2.1. Deploying the Controller¶

To deploy the controller, do the following on the host chosen to be the controller:

1. Install the pp-release package. It will add the repository with PowerPanel packages.

   # yum install http://repo.virtuozzo.com/pp/releases/2.0.4/x86_64/os/Packages/p/pp-release-2.0.4-3.vl7.noarch.rpm
   

2. Install the vzapi-installer package. It will provide the Ansible playbooks necessary to deploy PowerPanel and the vzapi-installer script that automates said deployment.

   # yum install vzapi-installer
   

3. Launch the deployment script. A self-signed certificate is generated and used by default, however, you are recommended to use your own certificate, private key, and certificate authority (CA) files. If you have one or more intermediate certificates, you can specify them as well to indicate a chain of trust. Every intermediate certificate will be handled by openssl verify as untrusted. The deployment script will automatically concatenate the certificates and use the resulting file during installation. The original CA file will added to httpd configs.

   • If you have an SSL certificate and key from a third-party trusted CA, run the deployment script as follows:

     # vzapi-installer controller --ask-passwd --private-ip <IP_address> --ssl-ca-file <path_to_file> --ssl-cert-file <path_to_file> --ssl-key-file <path_to_file>
     

   • If you have your own CA file that you used to generate an SSL key and a certificate that requires intermediate certificates for resolution, run the deployment script as follows:

     # vzapi-installer controller --ask-passwd --private-ip <IP_address> --ssl-ca-file <path_to_file> --ssl-cert-file <path_to_file> --ssl-key-file <path_to_file> --ssl-intermediate-cert <path_to_file> [--ssl-intermediate-cert <path_to_file> ...]
     

   • If you want to deploy with a generated self-signed certificate, run the deployment script as follows:

     # vzapi-installer controller --ask-passwd --private-ip <IP_address>
     

   The --private-ip <IP_address> is the required parameter that sets the IP address of the network interface that the controller will use to communicate with compute nodes. Controller services used for internal communication will listen only on this network interface. This can be useful if you have a private network for the controller and compute nodes and do not want controller services to be accessible from other networks.

   During setup, you will be asked to provide the administrator’s password that will be required to log in to PowerPanel in the admin mode. If you need to specify the password in the command line, you can replace --ask-passwd with -p <admin_passwd>.

   Note

   Once set, the administrator’s password is stored in the file /var/lib/vzapi-installer/group_vars/all alongside with automatically generated passwords for other services used by PowerPanel.

   If you have a firewall enabled, the deploy script will create rules to open the required ports (see Appendix A: Controller and Compute Ports).

   When deployment is completed successfully, you will see a recap from Ansible and information on how to access Virtuozzo PowerPanel web interface. For example:

   PLAY RECAP *********************************************************************
   ctrl.example.com         : ok=57   changed=49   unreachable=0    failed=0
   
   Controller has been deployed successfully!
   
   Virtuozzo PowerPanel web UI can be accessed at https://ctrl.example.com
   with this username/password: admin/password
   

4. If you used a self-signed certificate generated during deployment, import its file /var/lib/vzapi/vzapi_rootCA.crt into the browser in which you will open Virtuozzo PowerPanel web interface.

If you later need to redeploy or update the controller without changing the admininstrator’s password, skip password-related options and run

# vzapi-installer controller