Open Infrastructure

h1. The ungleich VM console

{{toc}}

h2. 1. System Architecture

This service supports  accessing console of your VM through guacamole service.

And To log-in VM console web needs datacenterlight.ch account. User's accounts are syncronized with LDAP.

!archi.png!

h2. 2. Set guacamole server

- run cdist

<pre>

cd ~/.cdist; git pull; cdist config -bj7 -p9 -vv desktop.ungleich.ch

</pre>

- in manifest for centos

<pre>

……

desktop.ungleich.ch)

        __guacamole_centos  --ldap-hostname 'ldap server url' \

          --ldap-port '636' \

          --ldap-encryption-method 'ssl' \

          --ldap-user-base-dn 'ou=XXX,dc=ungleich,dc=ch' \

          --ldap-search-bind-password ‘refer to pass' \

          --ldap-search-bind-dn 'cn=XXXXX,dc=ungleich,dc=ch' \

          --ldap-username-attribute 'uid' \

          --postgresql-hostname 'localhost' \

          --postgresql-username 'USER name' \

          --postgresql-database 'DB-name' \

          --postgresql-port     'XXXX' \

          --postgresql-password 'password' \

          --TOTP \

          --guacd-db 'postgresql'

</pre>

- in manifest for alpine (only support postgresql)

<pre>

……

desktop.ungleich.ch)

        _ungleich_vnc_console  --ldap-hostname 'ldap server url' \

          --ldap-port '636' \

          --ldap-encryption-method 'ssl' \

          --ldap-user-base-dn 'ou=XXX,dc=ungleich,dc=ch' \

          --ldap-search-bind-password ‘refer to pass' \

          --ldap-search-bind-dn 'cn=XXXXX,dc=ungleich,dc=ch' \

          --ldap-username-attribute 'uid' \

          --postgresql-hostname 'localhost' \

          --postgresql-username 'USER name' \

          --postgresql-database 'DB-name' \

          --postgresql-port     'XXXX' \

          --postgresql-password 'password' \

          --TOTP \

          --guacd-db 'postgresql'

</pre>

h2. 3. Create VNC connection for VM 

!g_con.png!

h3. 1) install postgresql on opennebual server

<pre>

apt install postgresql-client

</pre>

h3. 2) config postgresql for accessing from external host(%{color:blue}This is excuted by cdist%)

- vi /var/lib/pgsql/data/postgresql.conf on guacamole server(desktop)

<pre>

listen_addresses = '*'

</pre>

- vi /var/lib/pgsql/data/pg_hba.conf on guacamole server(desktop)

<pre>

host    all         all            opennbula server address trust

</pre>

- Restart postgresql

<pre>

systemctl restart postgresql

</pre>

h3. 3) set vnc connection automatically on opennebula server

h4. (1) vnc connection script

- vm_list_dual_uid : create VM list file(uid, email, VM Number, host, VNC port) (https://code.ungleich.ch/ungleich-public/ungleich-tools/blob/master/vm_list_dual_uid)

- create-guacamole-session-ldap-db : create VNC connection on desktop (https://code.ungleich.ch/ungleich-public/ungleich-tools/blob/master/create-guacamole-session-ldap-DB)

h4. (2) create crontab

<pre>

crontab -e

</pre>

<pre>

15 0,2,4,6,8,10,12,14,16,18,20,22 * * * ./vm_list_dual_uid #create vm_list

45 0,2,4,6,8,10,12,14,16,18,20,22 * * * ./create-guacamole-session-ldap-db vm_vnc_list #create vm_list

</pre>

h2. 4. Monitoring VNC console

- We are monitoring VNC console with prometheus.

- run cdist __dcl_monitoring_server(update prometheus.yml)

h2. %{color:blue}※User VM information is synchronized with the VM console every hour. If you create VM right now, you can access VM console after one hour.(vnc connection script takes about 7~8 minutes.)%