Difference between revisions of "Phpvirtualbox"

From SME Server
Jump to navigationJump to search
(→‎Authentication: re-arrange where on page and fill-out)
Line 96: Line 96:
 
</tabs>
 
</tabs>
  
Go to the phpvirtualbox panel at the url https://your-sme-ip/phpvirtualbox on your local-network. '''You can not reach this contrib trought internet'''.
+
Go to the phpvirtualbox panel at the url https://your-sme-ip/phpvirtualbox on your local-network. '''You can not reach this contrib trought the internet'''.
  
=== Authentication ===
+
The only user with access at this stage is your SME Server admin user. See Authentication below on how to change this.  
{{Note box|Authentication is partially working.
 
  
- BuiltIn, will use the phpvirtualbox builtin authentication which lets you manage users within phpvirtualbox ONLY. It does not have any interface/interaction with smeserver users
+
{{Tip box|You can see [[VirtualBox_4.0_on_SME_Server_v8_beta_6|the Tutorial]] hosted on our Wiki in order to learn : 
 +
*how to create [[VirtualBox_4.0_on_SME_Server_v8_beta_6#Creating_a_Virtual_Machinecreate| your first VM]]
 +
*how to automatically [[VirtualBox_4.0_on_SME_Server_v8_beta_6#Automatically_Start_Virtual_Machine|start VM with the server]] }}
 +
 
 +
===Authentication===
 +
{{Note box|Authentication is still being worked on, but mostly works as advertised.}}
 +
you can allow authentication to phpvirtualbox via number of methods. At install, default is WebAuth with admin defined as the adminUser.
 +
 
 +
config setprop phpvirtualbox authtype <none/Builtin/LDAP/WebAuth/AD>
 +
signal-event smeserver-phpvirtualbox-update
 +
{| class="wikitable"
 +
|+config setprop phpvirtualbox authtype <>
 +
!Property
 +
!Description
 +
!adminUser
 +
!Users
 +
!userGroups
 +
|-
 +
|none
 +
|everyone on your local network has access, without needing to log in
 +
|ignored
 +
|ignored
 +
|ignored
 +
|-
 +
|BuiltIn
 +
|will use the phpvirtualbox builtin authentication which lets you manage users within phpvirtualbox ONLY.  
 +
Default admin user is admin with password admin (this is a phpvirtualbox thing....)
 +
 
 +
It does '''NOT''' have any interface/interaction with smeserver users
 +
|ignored
 +
|ignored
 +
|ignored
 +
|-
 +
|LDAP
 +
|will allow any smeserver user access, with whomever is defined in the phpvirtualbox adminUser config item as the administrator
 +
|administrative rights
 +
|ignored
 +
|ignored
 +
|-
 +
|'''WebAuth'''
 +
|<u>Default, with adminUser defined as admin</u>
 +
will allow any user defined in the phpvirtualbox Users config item, or belonging to groups defined in the phpvirtualbox userGroups config items access
 +
Admin access is defined by the phpvirtualbox adminUser config item
 +
 
 +
('''''Note:''''' using group access will generate lots of errors in the /var/log/httpd/error.log file ATM).
 +
|administrative rights
 +
|user rights
 +
|user rights
 +
|-
 +
|AD
 +
|is defined, but has not been tested.
 +
will allow any user defined in the phpvirtualbox Users config item, or belonging to AD groups defined in the phpvirtualbox userGroups config items access.
  
- LDAP, will allow any smeserver user access, with whoever is defined in the phpvirtualbox adminUser config item as the administrator (default is admin)
+
Admin access is defined by the phpvirtualbox adminUser config item
 +
|administrative rights
 +
|user rights
 +
|user rights
 +
|}
  
- WebAuth, will allow any user defined in the phpvirtualbox Users config item, or belonging to groups defined in the phpvirtualbox userGroups config items access (Note: using group access will generate lots of errors in the /var/loh/httpd/error.log file ATM). Admin access is defined by the phpvirtualbox adminUser config item
+
=====Allow Specific Users=====
 +
Works with WebAuth and AD
  
- AD, is defined, but has not been tested}}
+
The users must be declared  and a password must be set in the server-manager.
  
Your credentials are the user admin of the SME Server and its password but you can add more users by the [[Phpvirtualbox#DB_Configuration|DB Configuration]].
+
config setprop phpvirtualbox Users user1,user2,user3
 +
signal-event smeserver-phpvirtualbox-update
  
to add individual users<syntaxhighlight lang="bash">
+
=====Allow Specific Groups=====
config setprop phpvirtualbox Users <list of comma separated users>
+
Works with WebAuth and AD
</syntaxhighlight>to add groups<syntaxhighlight lang="bash">
+
 
config setprop phpvirtualbox userGroups <list of comma separated smeserver groups>
+
These groups must be declared in the server-manager and users need to be members of the group/s
</syntaxhighlight>then you'll need to activate via:<syntaxhighlight lang="bash">
+
 
signal-event smeserver-phpvirtualbox-update
+
config setprop phpvirtualbox userGroups Group1,Group2,Group3
</syntaxhighlight>{{Tip box|You can see [[VirtualBox_4.0_on_SME_Server_v8_beta_6|the Tutorial]] hosted on our Wiki in order to learn : 
+
signal-event smeserver-phpvirtualbox-update
*how to create [[VirtualBox_4.0_on_SME_Server_v8_beta_6#Creating_a_Virtual_Machinecreate| your first VM]]
+
 
*how to automatically [[VirtualBox_4.0_on_SME_Server_v8_beta_6#Automatically_Start_Virtual_Machine|start VM with the server]] }}
+
=== Access the ISO share directory via samba ===
 +
{{Note box|This is NOT working at the moment bug #12336}}
 +
This is where ISOs used for building/installing VMs are stored.
 +
 
 +
By default, anyone defined in adminUser, Users or userGroups will have write access to the /opt/vbox/ISOs directory (share name virtualbox), regardless of the authtype.
  
===Restart the vboxweb-service===
+
I suggest that we probably need a samba property with values none, adminUser, all.
 +
{| class="wikitable"
 +
|+config setprop phpvirtualbox samba <>
 +
!Property
 +
!Description
 +
|-
 +
|none
 +
|No share created or visible
 +
|-
 +
|adminUser
 +
|user defined in adminUser ONLY, has write access to virtualbox share
 +
|-
 +
|all
 +
|Any user defined in adminUser, Users or userGroups has write access to the virtualbox share
 +
|}
  
 +
=== Restart the vboxweb-service ===
 
phpvirtualbox controls a virtualbox service (vboxweb-service), you may need to restart it if you can't connect to phpvirtualbox
 
phpvirtualbox controls a virtualbox service (vboxweb-service), you may need to restart it if you can't connect to phpvirtualbox
  
Line 240: Line 315:
 
  signal-event console-save
 
  signal-event console-save
  
====Authentication====
+
====Access The Web Interface Remotely====
{{Note box|Authentication is still being worked on, but mostly works as advertised.}}
 
you can allow authentication to phpvirtualbox via number of methods. This feature is the default behaviour since the bug opened is solved http://sourceforge.net/p/phpvirtualbox/bugs/7/.
 
 
 
config setprop phpvirtualbox authtype WebAuth
 
signal-event smeserver-phpvirtualbox-update
 
{| class="wikitable"
 
|+authtype
 
!
 
!
 
|-
 
|BuiltIn
 
|will use the phpvirtualbox builtin authentication which lets you manage users within phpvirtualbox ONLY. It does '''NOT''' have any interface/interaction with smeserver users
 
|-
 
|LDAP
 
|will allow any smeserver user access, with whomever is defined in the phpvirtualbox adminUser config item as the administrator (default is admin)
 
|-
 
|WebAuth
 
|will allow any user defined in the phpvirtualbox Users config item, or belonging to groups defined in the phpvirtualbox userGroups config items access
 
Admin access is defined by the phpvirtualbox adminUser config item
 
 
 
('''''Note:''''' using group access will generate lots of errors in the /var/log/httpd/error.log file ATM).
 
|-
 
|AD
 
|is defined, but has not been tested.
 
will allow any user defined in the phpvirtualbox Users config item, or belonging to AD groups defined in the phpvirtualbox userGroups config items access.
 
 
 
Admin access is defined by the phpvirtualbox adminUser config item
 
|-
 
|none
 
|everyone on your local network has access, without needing to log in
 
|}
 
 
 
=====Allow Specific Users=====
 
Works with WebAuth and AD
 
 
 
The users must be declared  and a password must be set in the server-manager.
 
 
 
config setprop phpvirtualbox Users user1,user2,user3
 
signal-event smeserver-phpvirtualbox-update
 
 
 
=====Allow Specific Groups=====
 
Works with WebAuth and AD
 
 
 
These groups must be declared in the server-manager and users need to be included
 
 
 
config setprop phpvirtualbox userGroups Group1,Group2,Group3
 
signal-event smeserver-phpvirtualbox-update
 
 
 
=== Access The Web Interface Remotely ===
 
 
{{Warning box|Instructions below could be a flaw in Phpvirtualbox, you should remotely access trough [[SME_Server:Documentation:FAQ:booklet#Server-Manager|SSH]] or with [[OpenVPN_Bridge|openvpn]]}}
 
{{Warning box|Instructions below could be a flaw in Phpvirtualbox, you should remotely access trough [[SME_Server:Documentation:FAQ:booklet#Server-Manager|SSH]] or with [[OpenVPN_Bridge|openvpn]]}}
 
Create the following folder if it doesn't exist.
 
Create the following folder if it doesn't exist.

Revision as of 05:02, 16 March 2023







phpvirtualbox
NeedImage.svg
phpvirtualbox logo
Urlhttps://github.com/phpvirtualbox/phpvirtualbox
LicenceGPL v3
Category

virtualization

Tags virtualbox


Phpvirtualbox for SME Server

PythonIcon.png Skill level: Medium
The instructions on this page require a basic knowledge of linux.


Maintainer

[1]Stephane de Labrusse aka stephdl

Version

Devel 10:
smeserver-phpvirtualbox
The latest version of smeserver-phpvirtualbox is available in the SME repository, click on the version number(s) for more information.


Update 10:
phpvirtualbox
The latest version of phpvirtualbox is available in the SME repository, click on the version number(s) for more information.


stephdl

Devel 10:
smeserver-virtualbox
The latest version of smeserver-virtualbox is available in the SME repository, click on the version number(s) for more information.


Description

An open source, AJAX implementation of the VirtualBox user interface written in PHP. As a modern web interface, it allows you to access and control remote VirtualBox instances. phpVirtualBox is designed to allow users to administer VirtualBox in a headless environment - mirroring the VirtualBox GUI through its web interface.

Requirements

Important.png Note:
work in progress, alpha, use at your own risks

Please make sure you have the latest kernel installed (i.e. do a yum update) before installing, so that we use the right kernel headers for compiling the driver

This will install phpvirtualbox and the appropriate version of smeserver-virtualbox and VirtualBox, which will compile it's drivers, so we need to install a few development components as well

yum install smeserver-extrarepositories-epel smeserver-extrarepositories-virtualbox
yum --enablerepo=smedev,smecontribs,epel,virtualbox  install smeserver-phpvirtualbox

The install will prompt you to accept the VirtualBox GPG key

You need to install the VirtualBox_Repository, the Stephdl_repository And the Epel Repository


Important.png Note:
VirtualBox is a real professional solution to virtualise Operating Systems in Linux, please Read the virtualbox manual if you want to use entirely all features of this software

  1. Installation phpvirtualbox-4.3 For SME8 and SME9
First install the required repos
yum install smeserver-extrarepositories-virtualbox smeserver-extrarepositories-epel smeserver-extrarepositories-stephdl
signal-even yum-modify

You have to be sure that your server has the kernel up-to-date before to install virtualbox, else the installation will fail. You must first configure the epel repository

yum install --enablerepo=epel dkms kernel-devel
signal-event post-upgrade;  signal-event reboot

For PAE Kernel you have to install kernel-PAE-devel in order to be compiled with DKMS

yum install --enablerepo=epel dkms kernel-PAE-devel
signal-event post-upgrade;  signal-event reboot

This contrib is currently held in several repositories (VirtualBox_Repository, and the Stephdl_repository), so the following commands will install on your smeserver.

yum --enablerepo=stephdl,virtualbox  install smeserver-phpvirtualbox smeserver-virtualbox

You will then need to activate the database changes and to reboot with the new kernel module loaded.

signal-event post-upgrade;  signal-event reboot
Warning.png Warning:
You have to remove first all old rpm before to install phpvirtualbox-5.0 and VirtualBox-5.0, this is done by the different version of virtualbox (the version 5.0 doesn't obsolete the 4.3 version)
yum remove smeserver-phpvirtualbox\* smeserver-virtualbox\* VirtualBox\* phpvirtualbox\* dkms

First install the required repos
yum install smeserver-extrarepositories-virtualbox smeserver-extrarepositories-epel smeserver-extrarepositories-stephdl
signal-even yum-modify
You have to be sure that your server has the kernel up-to-date before to install virtualbox, else the installation will fail. You must first configure the epel repository
yum install --enablerepo=epel dkms kernel-devel
signal-event post-upgrade;  signal-event reboot

For PAE Kernel you have to install kernel-PAE-devel in order to be compiled with DKMS

yum install --enablerepo=epel dkms kernel-PAE-devel
signal-event post-upgrade;  signal-event reboot

This contrib is currently held in several repositories (VirtualBox_Repository, and the Stephdl_repository), so the following commands will install on your smeserver.

yum --enablerepo=stephdl,virtualbox  install smeserver-phpvirtualbox-5.0 smeserver-virtualbox-5.0

You will then need to activate the database changes and to reboot with the new kernel module loaded.

signal-event post-upgrade;  signal-event reboot

Go to the phpvirtualbox panel at the url https://your-sme-ip/phpvirtualbox on your local-network. You can not reach this contrib trought the internet.

The only user with access at this stage is your SME Server admin user. See Authentication below on how to change this.


Information.png Tip:
You can see the Tutorial hosted on our Wiki in order to learn :


Authentication

Important.png Note:
Authentication is still being worked on, but mostly works as advertised.


you can allow authentication to phpvirtualbox via number of methods. At install, default is WebAuth with admin defined as the adminUser.

config setprop phpvirtualbox authtype <none/Builtin/LDAP/WebAuth/AD>
signal-event smeserver-phpvirtualbox-update
config setprop phpvirtualbox authtype <>
Property Description adminUser Users userGroups
none everyone on your local network has access, without needing to log in ignored ignored ignored
BuiltIn will use the phpvirtualbox builtin authentication which lets you manage users within phpvirtualbox ONLY.

Default admin user is admin with password admin (this is a phpvirtualbox thing....)

It does NOT have any interface/interaction with smeserver users

ignored ignored ignored
LDAP will allow any smeserver user access, with whomever is defined in the phpvirtualbox adminUser config item as the administrator administrative rights ignored ignored
WebAuth Default, with adminUser defined as admin

will allow any user defined in the phpvirtualbox Users config item, or belonging to groups defined in the phpvirtualbox userGroups config items access Admin access is defined by the phpvirtualbox adminUser config item

(Note: using group access will generate lots of errors in the /var/log/httpd/error.log file ATM).

administrative rights user rights user rights
AD is defined, but has not been tested.

will allow any user defined in the phpvirtualbox Users config item, or belonging to AD groups defined in the phpvirtualbox userGroups config items access.

Admin access is defined by the phpvirtualbox adminUser config item

administrative rights user rights user rights
Allow Specific Users

Works with WebAuth and AD

The users must be declared and a password must be set in the server-manager.

config setprop phpvirtualbox Users user1,user2,user3
signal-event smeserver-phpvirtualbox-update
Allow Specific Groups

Works with WebAuth and AD

These groups must be declared in the server-manager and users need to be members of the group/s

config setprop phpvirtualbox userGroups Group1,Group2,Group3
signal-event smeserver-phpvirtualbox-update

Access the ISO share directory via samba

Important.png Note:
This is NOT working at the moment bug #12336


This is where ISOs used for building/installing VMs are stored.

By default, anyone defined in adminUser, Users or userGroups will have write access to the /opt/vbox/ISOs directory (share name virtualbox), regardless of the authtype.

I suggest that we probably need a samba property with values none, adminUser, all.

config setprop phpvirtualbox samba <>
Property Description
none No share created or visible
adminUser user defined in adminUser ONLY, has write access to virtualbox share
all Any user defined in adminUser, Users or userGroups has write access to the virtualbox share

Restart the vboxweb-service

phpvirtualbox controls a virtualbox service (vboxweb-service), you may need to restart it if you can't connect to phpvirtualbox

systemctl restart vboxweb-service

you can control eventually that the port 18083 is opened to the service

nmap localhost -p 18083
....
PORT      STATE SERVICE
18083/tcp open  unknown

or

netstat -a | grep vboxweb-service
tcp        0      0 localhost:vboxweb-service   *:*                         LISTEN

Kernel Upgrade

After a kernel upgrade and the "signal-event post-upgrade; signal-event reboot", the vboxdrv need to be compiled with the new kernel, a script is launched at the boot time to test if the compilation is needed.

You can see if all kernel modules are compiled and loaded, if you issue :

# /usr/lib/virtualbox/vboxdrv.sh status
VirtualBox kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) are loaded.


Information.png Tip:
Restarting the vboxdrv service will trigger a driver compile if it is not present.

If you want to manually launch the compilation of virtualbox module you can run the driver setup script.


Restart the driver and web service

systemctl restart vboxdrv; systemctl restart vboxweb-service

Run the driver setup script and restart the box web service

/usr/lib/virtualbox/vboxdrv.sh setup; systemctl restart vboxweb-service

Installation of Extension Pack

The Extension Pack is now automatically installed with VirtualBox.

You can trigger a recheck and possible install. This will also check the installed driver and recompile if required (e.g. after a kernel upgrade).

signal-event smeserver-virtualbox-update

Support for USB 2.0 devices, VirtualBox RDP and PXE boot for Intel cards. See this chapter from the User Manual for an introduction to this Extension Pack. See this page to download the extension pack if the url below is no longer good.

For example :

wget https://download.virtualbox.org/virtualbox/5.2.44/Oracle_VM_VirtualBox_Extension_Pack-5.2.44.vbox-extpack
vboxmanage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.44.vbox-extpack

see vboxmanage-extpack for a complete list of commands

  • To add a new extension pack, use VBoxManage extpack install <.vbox-extpack>. This command will fail if an older version of the same extension pack is already installed. The optional --replace parameter can be used to uninstall the old package before the new package is installed.
  • To remove a previously installed extension pack, use VBoxManage extpack uninstall <name>. You can use VBoxManage list extpacks to show the names of the extension packs which are currently installed. The optional --force parameter can be used to override the refusal of an extension pack to be uninstalled.
  • The VBoxManage extpack cleanup command can be used to remove temporary files and directories that may have been left behind if a previous install or uninstall command failed.


BridgeInterface

smeserver-bridge-interface is a small package allowing you to bridge your Internal Interface with one or more virtual tap interfaces. It's main goal is to be used with the new OpenVPN-Bridge contrib, but it has been split in another contrib as it can be used in other situations (if you want to run a virtual machine on your SME Server with virtualbox for example).

see BridgeInterface

Therefore your Guest O.S will have a real ip on your local network, you need to set its virtual NIC on bridged adapter (br0) in phpvirtualbox network settings

VirtualBox Guest Additions

For any serious and interactive use, the VirtualBox Guest Additions will make your life much easier by providing closer integration between host and guest and improving the interactive performance of guest systems. see this link for more informations

You have to enable the epel repository and to insert the guest additions cd images in phpvirtualbox.

yum install gcc kernel-devel dkms --enablerepo=epel
mkdir /media/cdrom
mount -t iso9660 /dev/cdrom /media/cdrom/
sh /media/cdrom/VBoxLinuxAdditions.run
ln -s ../init.d/vboxadd /etc/rc7.d/S30vboxadd
signal-event post-upgrade; signal-event reboot

DB Configuration

configuration database

# config show phpvirtualbox 
phpvirtualbox=configuration
    Name=phpvirtualbox
    adminUser=admin
    authtype=WebAuth
    status=enabled
    userGroups=vboxusers
# config show vboxweb-service 
vboxweb-service=service
    TCPPort=18083
    access=localhost
    password=<generated password>
    status=enabled
    user=vbox

Add a different URL

by example

http://yourserver.net/VB 

or

http://yourserver.net/PVB


Important.png Note:
this adds another url, it doesn't remove the default


config setprop phpvirtualbox URL VB

or

config setprop phpvirtualbox URL PVB

To enable your changes run these commands

signal-event console-save
  • If you want to remove completely the new url
config delprop phpvirtualbox URL

then

signal-event console-save

Access The Web Interface Remotely

Warning.png Warning:
Instructions below could be a flaw in Phpvirtualbox, you should remotely access trough SSH or with openvpn


Create the following folder if it doesn't exist.

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

Copy the file 92phpvirtualhost to the newly created folder.

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

Edit the file and add your public IP address.

nano /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/92phpvirtualhost

Change the line:

$OUT .= "    allow from $localAccess\n";

to the one below (eg. 123.456.789.012 is your public IP address) then save the file.

$OUT .= "    allow from $localAccess 123.456.789.012\n";
expand-template /etc/httpd/conf/httpd.conf
svc -t /service/httpd-e-smith/
svc -t /service/httpd-admin/

Autostart Virtual Machines

Once you have one or more virtual machines installed and running, you may want them to start automatically on system boot. To do this, you will need to stop the virtual machines in question, create one configuration file, edit another, and set some properties using the VBoxManage utility.

Stop the virtual machines

Using the phpVirtualBox web interface, power down or save state the virtual machine(s) you want to set to start automatically. Alternatively, log in to those virtual machines and shut them down. Confirm in the phpVirtualBox web interface that the status is not "Running".

Create /etc/vbox/autostart.cfg

[root@e-smith ~]# nano -w /etc/vbox/autostart.cfg 

Add the following to this file:

# Default policy is to deny starting a VM, the other option is "allow".
default_policy = deny

# Create an entry for each user allowed to run autostart
root = {
allow = true
}

Edit /etc/default/virtualbox

[root@e-smith ~]# nano -w /etc/default/virtualbox

Add these two lines:

VBOXAUTOSTART_DB=/etc/vbox
VBOXAUTOSTART_CONFIG=/etc/vbox/autostart.cfg

Using VBoxManage to set properties

First, tell VirtualBox where your autostart configuration is:

[root@e-smith ~]# VBoxManage setproperty autostartdbpath /etc/vbox

Next, use VBoxManage to list your installed virtual machines:

[root@e-smith ~]# VBoxManage list vms
"Elastix 3.0.0-RC1" {6259ddda-888d-43e9-9364-25867668d889}
"PIAF 3" {69d75c64-4cfe-4023-a4a2-b2b39a442746}
"IncrediblePBX 12" {e7e4845b-8178-4e87-aceb-7f2a78c77977}
"Ubuntu 14.04.1 LTS" {6094a7e0-5b3c-4cc3-b8c8-f55a9716318b}
"Asterisk-GUI" {19d53974-512b-443b-8fd9-aff80c207bd9}
"Windows 7" {df3d3440-3113-4c91-9890-5323f99d755c}

Then, set your desired virtual machines to start automatically, with an optional delay, and optionally to suspend (rather than power down) when your SME server shuts down or reboots. You can specify the virtual machine by name or by UUID:

[root@e-smith ~]# VBoxManage modifyvm "IncrediblePBX 12" --autostart-enabled on --autostart-delay 15
[root@e-smith ~]# VBoxManage modifyvm df3d3440-3113-4c91-9890-5323f99d755c --autostart-enabled on --autostop-type savestate

Finally, start the vboxautostart-service service:

[root@e-smith ~]# service vboxautostart-service start

or

[root@e-smith ~]# /etc/init.d/vboxautostart-service start

Confirm that the desired virtual machines are running in the phpVirtualBox web interface.

Uninstall

yum remove smeserver-virtualbox smeserver-phpvirtualbox phpvirtualbox VirtualBox-4.3 dkms

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-phpvirtualbox component or use this link .

SME guest server configuration

To optimize and/or fine-tune your SME guest server running on your phpvirtualbox host, please see our Virtual SME Server wiki page

For general information on how to configure phpvirtualbox guests please visit the phpvirtualbox documentation