December 18, 201312 yr What is Archipel Some of you might know Archipel (http://archipelproject.org/). It is a web based solution to manage and supervise virtual machines. The good thing is that it does look very good, if you see the video in the website it's really appealing. On the cons, it's quite difficult to install, but mainly, and IMHO, it's not (yet) ready for production: it certainly does look good and have potential, but it's still buggy. I contacted the developer and he confirmed the project it's not abandoned, although he's quite busy with work and can't dedicate much of his time at the moment. Nevertheless, as I went through the hoops of installing, and since some members couldn't make it work, I decided to write a quick guide for those interested in checking it out and have a test of it. Maybe some day it's actually ready and we can integrate it with a headless server. Architecture Archipel architecture is a bit complex. It is base in XMPP for all communication. Therefore for Archipel to work you need: XMPP server Archipel Client: this is the actual webGUi to communicate with the hypervisor Archipel Agent: installed in the hypervisor Theoretically you should have to install all these 3 in different machines. The beauty of this guide is that it'll allow you to install all of them (XMPP server, Client and Agent) on the hypervisor Prerequisites CentOS 6.5 x64 minimal distro installed: it might work with other distros, but I'm certainly not an expert on linux. I'll write down a step by step guid to make this work. Additional packages: wget svn mc system-config-network-tui. mc (midnight commander): it's not really neccesary, you can use vi, but I like the simplicity and easy of use of it. system-config-network-tui: it's a graphical wizard tool to set up a static ip. If you know your ways in CentOS you probably won't need it. I won't use it in this guide because I set up the static IP during installation. Additional repos: epel and rmpforge repos. Additional info During installation I configured my server with: FQDN: titan.home Server IP: 192.168.1.141 You can modify this to your liking/needs. Although you can do this from the server itself, I recommend you to SSH into the server, you can save a lot of typing! If you follow this guide, and don't hit any walls, it should take about 30min (there are a lot of packages to download), start to end. SOURCES: http://archipelproject.org/ https://github.com/ArchipelProject/Archipel/wiki http://marcocarcano.wordpress.com/2012/10/17/archipel/
December 18, 201312 yr Author Installation of prerequisites and repos On a fresh Centos 6.5 x64 minimal installation (I only configured during installation the FQDN, root account password and static IP): [root@titan ~]# yum install -y wget svn mc [root@titan ~]# yum install -y http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@titan ~]# yum install -y http://rpms.famillecollet.com/enterprise/remi-release-6.rpm [root@titan ~]# yum install -y http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm [root@titan ~]# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt You shouldn't receive any error messages. Installation of KVM This is not an exaustive guide, just the bare minimum to get archipel working. Disable SELinux: [root@titan ~]# mcedit /etc/selinux/config and edit the file adding disabled in the SELINUX variable: # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted. Reboot the server: [root@titan ~]# reboot Import the GPG keys for software packages: [root@titan ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* To install KVM and virtinst (a tool to create virtual machines), we run [root@titan ~]# yum install -y kvm libvirt qemu-kvm python-virtinst virt-top Then start the libvirt daemon: [root@titan ~]# service libvirtd start To check if KVM has successfully been installed, run [root@titan ~]# virsh -c qemu:///system list It should display something like this: [root@server1 ~]# virsh -c qemu:///system list Id Name State ---------------------------------- Next we need to set up a network bridge on our server so that our virtual machines can be accessed from other hosts as if they were physical systems in the network. To configure the bridge, edit the interface eth0: add BRIDGE=br0 and comment out BOOTPROTO, IPADDR, PREFIX, GATEWAY, DNS1 and DNS2. It should look something like this: [root@titan ~]# mcedit /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NAME="System eth0" TYPE=Ethernet UUID=(this field is unique for each card) ONBOOT=yes NM_CONTROLLED=no #BOOTPROTO=none HWADDR=(this field is unique for each card) #IPADDR=192.168.1.141 #PREFIX=24 #GATEWAY=192.168.1.1 #DNS1=208.67.222.222 #DNS2=208.67.220.220 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no BRIDGE=br0 Now lets configure a bridge: [root@titan ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br0 [root@titan ~]# mcedit /etc/sysconfig/network-scripts/ifcfg-br0 Edit file so it looks like this: DEVICE=br0 NAME="System br0" TYPE=Bridge ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=none IPADDR=192.168.1.141 PREFIX=24 GATEWAY=192.168.1.1 DNS1=208.67.222.222 DNS2=208.67.220.220 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no and restart the network [root@titan ~]# service network restart if you run ifconfig, it should now show the network bridge: [root@titan ~]# ifconfig br0 Link encap:Ethernet HWaddr 00:22:15:ED:3E:CF inet addr:192.168.1.141 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::222:15ff:feed:3ecf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37 errors:0 dropped:0 overruns:0 frame:0 TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2908 (2.8 KiB) TX bytes:3576 (3.4 KiB) eth0 Link encap:Ethernet HWaddr 00:22:15:ED:3E:CF inet6 addr: fe80::222:15ff:feed:3ecf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:38625 errors:0 dropped:0 overruns:0 frame:0 TX packets:17905 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:40239878 (38.3 MiB) TX bytes:1444750 (1.3 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) virbr0 Link encap:Ethernet HWaddr 52:54:00:7C:D0:8F inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) insert rules into iptables to allow network to use that bridge [root@titan ~]# iptables -I FORWARD -m physdev --physdev-is-bridge -j ACCEPT [root@titan ~]# service iptables save [root@titan ~]# service iptables start make sure netfilter is enabled for bridges: [root@titan ~]# mcedit /etc/sysctl.conf check the next lines are set to 0, if not change them to 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 if you change any value, reboot server That's it.
December 18, 201312 yr Author Installation of XMPP Server Update the system [root@titan ~]# yum -y update install the yum priorities plugin – this ensure that packages of certain repositories got precedence on packages of other repositories [root@titan ~]# yum install -y yum-priorities edit the file CentOS-Base.repo and add the line “priority = 1” to all the repos except “centosplus” and “contrib“: these one must have “priority = 2“. Enable all disabled repos: [root@titan ~]# mcedit /etc/yum.repos.d/CentOS-Base.repo edit the rpmforge.repo file adding the line “priority = 10” to all the repos except the testing ones. Add the line “priority = 30” to all the testing repos. [root@titan ~]# mcedit /etc/yum.repos.d/rpmforge.repo edit the epel repo and epel repo adding the line “priority = 20” to all the repos except the testing ones. Add the line “priority = 30” to all the testing repos. Enable all disabled repos: [root@titan ~]# mcedit /etc/yum.repos.d/epel.repo [root@titan ~]# mcedit /etc/yum.repos.d/remi.repo Update the system [root@titan ~]# yum -y update We are ready to install ejabberd service: simply run [root@titan ~]# yum install -y ejabberd we must ensure that ejabberd has been packaged with mod_admin_extra. Type the next command, it must give you the path to the module files. [root@titan ~]# rpm -ql ejabberd |grep mod_admin /usr/lib64/ejabberd/ebin/mod_admin_extra.beam Now we have to install ejabberd_xmlrpc: [root@titan ~]# yum install -y erlang-xmerl erlang-xmlrpc erlang-tools download all ejabberd modules [root@titan ~]# cd /usr/local/src [root@titan ~]# svn checkout http://svn.process-one.net/ejabberd-modules/ compile the ejabberd_xmlrpc module [root@titan ~]# cd /usr/local/src/ejabberd-modules/ejabberd_xmlrpc/trunk [root@titan ~]# ./build.sh finally, copy it in the modules directory [root@titan ~]# cp ebin/ejabberd_xmlrpc.beam /usr/lib64/ejabberd/ebin Next is to configure the XMPP server, this is easier than it looks like. Just copy my config file replacing titan.home by your FQDN (a couple of substitutions): [root@titan ~]# mcedit /etc/ejabberd/ejabberd.cfg add your FQDN to your hosts file, add also archipel as a hostname with your domain: [root@titan ~]# mcedit /etc/hosts 192.168.1.141 titan titan.home archipel.home start the ejabberd service: [root@titan ~]# service ejabberd start now we need to register the admin user: [root@titan ~]# ejabberdctl register admin titan.home Your_XMPP_password User [email protected] successfully registered We are almost there, we have to add some rules to the iptables [root@titan ~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT [root@titan ~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT [root@titan ~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 4560 -j ACCEPT [root@titan ~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT [root@titan ~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 5269 -j ACCEPT [root@titan ~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 5280 -j ACCEPT [root@titan ~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 5281 -j ACCEPT Save and restart the iptables, and we are done, xmpp is installed, running and with access from your home network. [root@titan ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@titan ~]# service iptables restart iptables: Setting chains to policy ACCEPT: filter mangle na[ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] ejabberd.cfg
December 18, 201312 yr Author Installation of Archipel Client Ok, this is an easy one: Install apache web server and mod_ssl [root@titan ~]# yum install -y mod_ssl I read it's recommended to put Archipel client into a virtual host (I don't really know what this means, sorry!) [root@titan ~]# mkdir /var/www/vhosts Download Archipel client into /var/www/vhosts and extract it: [root@titan ~]# cd /var/www/vhosts [root@titan ~]# wget http://nightlies.archipelproject.org/latest-archipel-client.tar.gz [root@titan ~]# tar -xvzf latest-archipel-client.tar.gz Define the virtualhost into Apache 2 configuration: [root@titan ~]# mcedit /etc/httpd/conf.d/archipel.conf And add this (watch out here, don't mix your FQDN with your domain): <VirtualHost 192.168.1.141:80> ServerName archipel.home ServerAlias archipel.local DocumentRoot /var/www/vhosts/Archipel ServerAdmin root@home CustomLog /var/log/httpd/archipel.log combined </VirtualHost> Edit your httpd.conf file, look for the ServerName variable, uncomment it and set it to 'localhost' (this is not really necessary, but avoids a warning message when starting Apache): [root@titan ~]# mcedit /etc/httpd/conf/httpd.conf ... ServerName localhost ... Start Apache, and you are up and running! [root@titan vhosts]# service httpd start Starting httpd: [ OK ] You can now access the webGUI from your network, just type 192.168.1.141:80 (or whatever your IP is) in any browser. Log in is also a bit tricky: JabberID: [email protected] Password: Your_XMPP_password XMPP Service: http://192.168.1.141:5280/http-bind (this will autofill automatically, to avoid DNS issues, replace your FQDN with your server IP). And we are in! We can't yet connect to the hypervisor, for that we need to install the Agent.
December 18, 201312 yr Author Installation of Archipel Agent This should've been easy, but for some reason, it took me some time: Archipel Agent relies on python, so you have to install some dependencies: [root@titan ~]# yum -y install libvirt-python python-pip python-imaging python-magic gcc python-devel gcc python-devel This will give a lot of warnings, but it will still work. Then instal the agent: [root@titan ~]# easy_install archipel-agent and run: [root@titan ~]# archipel-initinstall [root@titan ~]# archipel-tagnode [email protected] --password=Your_XMPP_password --create [root@titan ~]# archipel-rolesnode [email protected] --password=Your_XMPP_password --create [root@titan ~]# archipel-adminaccounts [email protected] --password=Your_XMPP_password --create We are there, just start the agent and enjoy! [root@titan ~]# service archipel start * Starting Archipel: [OK] That's it, go to Archipel and to add the hypervisor, add a contact. The JID is the user@domain. Since the Agent, Client and XMPP server are all at the same machine, this is a bit redundant: -> JID: [email protected] Good luck with your testing! NOTE: Although I played a bit with Archipel, I don't know much about it. The instructions in the GitHub site are alsoquite scarce. I don't even know for how long I'm going to have this installed, I'd like to test other webGUIs. Bottom line, I don't know of how much more help I could be :-)!
December 18, 201312 yr Author You did an amazing job putting this guide together. Excellent Work! Thanks grumpy, considering how knowledgeable you are that is indeed a great compliment! It's a shame though archipel isn't production ready. I'll keep looking for a solution.
December 18, 201312 yr Yeah, really cool...nice writeup. 8) You should try ProxmoxVE ... in a VM on ESXi you can't use the KVM part, but it also offers OpenVZ...try their WebUI...this is really nice. Sadly it is not available standalone.
December 19, 201312 yr Author Thanks Ford, I'll try proxmox in ESXi, i tried but couldn't load it in my test machine (although I didn't put much effort to be honest l Sent from my GT-I9305 using Tapatalk
Archived
This topic is now archived and is closed to further replies.