Generally, it is a bad idea to allow regular users on a linux server. OpenSSH provides directives to control who does and does not have access via ssh:
AllowUsers
AllowGroups
DenyUsers
DenyGroups
Any one of those directives can be used. AllowUsers and AllowGroups is defined as “allow only the users or the users of the listed groups to have access to the system”. DenyUsers and DenyGroups is defined as “allow all users except those listed or allow all users except those who are in the listed groups”.
KVM (Kernel Virtual Machine) under Linux is an excellent virtualization environment yet it is still lacking in some areas. To manage your virtual machines, there isn’t a single management interface, so you are left with using Virt-manager which can be a bit of a pain.
RHEV (ovirt) has some promise as it is a solid web interface and does pretty much everything. An agent (vdsm) is required on each hosts and ovirt needs to be installed/running on a separate physical machine (it can be on one of your hypervisors, but not recommended as a virtual machine. However, it has a fundamental flaw in its design: everything must be imported in to its file system design. It creates a new directory hierarchy which doesn’t allow for existing virtual machines to be added with ease (you have to first create the virtual machine, then move /copy your existing hard drive image over). Using ISO’s is as easy as dropping your ISO files in to a particular directory.
Archipel comes at it from a slightly different design, and, frankly, it sounds weird! Using a specialized jabber server (XMPP) to communicate between libvirt and the archipel agent, you get a rather intuitive result for managing virtual machines on one or many hypervisors.
Installing Archipel on a Fedora 16 system is relatively easy. The instructions on their site cover just about all of the steps, but some small pieces are missing. The boiled down steps are:
Install and Configure ejabberd (on any host)
Install ejabberd and the erlang environment
yum -y install ejabberd erlang-dev erlang-xmerl erlang-xmlrpc erlang-tools
Create a NEW /etc/ejabberd/ejabberd.cnf file as documented here.
Replace MGMT_FQDN with the full host name of your management server (myhostname.mydomain.com)
Patch ejabberd systemd definition, append the following to /lib/systemd/system/ejabberd.service:
[Install]
WantedBy=multi-user.target
Set ejabberd to start automatically
systemctl enable ejabberd.service
Start ejabberd
systemctl start ejabberd.service
Set your ejabberd admin password (replace MGMT_FQDN and yourpassword)
ejabberdctl register admin MGMT_FQDN yourpassword
Install and Configure Archipel agent (on hypervisors)
Uncompress the download in the directory within your web server tree
Using Archipel (any desktop)
Navigate to the URL of your Archipel Web Interface
Log in using the admin credentials you created as part of your ejabberd install
Under Contacts->Add contact, enter in your hypervisor(s) in the format of HOSTNAME@MGMT_FQDN
You will see the hypervisor in the left, but no VM’s.
To import a VM that is already running, click on the Hypervisor, then click on “Virtual Machines”. For each machine listed (it will list it as an unmanaged vm), import them.
Archipel Quirks
The pages take several seconds to refresh when you click on an item. Be patient.
The VNC console works about 50% of the time. When it stops working, it will not correct itself.
Initial imports of VM’s will list them as “off” in the summary on the left, but clicking on them will reveal that they are running.
All problems are usually solved by restarting the archipel agent on the hypervisor in question.