Configuring AppFlow 4.0

The AppFlow commands do not interact directly with the OpenNebula daemon, there is a server that takes the requests and manages the service (multi-tiered application) life-cycle. This guide shows how to start AppFlow, and the different options that can be configured.

inlinetoc

Requirements

AppFlow requires:

  • ruby and rubygems installed.
  • bundler. To install it you can issue as root:

<xterm> # gem install bundler </xterm>

  • Required gems. To install the gems needed by AppFlow do this as root:

<xterm> # cd /usr/lib/one/ruby/oneapps/flow # bundle install </xterm>

Configuration

In order to allow AppFlow to connect to your existing OpenNebula, you need the /var/lib/one/.one/appflow_auth file. It should be created by installation package, otherwise you can copy Sunstone credentials:

<xterm> $ cp /var/lib/one/.one/sunstone_auth /var/lib/one/.one/appflow_auth </xterm>

The OpenNebula documentation contains more information about the external components authentication.

The AppFlow configuration file can be found at /etc/one/appflow-server.conf. It uses YAML syntax to define the following options:

Option Description
Server Configuration
:one_xmlrpc OpenNebula daemon host and port
:lcm_interval Time in seconds between Life Cycle Manager steps
:host Host where AppFlow will listen
:port Port where AppFlow will listen
Auth
:core_auth Authentication driver to communicate with OpenNebula core
cipher: for symmetric cipher encryption of tokens
x509: for x509 certificate encryption of tokens

For more information, visit the OpenNebula Cloud Auth documentation
Log
:debug_level Log debug level. 0 = ERROR, 1 = WARNING, 2 = INFO, 3 = DEBUG

This is the default file 

################################################################################
# Server Configuration
################################################################################
 
# OpenNebula daemon contact information
#
:one_xmlrpc: http://localhost:2633/RPC2
 
# Time in seconds between Life Cycle Manager steps
#
:lcm_interval: 30
 
# Host and port where AppFlow server will run
:host: 127.0.0.1
:port: 2474
 
#############################################################
# Auth
#############################################################
 
# Authentication driver to communicate with OpenNebula core
#   - cipher, for symmetric cipher encryption of tokens
#   - x509, for x509 certificate encryption of tokens
:core_auth: cipher
 
################################################################################
# Log
################################################################################
 
# Log debug level
#   0 = ERROR, 1 = WARNING, 2 = INFO, 3 = DEBUG
#
:debug_level: 2

Start AppFlow

To start and stop the server, use the appflow-server start/stop command:

<xterm> $ appflow-server start appflow-server started </xterm>

:!: By default, the server will only listen to requests coming from localhost. Change the :host attribute in /etc/one/appflow-server.conf to your server public IP, or 0.0.0.0 so appflow will listen on any interface.

Inside /var/log/one/ you will find new log files for the server, and individual ones for each service in /var/log/one/appflow/<id>.log 

/var/log/one/appflow-server.error
/var/log/one/appflow-server.log

Enable the Sunstone Tabs

After installing the OpenNebulaApps the sunstone-server.conf and sunstone-views/admin.yaml are modified to include the following information:

  • sunstone-server.conf
:routes:
    - appflow
  • sunstone-views/admin.yaml
    apptools-appflow-dashboard:
        panel_tabs:
        table_columns:
        actions:
    apptools-appflow-services:
        panel_tabs:
            service_info_tab: true
            service_role_tab: true
            service_vms_tab: true
            service_log_tab: true
        table_columns:
            - 0         # Checkbox
            - 1         # ID
            - 2         # Owner
            - 3         # Group
            - 4         # Name
            - 5         # State
        actions:
            Service.refresh: true
            Service.chown: true
            Service.chgrp: true
            Service.chmod: true
            Service.shutdown: true
            Service.delete: true
    apptools-appflow-templates:
        panel_tabs:
            service_template_info_panel: true
        table_columns:
            - 0         # Checkbox
            - 1         # ID
            - 2         # Owner
            - 3         # Group
            - 4         # Name
        actions:
            ServiceTemplate.refresh: true
            ServiceTemplate.create_dialog: true
            ServiceTemplate.instantiate: true
            ServiceTemplate.chown: true
            ServiceTemplate.chgrp: true
            ServiceTemplate.chmod: true
            ServiceTemplate.delete: true

To enable the appflow tabs you have to add the following lines in the enabled_tabs section of the sunstone-views/admin.yaml.file 

enabled_tabs:
    ...
    - apptools-appflow-dashboard
    - apptools-appflow-services
    - apptools-appflow-templates

Be sure to restart Sunstone for the changes to take effect.

For more information on how to customize the views based on the user/group interacting with Sunstone check the sunstone views guide

Advanced setup

ACL Rule

By default this rule is defined in OpenNebula to enable the creation of new services by any user. If you want to limit this, you will have to delete this rule and generate new ones: <xterm> $ oneacl create “* DOCUMENT/* CREATE” </xterm>

If you only want a specific group to be able to use AppFlow, execute: <xterm> $ oneacl create “@1 DOCUMENT/* CREATE” </xterm>

Read more about the ACL Rules system in the OpenNebula documentation.