Базовая установка менеджера виртуализации Archipel в CentOS

Базовая установка менеджера виртуализации Archipel в CentOS

Roman Bogachev VMware Specialist | Drone Pilot | Traveler

Archipel – это маcштабируемое решение для управления виртуальными машинами и гипервизорами с помощью графического интерфейса.

Archipel позволяет удобно управлять как несколькими виртуальными машинами на одном сервере, так и сотнями виртуалок, размещенных на десятках серверов в разных дата-цетрах.
Archipel использует протокол XMPP в качестве системы обмена между своими подсистемами. Более подробную информацию можно получить на сайте проекта archipelproject.org

Archipel использует XMPP сервер для коммуникации. Нам всего нужен один XMPP сервер, например eJabbered, чтобы начать работу.

Установка eJabberd (XMPP сервера)

Перво-наперво необходимо добавить репозиторий EPEL

Затем установим сам eJabberd

В Fedora 21

1
yum install ejabberd

В CentOS

Лучше собрать с исходных файлов или скачать установочный файл

Рекомендуемая версия eJabberd 2.1.6 - 2.1.11, начиная с версии 2.1.13 существует Bug #825

Archipel требуются следующие модули для стабильной работы:

  • mod_admin_extra (обязательный)
  • ejabberd_xmlrpc (опционально)

Установка среды разработки Erlang

Если модули не установились изначально, то соберем их сами. Для этого нам потребуется среда разработки Erlang.

1
yum install erlang-dev erlang-xmerl erlang-xmlrpc erlang-tools

Выбираем источник

Получим последние данные с репозитория
(С 2013 года SVN репозиторий переехал на Git, поэтому используем его)

1
2
3
git clone git://github.com/processone/ejabberd-contrib.git
cd ejabberd-contrib/mod_admin_extra
git checkout 2.1.x

Собираем модуль

1
./build.sh

Копируем сгенерированные .beam файлы с ebin директории в директорию с .beam файлами eJabbered

Конфигурация eJabberd

Конфигурация по умолчанию рассчитана на базовый chat-сервер (это великолепный chat-сервер), но нам не подходит.

Поэтому смело удаляем старый конфигурационный файл и создаем новый, в котором не забываем изменить FQDN.

Archipel требуется полноценный XMPP сервер, поэтому внесем некоторые поправки

Версия Erlang

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
%%%
%%% ejabberd configuration file
%%%
%%% Archipel Sample Configuration

%%% =======================
%%% OVERRIDE STORED OPTIONS

%% loglevel: Verbosity of log files generated by ejabberd.
{loglevel, 3}.


%%% ================
%%% SERVED HOSTNAMES

%% CHANGE FQDN to your FQDN
{hosts, ["FQDN"]}.


%%% ===============
%%% LISTENING PORTS

{listen,
[

%% If you have compiled the ejabberd-xmlrpc, uncomment the following line
%%{4560, ejabberd_xmlrpc, [{access_commands, [{xmlrpcaccess, all, []}]}]},

{5222, ejabberd_c2s, [
{access, c2s},
starttls,
{certfile, "/opt/ejabberd/ejabberd.pem"},
{max_stanza_size, 65536000}
]},

%% if you notice some issues with the health monitoring, it is likely that you need to comment the lines
%% starttls and certfile or upgrade archipel from source to be able to use SECURE BOSH
%% more information at https://github.com/ArchipelProject/Archipel/wiki/Installation:-Agent

{5269, ejabberd_s2s_in, [
{max_stanza_size, 65536000}
]},

%% BOSH service
{5280, ejabberd_http, [
http_bind,
http_poll
]},

%% Make a SSL version of the BOSH service
{5281, ejabberd_http, [
http_bind,
http_poll,
web_admin,
tls,{certfile, "/opt/ejabberd/ejabberd.pem"}
]}
]}.


%%% ===============
%%% S2S

{route_subdomains, s2s}.
{s2s_use_starttls, true}.
{s2s_default_policy, allow}.
{s2s_certfile, "/opt/ejabberd/ejabberd.pem"}.


%%% ==============
%%% AUTHENTICATION

{auth_method, internal}.


%%% ===============
%%% TRAFFIC SHAPERS

{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.


%%% ====================
%%% ACCESS CONTROL LISTS

%% CHANGE FQDN to your FQDN
{acl, admin, {user, "admin", "FQDN"}}.
{acl, local, {user_regexp, ""}}.


%% if you HAVE NOT compiled ejabberd-xmlrpc module, you
%% Need to declare all your hypervisors as ejabberd admin
%% The hypervisor JID is defined in archipel.conf. By default it
%% it is hypervisor@FQDN.
%% You can also use archipel-ejabberdadmin tool to add them
%% directly to the ejabberd database.

%% {acl, admin, {user, "hypervisor", "FQDN"}}.
%% {acl, admin, {user, "hypervisor-x", "FQDN"}}.

%%% ============
%%% ACCESS RULES

{access, max_user_sessions, [{10, all}]}.
{access, local, [{allow, local}]}.
{access, c2s, [{deny, blocked}, {allow, all}]}.
{access, c2s_shaper, [{none, admin}, {fast, all}]}.
{access, s2s_shaper, [{fast, all}]}.
{access, announce, [{allow, admin}]}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.
{access, muc, [{allow, all}]}.
{access, muc_create, [{allow, local}]}.
{access, pubsub_createnode, [{allow, all}]}.
{access, xmlrpcaccess, [{allow, admin}]}.


%%% ================
%%% DEFAULT LANGUAGE

{language, "en"}.


%%% =======
%%% REGISTRATION

{access, register, [{allow, all}]}.
{registration_timeout, infinity}.

%%% =======
%%% MODULES

{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]},
{mod_disco, []},
{mod_http_bind,[
{max_inactivity, 480} % timeout value for the BOSH, usefull for a large number of VM
]},
{mod_irc, []},
{mod_last, []},
{mod_muc, [
{access, muc},
{access_create, muc_create},
{access_persistent, muc_create},
{access_admin, muc_admin}
]},
{mod_offline, []},
{mod_privacy, []},
{mod_private, []},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{ignore_pep_from_offline, true},
{last_item_cache, false},
{plugins, ["flat", "hometree", "pep"]},
{max_items_node, 1000}
]},
{mod_register, [
{access, register}
]},
{mod_roster, []},
{mod_shared_roster,[]},
{mod_time, []},
{mod_vcard, []},
{mod_version, []},
{mod_admin_extra, []}
]}.

Версия YAML

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
--- 
access:
announce:
admin: allow
c2s:
all: allow
blocked: deny
c2s_shaper:
admin: none
all: fast
configure:
admin: allow
local:
local: allow
max_user_sessions:
all: 10
muc:
all: allow
muc_admin:
admin: allow
muc_create:
local: allow
pubsub_createnode:
all: allow
register:
all: allow
s2s_shaper:
all: fast
xmlrpcaccess:
admin: allow
acl:
admin:
user:
-
admin: "FQDN"
local:
user_regexp:
- []
auth_method: internal
hosts:
- "FQDN"
language: en
listen:
-
access: c2s
max_stanza_size: 65536000
module: ejabberd_c2s
port: 5222
shaper: c2s_shaper
-
max_stanza_size: 65536000
module: ejabberd_s2s_in
port: 5269
-
http_bind: true
http_poll: true
module: ejabberd_http
port: 5280
web_admin: true
loglevel: 3
modules:
mod_adhoc: []
mod_admin_extra: []
mod_announce:
access: announce
mod_caps: []
mod_configure: []
mod_disco: []
mod_http_bind:
max_inactivity: 400
mod_irc: []
mod_last: []
mod_muc:
access: muc
access_admin: muc_admin
access_create: muc_create
access_persistent: muc_create
mod_offline: []
mod_privacy: []
mod_private: []
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
max_items_node: 1000
plugins:
- flat
- hometree
- pep
mod_register:
access: register
mod_roster: []
mod_shared_roster: []
mod_time: []
mod_vcard: []
mod_version: []
registration_timeout: infinity
s2s_certifile: "/opt/ejabberd/ejabberd.pem"
s2s_policy: s2s_access
s2s_use_starttls: optional
shaper:
fast: 50000
normal: 1000

Проверить синтаксис конфигурационного файла можно тут
Проверить кавычки для путей после проверки синтаксиса.

Если у нас нет DNS сервера, то добавим строчку в /etc/hosts

1
X.X.X.X    your.fqdn.com

Генерируем самоподписанный сертификат

Не забудьте указать свой FQDN, при вопросе “Common Name”

1
2
3
4
openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout /opt/ejabberd/privkey.pem -out /opt/ejabberd/ejabberd.pem
openssl rsa -in /opt/ejabberd/privkey.pem -out /opt/ejabberd/privkey.pem
cat /opt/ejabberd/privkey.pem >> /opt/ejabberd/ejabberd.pem
rm /opt/ejabberd/privkey.pem

Запускаем сервисы

1
sudo ejabberdctl start

При успешном запуске должно получиться следующее:

1
2
The node 'cloudmanager@FQDN' is started with status: started
ejabberd 2.1.11 is running in that node

Регистрируем аккаунт администратора

1
ejabberdctl register admin FQDN yourpassword

Не создавайте других аккаунтов для виртуальной машины или гипервизора, они будут созданы автоматически при добавлении.

Установка Archipel Client

Ставим любой веб-сервер, например NGINX
Для работы клиента не требуется баз данных, PHP или Java.

Просто скачайте и распакуйте архив в корневую директорию сайта

1
wget -P http://nightlies.archipelproject.org/latest-archipel-client.tar.gz

Настройка гипервизора

Для начала установим все необходимые пакеты:

  • KVM module
  • qemu 0.12.5 +
  • libvirt 0.8.7+
  • python 2.5, 2.6 или 2.7
  • qemu-img
  • python setuptools
  • python-imaging
  • python-numeric (numpy)
  • libvirt python
  • subversion
  • gcc
  • python-devel

Установка Archipel Central Agent

Archipel central agent это опциональный модуль, который включает продвинутые настройки Archipel необходимые для полноценного управления.

1
easy_install sqlalchemy
1
2
cd clone_of_archipel_repo/ArchipelAgent
./buildCentralAgent -d

При сборке может возникнуть ошибка

1
2
3
4
Traceback (most recent call last):
File "./buildCentralAgent", line 21, in <module>
import argparse
ImportError: No module named argparse

Исправляем её путем установки недостающих пакетов:

1
2
3
easy_install argparse
...
yum install python-argparse

Создаем pubsub ноду для центрального агента.

1
archipel-centralagentnode --jid=admin@FQDN --password=YOURPASSWORD --create

Завершаем установку

1
archipel-central-agent-initinstall -x your_ejabberd_server_FQDN

Установка Archipel Agent на гипервизор

Скачиваем Nightlies версию и устанавливаем:

1
2
# wget http://nightlies.archipelproject.org/latest-archipel-agent.tar.gz
# tar xvf latest-archipel-agent.tar.gz -C /path/to/untar/
1
2
3
# easy_install apscheduler sqlalchemy numpy
# cd /path/ArchipelAgent/
# ./buildAgent -d

Для проверки, что вы все установили - запустите повторно

1
easy_install apscheduler sqlalchemy numpy python-magic

Завершаем установку

1
archipel-initinstall

По умолчанию из репозиторя будет установлен APScheduler версии 3.0.Х, которая для нас не подходит, поэтому удалим данный пакет и установим необходимый.

1
2
# pip uninstall APScheduler
# pip install -Iv https://pypi.python.org/packages/source/A/APScheduler/APScheduler-2.1.2.tar.gz#md5=6862959d460c16ef325d63e1fc3a6684

Если команда pip uninstall ... недоступна, то установите её.

1
2
# wget https://bootstrap.pypa.io/get-pip.py
# python get-pip.py

Конфигурация агента

Конфигурационный файл расположен в /etc/archipel/archipel.conf

xmpp_server - используем hostname (НЕ использовать IP-адрес);
xmpp_pubsub_server - обязательно оставить префикс pubsub. Он должен быть доступен;
archipel_root_admins - если у нас имеются еще админы, то указать их JID разделяя запятой;
machine_ip - по умолчанию данный параметр установлен в auto, но в большинстве случаев здесь надо указать IP-адрес гипервизора или его хостнейм;
hypervisor_xmpp_jid - JID гипервизора. Уникальный для каждой платформы.
qemu_img_bin_path - путь до бинарника qemu-img;
use_xmlrpc_api - установить в значение True для возможности использования XMLRPC API (только если установлен ejabberd-xmlrpc);
xmlrpc_host, xmlrpc_password, xmlrpc_user - данные параметры заполняются только при установленном значении True в use_xmlrpc_api

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
#
# archipel.conf
#
# Copyright (C) 2010 Antoine Mercadal <antoine.mercadal@inframonde.eu>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.


###############################################################################
###############################################################################

#
# General configuration. You should just need to edit these values
#
[DEFAULT]

# the default XMPP server to user
xmpp_server = cloud.mydomain.com

# archipel's data folder
archipel_folder_lib = /var/lib/archipel/

# this UUID will be used to identify the hypervisor
# internally. It MUST be different foreach one over
# your platform. You can generate a new one using
# uuidgen command
archipel_general_uuid = 4ff4cbd1-5133-481a-9e86-2c645123f010

# the base working folder, where virtual machine related
# stuff will be stored
archipel_folder_data = /vm



###############################################################################
###############################################################################

#
# This is the main configuration parameters
#
[GLOBAL]

# jid of the xmpp pubsub server
xmpp_pubsub_server = pubsub.%(xmpp_server)s

# jids of the root administrator separated with spaces
archipel_root_admins = admin@%(xmpp_server)s

# the ip of this machine. It can be :
# - auto : the IP if found using a Internet request.
# - gateway_interface : Using ip address configured on default gateway interface
# - X.X.X.X : manual ip
machine_ip = auto

# if set to True, XMPP layer uses avatars
use_avatar = False

# Folder of the avatars
machine_avatar_directory = %(archipel_folder_lib)s/avatars

# the uri of hypervisor
libvirt_uri = qemu:///system

# [OPTIONAL] if set, this parameter is send to other hypervisors as migration UI
# migration_uri = qemu+ssh://mydomain/system

# default loading module policy
# - permissive : if no entry are found in the conf file in section MODULES, the module will be loaded anyway
# - restrictive: you need to explicitely declare what modules to load in MODULES
module_loading_policy = restrictive

# [OPTIONAL] This parameters makes Archipel able to run in stateless mode.
# stateless mode needs some kernel parameters. please read the documentation (which is not available now :)
# about it, or leave it set to False
stateless_node = False


#
# VCARD information - They CANNOT be empty
#
[VCARD]
orgname = My Company
orgunit = Developer
userid = email@me.pls
locality = Russia, Moscow
url = http://mydomain.com
categories = Cloud


#
# The hypervisor configuration
#
[HYPERVISOR]

# the JID of this hypervisor. It MUST be different foreach one over
# your platform.
# If this account not exists, it will be created on the fly
hypervisor_xmpp_jid = cloudserver1.mydomain.com@%(xmpp_server)s

# the XMPP password of this hypervisor
hypervisor_xmpp_password = P@ssw0rd

# the vCard name of hypervisor. if set to "auto"
# the hostname is used
hypervisor_name = auto

# the sqlite3 db file to store hypervisor informations
hypervisor_database_path = %(archipel_folder_lib)s/hypervisor.sqlite3

# the default avatar to use for hypervisor, relative to
# GLOBAL:machine_avatar_directory and if GLOBAL:use_avatar is set to True
hypervisor_default_avatar = defaulthypervisor.png

# the file contaning auto generated names for virtual machine creation
# must be a text file containing one name per line
name_generation_file = %(archipel_folder_lib)s/names.txt

# the database file for storing permissions (full path required)
hypervisor_permissions_database_path = %(archipel_folder_lib)s/permissions.sqlite3



#
# The virtual machines configuration
#
[VIRTUALMACHINE]

# the base folder to use to store virtual machine's own
# informations (drives, etc...)
vm_base_path = %(archipel_folder_data)s/drives

# [OPTIONAL] the base folder to store virtual machine permissions
# if not set, permissions are stored in the base folder
# vm_perm_path = %(archipel_folder_data)s/drives

# the default avatar to use for virtual machine, relative to
# GLOBAL:machine_avatar_directory and if GLOBAL:use_avatar is set to True
vm_default_avatar = defaultvm.png

# the size of the random generated XMPP password
xmpp_password_size = 32

# the maximum lifetime of a lock (in seconds)
maximum_lock_time = 1

# the database file for storing permissions (relative path required)
vm_permissions_database_path = /permissions.sqlite3

# if set to false, all space in virtual machine names will be replaced by a '-'
# note that for xen backend this option has no effect as xen does'nt handle spaces in names.
allow_blank_space_in_vm_name = True

# [OPTIONAL] this will allow to block access to block devices
# when defining virtual machines
enable_block_device_access = True

# [OPTIONAL] this will disable the screenshot feature. Libvirt 0.9.5+ is bugged
# If you use these versions, set this value to True. Default value (i.e not set) is False
disable_screenshot = False



#
# Logging configuration
#
[LOGGING]

# minimal log level. it can be in order:
# - debug
# - info
# - warning
# - error
# - critical
logging_level = error

# max life time of a log node in the pubsub
log_pubsub_item_expire = 3600

# max number of stored log in the pubsub log node
log_pubsub_max_items = 1000

# the path of file to store logs
logging_file_path = /var/log/archipel/archipel.log

# max size in bytes of a log file before rotation
logging_max_bytes = 5000000

# number of log backup file to keep
logging_backup_count = 5

# the date format to use in log file.
# See http://docs.python.org/library/logging.html#formatter-objects
logging_date_format = %Y-%m-%d %H:%M:%S

# the log format to use in log file.
# See http://docs.python.org/library/datetime.html?highlight=date#strftime-and-strptime-behavior
logging_formatter = %(levelname)s::%(asctime)s::%(filename)s:%(lineno)s::%(message)s

# If this is True, xmpppy will be in debug mode
xmpppy_debug = False



#
# This allows to choose wich modules to load.
# the name of the parameter is the name the module dir.
# If the value is set to True, the module will be loaded
#
[MODULES]

action_scheduler = True
centraldb = False
geolocalization = True
hypervisor_health = True
hypervisor_network = True
hypervisor_vmcasts = True
iphone_notification = False
oomkiller = True
snapshoting = True
storage = True
virtualmachine_appliance = True
vnc = True
xmppserver = True
platformrequest = False
vmparking = False


###############################################################################
# MODULES CONFIGURATION #
###############################################################################

#
# HypervisorHealth module configuration
#
[HEALTH]

# the sqlite3 db file to store health informations
health_database_path = %(archipel_folder_lib)s/statscollection.sqlite3

# data collection interval in seconds
health_collection_interval = 5

# max datarow to store in number of data collection
# (5s * 50000collections ~ 70 hours)
max_rows_before_purge = 50000

# number of row to store memory before saving into database
max_cached_rows = 200



#
# Storage module configuration
#
[STORAGE]

# the filesystem path to the shared ISO file usable
# by virtual machines
iso_base_path = %(archipel_folder_data)s/iso

# if your copy of qemu-img support it, allow to create non
# sparse qcow2 img (it will be optionnal, but proposed)
use_metadata_preallocation = True

# the path for qemu-img
qemu_img_bin_path = /usr/bin/qemu-img

# path to the folder containing QCOW2 gold drives
golden_drives_dir = %(archipel_folder_data)s/goldens



#
# Geolocalization module configuration
#
[GEOLOCALIZATION]

# set the way the hypervisor localize itself.
# can be "manual" or "auto"
localization_mode = auto

# manual latitude
# ignored if localization_mode=auto, mandatory if localization_mode=manual
localization_latitude = 0.0

# manual longitude
# ignored if localization_mode=auto, mandatory if localization_mode=manual
localization_longitude = 0.0

# the url of geolocalization service
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_url = ipinfodb.com

# the query of geolocalization service
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_request = /ip_query.php

# the HTTP method of geolocalization service
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_method = GET

# the base XML tag of geolocalization service
# must contains <latitude> and <longitude> tags
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_response_root_node = Response



#
# VMCasting module configuration
#
[VMCASTING]

# the sqlite3 db file to store vmcatsting informations
vmcasting_database_path = %(archipel_folder_lib)s/vmcasting.sqlite3

# the folder where downloaded appliances are placed
repository_path = %(archipel_folder_data)s/repo

# working path
temp_path = %(archipel_folder_data)s/tmp

# the name of vmcast
own_vmcast_name = Local VM casts of $HOSTNAME

# vmcast description
own_vmcast_description = This is the own vmcast feed of the hypervisor $HOSTNAME

# hypervisor VMCast UUID (must be unique for entire plateform)
own_vmcast_uuid = %(archipel_general_uuid)s

# the url to access the vmcast
own_vmcast_url = http://127.0.0.1:8088/vmcasts/

# the file to GET
own_vmcast_file_name = rss.xml

# the langage of vmcast
own_vmcast_lang = en-us

# file system folder of vmcast
own_vmcast_path = %(archipel_folder_data)s/vmcasts/

# interval in second to refresh the content of the cast
own_vmcast_refresh_interval = 60

# supported disk extensions, separated by ";" containing the "."
# for example .qcow;.qcow2
disks_extensions = .qcow2;.qcow;.img;.iso

# If set to True, packaging process will gzip drives
# Gziping drive makes appliance creation longer but smaller
should_gzip_drives = True

# If set to true, package maker will ignore user request
# and will use value of should_gzip_drives token
ignore_user_gzip_choice = False



#
# iPhone Notification module configuration
#
[IPHONENOTIFICATION]

# put the credentials of users that will receive push notification right from your iPhone
# Credentials can be found at https://www.appnotifications.com/account/rest_api
# application can be buy at http://2apn.com/
# separate keys with double coma ",,"
credentials_key = YOUR CRED HERE



#
# OOM module configuration
#
[OOMKILLER]

# the sqlite3 db file to store OOM prevention informations
database = %(archipel_folder_lib)s/oom.sqlite3



#
# Scheduler module configuration
#
[SCHEDULER]

# the sqlite3 db file to store scheduler informations
database = %(archipel_folder_lib)s/scheduler.sqlite3



#
# XMPP Server module configuration
#
[XMPPSERVER]

# choose the if you wan to use the XMLRPC API to manage
# the XMPP Server administration. Note that using XMLRPC
# API need to compile and install ejabberd_xmlrpc module
# If it is set to False, we will use the XMPP API
use_xmlrpc_api = False

# XMLRPC API ONLY: The ejabberd XMLRPC server host
xmlrpc_host = %(xmpp_server)s

# XMLRPC API ONLY: The ejabberd XMLRPC server port
xmlrpc_port = 4560

# XMLRPC API ONLY : Use SSL for xmlrpc, need a ssl proxy as
# xmlrpc module does'nt hanle SSL. Read more information on the wiki
xmlrpc_sslonly = False

# XMLRPC API ONLY: The ejabberd XMLRPC server admin account
xmlrpc_user = admin

# XMLRPC API ONLY: The ejabberd XMLRPC server admin password
xmlrpc_password = password

# [OPTIONAL] if set to True, all new virtual machines will be added automatically
# in a shared roster group named like auto_group_name
auto_group = False

# [OPTIONAL] this is the name of the auto group if auto_group is set
# and is equal to True. auto_group_name_virtualmachines is for vms
# auto_group_name_hypervisors is for hypervisors. To put them all
# in the same group, just use the same name
auto_group_name_virtualmachines = All Virtual Machines
auto_group_name_hypervisors = All Hypervisors
auto_group_name_users = All Users


# [OPTIONAL] this define what kind of entities will be automatically added
# to the auto group. Values can be "virtualmachines", "hypervisors" or "all".
# If this option is not set, "all" is the default
auto_group_filter = all

#
# VNC Pulgin configuration
#
[VNC]

# use this certificate fail for VNC screen connection.
# For unsecure connection, use "None". To quickly generate a certificate:
# openssl req -new -x509 -days 365 -nodes -out vnc.pem -keyout vnc.pem
#
# WARNING: THIS CERTIFICATE IS GIVEN AS EXAMPLE. IT IS NOT SECURED AT ALL
# TO USE IT AS EVERYBODY HAS THE SAME!!
vnc_certificate_file = /etc/archipel/vnc.pem

# if set to True, vnc server will not accept any non secure connection
vnc_only_ssl = False

# [OPTIONAL] If set to True, websocket debuging will be activated.
# Not tha websocket activation will be logged on STDOUT (not in archipel.log)
# You will need to launch 'runarchipel' manually, or remove the /dev/null
# redirection in Archipel init script
vnc_enable_websocket_debug = False



#
# NETWORK module configuration
#
[NETWORKS]

# path for libvirt network filters
libvirt_nw_filters_path = /etc/libvirt/nwfilter



#
# PARKING module configuration
#
[VMPARKING]

# path for shared parking database file
database = %(archipel_folder_data)s/shared_parking.sqlite3

[CENTRALDB]
# jid (without domain) of the central agent
central_agent_jid = centralagent@%(xmpp_server)s

Перезагружаемся.

Создаем pubsub ноды

1
2
3
# archipel-tagnode --jid=admin@FQDN --password=YOURPASSWORD --create
# archipel-rolesnode --jid=admin@FQDN --password=YOURPASSWORD --create
# archipel-adminaccounts --jid=admin@FQDN --password=YOURPASSWORD --create

Запускаем агент

1
runarchipel

Проверяем лог /var/log/archipel/archipel.log и статус подключения на XMPP сервере

1
ejabberdctl connected_users
1
2
3
5cfb7332-d348-11e4-bf95-0025906ab370@cloud.mydomain.com/cloudserver1.mydomain.com
cloudserver1.mydomain.com@cloud.mydomain.com/cloudserver1.mydomain.com
...

Тест

После успешной установки необходимо запустить archipel-testxmppserver для проверки.

1
archipel-testxmppserver --jid=admin@FQDN --password=YOURPASSWORD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
*                        Archipel XMPP Server Test                            *
* *
* Archipel needs some specific parameters to be set. This tool will perform *
* some tests in order to ensure that your ejabberd server is properly *
* configured. *
* If you encounter some errors during test, there are great chance that *
* Archipel won't work correctly. If so, please read carrefully : *
* *
* - https://github.com/ArchipelProject/Archipel/wiki/Installation-manual *
* *
* Copyright 2011 Antoine Mercadal *
*******************************************************************************

Type enter key to continue...

# TEST 1 : XMPP CONNECTION
* Trying to connect to the XMPP Server using admin@cloud.h1host.ru
[SUCCESS] : Sucessfully connected

# TEST 2 : INBAND REGISTRATION
* Trying to register a new dummy XMPP account using in-band registration
* Registration information sent. Wait for response...
[SUCCESS] : Registration complete.

# TEST 3 : PUBSUB CREATION
* Trying to create a pubsub node with the dummy account
[SUCCESS] : Dummy pubsub created.

# TEST 4 : PUBSUB CONFIGURATION
* Trying to configure the pubsub with required info for Archipel...
[SUCCESS] : Pubsub sucessfully configured with correct value

# TEST 5 : PUBSUB DELETION
* Trying to remove dummy pubsub...
[SUCCESS] : Sucessfully deleted the pubsub.

# TEST 6 : INBAND UNREGISTRATION
* Trying to unregister the dummy XMPP account using in-band unregistration
* Unregistration information sent. Waiting for response...
[SUCCESS] : Unregistration complete.

# TEST 7 : QUICK REGISTRATION/UNREGISTRATION
* Trying to register a new dummy XMPP account using in-band registration
* Registration information sent. Wait for response...
[SUCCESS] : Registration complete.
* Trying to unregister the dummy XMPP account using in-band unregistration
* Unregistration information sent. Waiting for response...
[SUCCESS] : Unregistration complete.

# TEST 8 : EJABBERD_XMLRPC BASIC OPERATION
* Trying to connect the ejabberd_xmlrpc module...
[WARNING] : Unable to authenticate on xmlrpc over http, I will try anonymously
[WARNING] : Unable to reach xmlrpc over http, I will try over https
[ ERROR ] : Unable to authenticate on xmlrpc over https, I will try anonymously
[ ERROR ] : Unable to contact the ejabberd_xmlrpc module on both http or https
[ ERROR ] : Please check the module is listenning and access rules are well configured

# TEST 9 : CHECKING FOR MOD_ADMIN_EXTRA
* Checking is mod_admin_extra is available...
[WARNING] : Unable to authenticate on xmlrpc over http, I will try anonymously
[WARNING] : Unable to reach mod_admin_extra over ejabberd_xmlrpc module through http, I will try over https
[ ERROR ] : Unable to authenticate on xmlrpc over https, I will try anonymously
[ ERROR ] : Unable to contact the mod_admin_extra over ejabberd_xmlrpc module on both http or https
[ ERROR ] : Please check the module is listenning and access rules are well configured

# TEST 10 : CHECKING FOR USER MANAGEMENT THROUGH XMPP API
* Trying to list registered users using XMPP admin commands (XEP-133)
* Command sent. Wait for response...
[SUCCESS] : User Management is enabled

Если мы не используем xmlrpc, то на последних двух шагах получим ошибку. Не беспокойтесь, это не критично, мы всегда можем установить эти модули при необходимости.

Не забываем запустить Libvirt

Подключаемся к клиенту

Добавляем гипервизор

Подключаемся к клиенту и добавляем нового пользователя, в качестве имени используем hypervisor_xmpp_jid гипервизора. После добавления он появится в списке.