1 Objectives

Install and use the Ganeti Web Manager.

2 Choose server

You could choose to install GWM on a server separate from your Ganeti nodes, or you could install it inside a VM. If it is installed in a VM it needs to be connected to your management network or able to route traffic there.

It's not a good idea to install it directly on the host server, but for the purposes of this host it is sufficient; or if you have a running Debian VM instance you can install it there.

3 Choose hostname

Ganeti web manager is best installed in its own virtual host with its own domain name. In this example we will use "hostX.ws.nsrc.org", but replace it with your own hostname.

The DNS must be set up so that this name resolves to the IP address of the server running ganeti web manager. (If you are installing into a VM instance, check with the instructors that the IP you are using has a resolvable hostname in the DNS)

4 Installation

Ganeti Web Manager is a python/django web application, and is a little tricky to install and deploy the first time.

As there is no installable package, you will have to install from source. These instructions are suitable for an Ubuntu or Debian host.

Note: don't follow the instructions on the osuosl.org wiki as these are stale. The current documentation is at

readthedocs.org

The instructions below are for Ganeti Web Manager v. 0.11rc1.

For this exercise you should be root. It's also helpful for debugging if you log your entire session into a file.

$ sudo -s
# script install.log
# 

A transcript of the subsequent session is written to install.log until you type exit.

4.1 Install dependencies

# apt-get install python-virtualenv wget sudo git libffi-dev python-dev \
 mysql-server libmysqlclient-dev libssl-dev lsb-release

If this is the first time you've installed mysql you'll be asked to choose a mysql root password. Use the class password for this.

4.2 Unpack and build the source

Fetch the ganeti-webmgr source tarball, preferably from a local copy to save time and bandwidth.

Note: In case the file isn't available for download from www.ws.nsrc.org, the original file can be found at:

https://code.osuosl.org/attachments/download/3387/ganeti-webmgr-0.11.0-rc1.tar.gz

# cd /usr/local/src
# mkdir gwm
# cd gwm
# wget http://www.ws.nsrc.org/downloads/ganeti/ganeti-webmgr-0.11.0-rc1.tar.gz
# tar -xvzf ganeti-webmgr-0.11.0-rc1.tar.gz
# ./scripts/setup.sh -D mysql

This last step will take a while as dependencies are downloaded and installed.

4.3 Create a configuration file

# cd /opt/ganeti_webmgr/config

We need to generate two random keys to put in the configuration file we're about to create.

In another window (terminal), run the following commands, copy the output, and paste them into the config at the places indicated below.

These random strings don't need to be remembered or stored anywhere else.

# head -c18 /dev/urandom | base64           # this will be random string 1
# head -c18 /dev/urandom | base64           # this will be random string 2

ganeti webmgr also needs its own password to talk to the database; we'll use the class password for this.

Create the file config.yml

DATABASES:
   default:
        ENGINE: django.db.backends.mysql
        NAME:   ganeti_webmgr
        USER:   ganeti_webmgr
        PASSWORD: '<class_password>'

SECRET_KEY: '<randomstring1>'       # Use random string 1
WEB_MGR_API_KEY: '<randomstring2>'  # Use random string 2

VNC_PROXY: 'hostX.ws.nsrc.org:8888'

SITE_DOMAIN: 'hostX.ws.nsrc.org'

4.4 Activate environment

We now need to "activate" the virtual environment where ganeti_webmgr is installed:

# source /opt/ganeti_webmgr/bin/activate

The prompt changes to:

(ganeti_webmgr)root@ganeti:~#

... to keep things easy to read, we just write # below.

Type this command as well to set an environment variable:

# export DJANGO_SETTINGS_MODULE="ganeti_webmgr.ganeti_web.settings"

4.5 Create a database

Connect to the database as the root user (you will be prompted for the database root password, which you created earlier)

# mysql -u root -p

Now create a database and give access to a new user with a password of your choice. This is the password that the application will use to connect to the database. For security it should be different to the root password. For this lab, you may use the usual class password, it is up to you.

mysql> create database ganeti_webmgr;
mysql> grant all on ganeti_webmgr.* to 'ganeti_webmgr'@'localhost'
       identified by '<class_password>';
mysql> exit;

Test that the database has been created properly:

# mysql -u ganeti_webmgr -p ganeti_webmgr
Enter password:

Type the password you set.

You should be back at the database prompt:

mysql> exit

4.6 Populate the database

This creates the tables and also creates the first username/password which you will use to login to the web interface later.

# cd /opt/ganeti_webmgr
# django-admin.py syncdb --migrate

You should see something similar:

[ ... output about creating tables ...]

You just installed Django's auth system, which means you don't have any
superusers defined.
Would you like to create one now? (yes/no):   Answer `yes`
Username (leave blank to use 'root'):         Answer `admin`
E-mail address:                               Answer with your own E-mail address
Password:                                     Password you will use to login to web interface
Password (again): 

If there is a problem with creating the superuser, then you can retry just that step using:

# cd /opt/ganeti_webmgr
# source /opt/ganeti_webmgr/bin/activate
# django-admin.py createsuperuser

4.7 Build files

Continue with the following commands:

# django-admin.py rebuild_index

WARNING: This will irreparably remove EVERYTHING from your search index.
Your choices after this are to restore from backups or rebuild via the `rebuild_index` command.
Are you sure you wish to continue? [y/N] y
...

Then:

# django-admin.py collectstatic

You have requested to collect static files at the destination
location as specified in your settings.

This will overwrite existing files!
Are you sure you want to do this?

Type 'yes' to continue, or 'no' to cancel: yes

4.8 Set permissions

The whoosh_index directory created by rebuild_index needs to be writable by Apache.

# chown -R www-data:www-data /opt/ganeti_webmgr/whoosh_index

4.9 Install web server

# apt-get install apache2 libapache2-mod-wsgi

In the following steps, remember to change hostX.ws.nsrc.org to the hostname you are using for the ganeti web manager.

Create file /etc/apache2/sites-available/ganeti_webmgr containing:

<VirtualHost *:80>

  ServerName hostX.ws.nsrc.org

  WSGIDaemonProcess ganeti_webmgr processes=4 threads=1 python-path=/opt/ganeti_webmgr/lib/python2.7/site-packages
  WSGIProcessGroup ganeti_webmgr
  WSGIScriptAlias / /opt/ganeti_webmgr/lib/python2.7/site-packages/ganeti_webmgr/ganeti_web/wsgi.py

  ErrorLog /var/log/apache2/ganeti-error.log
  CustomLog /var/log/apache2/ganeti-access.log common

  Alias /static/ /opt/ganeti_webmgr/collected_static/

  <Directory /opt/ganeti_webmgr/collected_static>
    Order deny,allow
    Allow from all
  </Directory>

  <Directory /opt/ganeti_webmgr>
    <Files wsgi.py>
      Order allow,deny
      Allow from all
    </Files>
  </Directory>

</VirtualHost>

Enable the virtual host:

# a2ensite ganeti_webmgr
# service apache2 reload

4.10 Enable autostart for the VNC auth proxy

# cd /usr/local/src/gwm
# cp scripts/vncauthproxy/init-ubuntu /etc/init.d/vncauthproxy
# update-rc.d vncauthproxy defaults
# service vncauthproxy start

You should see a warning about limited TLS support, then:

Daemon started successfully

4.11 Test

Point web browser at http://hostX.ws.nsrc.org/

If you just get "It works!" then disable the default site:

# a2dissite default
# service apache2 reload

then try again. You should get the Ganeti web manager login page.

If, at this point, things don't work, jump straight down to the Troubleshooting section.

5 Adding clusters

If everything works, you should get a login page where you can login with the admin username and password you created earlier. So you now want to connect to the cluster(s) you wish to manage.

5.1 Create a RAPI key

You need to set up a password for ganeti_webmgr to talk to the ganeti cluster daemons using the ganeti remote API (RAPI).

On the ganeti master node, generate a strong random password like this:

# head -c18 /dev/urandom | base64
0GReg6zUJqIGZ77FkK7+Qiua

Take a careful note of this raw password, e.g. by pasting it into a file on your laptop, as you will need to enter it into ganeti web manager.

Now take a specially-formatted hash of this password (use your random password in place of 0GReg...):

# echo -n 'ganeti_webmgr:Ganeti Remote API:0GReg6zUJqIGZ77FkK7+Qiua' | openssl md5

<< the response will be something like this >>
(stdin)= 2e6d881bf6a705413bf6a88a051af17e

Finally, as root create a file /var/lib/ganeti/rapi/users containing this one line (use your hash in place of 2e6d8...)

ganeti_webmgr {HA1}2e6d881bf6a705413bf6a88a051af17e write

and replicate it to the other nodes:

# gnt-cluster copyfile /var/lib/ganeti/rapi/users

You don't need to remember this hash, only the original random password.

5.2 Add cluster in web interface

If the page doesn't refresh, click on "Clusters" in the left menu again, then click on the name of you cluster. You should now see an overview of the cluster details.

Click on the "Refresh" button to update all the information in the ganeti web manager database (this may be necessary if some changes to the cluster were made via the gnt command line)

Click on the "Nodes" tab to see the state of the individual nodes in the cluster, and the "Virtual Machines" tab to see VMs.

5.3 Console issues

If you cannot get the console to work in the web interface, it may be because you have set a VNC password. If you intend to use the ganeti web manager for console access, you should turn this off.

On your cluster master:

gnt-cluster modify -H kvm:vnc_password_file=,vnc_bind_address=

6 Using snf-image with Ganeti Web Manager

With snf-image 0.15.1 and later you can define OS variants such as snf-image+wheezy which can be selected from the drop-down in the GWM instance creation wizard.

Here's a sample file for wheezy, found in /etc/ganeti/snf-image/variants/wheezy.conf. You may have created such a file on your cluster nodes during the snf-image lab.

IMG_PASSWD=abc123
IMG_FORMAT=diskdump
IMG_ID=debian_base-7.0-x86_64
IMG_PROPERTIES='{"OSFAMILY":"linux","ROOT_PARTITION":"1","USERS":"root"}'

Create one of these for each available OS type. You will also need to edit /etc/ganeti/snf-image/variants.list to list your available variants.

A future version of snf-image will allow you to store a hashed version of the password instead of cleartext:

IMG_PASSWD_HASH='$1$zzzz$2H9FclhReiwMQ4x.16GH0/'

7 Troubleshooting

Things may not have gone smoothly! If you get an error when you try to access Ganeti Web Manager in the browser, take a look at the steps below.

7.1 Errors seen at the console

7.2 Errors seen in the browser

Note: consult the configuration settings page for a list of supported settings you can adjust on Ganeti Web Manager.