OpenVZ Forum


Home » General » Discussions » OpenVZ with webmin
icon2.gif  OpenVZ with webmin [message #4857] Sat, 29 July 2006 18:22 Go to next message
rollinw is currently offline  rollinw
Messages: 25
Registered: June 2006
Location: Santa Barbara, California
Junior Member
From: *sbcox.net
I have written an email message to the creator of webmin and the contributor who provided the OpenVZ module. Perhaps someone in this forum group has OpenVZ insights or ideas that might help make webmin a better fit for OpenVZ.

Shocked "I have installed webmin on a virtual Suse processor under OpenVZ. The concept is great, and I congratulate you on leading the way in providing a centralized interface for controlling what I call a "server farm". After installing the webmin RPM, I also Installed the OpenVZ module contributed by "NH". The comments that follow are not intended as criticisms but as suggestive of the way your combined product might be improved.

When the OpenVZ configuration form came up, I saw that it expected things the path to vzyum, to /usr/sbin/vzctl, etc. Then it dawned on me that this module has to be installed on the OpenVZ hardware node to make it work. This may not seem like a big deal to non-OpenVZ people, but in fact it is. I don't want to get into copyright problems, so let me paraphrase the Hardware Node Availability Considerations section of the OpenVZ User's Guide, Chapter 2:

* The hardware node (HN) plays a key role in providing resources for all the virtual environments. If the HN goes down, they all go down.
* The HN can benefit from RAID, especially hardware RAID, to enhance total system reliability.
* Wherever possible, service applications should run on a Virtual Environment (VE) rather than on the HN.
* User accounts should be created on the VE's, and not on the HN.

In summary, the two major considerations for keeping the HN "lean and mean" are enhanced reliability/availability and total system security.

My reactions to this expression of OpenVZ philosophy are:

* I want my DNS to run in a VE
* I want my Samba server to run in a VE
* I want my NTP (time sync) to run in a VE
* I want all my Apache-based modules to run in a VE
* (in general) I want to dedicate a VE to perform admin tasks, including all (as much as possible) system support functions

For some modules this is not a problem. For any service that requires access to hardware or software under direct control of the HN, the current implementation of webmin has some issues.

Webmin provides an HTTP control for Apache modules that implement its modules. AFIAK, there are no webmin clients, and webmin services run on the same host where webmin resides.

Let me suggest an expanded webmin concept in which certain services could have client software on other OpenVZ nodes, including the HN. The down side is the possibility of introducing security vulnerabilities in the form of paths between nodes. On the positive side, of course, webmin could live on any node and appropriate client software on other nodes could cause the services to be performed there.

Your CGI scripts seem to be pretty much written in Perl. This same approach could be used for the client side implementations. You may have a good idea about how to go about this augmentation of the webmin concept. I might be able to help, if you presented a design concept. Although I used OpenVZ as an example of a needed cross-node implementation, I think there are also others (e.g., system backup, log rotation, etc.,) that could benefit from the expanded approach." Shocked

Thanks for your interest.
rollinw
Re: OpenVZ with webmin [message #4864 is a reply to message #4857] Mon, 31 July 2006 10:43 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

From: *sw.ru
I agree with your considerations.

The problem here is OpenVZ creates another level, which tools such as webmin have to deal with. It's not a single system anymore -- rather this is a set of systems to be dealt with.

Tools such as webmin have to cope with it, and probably it can not be implemented in a single plugin -- the whole system has to be rewritted to take the new reality into account. This is just my thought -- I am not a webmin expert.


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png
Re: OpenVZ with webmin [message #4869 is a reply to message #4864] Mon, 31 July 2006 20:12 Go to previous messageGo to next message
rollinw is currently offline  rollinw
Messages: 25
Registered: June 2006
Location: Santa Barbara, California
Junior Member
From: *cox.net
Kir,

Though my understanding of Plesk from SWsoft is limited, it appears to be a graphical front end to OpenVZ (or Virtuozzo). Thus it must reside on the hardware node. In this sense, it could be compared with some of the graphical system setup/control modules in Gnome or KDE.

Webmin attempts to capture the functions of both, to allow for graphics-based control over an extensive list of system admin functions. Through its web interface, webmin extends control over its host system functions to wherever the admin person might be on the network. But it controls the functions of only the server where it resides. The OpenVZ module came along later for support of virtualizing.

In Plesk there is a recognition that virtualization management can be done efficiently from a graphical interface. This is very helpful if you are a hosting facility with a large number of VEs.

If Plesk and webmin functions were integrated, one might have a graphical system that could manage a large collection of servers, some hardware-based and the others virtual. Let's say that I am a system admin for a large web presence of mixed environments. A hierarchy-based graphical web system like webmin would allow me to perform more quickly the routine maintenance functions on all these servers and eliminate the need for logging into one after the other to perform maintenance from their command line interfaces.

What would such a system look like? In an environment containing OpenVZ, the control server should reside on a VE. It would require some sort of client software on each server for which it provides control functions. Channels for control commands might involve some sort of secure network communication between servers for commands and data. These might be one of:

1. Http(s) with XML
2. A socket-based communications mechanism
3. A collection of 2-way VPNs between the affected servers

There are probably some issues I haven't thought of, but this could at least provide a starting point. This is probably not something the OpenVZ group want to get involved in, but maybe someone in the community will like the idea.

Rollin
rollinw

Re: OpenVZ with webmin [message #4871 is a reply to message #4869] Tue, 01 August 2006 04:47 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

From: *sw.ru
I am not a Plesk expert either (or even user), but the general idea is: you can have a special VE (let's call it "service VE", or just SVE) to do all management tasks. In other words, SVE hosts all the management tools.

If those tasks involve things like starting/stopping VE, setting VE parameters, or some other things involving the whole hardware node, it may be done via ssh channel from the SVE to the host system. That way it's a bit more secure than hosting all the management tools on a hardware node.


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png
Re: OpenVZ with webmin [message #4884 is a reply to message #4871] Tue, 01 August 2006 15:44 Go to previous messageGo to next message
rollinw is currently offline  rollinw
Messages: 25
Registered: June 2006
Location: Santa Barbara, California
Junior Member
From: *cox.net
Kir,

Your Plesk description sounds like the way we would like to handle OpenVZ management. We would like to go even farther, with an SVE that handles most or all system maintenance. This would be our admin VE, and if it had a web-based control interface, all the better!

rollinw
Re: OpenVZ with webmin [message #4888 is a reply to message #4857] Tue, 01 August 2006 19:40 Go to previous messageGo to next message
aistis is currently offline  aistis
Messages: 77
Registered: September 2005
Location: Kaunas, Lithuania
Member

From: 88.222.136*
Rollin,

you are on a right track regarding following:
Quote:


What would such a system look like? In an environment containing OpenVZ, the control server should reside on a VE. It would require some sort of client software on each server for which it provides control functions. Channels for control commands might involve some sort of secure network communication between servers for commands and data. These might be one of:

1. Http(s) with XML
2. A socket-based communications mechanism
3. A collection of 2-way VPNs between the affected servers



Now it is not clear what type of control panel you'd like to develop: single server management or multiple.. but in the end i think that's not so important. What should be important is architectural decisions, so that you don't end up rewriting everything after a while. I would highly suggest to sign up to SWsoft Developer Network and checking out "Virtuozzo Agent Programmers" documents. You'll get lots of good hints.

Frankly, if i was about to do such project - i would re-use existing VZAgent XML schemas.

Regards,


Aistis Zenkevicius
http://static.openvz.org/userbars/openvz-user.png
Re: OpenVZ with webmin [message #4981 is a reply to message #4857] Mon, 07 August 2006 13:49 Go to previous messageGo to next message
kopeah is currently offline  kopeah
Messages: 6
Registered: July 2006
Junior Member
From: *aelix.com
Rollin,

I'm just curious if you already or plan to build this web GUI. I already started working on a similar project and if you have any plan to build one, probably we can work together to get this going faster .. Smile

My project is still in the early stage of development but it will have the following features:

1. Run on it's own VE for security purposes.
2. No sudo, everything is currently run through SSH but I might consider using an xmlrpc or SOAP daemon similar to vzagent.
3. No MySQL, I'm using sqlite instead to keep things clean and less overhead.
4. It runs on its own httpd.
5. All communication between the GUI and HN are using XML. I'm trying to stay close to vzagent XML schema as possible.
6. It has the ability to run in single server mode or multiple server mode with a centralize management GUI which I have yet to start working on it. Smile

I'll provide the screenshot, when I have it available.



Kenny
http://static.openvz.org/userbars/openvz-user.png
Re: OpenVZ with webmin [message #4988 is a reply to message #4981] Mon, 07 August 2006 17:10 Go to previous messageGo to next message
rollinw is currently offline  rollinw
Messages: 25
Registered: June 2006
Location: Santa Barbara, California
Junior Member
From: *cox.net
Kenny,

Certainly I do not want to duplicate some one else's work! Your design considerations are agreeable to me.

Last week I read a few posts on the SWsoft forum. There were discussions regarding the choice of XML-RPC vss. SOAP. One of the cited disadvantages of XML-RPC is the amount of data that needs to be passed on server/VE status--upwards of 12MB at a time--and the load XML-RPC then places on the system. The argument against SOAP is its relative complexity. At this point I have no opinion regarding which would be best to use. For my work, I could survive with considerably less server/VE status info at a time.

Perhaps I could help a little. My prefereces would be to write scripts in Perl or PHP, though C++ is also a possibility.

Regards,
Rollin

Re: OpenVZ with webmin [message #4989 is a reply to message #4988] Mon, 07 August 2006 18:39 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

From: darnet.ru
I'd vote against Python and PHP, at least for the backends/core parts (although I consider it OK for the interfaces). Either C/C++ or, if you want scripting language, please consider Python.

From my side, I could help with organizing a GIT or SVN repository, mailing list, bugzilla, hosting and all that stuff...and perhaps some programming and infrastructure (like using auto* tools, packaging into RPM, etc.), too. I do believe that putting the source code into a repository at the early stages helps a lot


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png
Re: OpenVZ with webmin [message #4990 is a reply to message #4857] Mon, 07 August 2006 19:30 Go to previous messageGo to next message
kopeah is currently offline  kopeah
Messages: 6
Registered: July 2006
Junior Member
From: *aelix.com
Well, the frontend is definitely written in PHP and I also did try php based xmlrpc daemon .. hehe, that didn't go quite well Smile

This is the layout that I'm currently working on and yes, it supports themes (Smarty based).

http://img60.imageshack.us/img60/6683/screenshotfl8.th.png


Cheers,


Kenny
http://static.openvz.org/userbars/openvz-user.png
Re: OpenVZ with webmin [message #4992 is a reply to message #4989] Mon, 07 August 2006 19:46 Go to previous messageGo to next message
rollinw is currently offline  rollinw
Messages: 25
Registered: June 2006
Location: Santa Barbara, California
Junior Member
From: *cox.net
Kir,

(Spasibo)

I've loaded Kenny's original Webmin on 2 different environments. Also I have checked the directories under /webmin/ which the pages execute out of. Almost all the development is done using Perl cgi files (is that right, Kenny?). Even the http server is
based on a Perl mini-apache. But this is all server-side direct communications, since, except for the web interface, almost all the client-side execution code also resides there.

Obviously, the situation will change when when a communications interface is added and client-side modules need to be written for the server clients.

Kenny also mentions wanting to keep the implementation as compatible as possible to vzagent. That may imply having some scripts written in Python (a language I have yet to learn).

Your offer to help with some of the organizational aspects of this development is most welcome, I would think. I don't know if Kenny used his own Bugzilla, but certainly a public one would be very useful. I agree with you that the source is best managed in a central location using the appropriate tools. This is especially true if more than one person participates in the development. For example, I have glanced at HOWTOs for building RPMs, but I have never built one myself!

Many of these questions are up to Kenny, since he was the original Webmin developer. From his posts here up to now, I think he would like to take advantage of help of various kinds.

Your interest and mine are similar, but slightly different. I would like to have a tool, web-based, of course, to control real and virtual servers and to collect status information, etc. from them. My guess is that you see this area as a further development of the OpenVZ framework as an extension of the open software that already exists. You would agree that something like Plesk is needed, since not everyone will buy Plesk and not everyone would know how to integrate it into OpenVZ. Even SWsoft could benefit from this kind of development, because it could lead to new and better functions in Plesk.

My thoughts for now,
Rollin
Re: OpenVZ with webmin [message #4993 is a reply to message #4990] Mon, 07 August 2006 19:51 Go to previous messageGo to next message
rollinw is currently offline  rollinw
Messages: 25
Registered: June 2006
Location: Santa Barbara, California
Junior Member
From: *cox.net
Kenny,

This looks like a good start!

I don't think Kir would mind having PHP code used to support building of Web interface pages.

Keep up the good work!

Rollin
Re: OpenVZ with webmin [message #7595 is a reply to message #4857] Wed, 18 October 2006 13:56 Go to previous messageGo to next message
thatha is currently offline  thatha
Messages: 2
Registered: October 2006
Junior Member
From: *grinnell.edu
This seems to be an excellent project. Any ideas on if/when it might be going public?

Ian
Re: OpenVZ with webmin [message #7699 is a reply to message #7595] Sat, 21 October 2006 09:27 Go to previous messageGo to next message
ceelian is currently offline  ceelian
Messages: 11
Registered: October 2006
Junior Member
From: *dynamic.xdsl-line.inode.at
Hi!

I am interested in the project, couse i need a similar thing to control my VPS, so i wanted to write such a webinterface as well.

But if there is already a project like this, i can probably join it or use it.

Thanks
Re: OpenVZ with webmin [message #7705 is a reply to message #7699] Sat, 21 October 2006 14:26 Go to previous messageGo to next message
kopeah is currently offline  kopeah
Messages: 6
Registered: July 2006
Junior Member
From: *satx.res.rr.com
Guys,

We're currently in the middle of moving to a new datacenter and I haven't work on the project in the past 3 weeks because of it. Our migration hopefully will be completed sometimes this week so I can start working on this project again.

ceelian,

I'll be happy if you or anyone else want to join this project, certainly will make things moving a lot faster. Smile

This is what I currently have so far.

** backend (HN) **
- python based SOAP daemon
- python script to manage access list

** frontend (GUI) **
- PHP5 based
- PHP script with Smarty template engine
- PEAR SOAP (had problem with built in SOAP)
- SQLlite database

PM me what you can do to help and we'll split our responsibility .. Smile


Kir, maybe you can help us with a repository site?


Cheers,



Kenny
http://static.openvz.org/userbars/openvz-user.png
Re: OpenVZ with webmin [message #9403 is a reply to message #7705] Sun, 31 December 2006 08:06 Go to previous message
artur is currently offline  artur
Messages: 13
Registered: December 2006
Junior Member
From: 71.194.190*
I don't think SWSoft will be thrilled about this. The whole idea behind the virtuozzo product is that they provide a front end to openvz. Just be careful not to step on their bread and butter because we may just find them dropping support for openvz.

[Updated on: Sun, 31 December 2006 18:49]

Report message to a moderator

Previous Topic: List of supported CPUs
Next Topic: wvz - another php based interface
Goto Forum:
  


Current Time: Thu Jul 18 17:08:59 GMT 2019