FireEdge Configuration

The OpenNebula FireEdge server provides a next-generation web-management interface for remote OpenNebula Cluster provisioning as well as additional functionality to Sunstone. It’s a dedicated daemon installed by default as part of the Single Front-end Installation, but can be deployed independently on a different machine. The server is distributed as an operating system package opennebula-fireedge with the system service opennebula-fireedge.

Main Features

  • Guacamole Proxy for Sunstone to remotely access the VMs (incl., VNC, RDP, and SSH)
  • FireEdge Sunstone: new iteration of Sunstone written in React/Redux. Accessible through the following URL:
http://<OPENNEBULA-FRONTEND>:2616

Configuration

The FireEdge server configuration file can be found in /etc/one/fireedge-server.conf on your Front-end. It uses YAML syntax, with the parameters listed in the table below.

ParameterDefault ValueDescription
logprodLog debug: prod or dev
corstrueEnable CORS (cross-origin resource sharing)
host0.0.0.0IP on which the FireEdge server will listen
port2616Port on which the FireEdge server will listen
one_xmlrpchttp://localhost:2633/RPC2Endpoint of OpenNebula XML-RPC API. It needs to match the ENDPOINT attribute of onezone show 0
oneflow_serverhttp://localhost:2474Endpoint of OneFlow server
session_expiration180JWT expiration time (minutes)
session_remember_expiration3600JWT expiration time when using remember check box (minutes)
default_zoneShows the default resources of that zone
default_zone/id0Id of the zone to which this fireedge belongs
default_zone/nameOpenNebulaName of the zone to which this fireedge belongs
default_zone/endpointhttp://localhost:2633/RPC2XML-RPC url of the zone to which this fireedge belongs
minimun_opennebula_expiration30Minimum time to reuse previously generated JWTs (minutes)
subscriber_endpointtcp://localhost:2101Endpoint to subscribe for OpenNebula events
debug_level2Log debug level
truncate_max_length150Log message max length
api_timeout120_000Global API timeout limit
guacd/port4822Connection port of guacd server
guacd/hostlocalhostConnection hostname/IP of guacd server
authopennebulaAuthentication driver for incoming requests: OpenNebula the authentication will be done by the OpenNebula core using the driver defined for the user. remote performs the login based on a Kerberos X-Auth-Username header provided by authentication backend
auth_redirectThis configuration is for the login button redirect. The available options are: /, . or a URL

FireEdge Sunstone

The Sunstone server configuration file can be found in /etc/one/sunstone-server.conf on your Front-end. It uses the YAML syntax, with the parameters listed in the table below.

(#fireedge-sunstone-configuration)

fireedge_sunstone_dashboard

ParameterDefault ValueDescription
support_urlhttps://opennebula.zendesk.com/api/v2Zendesk support URL
token_remote_supportSupport enterprise token
sunstone_prependOptional parameter for Sunstone commands command
tmpdir/var/tmpDirectory to store temporal files when uploading images
max_upload_file_size10737418240Max size upload file (bytes). Default is 10GB
proxyEnable an http proxy for the support portal and to download MarketPlaceApps
leasesEnable the vm leases
supported_fsSupport filesystem
currencyEURCurrency formatting
default_langenDefault language setting
langsList of server localizations
keep_me_logged_intrueTrue to display ‘Keep me logged in’ option
use_extended_vmpooltrueTrue to use the extended information fetch for vm pools
currentTimeZoneTime Zone
rowStylecardChanges the style of rows in tables. Values can be card or list.
fullViewModefalseChanges to full mode view when see details of a resource. Values can be true or false.

Once the server is initialized, it creates the file /var/lib/one/.one/fireedge_key, used to encrypt communication with Guacd.

In HA environments, fireedge_key needs to be copied from the first leader to the followers. Optionally, in order to have the provision logs available in all the HA nodes, /var/lib/one/fireedge needs to be shared between nodes.

Tuning and Extending

Branding FireEdge

You can add your logo to the login, main, favicon, and loading screens by updating the logo: attribute as follows:

  • The logo configuration is done in the /etc/one/fireedge/sunstone/views/sunstone-views.yaml file.
  • The logo of the main UI screen is defined for each view.

The logo image must be copied to /usr/lib/one/fireedge/dist/client/assets/images/logos.

The following example shows how you can change the logo to a generic linux one (included by default in all FireEdge installations):

# /etc/one/fireedge/sunstone/views/sunstone-views.yaml
---
logo: linux.png

groups:
    oneadmin:
        - admin
        - user
default:
    - user

fireedge_sunstone_linux_login_logo fireedge_sunstone_linux_drawer_logo

Configure Tables

Tables in Sunstone can be configured to visualize data as a list of plain text or as a list of cards:

fireedge_sunstone_list_datatable

fireedge_sunstone_card_datatable

This configuration could be modified in the /etc/one/fireedge/sunstone/views/sunstone-server.conf file modifying the parameter rowStyle. See table below.

Moreover, Suntone has the capacity to show the detail of a resource in a full screen mode or in a split mode:

fireedge_sunstone_resource_full_mode

fireedge_sunstone_resource_split_mode

This configuration can be modified in the /etc/one/fireedge/sunstone/views/sunstone-server.conf file modifying the parameter fullViewMode. See table below.

Also, both configurations will be overridden for a specific user if the user changes the configuration in the settings section.

fireedge_sunstone_setting_list_datatable

Customize colors

Sunstone will store the colors used in its components in two different files:

  • For light mode: src/modules/providers/theme/palettes/light.js
  • For dark mode: src/modules/providers/theme/palettes/dark.js

These two files store a JSON object that has the same structure but with different values in order to set colors for light and dark mode.

KeyDescription
mainContainerDefines the background color of the app.
buttonsDefines the different colors used in buttons.
tablesDefines the different colors used in resource tables.
tabsDefines the different colors used in the component tabs, the one used in the details of a resource.
searchBarDefines the different colors used in the search bar placed over all the resource tables.
sidebarDefines the different colors used in the sidebar menu.
scrollbarDefines the color of the scrollbar.
loginDefines the different colors used in login.
switchViewTableDefines the different colors used in the button to switch between view types.
breadCrumbDefines the different colors used in the breadcrumb.
topbarDefines the different colors used in the topbar of the app.
footerDefines the different colors used in the footer of the app.
graphsDefines the different colors used in the different graphs used in the app.

Configure Guacamole

FireEdge uses Apache Guacamole, a free and open source web application that allows you to access a remote console or desktop of the Virtual Machine anywhere using a modern web browser. It is a clientless remote desktop gateway which only requires Guacamole installed on a server and a web browser supporting HTML5.

Guacamole supports multiple connection methods such as VNC, RDP, and SSH and is made up of two separate parts - server and client. The Guacamole server consists of the native server-side libraries required to connect to the server and the Guacamole proxy daemon (guacd), which accepts the user’s requests and connects to the remote desktop on their behalf.

If Guacamole is running on a different Host to the FireEdge, the following FireEdge configuration parameters have to be customized:

  • guacd/host
  • guacd/port

Service Control and Logs

Change the server running state by managing the operating system service opennebula-fireedge.

To start, restart, or stop the server, execute one of:

$ systemctl start   opennebula-fireedge
$ systemctl restart opennebula-fireedge
$ systemctl stop    opennebula-fireedge

To enable or disable automatic start on host boot, execute one of:

$ systemctl enable  opennebula-fireedge
$ systemctl disable opennebula-fireedge

Server logs are located in /var/log/one in the following files:

  • /var/log/one/fireedge.log: operational log.
  • /var/log/one/fireedge.error: errors and exceptions log.

Other logs are also available in Journald. Use the following command to show them:

$ journalctl -u opennebula-fireedge.service

Troubleshooting

Conflicting Port

A common issue when starting FireEdge is a used port:

Error: listen EADDRINUSE: address already in use 0.0.0.0:2616

If another service is using the port, you can change FireEdge configuration (/etc/one/fireedge-server.conf) to use another Host/port.