhost)
Warning
PostgreSQL support was fixed just recenly, check if your GWM version has it. See issue #3237.
Initialize Database:
$ ./ganeti_webmgr/manage.py syncdb --migrate
Build the search indexes:
$ ./ganeti_webmgr/manage.py rebuild_index
Note
Running ./ganeti_webmgr/manage.py update_index
on a regular basis
ensures that the search indexes stay up-to-date when models change in
Ganeti Web Manager.
Everything should be all set up! Run the development server with:
$ ./ganeti_webmgr/manage.py runserver
Deploying a production server requires additional setup steps.
- Change the ownership of the
whoosh_index
directory to apache
$ chown apache:apache whoosh_index/
- Change your
SECRET_KEY
andWEB_MGR_API_KEY
to unique (and hopefully unguessable) strings in yourend_user.py
settings file. - Configure the Django Cache Framework to use a production capable backend
in
end_user.py
. By default Ganeti Web Manager is configured to use theLocMemCache
but it is not recommended for production. Use Memcached or a similar backend.
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
}
}
- For versions >= 0.5 you may need to add the full filesystem path to your
templates directory to
TEMPLATE_DIRS
and remove the relative reference to 'templates'. We've had issues using wsgi not working correctly unless this change has been made. - Ensure the server has the ability to send emails or you have access to an
SMTP server. Set
EMAIL_HOST
,EMAIL_PORT
, andDEFAULT_FROM_EMAIL
inend_user.py
. For more complicated outgoing mail setups, please refer to the Django Email documentation. - Follow the Django guide to deploy with apache. Here is an example mod_wsgi file:
import os
import sys
path = '/var/lib/django/ganeti_webmgr'
# activate virtualenv
activate_this = '%s/venv/bin/activate_this.py' % path
execfile(activate_this, dict(__file__=activate_this))
# add project to path
if path not in sys.path:
sys.path.append(path)
# configure django environment
os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
- Set
VNC_PROXY
to the hostname of your VNC AuthProxy server inend_user.py
. The VNC AuthProxy does not need to run on the same server as Ganeti Web Manager.
VNC_PROXY = 'my.server.org:8888'
Also see the Install documentation.
Before you can start using Ganeti Web Manager, you will need to create a user and password on the Ganeti cluster.
Here is an example with user "jack" and password "abc123":
$ echo -n 'jack:Ganeti Remote API:abc123' | openssl md5
Add the hash to the RAPI users file and restart ganeti-rapi. Depending on the
version of Ganeti you are running, you will need to either use
/var/lib/ganeti/rapi_users
(Ganeti <=2.3.x ) or
/var/lib/ganeti/rapi/users
(Ganeti >=2.4.x ).
An example hash entry might look like the following:
# Hashed password for jack
jack {HA1}54c12257ee9be413f2f3182435514aae write
Also see managing clusters documentation page.
- Use the admin user created during syncdb to log in.
- Import a cluster: Clusters -> Add Cluster
- Fill out properties and click save
When the cluster is created it will automatically synchronize the list of Virtual Machines with information from the Ganeti cluster.
Also see importing cluster documentation page.
Permissions may be granted to both clusters and virtual machines. The permissions system is intended to allow users to manage themselves. Any object that can have its permissions edited will have a Users tab.
Adding users to objects:
- Navigate to Group, Cluster, or Virtual Machine detail page
- Click Add New User
- Select user or group
- Select permissions
- Save
Updating permissions:
- Navigate to Group, Cluster, or Virtual Machine detail page
- Click Users tab
- Click permissions column
- Select permissions and save
Deleting permissions:
- Navigate to Group, Cluster, or Virtual Machine detail page
- Click Users tab
- Click the delete icon
Deleting a user will remove all permissions, and other properties associated with the user such as cluster quotas.
Users may belong to any number of user groups. User groups can be assigned permissions and quotas just like users. Users inherit permissions from groups and may act on their behalf to create virtual machines.
Also see permissions documentation page.
Quotas restrict the usage of cluster resources by users and groups. Default quotas can be set by editing clusters, if no quota is set unlimited access is allowed. This will affect all users and groups.
The default quota can be overridden on the cluster users page:
- Clusters -> Cluster -> Users
- Click on the quota
- Edit values
Leaving a value empty specifies unlimited access for that resource.
Also see quotas documentation page.
You can find Virtual Machines with no permissions via Admin -> Orphaned VMs. This will force a synchronization of all clusters and display Virtual Machines that do not have any permissions assigned.
You only need to grant permissions directly on virtual machines if you are granting access to non-admin users.
Also see the documentation page about orphaned virtual machines.
Ganeti Web Manager uses a cache system that stores information about Ganeti clusters in the database. This allows the following:
--- Ganeti ---
/ \
/ \
Cluster -> <- Bulk
Model <- cache <- Updater
- Permissions are stored in the database and are associated to the cached objects
- The cached data can be searched and or filtered
- Limits the amount of traffic between the web server and Ganeti cluster.
The cache system is transparent and will load cached data automatically when the object is initialized.
Also see cache system documentation page.
Ganeti Web Manager provides an in browser console using noVNC, an HTML5 client. noVNC requires WebSockets to function. Support for older browsers is provided through a flash applet that is used transparently in the absence of WebSockets.
Also see the VNC documentation page.
VNC Auth proxy is required for the console tab to function. VNC servers do not speak websockets and our proxy allows your ganeti cluster to sit behind a firewall, VPN, or NAT.
Set the host and port that the proxy will be running at with the VNC_PROXY
setting. For development this is typically "localhost:8888"
but for
production you would use the name of the server its running on. See the
instructions in end_user.py
for more details.
Twisted VNC Authproxy is started with twistd, the twisted daemon. Eventually
we will include init.d
scripts for better managing the daemon. You may
want to open port 8888 in your firewall for production systems.
$ twistd --pidfile=/tmp/proxy.pid -n vncap
Browsers that do not support WebSockets natively are supported through the use of a flash applet. Flash applets that make use of sockets must retrieve a policy file from the server they are connecting to. Twisted VNCAuthProxy includes a policy server. It must be run separately since it requires a root port. You may want to open port 843 in your firewall for production systems.
Start the policy server with twistd:
$ sudo twistd --pidfile=/tmp/policy.pid -n flashpolicy
You may encounter an issue where twisted fails to start and gives you an error.
This is usually caused by the environment variable PYTHONPATH
not being
exported correctly if you sudo up to root. To fix it type:
$ export PYTHONPATH="."
Try executing Twisted again and it should work.
Also see the VNC AuthProxy documentation page.
Ganeti Web Manager allows users to store SSH Keys. Each virtual machine has a view that will return SSH keys for users with access. This can be used as a Ganeti post-install hook to deploy user's keys on the VMs.
To allow VMs to copy keys, copy util/hooks/sshkeys.sh
to the instance
definition hooks directory on every node in the cluster and make the file
executable. Next, add the required variables to the variant config file
or main instance definition config file. The config file can be found in
util/hooks/sshkeys.conf
and includes documentation for each variable.
Also see the SSH Keys documentation page.