-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathprint.html
1417 lines (1150 loc) · 56.1 KB
/
print.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!DOCTYPE html>
<html lang="en" class="sidebar-visible no-js light">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8" />
<title>Arclight Documentation By Chatnaut Cloud Solutions</title>
<meta name="robots" content="noindex" />
<!-- Custom HTML head -->
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta name="description" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="theme-color" content="#ffffff" />
<link rel="icon" href="favicon.svg" />
<link rel="shortcut icon" href="favicon.png" />
<link rel="stylesheet" href="css/variables.css" />
<link rel="stylesheet" href="css/general.css" />
<link rel="stylesheet" href="css/chrome.css" />
<link rel="stylesheet" href="css/print.css" media="print" />
<!-- Fonts -->
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css" />
<link rel="stylesheet" href="fonts/fonts.css" />
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="highlight.css" />
<link rel="stylesheet" href="tomorrow-night.css" />
<link rel="stylesheet" href="ayu-highlight.css" />
<!-- Custom theme stylesheets -->
<link rel="stylesheet" href="../css/version.css" /> </head>
<body>
<!-- Provide site root to javascript -->
<script type="text/javascript">
var path_to_root = "";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)")
.matches
? "navy"
: "light";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script type="text/javascript">
try {
var theme = localStorage.getItem("mdbook-theme");
var sidebar = localStorage.getItem("mdbook-sidebar");
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem(
"mdbook-theme",
theme.slice(1, theme.length - 1)
);
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem(
"mdbook-sidebar",
sidebar.slice(1, sidebar.length - 1)
);
}
} catch (e) {}
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script type="text/javascript">
var theme;
try {
theme = localStorage.getItem("mdbook-theme");
} catch (e) {}
if (theme === null || theme === undefined) {
theme = default_theme;
}
var html = document.querySelector("html");
html.classList.remove("no-js");
html.classList.remove("light");
html.classList.add(theme);
html.classList.add("js");
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script type="text/javascript">
var html = document.querySelector("html");
var sidebar = "hidden";
if (document.body.clientWidth >= 1080) {
try {
sidebar = localStorage.getItem("mdbook-sidebar");
} catch (e) {}
sidebar = sidebar || "visible";
}
html.classList.remove("sidebar-visible");
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter">
<li class="chapter-item expanded">
<a href="introduction.html" class="active"
><strong aria-hidden="true"></strong> Introduction</a
>
</li>
<li class="chapter-item expanded">
<a href="pre-installation.html" class="active"
><strong aria-hidden="true">1.</strong> Pre-installation
Checklist</a
>
</li>
<li class="chapter-item expanded">
<a href="index.html"
><strong aria-hidden="true">2.</strong> Getting Started</a
>
</li>
<li>
<ol class="section">
<li class="chapter-item expanded">
<a href="getting_started/ubuntu.html"
><strong aria-hidden="true">2.1.</strong> For Ubuntu Server</a
>
</li>
<li class="chapter-item expanded">
<a href="getting_started/centos.html"
><strong aria-hidden="true">2.2.</strong> For Centos Server</a
>
</li>
</ol>
</li>
<li class="spacer"></li>
<li class="chapter-item expanded">
<a href="encrypt_arclight/index.html"
><strong aria-hidden="true">3.</strong> Add Reverse Proxy & Encrypt Arclight</a
>
</li>
<li>
<ol class="section">
<li class="chapter-item expanded">
<a href="encrypt_arclight/cert.html"
><strong aria-hidden="true">3.1.</strong> Using Let's
Encrypt</a
>
</li>
<li class="chapter-item expanded">
<a href="encrypt_arclight/self-cert.html"
><strong aria-hidden="true">3.2.</strong> Self-signed
certificate</a
>
</li>
</ol>
</li>
<li class="chapter-item expanded">
<a href="add-storage-pool.html"
><strong aria-hidden="true">4.</strong> Add Custom Storage Pools
(Optional)</a
>
</li>
<li class="chapter-item expanded">
<a href="iso-images-for-kvm.html"
><strong aria-hidden="true">5.</strong> ISO images for KVM
machines (Optional)</a
>
</li>
<li class="spacer"></li>
<li class="chapter-item expanded">
<a href="whats-new.html">What's New !! 🚀</a>
</li>
<li class="chapter-item expanded">
<a href="api.html">API Documentation</a>
</li>
<li class="chapter-item expanded">
<a href="Arclight_doc_v1.0.0.pdf" target="_blank">Arclight v1.0.0</a>
</li>
</ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky bordered">
<div class="left-buttons">
<button
id="sidebar-toggle"
class="icon-button"
type="button"
title="Toggle Table of Contents"
aria-label="Toggle Table of Contents"
aria-controls="sidebar"
>
<i class="fa fa-bars"></i>
</button>
<button
id="theme-toggle"
class="icon-button"
type="button"
title="Change theme"
aria-label="Change theme"
aria-haspopup="true"
aria-expanded="false"
aria-controls="theme-list"
>
<i class="fa fa-paint-brush"></i>
</button>
<ul
id="theme-list"
class="theme-popup"
aria-label="Themes"
role="menu"
>
<li role="none">
<button role="menuitem" class="theme" id="light">
Light (default)
</button>
</li>
<li role="none">
<button role="menuitem" class="theme" id="rust">Rust</button>
</li>
<li role="none">
<button role="menuitem" class="theme" id="coal">Coal</button>
</li>
<li role="none">
<button role="menuitem" class="theme" id="navy">Navy</button>
</li>
<li role="none">
<button role="menuitem" class="theme" id="ayu">Ayu</button>
</li>
</ul>
<!-- <button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button> -->
</div>
<h1 class="menu-title">Arclight Documentation
<button class="des1">v2.0.0</button>
</h1>
<div class="right-buttons">
<a
href="print.html"
title="Print this book"
aria-label="Print this book"
>
<i id="print-button" class="fa fa-print"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input
type="search"
id="searchbar"
name="searchbar"
placeholder="Search this book ..."
aria-controls="searchresults-outer"
aria-describedby="searchresults-header"
/>
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults"></ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script type="text/javascript">
document
.getElementById("sidebar-toggle")
.setAttribute("aria-expanded", sidebar === "visible");
document
.getElementById("sidebar")
.setAttribute("aria-hidden", sidebar !== "visible");
Array.from(document.querySelectorAll("#sidebar a")).forEach(function (
link
) {
link.setAttribute("tabIndex", sidebar === "visible" ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="introduction">
<a class="header" href="#introduction">Introduction</a>
</h1>
<p>
The Arclight project is a hosted (a.k.a.
<a href="https://en.wikipedia.org/wiki/Hypervisor#Classification"
>type-1</a
>) hypervisor.
</p>
<p>
Arclight is a server virtualization management solution based on
KVM. It is designed to be a easy-to-use management platform
allowing users to create and manage virtual machines (VMs) on
Linux servers. Arclight utilizes the Libvirt API, All of the
actions you would expect from a virtualization management tool are
included in the software. For example, user can create, clone and
manage VMs, storage pools networks and volumes. When it comes to
networking, there are multiple options available. Users create
private networks for there VMs and have the option to control DHCP
within the private network. In addition to private networks, VMs
can also use bridged connections, connecting them directly to the
network interfaces on the physical server. Manage virtual machines
directly from Arclight. There is no need to install additional VNC
software and SSH client. [About this project]: This project is in-development and
we are still adding features to it along with complete deployment on our cloud partners.
</p>
<p></p>
<ul>
<li>
<a>Source code</a>
<ul>
<li>
<a href="https://github.com/Chatnaut/Arclight"
>GitHub mirror</a
>
</li>
<li>
<a href="https://libvirt.org/"
>API documentation</a
>, useful for searching API.
</li>
</ul>
</li>
<li>
<a href="https://github.com/Chatnaut/Arclight/issues"
>Raise an issue if you have trouble in installation</a
>
</li>
</ul>
<p><img src="https://i.imgur.com/G6y7Qov.png" alt="logo" /></p>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="introduction">
<a class="header" href="#introduction"
>Pre-installation Checklist</a
>
</h1>
<h2>Check that your CPU supports hardware virtualization</h2>
<p>
To run Arclight, you need a processor that supports hardware
virtualization. Intel and AMD both have developed extensions for
their processors, deemed respectively Intel VT-x (code name
Vanderpool) and AMD-V (code name Pacifica). To see if your
processor supports one of these, you can review the output from
this command:
</p>
<pre><code class="language-sh">egrep -c '(vmx|svm)' /proc/cpuinfo</code></pre>
<ul>
<p>
If 0 it means that your CPU doesn't support hardware
virtualization.
</p>
<p>
If 1 or more it does - but you still need to make sure that
virtualization is enabled in the BIOS.
</p>
</ul>
<p>Alternatively, you may execute:</p>
<pre><code class="language-sh">kvm-ok </code></pre>
<p>which may provide an output like this:</p>
<code class="language-sh"
>INFO: /dev/kvm exists KVM acceleration can be used
</code>
<h2>Use a 64 bit kernel (if possible)</h2>
<p>
Running a 64 bit kernel on the host operating system is
recommended but not required.
</p>
<ul>
<p>
1. To serve more than 2GB of RAM for your VMs, you must use a
64-bit kernel. On a 32-bit kernel install, you'll be limited to
2GB RAM at maximum for a given VM.
</p>
<p>
2. Also, a 64-bit system can host both 32-bit and 64-bit guests.
A 32-bit system can only host 32-bit guests.
</p>
</ul>
<p>To see if your processor is 64-bit, you can run this command:</p>
<pre><code class="language-sh">egrep -c ' lm ' /proc/cpuinfo</code></pre>
<ul>
<p>If 0 is printed, it means that your CPU is not 64-bit.</p>
<p>
If 1 or higher, it is. Note: lm stands for Long Mode which
equates to a 64-bit CPU.
</p>
</ul>
<p>
Now see if your running kernel is 64-bit, just issue the following
command:
</p>
<pre><code class="language-sh">uname -m</code></pre>
<p>
x86_64 indicates a running 64-bit kernel. If you use see i386,
i486, i586 or i686, you're running a 32-bit kernel. Note: x86_64
is synonymous with amd64.
</p>
<!-- /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="building-crosvm">
<a class="header" href="#getting_started">Getting Started</a>
</h1>
<p>
This section includes how to set up Arclight on each platform.
</p>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="building-for-linux">
<a class="header" href="#building-for-linux"
>Installation on Ubuntu Server</a
>
</h1>
<p>
Before installing software, run the <code>sudo apt</code> update
command to make sure you are installing from the latest repository
information.
</p>
<p>
Installing the necessary packages On the Ubuntu server, install
the QEMU + KVM hypervisor using the following command:
</p>
<pre><code class="language-sh">sudo apt-get install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager xauth</code></pre>
<p>
Install the web server, database, and necessary PHP packages to
your server. Use the following command:
</p>
<pre><code class="language-sh">sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql php-xml php-libvirt-php</code></pre>
<p>
The built-in VNC connection requires python. To install it use the
following command:
</p>
<pre><code class="language-sh">sudo apt install python</code></pre>
<h2 id="">
<a class="header" href="">Configuring files and permissions</a>
</h2>
<p>
To use VNC to connect into your virtual machines, you will need to
edit the /etc/libvirt/qemu.conf file. Be sure to allow listening
on IP address 0.0.0.0 by uncommenting the line #vnc_listen =
“0.0.0.0” and saving the file.
</p>
<pre><code class="language-sh">sudo nano /etc/libvirt/qemu.conf</code></pre>
<p>
The web server user account on Ubuntu is called www-data. This
account will need to have permissions to work with libvirt. The
group is called libvirtd in Ubuntu 16.04 and libvirt in Ubuntu
18.04. To do this, add the www-data user to the necessary group.
</p>
<pre><code class="language-sh">sudo adduser www-data libvirt</code></pre>
<p>
Change your directory location to the root directory of your web
server. The default location is /var/www/html/ in Ubuntu.
</p>
<pre><code class="language-sh">cd /var/www/html</code></pre>
<p>
Now download the latest version of Arclight Dashboard to the web
root directory.
</p>
<pre><code class="language-sh">wget https://github.com/Chatnaut/Arclight/archive/refs/tags/v1.0.0.tar.gz</code></pre>
<p>Extract the downloaded package.</p>
<pre><code class="language-sh">sudo tar -xzf v1.0.0.tar.gz</code></pre>
<p>Rename the extracted directory</p>
<pre><code class="language-sh">sudo mv Arclight-1.0.0 arclight</code></pre>
<p>
Change the ownership of the arclight directory to the web server
user (www-data).
</p>
<pre><code class="language-sh">sudo chown -R www-data:www-data /var/www/html/arclight</code></pre>
<h2 id=""><a class="header" href="">Creating a database</a></h2>
<p>
We will need a MySQL database for Arclight Dashboard to work with.
To log into MySQL use the following command:
</p>
<pre><code class="language-sh">sudo mysql -u root</code></pre>
<p>
Once logged in, create a new database. We will name it arclight.
</p>
<pre><code class="language-sh">CREATE DATABASE arclight;</code></pre>
<p>
Now create a user for Arclight Dashboard to use. You could use the
root user and password, but that is never advised. We will create
a new user named arclight. Be sure to change the password value.
</p>
<pre><code class="language-sh">CREATE USER 'arclight'@'localhost' IDENTIFIED BY 'password';</code></pre>
<p>
Change the permissions of the new user to have full access to the
database tables.
</p>
<pre><code class="language-sh">GRANT ALL PRIVILEGES ON arclight.* to 'arclight'@'localhost';</code></pre>
<p>
The new privileges should be applied, but sometimes you will need
to flush the privileges so that they can be reloaded into the
MySQL database. To do this use the following command:
</p>
<pre><code class="language-sh">FLUSH PRIVILEGES;</code></pre>
<p>To exit MySQL, type quit or use the EXIT; statement.</p>
<pre><code class="language-sh">EXIT;</code></pre>
<h2 id="">
<a class="header" href="">Connecting to Arclight Dashboard</a>
</h2>
<p>
You will need to restart your server before you can use the
hypervisor. This way the server restarts with all the necessary
hypervisor packages loaded and the user groups applied <code>sudo reboot</code>.
</p>
<p>
Once rebooted, use a web browser to navigate to your server’s IP
address or domain name. Add /arclight to the end of the URL. For
example:<a href="http://192.168.1.2/arclight">
http://192.168.1.2/arclight</a
>
</p>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="building-for-linux">
<a class="header" href="#building-for-linux"
>Installation on CentOS Server</a
>
</h1>
<p>
This guide follows a fresh installation of the CentOS 7 minimal
server. Before installing packages be sure to update repository
information using the following command:
</p>
<pre><code class="language-sh">yum update -y</code></pre>
<p>
Installing the necessary packages of QEMU + KVM by using the
following command:
</p>
<pre><code class="language-sh">yum install qemu-kvm libvirt -y</code></pre>
<p>
The PHP Libvirt extension is located in the Enterprise Linux
repository. To setup this repository use the following command:
</p>
<pre><code class="language-sh">yum install epel-release -y</code></pre>
<p>
Install the web server, database, and necessary PHP packages to
your server. Use the following command:
</p>
<pre><code class="language-sh">yum install httpd mariadb-server mariadb php php-mysql php-xml php-libvirt -y</code></pre>
<p>
You will need to start and enable the Apache web server and Maria
database. To do this use the following commands:
</p>
<pre><code class="language-sh">systemctl start mariadb
systemctl enable mariadb
systemctl start httpd
systemctl enable httpd </code></pre>
<h2 id="">
<a class="header" href="">Configuring files and permissions</a>
</h2>
<p>
To use VNC to connect into your virtual machines, you will need to
edit the /etc/libvirt/qemu.conf file. Be sure to allow listening
on IP address 0.0.0.0 by uncommenting the line #vnc_listen =
“0.0.0.0” and saving the file.(If nano is not installed you can
install it with yum install nano, or just simply use vi instead of
nano).
</p>
<pre><code class="language-sh">nano /etc/libvirt/qemu.conf</code></pre>
<p>
The web server user account on CentOS is called apache. This
account will need to have permissions to work with libvirt. We can
do this by adding the apache user to the libvirt group. To do
this, use the following command:
</p>
<pre><code class="language-sh">usermod -a -G libvirt apache</code></pre>
<p>
Change your directory location to the root directory of your web
server. The default location is /var/www/html/ in Ubuntu.
</p>
<pre><code class="language-sh">cd /var/www/html</code></pre>
<p>
The minimal installation of CentOS does not come with wget to
download files. You will also need git to perform software
updates. Install the, using the following command:
</p>
<pre><code class="language-sh">yum install wget git -y</code></pre>
<p>
Now download the latest version of Arclight Dashboard to the web
root directory.
</p>
<pre><code class="language-sh">wget https://github.com/arclight/arclight/archive/v1.0.0.tar.gz</code></pre>
<p>Extract the downloaded package.</p>
<pre><code class="language-sh">sudo tar -xzf v1.0.0.tar.gz</code></pre>
<p>Rename the extracted directory</p>
<pre><code class="language-sh">sudo mv arclight-1.0.0 arclight</code></pre>
<p>
Change the ownership of the arclight directory to the web server
user (www-data).
</p>
<pre><code class="language-sh">chown -R apache:apache /var/www/html/arclight</code></pre>
<p>
In order for PHP to be able to save configuration files we will
need to run the following command:
</p>
<pre><code class="language-sh">chown -t httpd_sys_rw_content_t /var/www/html/arclight/ -R</code></pre>
<p>
The CentOS firewall will block incoming http and https traffic.
Also the VNC connection uses port 6080. To allow the web traffic
use the following commands:
</p>
<pre><code class="language-sh">
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=6080/tcp
systemctl restart firewalld
</code></pre>
<p>
SeLinux will block the qemu connection through the web browser.
Modify the /etc/sysconfig/selinux file. The default value of the
SELINUX=enforcing. Change it to SELINUX=permissive.
</p>
<pre><code class="language-sh">nano /etc/sysconfig/selinux</code></pre>
<h2 id=""><a class="header" href="">Creating a database</a></h2>
<p>
We will need a MySQL database for Arclight Dashboard to work with.
To log into MySQL use the following command:
</p>
<pre><code class="language-sh">sudo mysql -u root</code></pre>
<p>
Once logged in, create a new database. We will name it arclight.
</p>
<pre><code class="language-sh">CREATE DATABASE arclight;</code></pre>
<p>
Now create a user for Arclight Dashboard to use. You could use the
root user and password, but that is never advised. We will create
a new user named arclight. Be sure to change the password value.
</p>
<pre><code class="language-sh">CREATE USER 'arclight'@'localhost' IDENTIFIED BY 'password';</code></pre>
<p>
Change the permissions of the new user to have full access to the
database tables.
</p>
<pre><code class="language-sh">GRANT ALL PRIVILEGES ON arclight.* to 'arclight'@'localhost';</code></pre>
<p>
The new privileges should be applied, but sometimes you will need
to flush the privileges so that they can be reloaded into the
MySQL database. To do this use the following command:
</p>
<pre><code class="language-sh">FLUSH PRIVILEGES;</code></pre>
<p>To exit MySQL, type quit or use the EXIT; statement.</p>
<pre><code class="language-sh">EXIT;</code></pre>
<h2 id="">
<a class="header" href="">Connecting to Arclight Dashboard</a>
</h2>
<p>
You will need to restart your server before you can use the
hypervisor. This way the server restarts with all the necessary
hypervisor packages loaded and the user groups applied <code>sudo reboot</code>.
</p>
<p>
Once rebooted, use a web browser to navigate to your server’s IP
address or domain name. Add /arclight to the end of the URL. For
example:<a href="http://192.168.1.2/arclight">
http://192.168.1.2/arclight</a
>
</p>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="building-crosvm">
<a class="header" href="#getting_started">Add Reverse Proxy & Encrypt Arclight</a>
</h1>
<p>
This section includes how to Add Reverse Proxy & Encrypt Arclight console either using
Let's Encrypt or by Self-signed certificate
</p>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="onboarding-resources">
<a class="header" href="#onboarding-resources"
>Encrypting Arclight with Let’s Encrypt</a
>
</h1>
<p>
As a security recommendation, it is always a good practice to
encrypt the data sent across the Internet. You can encrypt both
your arclight connection as well as the VNC console connection to
your virtual machines. With the Apache web server on Ubuntu you
can enable HTTPS traffic using the following command:
</p>
<pre><code class="language-sh">sudo a2enmod ssl</code></pre>
<p>
If you are using a domain name, you can use a Certificate
Authority such as Let’s Encrypt to create a free validated SSL
certificate. To get started we will need to create an Apache site
configuration file for your domain. We will using the domain
mydomain.com for this example. The new config file should
end with the .conf extension and be located in the
<code>/etc/apache2/sites-available/</code> directory. To create a
new file for your domain use the following command, and be sure to
change the domain name:
</p>
<pre><code class="language-sh">sudo nano /etc/apache2/sites-available/mydomain.com.conf</code></pre>
<p>
We will just be adding just the minimum information in the
configuration file. The first line below <code><VirtualHost *:80></code> tells
Apache that this configuration file will be used for HTTP traffic.
When we configure Let’s Encrypt, the HTTPS connection (port 443)
will be configured automatically. The second line ServerName
mydomain.com tells Apache what domain name it should be
listening for to apply this configuration. The third line
DocumentRoot <code>/var/www/html/arclight/</code> indicates the
root location of the web site files and that should be the
filepath for your files.
</p>
<pre><code class="language-sh">
<VirtualHost *:80>
ServerName mydomain.com
DocumentRoot /var/www/html/arclight/
</VirtualHost>
</code></pre>
<p>
Once you add the above information to the configuration file and
save it, we will then need to enable the configuration file in
Apache using the a2ensite command. To do that run the following
command, be sure to use your domain name:
</p>
<pre><code class="language-sh">sudo a2ensite mydomain.com</code></pre>
<p>
When Apache is only used for the arclight it would be a good idea
to disable the default configuration file that comes with the
install of Apache. To do that use the command:
</p>
<pre><code class="language-sh">sudo a2dissite 000-default.conf</code></pre>
<p>
You will need to restart/reload the Apache web server to apply the
configuration changes. Use the following command:
</p>
<pre><code class="language-sh">sudo systemctl reload apache2</code></pre>
<p>
To automate the Let’s Encrypt certificate using Apache we will
need to install the python3-certbot-apache package. Use the
following command:
</p>
<pre><code class="language-sh">sudo apt install python3-certbot-apache</code></pre>
<p>
To create the SSL Certificate and Apache configuration file run
the following command, changing your domain name. You will be
asked for an email address and you will be given an option to
either redirect all traffic to the HTTPS protocol or not.
</p>
<pre><code class="language-sh">sudo certbot --apache -d mydomain.com</code></pre>
<p>
Now login to your Arclight Dashboard. Go to the settings page and
add the location of the Let’s Encrypt certificate file and key
file and submit your changes. Below is the location created for
mydomain.com Certificate file:
<code
>/etc/letsencrypt/live/mydomain.com/fullchain.pem</code
>
Key file:
<code
>/etc/letsencrypt/live/mydomain.com/privkey.pem</code
>
The permissions for the certificates are tied to the root user.
There will need to be a permission change on the
/etc/letsencrypt/live folder as well as /etc/letsencrypt/archive.
We can change the permission to 755 (rwxr-xr-x) to allow the
Arclight to be able to read the information. Run the following
commands:
</p>
<pre><code class="language-sh">sudo chmod 755 /etc/letsencrypt/live</code></pre>
<pre><code class="language-sh">sudo chmod 755 /etc/letsencrypt/archive</code></pre>
<p>
You can either decide to restart your server or restart the python
process tied to noVNC to apply the certificate and key files. If
you decide to restart the service you should be able to determine
which process id (PID) is using port 6080. Use the following
command:
</p>
<pre><code class="language-sh">sudo netstat -tulpn | grep 6080</code></pre>
<p>
Then after determining the PID number, kill the process. For
example, if it was PID 1386, I would use the command:
</p>
<pre><code class="language-sh">sudo kill 1386</code></pre>
<p>
Now logout and login to the arclight to restart the VNC connection
and the new certificate should be applied.
</p>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="onboarding-resources">
<a class="header" href="#onboarding-resources"
>Encrypting Arclight with self-signed certificate</a
>
</h1>
<p>
As a security recommendation, it is always a good practice to
encrypt your the data sent across the Internet. You can encrypt
both your arclight connection as well as the VNC connection to
your virtual machines.With the Apache web server on Ubuntu you can
enable https traffic using the following command:
</p>
<pre><code class="language-sh">sudo a2enmod ssl</code></pre>
<p>
Ubuntu has a configuration already setup to be used with a
self-signed certificate. It can be activated by using the
following command:
</p>
<pre><code class="language-sh">sudo a2ensite default-ssl.conf</code></pre>
<p>
You will need to restart/reload the Apache web server to apply the
SSL connection. Use the following command:
</p>
<pre><code class="language-sh">sudo systemctl restart apache2</code></pre>
<p>
The VNC connection will default to using the protocol of you web
connection. If you wish to use https with VNC you will need to
create a certificate. By default, the noVNC app that comes with
arclight looks for a cert called self.pem in the
<code>/etc/ssl/</code> directory.To create the certificate for the
VNC connection navigate to the <code>/etc/ssl/</code> directory.
</p>
<pre><code class="language-sh">cd /etc/ssl/</code></pre>
<p>Create the certificate by using the following command:</p>
<pre><code class="language-sh">sudo openssl req -x509 -days 365 -new -nodes -out self.pem -keyout self.pem</code></pre>
<p>Now change the permissions of the self.pem file</p>
<pre><code class="language-sh">sudo chmod 755 self.pem</code></pre>
<p>
If you have already used arclight, you will need to kill the
existing VNC process. To determine the process to kill use netstat
and determine the process number that is listening on port 6080.
</p>
<pre><code class="language-sh">sudo netstat -tulpn | grep 6080</code></pre>
<p>
Now kill the process. For example if the process was numbered
29226, you would kill it using the command:
</p>
<pre><code class="language-sh">sudo kill 29226</code></pre>
<p>
Now when you log into arclight, the VNC software will use the
self-signed cert. Because it is self-signed your browser will not
trust it. To trust the certification visit your URL:6080 and click
the Advanced button on the screen. For example, if you were using
192.168.1.2 to view the web interface you should use
<a href=""> https://192.168.1.2:6080.</a>
</p>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="architecture">
<a class="header" href="#architecture"
>Add Custom Storage Pools</a
>
</h1>
<p>
Using arclight, you can define Libvirt storage pools in the /var,
/mnt, and /media directories. This was done to prevent full access
to the operating system from the Web interface. If you need to
define a storage pool outside of these limitations, you can use
the terminal using Libvirt to register a storage pool. In this
example we will define the /home/ubuntu/ directory as a storage
pool.
</p>
<p>
Define the storage pool using the pool-define-as command from
virsh. We will pass in the type of storage devices which is a
directory, name which we will call myHomePool, and the filepath to
the storage pool.
</p>
<pre><code class="language-sh">virsh pool-define-as --type dir --name myHomePool --target /home/ubuntu
</code></pre>
<p>
The storage pool will now show up in arclight. If you wish to view
it in the terminal you can use the following command
</p>
<pre><code class="language-sh">virsh pool-list --all</code></pre>
<p>
The storage pool myHomePool will not be running, you can start it
using arclight, or in the terminal you can use the following
command to start the storage pool. Optionally you can use
pool-autostart to automatically start the pool upon the system
boot and use pool-autostart –disable to remove it.
</p>
<pre><code class="language-sh">virsh pool-start myHomePool</code></pre>
<p>
If you choose to stop the storage pool from running, you can do
this in arclight or by using the pool-destroy option.
</p>
<pre><code class="language-sh">virsh pool-destroy myHomePool</code></pre>
<p>
Lastly if you decide to remove the storage pool you can undefine
it. This will leave the directory intact on the operating system,
just removing it from the list of storage pools. Again, this can
be done in arclight or by using the pool-undefine option in the
terminal.
</p>
<pre><code class="language-sh">virsh pool-undefine myHomePool</code></pre>
<!-- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -->
<div style="break-before: page; page-break-before: always"></div>
<h1 id="contributing">
<a class="header" href="#contributing"
>ISO images for virtual machines</a
>
</h1>
<!-- <h2 id="intro"><a class="header" href="#intro">Intro</a></h2> -->
<p>
When getting started with KVM virtual machines, one common
question is how do I get ISO image files used to install the
operating systems in the virtual machines. The default location
that Libvirt uses as a storage pool for KVM virtual machines is
the <code>/var/lib/libvirt/images/</code> directory. You will need
to download the ISO files using a command such as wget. Find the
URL of the ISO from from the vendor, for example
<a
href="http://releases.ubuntu.com/18.04.1/ubuntu-18.04.1-live-server-amd64.iso"
>http://releases.ubuntu.com/18.04.1/ubuntu-18.04.1-live-server-amd64.iso</a
>
</p>
<p>
You will need to switch your user account to the root user:
Navigate to the <code>/var/lib/libvirt/images/</code> directory:
</p>
<pre><code class="language-bash">cd /var/lib/libvirt/images/</code></pre>