ungleich-k8s

History

Nico Schottelius 5c98191bbc [opennebula] ++notes		2021-08-13 18:23:35 +02:00
..
nginx	[opennebula] initial commit	2021-08-10 21:29:40 +02:00
one	[opennebula] initial commit	2021-08-10 21:29:40 +02:00
templates	[opennebula] ++notes	2021-08-13 18:23:35 +02:00
.helmignore	[opennebula] initial commit	2021-08-10 21:29:40 +02:00
Chart.yaml	[opennebula] initial commit	2021-08-10 21:29:40 +02:00
README.md	[opennebula] ++notes	2021-08-13 18:23:35 +02:00
values.yaml	[opennebula] initial commit	2021-08-10 21:29:40 +02:00

README.md

OpenNebula Chart

Containers to do

oned: main api
- also needs ssh files
scheduler
mysql for data
sunstone
novnc
nginx on 443

Storage:

mysql pvc (prod: 65G!)

DB upgrade to be run when upgrading opennebula:

sh-4.4# onedb upgrade -S 127.0.0.1 -P 3306 -u root -d opennebula

Tests / Migration

Containers done

Scheduler

Needs /etc/one/sched.conf.

[root@opennebula-opennebula-6cbb864798-txfhf one]# /usr/bin/mm_sched Could not open file /root/.one/one_auth

[root@opennebula-opennebula-6cbb864798-txfhf one]# mkdir /root/.one
[root@opennebula-opennebula-6cbb864798-txfhf one]# vi /root/.one/one_auth
[root@opennebula-opennebula-6cbb864798-txfhf one]# /usr/bin/mm_sched

DB cleanup

via cronjob
maybe 1/month

ALTER TABLE vm_pool DROP INDEX ftidx;
ALTER TABLE vm_pool ADD FULLTEXT INDEX ftidx (search_token);

Oned

Needs SSH keys
Define secret and provide out-of-band?

certbot for nginx

nginx for sunstone

Sunstone

templates: sunstone-server - needs ssl certificates access

files:

/var/lib/one/.one/one_auth
/var/lib/one/.one/sunstone_auth

Maybe via latent / hanging secret?

cmd:

mkdir -p /run/lock/one
mkdir -p /run/one
ruby /usr/lib/one/sunstone/sunstone-server.rb

`` [root@opennebula-opennebula-574c564b76-h6skt /]# sunstone-server start Error, check /var/log/one/novnc.log Could not start novnc server touch: cannot touch '/var/lock/one/.sunstone.lock': No such file or directory Error creating lock file VNC server is not running [root@opennebula-opennebula-574c564b76-h6skt /]# mkdir -p /run/lock/one [root@opennebula-opennebula-574c564b76-h6skt /]# sunstone-server start VNC proxy started /usr/bin/sunstone-server: line 104: /var/run/one/sunstone.pid: No such file or directory sunstone-server started [root@opennebula-opennebula-574c564b76-h6skt /]#

SUNSTONE_CONF=/etc/one/sunstone-server.conf ``

Starting novnc
ruby $SUNSTONE_SERVER > $SUNSTONE_LOG 2>$SUNSTONE_LOG_ERROR &

SUNSTONE_PID=/var/run/one/sunstone.pid SUNSTONE_SERVER=/usr/lib/one/sunstone/sunstone-server.rb SUNSTONE_LOCK_FILE=/var/lock/one/.sunstone.lock SUNSTONE_LOG=/var/log/one/sunstone.log SUNSTONE_LOG_ERROR=/var/log/one/sunstone.error SUNSTONE_CONF=/etc/one/sunstone-server.conf NOVNC_SERVER=/usr/bin/novnc-server
Memcached
SSL cert

Sat Aug 07 11:54:42 2021 [E]: No such file or directory @ rb_sysopen - /var/lib/one/.one/sunstone_auth

serveradmin:...

Sat Aug 07 12:08:37 2021 [E]: Configuration of ':webauthn_origin' is missing

Provide the serveradmin and oneadmin credentials in the /var/lib/one/.one/.

File upload

From the website:

If you want to upload files to OpenNebula, you will have to share the uploads directory (/var/tmp by default) between Sunstone and oned. Some servers do not take into account the TMPDIR environment variable, in which case this directory must be defined in the configuration file (:tmpdir). It may also be necessary to set it in Passenger (client_body_temp_path).

We can probably do without it using the hostpath

Fireedge

Basically a guacamole viewer, which we already have

Follow up

Find out if DB can be cleaned up (65G is huge!)
- https://docs.opennebula.io/6.0/installation_and_configuration/opennebula_services/database.html