Spotter-VM/doc/toolchain/vmmgr-overview.rst

38 lines
3.0 KiB
ReStructuredText
Raw Normal View History

2020-06-01 22:05:55 +02:00
VMMgr overview
==============
VMMgr is simply a **Virtual Machine Manager**, a web interface for interaction with the virtual machine and SPOC. It offers user friendly frontend for the commonly used features of the virtual machine.
VMMgr is a WSGI application written in python 3.7 and running as standalone service employing werkzeug HTTP server. VMMgr is not a mandatory component for SPOC, respective applications and containers, it is only a web interface to conveniently manage the whole virtual appliance.
Authentication
--------------
VMMgr requires authentication to allow access to most features. There is only a single administrative user whose username and password is the same as for the LUKS disk encryption. The password can be changed any time via the VMMgr interface.
Portal
------
The main page of VMMgr is called *portal* and contains tiles with information about installed SPOC applications. Unauthenticated user doesn't see the icons and exact names of the applications and sees only the general description. Authenticate used sees all the information, including usernames and passwords generated during the application installation. Application is visible on portal only if it is running and it's visibility is allowed, which is the default.
Application manager
-------------------
VMMgr allows the user to set up the repository URL, username and password for SPOC. It currently doesn't allow to pin the repository's public key. Once the repository is set, it allows to install, update and uninstall the applications as well as stop or start them and set visibility in portal and select if the application should be automatically start as part of the VM startup.
There are also the common settings on the same page, which allows to set some common settings important in the context of some applications, such as SMTP sender email or Google API keys.
Finally, there is a form to change the administrator and disk encryption password and also buttons to power off and restart the VM. Note that the restart requires the disk encryption password to be entered, which can usually be done only directly in the hypervisor console.
Host settings
-------------
Host settings page contains a wizard to guide the administrator through the process of setting up and verifying the HTTP host settings. The user can set the basic FQDN and the HTTPS port and can verify the DNS settings and reachability from the internet in the next steps.
There is also a form to work with the HTTPS certificate on this page. The certificate can be either created as self-signed, manually uploaded or automatically requested from Let's Encrypt certification authority using ACME protocol.
Remote access settings
----------------------
These settings allow to configure remote administration via SSH and remote access via WireGuard VPN. The remote access settings are intended for advanced administration. For more details on usage, see `VMMgr internals <vmmgr-internals>`_ sections `SSH <vmmgr-internals#ssh>`_ and sections `WireGuard <vmmgr-internals#wireguard>`_.