Ubuntu NAS-Kvm and WebVirtCloud

Now we will add a way to run virtual machines and control them via web interface

Install KVM

Setup

Run apt install cpu-checker

Verify that your system can run kvm

kvm-ok

Install and verify

apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst virt-manager
systemctl enable libvirtd-tcp.socket

Edit ** /usr/lib/systemd/system/libvirtd.service **

Wants=libvirtd.socket
Wants=libvirtd-ro.socket
+ Wants=libvirtd-tcp.socket
+ After=mnt-data.mount
+ Wants=mnt-data.mount
Wants=libvirtd-admin.socket
Wants=systemd-machined.service

Add the user main

Run usermod -aG libvirt main usermod -aG kvm main

Setup access from webvirtcloud

Modify /etc/libvirt/libvirtd.conf

listen_tls = 0
listen_tcp = 1
tcp_port = "16509"
listen_addr = "0.0.0.0"  ## Address of docker0 veth on the host
unix_sock_group = "libvirtd"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
auth_tcp = "none"
auth_tls = "none"

Modify /etc/libvirt/qemu.conf vnclisten = "0.0.0.0" vnctls = 0 # vnc_password = ""

Disable apparmor ?????

ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/
ufw allow 16509/tcp

Change the default storage pool to go in the right place (on the encrypted disk)

Run

mkdir -p /mnt/data/apps/libvirt/storage
mkdir -p /mnt/data/apps/libvirt/isos
chmod 777 /mnt/data/apps/libvirt
chmod 777 /mnt/data/apps/libvirt/storage
chmod 777 /mnt/data/apps/libvirt/isos

Setup a default storage

virsh pool-define-as --name default --type dir --target /mnt/data/apps/libvirt/storage
virsh pool-autostart default
virsh pool-start default
virsh pool-list

Useful commands

Remove a vm

virsh list --all
virsh destroy [name]
virsh undefine [name]

Remove a pool

virsh pool-list
virsh pool-destroy [name]
virsh pool-undefine [name]

WebVirtCloud

Prepare the directories

Run

mkdir -p /mnt/data/apps/webvirtcloud/data
mkdir -p /mnt/data/apps/webvirtcloud/.ssh
chmod 777 /mnt/data/apps/webvirtcloud
chmod 777 /mnt/data/apps/webvirtcloud/data
chmod 777 /mnt/data/apps/webvirtcloud/.ssh

Setup the image

Run

git clone https://github.com/kendarorg/docker-webvirtcloud
cd docker-webvirtcloud
docker build -t kendar/webvirtcloud .

Run

docker run -d \
    --restart unless-stopped \
    -p 8000:80 \
    -p 6080:6080 \
     -e VNC_PORT=6080 \
    --network dockernet \
    -v /srv/webvirtcloud/data:/mnt/data/apps/webvirtcloud/data \
    -v /srv/webvirtcloud/ssh:/mnt/data/apps/webvirtcloud/.ssh \
    --name webvirtcloud \
    kendar/webvirtcloud .

Setup the user

Login on http://mynas:8000 (admin/admin) and change the admin password
Computes->+: Add a compute with the user name main and the ip 192.168.44.1
Associate all permission clicking on the wheel
Computes->NAME OF THE INSTANCE->Storages: Create a storage of type "iso" on /mnt/data/apps/libvirt/isos

Setup ldap

Assign the user main to all

On phpLdapAdmin create a groupOfUniqueNames cn=webvirtcloud,ou=groups,dc=kendar,dc=org for the ones with few rights
On phpLdapAdmin create a groupOfUniqueNames cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org for who can access some data
On phpLdapAdmin create a groupOfUniqueNames cn=cn=adminsstaff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org for the admins

And add users at please

Enter on docker console modify the end of file /srv/webvirtcloud/webvirtcloud/settings.py (use your master dn or root user and the correct root dn)

LDAP_ENABLED = True
LDAP_URL = 'openldap'
LDAP_PORT = 389
USE_SSL = False
LDAP_MASTER_DN = 'cn=admin,dc=kendar,dc=org'
LDAP_MASTER_PW = 'secret'
LDAP_ROOT_DN = 'dc=kendar,dc=org'
LDAP_USER_UID_PREFIX = 'cn'
LDAP_SEARCH_GROUP_FILTER_ADMINS = 'memberOf=cn=admins,cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org'
LDAP_SEARCH_GROUP_FILTER_STAFF = 'memberOf=cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org'
LDAP_SEARCH_GROUP_FILTER_USERS = 'memberOf=cn=webvirtcloud,ou=groups,dc=kendar,dc=org'

Last modified on: June 08, 2020