The OpenNebula FireEdge server provides a next-generation web-management interface for remote OpenNebula Cluster provisioning (OneProvision GUI) as well as additional functionality to Sunstone. It’s a dedicated daemon installed by default as part of the Single Front-end Installation, but can be deployed independently on a different machine. The server is distributed as an operating system package
opennebula-fireedge with the system service
- OneProvision GUI, to manage deployments of fully operational Clusters on remote Edge Cloud providers. See Provisioning an Edge Cluster.
- VMRC and Guacamole Proxy for Sunstone to remotely access the VMs (incl., VNC, RDP, and SSH).
FireEdge currently doesn’t support federated environments. It can interact only with a local OpenNebula instance (even if it’s federated), but can’t interact with remote, federated OpenNebula instances.
The FireEdge configuration file can be found in
/etc/one/fireedge-server.conf on your Front-end. It uses YAML syntax with following parameters:
After a configuration change, the FireEdge server must be restarted to take effect.
||Enable CORS (cross-origin resource sharing)|
||Host on which the FireEdge server will listen|
||Port on which the FireEdge server will listen|
||Endpoint of OpenNebula XML-RPC API this needs to
match the contents of ENDPOINT attribute of
||Endpoint of OneFlow server|
||JWT minimum expiration time (days)|
||JWT maximum expiration time (days)|
||Command prefix for
||Optional param. for
||Connection port of guacd server|
||Connection hostname/IP of guacd server|
||List of server localizations|
Once the server is initialized, it creates the file
In HA environments, this file fireedge_key needs to be copied from the first leader to the followers. Optionally, in order to have the provision logs available in all the HA nodes,
/var/lib/one/fireedge need to be shared between nodes.
After a configuration change, the Sunstone server must be restarted to take effect.
You need to configure Sunstone with the public endpoint of FireEdge so that one service can redirect users to the other. To configure the public FireEdge endpoint in Sunstone, edit
/etc/one/sunstone-server.conf and update the
:public_fireedge_endpoint with the base URL (domain or IP-based) over which end-users can access the service. For example:
If you aren’t planning to use FireEdge, you can disable it in Sunstone by commenting out the following parameters in
#:private_fireedge_endpoint: http://localhost:2616 #:public_fireedge_endpoint: http://localhost:2616
FireEdge uses Apache Guacamole, a free and open source web application that allows you to access a remote console or desktop of the Virtual Machine anywhere using a modern web browser. It is a clientless remote desktop gateway which only requires Guacamole installed on a server and a web browser supporting HTML5.
Guacamole supports multiple connection methods such as VNC, RDP, and SSH and is made up of two separate parts - server and client. The Guacamole server consists of the native server-side libraries required to connect to the server and the Guacamole proxy daemon (
guacd), which accepts the user’s requests and connects to the remote desktop on their behalf.
The OpenNebula binary packages provide Guacamole proxy daemon (package
opennebula-guacd and service
opennebula-guacd), which is installed alongside FireEdge. In the default configuration, the Guacamole proxy daemon is automatically started along with FireEdge, and FireEdge is configured to connect to the locally-running Guacamole.
No extra steps are required!
If Guacamole is running on a different host to the FireEdge, following FireEdge configuration parameters has to be customized:
Service Control and Logs¶
Change the server running state by managing the operating system service
To start, restart or stop the server, execute one of:
systemctl start opennebula-fireedge systemctl restart opennebula-fireedge systemctl stop opennebula-fireedge
To enable or disable automatic start on host boot, execute one of:
systemctl enable opennebula-fireedge systemctl disable opennebula-fireedge
Server logs are located in
/var/log/one in the following files:
/var/log/one/fireedge.log- operational log,
/var/log/one/fireedge.error- log of errors/exceptions.
Other logs are also available in Journald. Use the following command to show them:
journalctl -u opennebula-fireedge.service
A common issue when launching FireEdge is an occupied port:
Error: listen EADDRINUSE: address already in use 0.0.0.0:2616
If another service is using the port, you can change FireEdge configuration (
/etc/one/fireedge-server.conf) to use another host/port. Remember to also adjust the FireEdge endpoints in Sunstone configuration (
/etc/one/sunstone-server.conf) as well.