real case of using oVirt

Hardware manufacturers offer customers various methods of remote server management that are independent of the operating system. We have already written about the web console developed by HOSTKEY for Supermicro motherboards, which does not require local Java installation. Dell hardware can also be managed remotely using the DRAC’s built-in VNC console. We tell you how to do it.

VNC (Virtual Network Computing) is a system that provides connection to a remote computer via the RFB (Remote FrameBuffer) protocol. This protocol allows you to serve multiple simultaneous user sessions.

Why Apache Guacamole?

In the first implementation of our solution, it was required to activate remote control port forwarding and open the DARC console via VNC using a special button. Then I had to wait for the file to load. console.vv and open it after installing Virtual Machine Manager tools on the local computer. The method is simple, but it caused inconvenience to users and led to additional errors when working with rented equipment.

File example: console.vv

[virt-viewer]
type=vnc
host=HOST_IP
port=5906
password=3dB2h1Ey/gTb
# Password is valid for 120 seconds.
delete-this-file=1
fullscreen=0
toggle-fullscreen=shift+f11
release-cursor=shift+f12
secure-attention=ctrl+alt+end
versions=rhev-win64:2.0-160;rhev-win32:2.0-160;rhel7:2.0-6;rhel6:99.0-1
newer-version-url=http://www.ovirt.org/documentation/admin-guide/virt/console-client-resources

[ovirt]
host=localhost.localdomain:443
vm-guid=0ecc8183-b0a9-4a95-b045-1967acf2dab7
sso-token=sG6zUyrXT0X8qOkCWoVL_vWLcYTPQfo2hqHrH1AHvXPz4G9PofFlqarEFXcH9bizILPufhF_2KghkD-o5Qxktw
admin=1

To make life easier for users, I had to implement a direct call to the HTML5 web console from my personal account without local installation Virtual Machine Manager tools. For this we are HOSTKEY chose Apache Guacamole is a freely distributed cross-platform remote desktop gateway that supports all popular protocols and technologies: Telnet, SSH/SFTP, RDP, Kubernetes, and VNC (RFB). An important advantage of Apache Guacamole is that it does not require the installation of client programs or special plugins. The user gets access to the equipment management from the browser by pressing one button in the personal account:

How it works?

You can activate the console not only in the browser, but also using a curl request directly to our API:

curl -s "https://invapi.hostkey.com/eq.php" -X POST \
--data "action=novnc" \
--data "token=SESSION_TOKEN" \
--data "id=SERVER_ID" \
--data "pin=PIN_CODE"

Answer example:

{
"result":"OK",
"scope":"https://rcnl1.hostkey.com:8443/guacamole/#/?username=USER_NAME&password=PASSWORD",
"context":{"action":"novnc","id":"14494","location":"NL"},
"Debug":"debug",
"Key":"36ecafa60a13fd8000dcca73fd9528f5"
}

The user has to wait for the console to load, but on the service side, the process looks more complicated. For example, consider calling the VNC console in a browser.

The general scheme for calling the VNC console in the browser from the client’s personal account:

When requested through Invapi, a command is given in the API to open the console of a specific server through a message broker cluster (RabbitMQ). To do this, it is enough to pass the server number to the message broker.

RabbitMQ passes the server data and the task to an auxiliary receiver service created by our specialists. The receiver takes the data to RabbitMQ, transforms all the necessary information, separates tasks (for example, oVirt, Cisco, IPMI, etc.) and sends them to the agent (fence agent).

To manage virtual machines through the API or through the web interface, we chose oVirt. The system uses the KVM hypervisor and is based on several projects, including libvirt, Gluster, PatternFly, and Ansible. It is quite easy to operate and highly reliable. Learn more about our integration experience oVirt the working infrastructure will be discussed in a separate article.

oVirt fence agent structure:

inputRawURLConsole := inputRawURL + "/vms" + "/" + vm.MustId() + "/graphicsconsoles" + "/" + Vnc
//
……..
//
url := noVncURL + url + "/skey/" + *key + "/id/" + *name + "/ovirt/pass/" + passwd_encode + "/port/" + port + "/location/" + *location1

item := APICallBack{Result: "OK", Debug: "debug"}
item.Message = string(body)
jitem, err := json.Marshal(item)
if err != nil {
 fmt.Println(err.Error())
 return
}

fmt.Println(string(jitem))

Fence agents correspond to the types of equipment used in our infrastructure. They contact a docker-novnc server that has access to the oVirt network. The agent loads the console and takes the necessary host parameters (IP and password), after which it decodes the received data and sends a request to the noVnc API to the oVirt router, from where the data is exchanged with the Guacamole API. The agent sends a GET request to the server, which contains the server’s IP address and ID, as well as the session token for the server.

Request structure:

r.Get("/{id}/skey/{key}/id/{uid}/ovirt/pass/{upass}/port/{uport}/location/{uloc}", StageHandler)

After the request is processed, the client gets access to the equipment management through the VNC console.

An example of an open console for Windows:

An example of an open console for CentOS:

Hotkey problem

Certain key combinations cannot be pressed in the web application because they are reserved by the OS (such as Ctrl-Alt-Del or Alt-Tab) or by the browser. This problem can be solved by calling the Apache Guacamole navigation menu using the Ctrl-Alt-Shift key combination (hide the menu by pressing this combination again). In it, you can select the input method (text, on-screen keyboard), enable mouse emulation, select the language and time zone, and close the working session.

English version of navigation menu:

The console remains active for two hours, after which the session is automatically closed and you must repeat the process of gaining access.

Conclusion

Using Apache Guacamole makes it easy server hardware management various manufacturers. In the future, we plan to develop a solution to avoid the automatic closing of the console after two hours.

___

By the way, in our server control panel HOSTKEY in addition to the described options expansion of functionality is planned. If you are interested in additional functions and features of the panel or our API, write in the comments.

A special promo code I FROM HABRA» will open the gates of generosity: call it to the consultant on the site when placing an order – and get an additional discount. You can pay as always in rubles with VAT for a Russian company or in euros for a company in the Netherlands.

Similar Posts

Leave a Reply