Installation and configuration

Installation

Important

First need to do setting up the environment. All commands are executed only from superuser.

Mode superuser:

sudo -i
  1. Save the list of previously installed packages before starting the installation, this will allow you to painlessly restore the system in case of damage. Run following commands to do this:

    mkdir -p /tmp/rollback/applevel
    pip3 freeze > /tmp/rollback/applevel/pip_before.txt
    

    After that, directory /tmp/rollback/applevel will contain file pip_before.txt with list of installed applications.

  2. Install the package AppLevel:

    • from Python package repository:

      pip3 install applevel
      
  3. Save the list of installed packages after installation to be able to roll back changes:

    pip3 freeze > /tmp/rollback/applevel/pip_after.txt
    

Note

To install AppLevel on Astra Linux (Smolensk) do following:

  1. Connect the provided repository with AccentOS packages.

  2. Install the package with the command:

    sudo apt install -y aos-applevel
    

Configuration

  1. Install the required system packages:

    apt install qemu-kvm  qemu-utils virtinst libguestfs-tools virt-* mariadb-server python-pymysql rabbitmq-server libffi-dev
    
  2. Create user named aos:

    useradd -s /sbin/nologin
    
  3. Create directory for logs with required permissions:

    mkdir -p /var/log/aos/applevel
    chown -R aos:aos /var/log/aos/applevel
    
  4. Create working directory with right permissions:

    mkdir /var/lib/applevel
    chown -R aos:aos /var/lib/applevel
    
  5. Create directory for configuration files with required rights:

    mkdir /etc/aos
    chown -R aos:aos /etc/aos
    
  6. Create file /etc/sudoers.d/applevel for permission executing commands without entering password:

    # Allow run applevel commands without password
    aos ALL = NOPASSWD: /usr/bin/virt-tar-in, /usr/bin/virt-tar-out, /usr/bin/qemu-img, /usr/bin/virt-customize, /usr/bin/virt-win-reg, /usr/bin/guestmount, /usr/bin/virt-copy-in, /usr/bin/virt-copy-out, /usr/bin/virt-install, /usr/bin/virt-diff, /bin/tar
    
  7. For aos user create file .ssh/config and configure through it passwordless access to all hosts with which you plan to work. Configuration example:

    Host *.stand.loc
      User root
      IdentityFile ~/.ssh/stand
    
    
    Host 10.40.*
      User root
      IdentityFile ~/.ssh/stand
    
  8. Run applevel-configure command to create configuration file and systemd service files:

    applevel-configure
    
  9. Edit the section [DEFAULT] of the configuration file etc/aos/applevel.conf, for example:

    [DEFAULT]
    log_level = INFO
    work_dir = /var/lib/applevel
    db_url = mysql+pymysql://aos:password@localhost:3306/applevel
    broker_url = amqp://aos:password@localhost:5672/aos
    
  10. Create database using MySQL as an example, set rights, database type and other parameters:

    # Login to the database using the root password
    mysql -uroot -p
    # Create applevel database
    CREATE DATABASE applevel;
    # Give permission to read, edit, perform any actions on all tables in applevel database
    GRANT ALL PRIVILEGES ON applevel.* TO 'aos'@'localhost' IDENTIFIED BY 'password';
    GRANT ALL PRIVILEGES ON applevel.* TO 'aos'@'%' IDENTIFIED BY 'password';
    # Exit the database
    
  11. Configure RabbitMQ Server message broker:

    rabbitmqctl add_user aos password
    rabbitmqctl add_vhost aos
    rabbitmqctl set_permissions -p aos aos ".*" ".*" ".*"
    rabbitmqctl set_permissions aos ".*" ".*" ".*"
    
  12. Add user rights to RabbitMQ virtual hosts for Openstack services (default value is /):

    rabbitmqctl set_permissions -p / aos ".*" ".*" ".*"
    
  13. Migrate database:

    FLASK_APP=applevel.api.app flask db upgrade
    
  14. Run command to collect static files:

    FLASK_APP=applevel.api.ap flask collect
    
  15. Enable and start systemd services:

    systemctl daemon-reload
    systemctl enable applevel.service applevel-worker.service
    systemctl start applevel.service applevel-worker.service
    
  16. Create web server config file.

    Important

    To configure authentication, it is recommended to use file .htpasswd.

    • Apache configuration:

      Listen 8081
      <VirtualHost *:8081>
          ErrorLog /var/log/apache2/applevel.log
          CustomLog /var/log/apache2/applevel-access.log combined
      
          ProxyPreserveHost On
      
          ProxyPass /static/ !
          ProxyPass /gold/ !
          ProxyPass /backup/ !
          ProxyPass / http://127.0.0.1:8000/
          ProxyPassReverse / http://127.0.0.1:8000/
      
      
          Alias /static /var/lib/applevel/static
          Alias /gold /var/lib/applevel/gold
          Alias /backup /var/lib/applevel/backup
      
          <Directory /var/lib/applevel/static>
              Require all granted
          </Directory>
      
          <Directory /var/lib/applevel/gold>
              Require all granted
          </Directory>
      
          <Directory /var/lib/applevel/backup>
              Require all granted
          </Directory>
      
      </VirtualHost>
      
    • Nginx configuration:

      server {
          listen 80;
          server_name  applevel.accentos.loc;
          access_log  /var/log/nginx/applevel.log;
          error_log /var/log/nginx/applevel.log;
          client_max_body_size 0;
          client_body_timeout 6000;
          client_header_timeout 6000;
      
          location / {
              proxy_pass http://127.0.0.1:8000;
          }
      
          location /static/ {
              alias /var/lib/applevel/static/;
          }
      
          location /gold/ {
              alias /var/lib/applevel/gold/;
          }
      
          location /backup/ {
              alias /var/lib/applevel/backup/;
          }
      }
      
  17. Install the required packages on all hosts:

    apt install libguestfs-tools python3-guestfs
    pip3 install virt-extract
    

Configuration file

Configuration file is presented in ini format and consists of the following sections and parameters:

Section Parameter Description Default value
DEFAULT log_level Logging level. INFO
DEFAULT api_logfile Path to log file of applevel service. /var/log/aos/applevel/api.log
DEFAULT work_dir Working directory. /var/lib/applevel
DEFAULT db_url Setting up connection to database. mysql+pymysql://aos:password@localhost:3306/applevel
DEFAULT broker_url Setting up connection to message broker. amqp://guest:guest@localhost:5672//

Note

It is needed to build layers with Windows:

  1. Go to folder cd /usr/lib/x86_64-linux-gnu/perl5/5.28/Win/Hivex.

  2. Download required patch.

  3. Apply the downloaded patch with commands:

    patch -p1 < Regedit.patch