OpenNebula Sunstone: The Cloud Operations Center 2.2
OpenNebula Sunstone is the new OpenNebula Cloud Operations Center, a GUI intended for users and admins, that will simplify the typical management operations in private and hybrid cloud infrastructures. You will be able to manage our virtual and physical resources in a similar way as we do with the CLI.
You must have an OpenNebula site properly configured and running to install OpenNebula Sunstone, be sure to check the OpenNebula Installation and Configuration Guides to set up your private cloud first. This guide also assumes that you are familiar with the configuration and use of OpenNebula.
OpenNebula Sunstone is installed during the OpenNebula installation, so you just need to install the following packages to meet the runtime dependencies:
$ sudo gem install json
$ sudo gem install sinatra $ sudo gem install thin
For Ubuntu 10.4, the following versions are needed:
$ sudo gem install rack —version 1.0.1 $ sudo gem install sinatra —version 1.0 $ sudo gem install thin --version 1.2.11
To start the OpenNebula Operations Center just issue the following command as oneadmin
$ $ONE_LOCATION/bin/sunstone-server start
By default the server will be listening at
localhost:4567. If you want to change this settings you can use the following options when starting the server:
|-H||Host for the Sunstone server|
|-p||Port for incoming connections|
localhostyou need to specify the server's public IP with the
-Hoption. Otherwise it will not be reachable from the outside.
You can find the Sunstone server log file in
$ONE_LOCATION/var/sunstone.log if OpenNebula has been installed in standalone, or in
/var/log/one/sunstone.log if installed in system-wide.
To stop the OpenNebula Operations Center service:
$ $ONE_LOCATION/bin/sunstone-server stop
If you want to interact with the OpenNebula Operations Center you have to open a new browser and go to the url where your Sunstone server is deployed. You will find the login screen where the username and password correspond to the OpenNebula credentials.
You can create new users using the command oneuser create from the CLI or you can log in the Cloud Operations Center as oneadmin and create them from the GUI.
You can check the available actions for each resource in the following guides:
By default the Sunstone server is configured to run in the frontend, but you are able to install the Sunstone server in a machine different from the frontend.
$ ./install.sh -s
|ONE_AUTH||Needs to point to a file containing just a single line stating the oneadmin's credentials, “username:password”. If ONE_AUTH is not defined, $HOME/.one/one_auth will be used instead. If no auth file is present, OpenNebula Sunstone cannot work properly, as this is needed by the server to authenticate users.|
|ONE_LOCATION||If OpenNebula was installed in self-contained mode, this variable must be set to <destination_folder>. Otherwise, in system wide mode, this variable must be unset. More info on installation modes can be found here|
|ONE_XMLRPC||The endpoint where the OpenNebula core is waiting for the XMLRPC requests|
Using this setup the VirtualMachine logs will not be available. If you need to retrieve this information you must deploy the server in the frontend
OpenNebula Sunstone runs natively just on normal HTTP connections. If the extra security provided by SSL is needed, a proxy can be set up to handle the SSL connection that forwards the petition to the Sunstone server and takes back the answer to the client.
This set up needs:
If you want to try out the SSL setup easily, you can find in the following lines an example to set a self-signed certificate to be used by a lighttpd configured to act as an HTTP proxy to a correctly configured OpenNebula Sunstone.
Let's assume the server were the lighttpd proxy is going to be started is called
cloudserver.org. Therefore, the steps are:
We are going to generate a snakeoil certificate. If using an Ubuntu system follow the next steps (otherwise your milleage may vary, but not a lot):
$ sudo apt-get install ssl-cert
$ sudo /usr/sbin/make-ssl-cert generate-default-snakeoil
$ sudo cat /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem > /etc/lighttpd/server.pem
You will need to edit the
/etc/lighttpd/lighttpd.conf configuration file and
server.port = 8443
#### proxy module ## read proxy.txt for more info proxy.server = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 4567 ) ) ) #### SSL engine ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/server.pem"
The host must be the server hostname of the computer running the Sunstone server, and the port the one that the Sunstone Server is running on.
Start the Sunstone server using the default values, this way the server will be listening at localhost:4567
Once the lighttpd server is started, OpenNebula Sunstone requests using HTTPS URIs can be directed to
https://cloudserver.org:8443, that will then be unencrypted, passed to localhost, port 4567, satisfied (hopefully), encrypted again and then passed back to the client.