Configuring AppFlow 4.0
The AppFlow commands do not interact directly with the OpenNebula daemon, there is a server that takes the requests and manages the service (multi-tiered application) life-cycle. This guide shows how to start AppFlow, and the different options that can be configured.
AppFlow requires:
<xterm> # gem install bundler </xterm>
<xterm> # cd /usr/lib/one/ruby/oneapps/flow # bundle install </xterm>
In order to allow AppFlow to connect to your existing OpenNebula, you need the /var/lib/one/.one/appflow_auth
file. It should be created by installation package, otherwise you can copy Sunstone credentials:
<xterm> $ cp /var/lib/one/.one/sunstone_auth /var/lib/one/.one/appflow_auth </xterm>
The OpenNebula documentation contains more information about the external components authentication.
The AppFlow configuration file can be found at /etc/one/appflow-server.conf
. It uses YAML syntax to define the following options:
Option | Description |
---|---|
Server Configuration | |
:one_xmlrpc | OpenNebula daemon host and port |
:lcm_interval | Time in seconds between Life Cycle Manager steps |
:host | Host where AppFlow will listen |
:port | Port where AppFlow will listen |
Auth | |
:core_auth | Authentication driver to communicate with OpenNebula core cipher : for symmetric cipher encryption of tokens x509 : for x509 certificate encryption of tokens For more information, visit the OpenNebula Cloud Auth documentation |
Log | |
:debug_level | Log debug level. 0 = ERROR, 1 = WARNING, 2 = INFO, 3 = DEBUG |
This is the default file
################################################################################ # Server Configuration ################################################################################ # OpenNebula daemon contact information # :one_xmlrpc: http://localhost:2633/RPC2 # Time in seconds between Life Cycle Manager steps # :lcm_interval: 30 # Host and port where AppFlow server will run :host: 127.0.0.1 :port: 2474 ############################################################# # Auth ############################################################# # Authentication driver to communicate with OpenNebula core # - cipher, for symmetric cipher encryption of tokens # - x509, for x509 certificate encryption of tokens :core_auth: cipher ################################################################################ # Log ################################################################################ # Log debug level # 0 = ERROR, 1 = WARNING, 2 = INFO, 3 = DEBUG # :debug_level: 2
To start and stop the server, use the appflow-server start/stop
command:
<xterm> $ appflow-server start appflow-server started </xterm>
:host
attribute in /etc/one/appflow-server.conf
to your server public IP, or 0.0.0.0 so appflow will listen on any interface.
Inside /var/log/one/
you will find new log files for the server, and individual ones for each service in /var/log/one/appflow/<id>.log
/var/log/one/appflow-server.error /var/log/one/appflow-server.log
After installing the OpenNebulaApps the sunstone-server.conf and sunstone-views/admin.yaml are modified to include the following information:
:routes: - appflow
apptools-appflow-dashboard: panel_tabs: table_columns: actions: apptools-appflow-services: panel_tabs: service_info_tab: true service_role_tab: true service_vms_tab: true service_log_tab: true table_columns: - 0 # Checkbox - 1 # ID - 2 # Owner - 3 # Group - 4 # Name - 5 # State actions: Service.refresh: true Service.chown: true Service.chgrp: true Service.chmod: true Service.shutdown: true Service.delete: true apptools-appflow-templates: panel_tabs: service_template_info_panel: true table_columns: - 0 # Checkbox - 1 # ID - 2 # Owner - 3 # Group - 4 # Name actions: ServiceTemplate.refresh: true ServiceTemplate.create_dialog: true ServiceTemplate.instantiate: true ServiceTemplate.chown: true ServiceTemplate.chgrp: true ServiceTemplate.chmod: true ServiceTemplate.delete: true
To enable the appflow tabs you have to add the following lines in the enabled_tabs section of the sunstone-views/admin.yaml.file
enabled_tabs: ... - apptools-appflow-dashboard - apptools-appflow-services - apptools-appflow-templates
Be sure to restart Sunstone for the changes to take effect.
For more information on how to customize the views based on the user/group interacting with Sunstone check the sunstone views guide
By default this rule is defined in OpenNebula to enable the creation of new services by any user. If you want to limit this, you will have to delete this rule and generate new ones: <xterm> $ oneacl create “* DOCUMENT/* CREATE” </xterm>
If you only want a specific group to be able to use AppFlow, execute: <xterm> $ oneacl create “@1 DOCUMENT/* CREATE” </xterm>
Read more about the ACL Rules system in the OpenNebula documentation.