Installation on FreeBSD

ClonOS

FreeBSD based distro for virtual hosting platform and appliance


Installing ClonOS/CBSD WEB UI on FreeBSD

This manual is for those who do not like personal distributions and would like to use the WEB interface on a clean FreeBSD system. Below are the steps in HowTo style that you need to perform to get a working WEB interface for CBSD. We assume that you have a FreeBSD platform not lower than 11.0-RELEASE, on which CBSD installed and configured and not lower than 11.0.15 version. We assume that the working directory is initialized to /usr/jails (if it is not, change it in the configuration files below).

Attention: make sure that CBSD is able to work with bhyve ( vmm modules are loaded and all the necessary software for CBSD/bhyve is installed). To do this, try to create a test virtual machine through:

# cbsd bconstruct-tui
# cbsd bstart

Preparing and setting up the environment

* Install WEB server Nginx, PHP modules, git, supervisord and other necessary software:

# pkg install nginx php71 php71-zip php71-sqlite3 php71-session php71-pdo_sqlite php71-opcache php71-json devel/git sysutils/py-supervisor security/ca_root_nss www/node www/npm shells/bash lang/python27 security/gnutls net/libvncserver 

* Let's create a symbolic python link, because some scripts have #!/usr/local/bin/python as shebang:

# ln -sf /usr/local/bin/python2 /usr/local/bin/python

* Enable nginx, php-fpm and supervisord to run at system startup:

# sysrc nginx_enable="YES"
# sysrc php_fpm_enable="YES"
# sysrc supervisord_enable="YES"

* Let's create a configuration for nginx. The file /usr/local/etc/nginx/nginx.conf should look like this:

user www;

load_module /usr/local/libexec/nginx/ngx_stream_module.so;

events {
    use kqueue;
}

http {
  include       /usr/local/etc/nginx/mime.types;
  default_type  application/octet-stream;

  client_max_body_size    1m;
  include /usr/local/etc/nginx/sites-enabled/*;
}

stream {
  include /usr/local/etc/nginx/conf.stream.d/*.conf;
  include /usr/local/etc/nginx/streams-enabled/*;
}

* Create mandatory directories:

# mkdir -p /var/log/nginx /usr/local/etc/nginx/streams-enabled /usr/local/etc/nginx/sites-enabled

* Create a virtual host configuration, the file /usr/local/etc/nginx/sites-enabled/cbsdweb.conf should look like this:

server {
  listen *:80;

  root /usr/local/www/clonos/public;
  set $php_root $document_root;

  index  index.php;

  access_log            /var/log/nginx/cbsdweb.acc combined;
  error_log             /var/log/nginx/cbsdweb.err;

  location ~* \.(jpg|jpeg|gif|png|swf|tiff|swf|flv|zip|rar|bz2|iso|xz|img|css|txt|html|js|xsl|eot|svg|ttf|woff|woff2)$ {
    index     index.php;
    try_files $uri $uri/ =404;
  }

  location ~ \.php$ {
    root          /usr/local/www/clonos/public;
    include       /usr/local/etc/nginx/fastcgi_params;

    allow all;
    fastcgi_param  SCRIPT_FILENAME    $php_root$fastcgi_script_name;
    fastcgi_pass  unix:/tmp/php-fpm.sock;
    fastcgi_param WORKDIR /usr/jails;
  }

  location / {
    index     index.php;
    try_files $uri/index.html /index.php$is_args$args;
  }
}

* Copy php.ini sample into production config:

# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

* Change in /usr/local/etc/php-fpm.conf events mechanism to BSD-specific. To do this, uncomment and edit the events.mechanism parameter to: vi /usr/local/etc/php-fpm.conf:

..
events.mechanism = kqueue
..

* Change in /usr/local/etc/php-fpm.d/www.conf port to Unix socket and set's correct access permission:

...
listen = /tmp/php-fpm.sock
..
listen.backlog = -1
..
listen.owner = www
listen.group = www
listen.mode = 0660
..

* Add "www" user to "cbsd" group:

# pw groupmod cbsd -M www

* Let's start NGINX and PHP-FPM:

# service php-fpm restart
# service nginx restart
				

Preparing and configuring CBSDWEB

* Create a directory for CBSDWEB and clone the code:

# git clone --depth=1 https://github.com/clonos/cp.git /usr/local/www/clonos
# chown -R www:www /usr/local/www/clonos

* To execute CBSD commands, let the www user run CBSD through sudo:

edit /usr/local/etc/sudoers.d/10_www:

Defaults     env_keep += "workdir DIALOG NOCOLOR"
Cmnd_Alias   WEB_CMD = /usr/local/bin/cbsd
www   ALL=(ALL) NOPASSWD: WEB_CMD

* Make sure the file permissions are safe:

# chmod 0440 /usr/local/etc/sudoers.d/10_www

* The next step is to configure supervisord to run the ws service. Rewrite the configuration in /usr/local/etc/supervisord.conf to the following content:

edit /usr/local/etc/supervisord.conf:

[unix_http_server]
file=/var/run/supervisor.sock
chmod=0777
chown=nobody:nobody

[supervisorctl]
serverurl=unix:///var/run/supervisor.sock

[supervisord]
logfile=/var/log/supervisor/supervisord.log
pidfile=/var/run/supervisor/supervisord.pid
nodaemon=false
minfds=1024
minprocs=200
umask=022
strip_ansi=false

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[include]
files=/usr/local/etc/supervisor.d/*.conf

* Create mandatory directories:

# mkdir /usr/local/etc/supervisor.d /var/log/supervisor

* Create supervisor configuration file for noVNC services, by creating /usr/local/etc/supervisor.d/program_vnc2wss.conf file with following content:

edit /usr/local/etc/supervisor.d/program_vnc2wss.conf

[program:vnc2wss]
environment=PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
command=/usr/local/www/clonos/public/novnc/utils/launch.sh --listen 6081 --vnc 127.0.0.1:5900
directory=/usr/local/www/clonos/public/novnc
stdout_logfile=/var/log/supervisor/vnc2wss.log
stderr_logfile=/var/log/supervisor/vnc2wss.err
numprocs=1
numprocs_start=1
autostart=true
autorestart=true
user=www
stdout_logfile_maxbytes=10MB
stdout_logfile_backups=10
stderr_logfile_maxbytes=10MB
stderr_logfile_backups=10

* Create supervisor configuration file for ws services, by creating /usr/local/etc/supervisor.d/program_ws.conf file with following content:

edit /usr/local/etc/supervisor.d/program_ws.conf

[program:ws]
environment=PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
command=/root/bin/ws
directory=/root/bin
numprocs=1
numprocs_start=1
autostart=true
autorestart=true
user=www
stdout_logfile=/var/log/supervisor/ws-srv.log
stderr_logfile=/var/log/supervisor/ws-srv.err
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stderr_logfile_maxbytes=2MB
stderr_logfile_backups=5

* Install noVNC package:

# cd /usr/local/www/clonos/public/novnc/
# npm install

* Create a directory where the ws-server will be located:

# mkdir /root/bin

* Install ws server. This can be done in two ways.

The first way: download the compiled build:

For FreeBSD-11:

# fetch -o /root/bin/ws https://raw.githubusercontent.com/clonos/clonos-ws/master/build-11/ws

For FreeBSD-12:

# fetch -o /root/bin/ws https://raw.githubusercontent.com/clonos/clonos-ws/master/build-12/ws

Set permissions for execution:

# chmod +x /root/bin/ws

* The second way is to build program yourself.

To do this, first install golang:

# pkg install lang/go

Clone ws repo:

# git clone https://github.com/clonos/clonos-ws.git /tmp/ws

Compile and copy build into /root/bin:

setenv GOPATH /tmp/ws
go get
go build
mv ws /root/bin

* On this with the supervisord finished, left to run it:

# service supervisord start

* And make sure that the processes in the RUNNING state:

% supervisorctl status
vnc2wss                          RUNNING   pid 51330, uptime 0:00:04
ws                               RUNNING   pid 51331, uptime 0:00:04

CBSD Modules

We have to do the finishing touches - install additional modules for CBSD for WEB and configure them:

1) VNC terminal module:

# cd /usr/local/cbsd/modules
# git clone --depth=1 https://github.com/cbsd/cbsd-module-vncterm.git vncterm.d
# make -C vncterm.d
# echo "vncterm.d" >> ~cbsd/etc/modules.conf

2) Module for ws:

# cd /usr/local/cbsd/modules
# git clone https://github.com/cbsd/cbsd-module-wsqueue.git cbsd_queue.d
# echo "cbsd_queue.d" >> ~cbsd/etc/modules.conf

3) convectix module:

# cd /usr/local/cbsd/modules
# git clone https://github.com/cbsd/cbsd-module-convectix.git convectix.d
# echo "convectix.d" >> ~cbsd/etc/modules.conf

Copy module configuration:

# cp /usr/local/cbsd/modules/convectix.d/etc-sample/vm_vncwss.conf ~cbsd/etc/

4) Re-run for 'cbsd initenv' for additional module initialization:

# cbsd initenv

5) Get wsclonos-sendqueue tools. This can be done in two ways.

* The first way: download the already compiled build.

For FreeBSD-11:

# fetch -o ~cbsd/modules/cbsd_queue.d/wsclonos-sendqueue https://raw.githubusercontent.com/cbsd/cbsd-module-wsqueue-build/master/build-11/wsclonos-sendqueue

For FreeBSD-12:

# fetch -o ~cbsd/modules/cbsd_queue.d/wsclonos-sendqueue https://raw.githubusercontent.com/cbsd/cbsd-module-wsqueue-build/master/build-12/wsclonos-sendqueue

Set execution permissions:

# chmod +x ~cbsd/modules/cbsd_queue.d/wsclonos-sendqueue

* The second way is to build tools yourself.

To do this, first install golang:

# pkg install lang/go

>Compile code and copy executable:

# mkdir /tmp/ws2
# cd /tmp/ws2
# cp /usr/local/cbsd/modules/cbsd_queue.d/src/main.go /tmp/ws2/
# setenv GOPATH /tmp/ws2
# go get
# go build
# mv ws2 ~cbsd/modules/cbsd_queue.d/wsclonos-sendqueue
# chmod +x ~cbsd/modules/cbsd_queue.d/wsclonos-sendqueue

Done!

Now you can open the IP address of your server in the browser and use the WEB interface.

Attention! Please note that this interface is open! Restrict access to these pages!