2.1. Deploying the Controller¶
If you need to change certificates used in deployment (e.g., replace self-signed ones with those from a trusted CA) or change controller hostname, rerun the
vzapi-installer controller command with the new parameters. To change the controller hostname while keeping the same self-signed certificates, use the
To deploy the controller, do the following on the host chosen to be the controller:
(CentOS 7 only) Disable SELinux. To do this, set
/etc/sysconfig/selinuxfile and reboot the system.
(CentOS 7 only) Import the key Virtuozzo PowerPanel packages are signed with:
# rpm --import https://docs.virtuozzo.com/keys/VIRTUOZZO_GPG_KEY
pp-releasepackage. It will add the repository with PowerPanel packages.
# yum install http://repo.virtuozzo.com/pp/releases/2.0.4/x86_64/os/Packages/p/pp-release-2.0.4-3.vl7.noarch.rpm
vzapi-installerpackage. It will provide the Ansible playbooks necessary to deploy PowerPanel and the
vzapi-installerscript that automates said deployment.
# yum install vzapi-installer
Launch the deployment script. A self-signed certificate is generated and used by default, however, you are recommended to use your own certificate, private key, and certificate authority (CA) files. If you have one or more intermediate certificates, you can specify them as well to indicate a chain of trust. Every intermediate certificate will be handled by
openssl verifyas untrusted. The deployment script will automatically concatenate the certificates and use the resulting file during installation. The original CA file will added to
If you have an SSL certificate and key from a third-party trusted CA, run the deployment script as follows:
# vzapi-installer controller --ask-passwd --private-ip <IP_address> --ssl-ca-file <path_to_file> --ssl-cert-file <path_to_file> --ssl-key-file <path_to_file>
If you have your own CA file that you used to generate an SSL key and a certificate that requires intermediate certificates for resolution, run the deployment script as follows:
# vzapi-installer controller --ask-passwd --private-ip <IP_address> --ssl-ca-file <path_to_file> --ssl-cert-file <path_to_file> --ssl-key-file <path_to_file> --ssl-intermediate-cert <path_to_file> [--ssl-intermediate-cert <path_to_file> ...]
If you want to deploy with a generated self-signed certificate, run the deployment script as follows:
# vzapi-installer controller --ask-passwd --private-ip <IP_address>
--private-ip <IP_address>is the required parameter that sets the IP address of the network interface that the controller will use to communicate with compute nodes. Controller services used for internal communication will listen only on this network interface. This can be useful if you have a private network for the controller and compute nodes and do not want controller services to be accessible from other networks.
During setup, you will be asked to provide the administrator’s password that will be required to log in to PowerPanel in the admin mode. If you need to specify the password in the command line, you can replace
Once set, the administrator’s password is stored in the file
/var/lib/vzapi-installer/group_vars/allalongside with automatically generated passwords for other services used by PowerPanel.
If you have a firewall enabled, the deploy script will create rules to open the required ports (see Appendix A: Controller and Compute Ports).
When deployment is completed successfully, you will see a recap from Ansible and information on how to access Virtuozzo PowerPanel web interface. For example:
PLAY RECAP ********************************************************************* ctrl.example.com : ok=57 changed=49 unreachable=0 failed=0 Controller has been deployed successfully! Virtuozzo PowerPanel web UI can be accessed at https://ctrl.example.com with this username/password: admin/password
If you used a self-signed certificate generated during deployment, import its file
/var/lib/vzapi/vzapi_rootCA.crtinto the browser in which you will open Virtuozzo PowerPanel web interface.
If you later need to redeploy or update the controller without changing the admininstrator’s password, skip password-related options and run
# vzapi-installer controller
By default, each user is allowed to create 3 backups of each of their VEs. Any changes to this backup limit are applied only to VEs added to the Virtuozzo PowerPanel infrastructure after the change. If you need to change the default backup limit from the start, do so before deploying the compute nodes. For instructions, see Setting the Backup Limit.