[Libvir] Web Interface Question
Hey guys, I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists??? I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help? I considered giving the web server access to virsh and parsing that, but that has obvious security implications as it would need root/sudo access Regards, Henri
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
Hey guys,
I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help?
I considered giving the web server access to virsh and parsing that, but that has obvious security implications as it would need root/sudo access
There is also Ovirt which is in development http://ovirt.org/ and enomalism http://www.enomalism.com/ I guess the problem is not to find a web interface for managing the domains, but to select the one with the features you need, or help finish one of the open source tools already around. Restarting from scratch at this point sounds a bit like wasted time, no ;-) ? Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
This is why I asked the question! I've already started developing my own which is a pain, i've got it functional and doing reboots/startup/shutdown - i'm really annoyed i couldn't find oVirt when I was googling; Enomalism I found but for some reason discounted - i'll take another look at them both now but i'm not sure which route i'll take. Cheers for getting back to me, Henri Daniel Veillard wrote:
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
Hey guys,
I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help?
I considered giving the web server access to virsh and parsing that, but that has obvious security implications as it would need root/sudo access
There is also Ovirt which is in development http://ovirt.org/
and enomalism http://www.enomalism.com/
I guess the problem is not to find a web interface for managing the domains, but to select the one with the features you need, or help finish one of the open source tools already around. Restarting from scratch at this point sounds a bit like wasted time, no ;-) ?
Daniel
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help?
I sort of gathered from IRC that you are using Perl & Dan's Perl bindings. This is the right approach. In order to be able to contact libvirtd without needing to run anything as root you (may) need to change the permissions on the libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your libvirt was configured to use PolicyKit you may also need to edit the configuration file /etc/PolicyKit/PolicyKit.conf to allow your web server user access to the privilege 'org.libvirt.unix.manage'. I would test this out using 'virsh -c ... list' as the web daemon user first of all. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v
Thanks, I think the way forward for me is as follows: - I've had to discard oVirt and Enomalism, thanks for letting me know they exist on here/IRC. oVirt seems to be a complete solution that would require me to reconfigure many of my existing vms and Enomalism is just inappropriate for VPS hosts and more company-with-lots-of-machines centric it appears. - I'm really after something that can slot into my existing setup of '/home/virt/domains/Machine/vm.cfg' (a name I just chose arbitrarily) and use the cfg files to provide info about the machine to a user over the web, then the perl bindings to start/stop/restart. - So, the perl bindings and a socket with permissions for the web user or possibly a 'vmadmins' group - Eventually i hope to package it up into a standalone web server (a-la webmin) style solution and release it, but i've got to finish my degree first so that will be months, my customers are my immediate concern and I have a basic version of the above which can do shutdowns/reboots/startups in action at the moment. - It was regrettably necessary to have to have some actions contingent on things like libvirt error code: 42 i.e. If you try to retrieve a domain that doesn't exist (and is not defined). I expect these to break when the ubuntu package maintainers upgrade to 0.4.1 - but i'll have to deal with that when the time comes I'll keep hanging out in #virt for as long as i can remember to stay connected :p Thanks, Henri Richard W.M. Jones wrote:
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help?
I sort of gathered from IRC that you are using Perl & Dan's Perl bindings. This is the right approach.
In order to be able to contact libvirtd without needing to run anything as root you (may) need to change the permissions on the libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your libvirt was configured to use PolicyKit you may also need to edit the configuration file /etc/PolicyKit/PolicyKit.conf to allow your web server user access to the privilege 'org.libvirt.unix.manage'.
I would test this out using 'virsh -c ... list' as the web daemon user first of all.
Rich.
On Mon, Apr 07, 2008 at 04:01:12PM +0100, Henri Cook wrote:
- It was regrettably necessary to have to have some actions contingent on things like libvirt error code: 42 i.e. If you try to retrieve a domain that doesn't exist (and is not defined). I expect these to break when the ubuntu package maintainers upgrade to 0.4.1 - but i'll have to deal with that when the time comes
I don't understand this -- do you mean you had to hard-code libvirt error numbers into your program? Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v
Yes, the perl bindings with 0.4.0 at least often error - e.g. how do I check whether a domain is online? I could list all the domains or I could simply try and retrieve the domain by name, if error 42 (the 'unknown' error) comes back then the domain is not online. Maybe i'm using the perl bindings wrong? H Richard W.M. Jones wrote:
On Mon, Apr 07, 2008 at 04:01:12PM +0100, Henri Cook wrote:
- It was regrettably necessary to have to have some actions contingent on things like libvirt error code: 42 i.e. If you try to retrieve a domain that doesn't exist (and is not defined). I expect these to break when the ubuntu package maintainers upgrade to 0.4.1 - but i'll have to deal with that when the time comes
I don't understand this -- do you mean you had to hard-code libvirt error numbers into your program?
Rich.
On Mon, Apr 07, 2008 at 04:12:42PM +0100, Henri Cook wrote:
Yes, the perl bindings with 0.4.0 at least often error - e.g. how do I check whether a domain is online? I could list all the domains or I could simply try and retrieve the domain by name, if error 42 (the 'unknown' error) comes back then the domain is not online.
Yes, you should try to retrieve the domain by name, and you'll either get the domain object (if it exists) or a NULL + some sort of error. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v
On Mon, Apr 07, 2008 at 02:38:17PM +0100, Richard W.M. Jones wrote:
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help?
I sort of gathered from IRC that you are using Perl & Dan's Perl bindings. This is the right approach.
In order to be able to contact libvirtd without needing to run anything as root you (may) need to change the permissions on the libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your libvirt was configured to use PolicyKit you may also need to edit the configuration file /etc/PolicyKit/PolicyKit.conf to allow your web server user access to the privilege 'org.libvirt.unix.manage'.
PolicyKit is one option - you'd need to edit /etc/PolicyKit/PolicyKit.conf to add an explicit rule allowing the httpd user access. Alternatively you could switch the UNIX socket to use SASL as its auth method, and setup a SASL username & password There's some docs here http://libvirt.org/auth.html Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
I am actually in the process of trying to develop one of these in Python. Since I am pretty new to python or programming in general, it has been a really good learning experience. I haven't really gotten very far yet...since its all learning about basically everything...its been fun. I have made some basic calls to the API and had the info shoved into a MySQL database...but thats about...nothing grand. On Mon, Apr 7, 2008 at 12:44 PM, Daniel P. Berrange <berrange@redhat.com> wrote:
On Mon, Apr 07, 2008 at 02:38:17PM +0100, Richard W.M. Jones wrote:
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help?
I sort of gathered from IRC that you are using Perl & Dan's Perl bindings. This is the right approach.
In order to be able to contact libvirtd without needing to run anything as root you (may) need to change the permissions on the libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your libvirt was configured to use PolicyKit you may also need to edit the configuration file /etc/PolicyKit/PolicyKit.conf to allow your web server user access to the privilege 'org.libvirt.unix.manage'.
PolicyKit is one option - you'd need to edit /etc/PolicyKit/PolicyKit.conf to add an explicit rule allowing the httpd user access.
Alternatively you could switch the UNIX socket to use SASL as its auth method, and setup a SASL username & password
There's some docs here
Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/:| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/<http://search.cpan.org/%7Edanberr/>:| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- Spencer Parker _______________________________________________________ "if you can't go to heaven, may you at least die in Ireland." _______________________________________________________
I'd be very interested in the output, I really enjoy learning languages by-project although in my case the result isn't often the best way of doing things :p Maybe it's the way I learn!! The bonus of python presumably is that you can use the api straight from a python website, at the moment i'm using PHP (which i know extremely well and can whack up a website in in no time) to exec() perl scripts which do the administrative tasks for me. There's certainly an open source project in here somewhere, something where sysadmins can slot in a solution with their existing setup without having to do enormous amounts of reconfiguration - in an operating system independent manner (even the webserver could be packaged, like webmin or cpanel)). Glad to hear i'm not the only one out there, let me know if I can help at all. Henri Spencer Parker wrote:
I am actually in the process of trying to develop one of these in Python. Since I am pretty new to python or programming in general, it has been a really good learning experience. I haven't really gotten very far yet...since its all learning about basically everything...its been fun. I have made some basic calls to the API and had the info shoved into a MySQL database...but thats about...nothing grand.
On Mon, Apr 7, 2008 at 12:44 PM, Daniel P. Berrange <berrange@redhat.com <mailto:berrange@redhat.com>> wrote:
On Mon, Apr 07, 2008 at 02:38:17PM +0100, Richard W.M. Jones wrote: > On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote: > > I'm designing a web interface for libvirt so that my customers can > > manage their DomUs - unless you know of a good one that already exists??? > > > > I'm thinking that the best way to run this is have the web server > > connected to libvirtd - but I can't find any documentation about the API > > it presents - can you help? > > I sort of gathered from IRC that you are using Perl & Dan's Perl > bindings. This is the right approach. > > In order to be able to contact libvirtd without needing to run > anything as root you (may) need to change the permissions on the > libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your > libvirt was configured to use PolicyKit you may also need to edit the > configuration file /etc/PolicyKit/PolicyKit.conf to allow your web > server user access to the privilege 'org.libvirt.unix.manage'.
PolicyKit is one option - you'd need to edit /etc/PolicyKit/PolicyKit.conf to add an explicit rule allowing the httpd user access.
Alternatively you could switch the UNIX socket to use SASL as its auth method, and setup a SASL username & password
There's some docs here
Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ <http://search.cpan.org/%7Edanberr/> :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
-- Libvir-list mailing list Libvir-list@redhat.com <mailto:Libvir-list@redhat.com> https://www.redhat.com/mailman/listinfo/libvir-list
-- Spencer Parker _______________________________________________________
"if you can't go to heaven, may you at least die in Ireland."
_______________________________________________________ ------------------------------------------------------------------------
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
participants (5)
-
Daniel P. Berrange -
Daniel Veillard -
Henri Cook -
Richard W.M. Jones -
Spencer Parker