Ticket #3831 (partial) - Rewrite cache updater as twisted application:

[ganeti_webmgr.git] / README

================================================================================
 Ganeti Web Manager
================================================================================

Ganeti Web Manager is a Django based web application that allows administrators
and clients access to their ganeti clusters.  

Ganeti compatibility:
    >=2.2.x - supported
    2.1.x - mostly supported
    2.0.x - unsupported but may work
    1.x   - unsupported

Browser compatibility:
    * Mozilla Firefox >= 3.x
    * Chrome / Chromium

The VNC console requires websockets or flash support and HTML5 support in the
browser.

Project page: http://code.osuosl.org/projects/ganeti-webmgr
Mailing List: http://groups.google.com/group/ganeti-webmgr
IRC:          #ganeti-webmgr on freenode.net
Twitter:      http://twitter.com/ganetiwebmgr


================================================================================
 Installation
================================================================================

1.  Install Dependencies
    * Python >= 2.5
    * Django >= 1.2
    * django-registration
    * South >=0.7
    * object_permissions (packaged with releases)
    * object_log (packaged with releases)
    * sqlite3, mysql, or postgresql
    * twisted, twisted-web (deps for twisted-vncauthproxy)

2. Deploy this code somewhere (i.e. /var/lib/django/ganeti_webmgr)
3. Copy settings.py.dist to settings.py
4. Create a database and configure your settings:

 DATABASE_ENGINE = ''   <-- Change This to 'mysql', 'postgresql',
                            'postgresql_psycopg2' or 'sqlite3'
 DATABASE_NAME = ''     <-- Change this to a database name, or a file for SQLite
 DATABASE_USER = ''     <-- Change this (not needed for SQLite)
 DATABASE_PASSWORD = '' <-- Change this (not needed for SQLite)
 DATABASE_HOST = ''     <-- Change this (not needed if database is localhost)
 DATABASE_PORT = ''     <-- Change this (not needed if database is localhost)

5. If you are using the Django sites module, you will can set the id, name and
   domain of your site in settings.py and the site will automatically be
   created when syncdb is run.

 # Unique site id used by many modules to distinguish site from others.
 SITE_ID = 1

 # Site name and domain referenced by some modules to provide links back to the
 # site.
 SITE_NAME = 'Ganeti Web Manager'
 SITE_DOMAIN = 'localhost:8000'

6. Initialize the database

    ./manage.py syncdb

7. South migrations (0.5 only)

    ./manage.py migrate

8. Run the server

    Development:

    ./manage.py runserver

    Production:

    1. Change your SECRET_KEY and WEB_MGR_API_KEY to unique (and hopefully
       unguessable) strings in your settings.py.

    2. For versions >= 0.5 you may need to add the full filesystem path to your
       templates directory to TEMPLATE_DIRS and remove the relative reference
       to 'templates'. We've had issues using wsgi not working correctly unless
       this change has been made.

    3. Ensure the server has the ability to send emails or you have access to
       an SMTP server. Set EMAIL_HOST, EMAIL_PORT, and DEFAULT_FROM_EMAIL in
       settings.py. For more complicated outgoing mail setups, please refer to
       the django email documentation [1].

    4. Follow the django guide to deploy [2] with apache. Here is an example
       mod_wsgi file:

        import os
        import sys

        path = '/var/lib/django/ganeti_webmgr'
        if path not in sys.path:
                sys.path.append(path)

                os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'

                import django.core.handlers.wsgi
                application = django.core.handlers.wsgi.WSGIHandler()

    5. Configure cron job for periodic cache updater [3].

 [1] http://docs.djangoproject.com/en/1.2/topics/email/
 [2] http://docs.djangoproject.com/en/1.2/howto/deployment/
 [3] http://code.osuosl.org/projects/ganeti-webmgr/wiki/Cache_System#Updating-with-cron

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/Install

================================================================================
 Ganeti RAPI users and passwords
================================================================================

Before you can start using Ganeti Web Manager you will need to create a user
and password on the Ganeti cluster.

Here is an example with a user jack and password abc123:

    echo -n 'jack:Ganeti Remote API:abc123' | openssl md5

Add the hash to /var/lib/ganeti/rapi_users on all the nodes in the cluster and
restart ganeti-rapi. Here's an example using above:

    # Hashed password for jack
    jack {HA1}54c12257ee9be413f2f3182435514aae write

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/Managing_Clusters#Ganeti-RAPI-users-and-passwords


================================================================================
 Importing a Cluster
================================================================================

1. Use the admin user created during syncdb to log in.
2. Import a cluster:  Clusters -> Add Cluster
3. Fill out properties and click save

When the cluster is created it will automatically synchronize the list of
Virtual Machines with information from the ganeti cluster.

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/Importing_a_Cluster


================================================================================
 Users, Groups, and Permissions
================================================================================

Permissions may be granted to both clusters and virtual machines. The
permissions system is intended to allow users to manage themselves. Any object
that can have its permissions edited will have a Users tab.

Adding users to objects:
  1. Navigate to Group, Cluster, or VirtualMachine detail page
  2. Click Add New User
  3. Select user or group
  4. Select permissions
  5. Save

Updating permissions:
  1. Navigate to Group, Cluster, or VirtualMachine detail page
  2. Click Users tab
  3. Click permissions column
  4. Select permissions and save

Deleting permissions:
  1. Navigate to Group, Cluster, or VirtualMachine detail page
  2. Click Users tab
  3. Click the delete icon

Deleting a user will remove all permissions, and other properties associated
with the user such as cluster quotas.

Users may belong to any number of user groups.  User groups can be assigned
permissions and quotas just like users.  Users inherit permissions from groups
and may act on their behalf to create virtual machines.

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/Permissions


================================================================================
 Assigning Quotas
================================================================================

Quotas restrict the usage of cluster resources by users and groups. Default
quotas can be set by editing clusters, if no quota is set unlimited access is
allowed. This will affect all users and groups.

The default quota can be overridden on the cluster users page:

   1. Clusters -> Cluster -> Users
   2. Click on the quota
   3. Edit values

Leaving a value empty specifies unlimited access for that resource.

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/Permissions#Quotas


================================================================================
 Orphaned VirtualMachines
================================================================================

You can find VirtualMachines with no permissions via Admin -> Orphaned VMs.
This will force a synchronization of all clusters and display VirtualMachines
that do not have any permissions assigned.

You only need to grant permissions directly on virtual machines if you are
granting access to non-admin users.

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/Managing_Clusters#Orphaned-Virtual-Machines


================================================================================
 Cache System
================================================================================

Ganeti Web Manager uses a cache system that stores information about ganeti
clusters in the database. This allows the following:

      ---  Ganeti  ---
     /                \
    /                  \
 Cluster ->       ->   Bulk
  Model  <- cache <-  Updater

    * Permissions are stored in the database and are associated to the cached
      objects
    * The cached data can be searched and or filtered
    * Limits the amount of traffic between the webserver and ganeti cluster.

The cache system is transparent and will load cached data automatically when
the object is initialized.

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/Cache_System

================================================================================
 VNC 
================================================================================

Ganeti Web Manager provides an in browser console using noVNC [1], an HTML5
client.  noVNC requires WebSockets to function. Support for older browsers is
provided through a flash applet that is used transparently in the absence of
WebSockets.

[1] https://github.com/kanaka/noVNC

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/VNC

================================================================================
 VNC AuthProxy
================================================================================

VNC Auth proxy [1] is required for the console tab to function. VNC servers do
not speak websockets and our proxy allows your ganeti cluster to sit behind a
firewall, VPN, or NAT.

Enabling in settings.py
-----------------------

Set the host and port that the proxy will be running at with the VNC_PROXY
setting. For development this is typically "localhost:8888" but for production
you would use the name of the server its running on. See the instructions in
settings.py for more details.

Starting the Daemon
-------------------

Twisted VNC Authproxy is started with twistd, the twisted daemon. Eventually we
will include init.d scripts for better managing the daemon. You may want to open
port 8888 in your firewall for production systems.

    twistd --pidfile=/tmp/proxy.pid -ny proxy.tac 

Starting Flash Policy Server
----------------------------

Browsers that do not support WebSockets natively are supported through the use
of a flash applet. Flash applets that make use of sockets must retrieve a policy
file from the server they are connecting to. Twisted VNCAuthProxy includes a
policy server. It must be run separately since it requires a root port. You may
want to open port 843 in your firewall for production systems.

Start the policy server with twistd

    sudo twistd --pidfile=/tmp/policy.pid -ny policy.tac

Possible issues
---------------

You may encounter an issue where twisted fails to start and gives you error.
This is usually caused by the environment variable PYTHONPATH not being
exported correctly if you sudo up to root. To fix it type:

    export PYTHONPATH="."

Try executing twisted again and it should work.

Possible issues
---------------

You may encounter an issue where twisted fails to start and gives you error.
This is usually caused by the environment variable PYTHONPATH not being
exported correctly if you sudo up to root. To fix it type:

    export PYTHONPATH="."

Try executing twisted again and it should work.

[1] http://code.osuosl.org/projects/twisted-vncauthproxy

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/VNC#VNC-Authproxy

================================================================================
 SSH Keys
================================================================================

Ganeti Web Manager allows users to store SSH Keys. Each virtual machine has a
view that will return SSH keys for users with access. This can be used as a
Ganeti post-install hook to deploy user's keys on the VMs.

To allow VMs to copy keys, copy util/hooks/sshkeys.sh to the instance
definition hooks directory on every node in the clsuter and make the file
executable. Next, add the required variables to the variant config file
or main instance definition config file. The config file can be found in
util/hooks/sshkeys.conf and includes documentation for each variable.

Also see: http://code.osuosl.org/projects/ganeti-webmgr/wiki/PermissionsSSHKeys