PhpVirtualBox

Note

This package is not supported in NethServer Enterprise Enterprise

VirtualBox

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. It is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. Please see the official website

phpVirtualBox

A web-based front-end to VirtualBox. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation. Please see the github page

Installation

nethserver-virtualbox-X.X-phpvirtualbox requires nethserver-virtualbox-X.X-VirtualBox. The versions are bound togheter: nethserver-virtualbox-5.2-phpvirtualbox requires nethserver-virtualbox-5.2-VirtualBox

Warning

VirtualBox compile its modules with the latest kernel, you must have the most updated kernel and start on it at boot. If the installer cannot compile the modules, then you should reboot your server and launch again the compilation using : /sbin/vboxconfig

Install from the Software Center or use the command line:

yum install nethserver-virtualbox-5.2-phpvirtualbox

Usage

The URL of the phpVirtualBox application can be found at https://yourdomain.com/phpvirtualbox. The default credentials are :

  • username: admin

  • password: admin

More information are available at the Authentication section

Network access

The application is restricted to your local network (default is private), to enable phpVirtualBox to the external IP

config setprop phpvirtualbox access public
signal-event phpvirtualbox-save

Access on an exclusive hostname

To make phpVirtualBox accessible with an exclusive DNS name, for example https://webmail.example.com :

  • In “DNS and DHCP” UI module (Hosts), create the DNS host name as a server alias (i.e. webmail.example.com)

  • Add the host name to DomainName prop list (default is ''):

    config setprop phpvirtualhost DomainName webmail.example.com
    signal-event phpvirtualbox-save
    

Advanced settings

phpVirtualBox attempts to look like the user interface of VirtualBox, but you can enable the AdvancedSettings property (default is false) and get more settings, only available by the command line

config setprop phpvirtualhost AdvancedSettings true
signal-event phpvirtualbox-save

VM ownership and quota

The administrator users are not limited on the virtual machine quota and can manage VM of other users. The VMs are visible only to the owner, as long as the property VMOwnerShip is to true (default is true).

config setprop phpvirtualhost VMOwnerShip false
signal-event phpvirtualbox-save

Maximum number of VMs allowed for non admin user (default is 5)

config setprop phpvirtualhost QuotaPerUser 10
signal-event phpvirtualbox-save

User permissions

phpVirtualBox essentially has two access levels. admin and non-admin users. The administrator users have access to the Users section of phpVirtualBox and can add, edit, remove other users (only for the internal method). They can also perform actions that change VM group memberships and manipulate VM groups (Rename, Group, Ungroup). The administrator users are also not limited with the virtual machine quota and can manage VM of other users. The VMs are visible only by the owner, as long as the property VMOwnerShip is set to true.

Authentication

You can change the authentication method by the property Authentication (internal, LDAP, AD, default is internal). For LDAP and AD, phpVirtualBox will connect the NethServer Enterprise Account providers and grant or not the authorization to the web application.

Example:

config setprop phpvirtualbox Authentication AD
signal-event phpvirtualbox-save

internal

The default credentials are :

  • username: admin

  • password: admin

Once logged in the first time, you should change the default password in the menu File -> Change Password.

In the phpvirtualbox user menu, you can create users, and set their permissions (only for the internal authentication method).

LDAP (openldap)

This authentication method is simple, all users from Openldap can login, but only users in the property AdminUser are administrators (comma separated list, default is admin)

AD (active directory)

This authentication method is the most complete, group based (you have to create manually the two groups in the group panel of NethServer Enterprise and associate members to these groups):

  • members of vboxadmin are administrators

  • members of vboxuser are non privilegied users

The users who do not belong to s vboxadmin or vboxuser groups, can't use the phpVirtualBox web application. You can change the group name with the properties UserGroup and AdminGroup

Uploading ISOs

The user who runs virtualbox is vboxweb, a home is created (/home/vboxweb) to store all the virtual machines (in VirtualBox VMs) and also the needed ISOs for creating your VM. The password of this user is stored in /var/lib/nethserver/secrets/virtualbox.

You could open a session by ssh to download directly the ISO with wget, or push them by rsync or scp, directly from your computer. You could provide to the vboxweb user a ssh key and open a ssh session without password.

rsync -avz XXXXXXX.iso vboxweb@IpOfServer:/home/vboxweb/
scp XXXXXXX.iso vboxweb@IpOfServer:/home/vboxweb/

Oracle VM VirtualBox Extension Pack

This Extension Pack provides some good features like the usb support, Virtualbox RDP, disk encryption, NVMe and PXE boot for Intel cards. It is installed by the event nethserver-virtualbox-X.X-virtualbox-update automatically (by the installation or a rpm update). The pack is relevant of the VirtualBox version, if you need to update it, then trigger the event virtualbox-save :

signal-event virtualbox-save

The RDP console

You could use your own RDP software client for the installations of your guests, but phpVirtualBox comes with a Flash RDP console that you could use with your browser.

  • The RDP console is restricted to the local network ( default is green), the ports are between [19000-19100]. If you want to enable RDP for the external IP

    config setprop phpvirtualhost accessRDP red
    signal-event phpvirtualbox-save
    
  • For specific needs you could specify the IP (default is '') of the integrated RDP console

    config setprop phpvirtualhost ipaddrRDP xxx.xxx.xxx.xxx
    signal-event phpvirtualbox-save
    

VM networking

The networking side is probably the most difficult part of the virtualization, you should consult the VirtualBox Documentation

Promiscuous way

Enable the promiscuous mode policy, select “Allow all” from the drop down list located in the network settings section.

W10

When you want to join a virtualized W10 to the sambaAD container, bridge the guest NIC to br0 and create a script

Example script

VBoxTunctl -u root -g vboxusers -t vbox0
ifconfig vbox0 up
brctl addif br0 vbox0
sudo -H -u vboxweb VBoxManage startvm VMname --type headless

Esmith database

You can modify the available properties of phpvirtualhost:

AdminGroup=vboxadmin       # members of this group can authenticate in  `AD` as administrators
AdminUser=admin            # User list (comma separated) of administrators that can authenticate in `LDAP`
AdvancedSettings=false     # Display the advanced settings in phpvirtualbox (true, false)
Authentication=internal    # Authentication in phpvirtualbox: internal (builtin), AD (SAMBA AD), LDAP (openldap)
DomainName=                # If set, a domain name or FQDN is used instead of https://server/phpvirtualbox
QuotaPerUser=5             # Number maximal of VMs allowed for non admin user
TCPPortsRDP=19000-19100      # RDP ports for the console RDP of phpvirtualbox (the firewall is opened)
URL=                       # If set, the path is modified to https://server/URL
UserGroup=vboxuser         # members of this group can authenticate in  `AD` as simple users
VMOwnerShip=true           # If set to true, users can see only their VM (true, false)
access=private             # Restric phpvirtualbox access (private, public)
accessRDP=green            # Access usage of the integrated RDP console (green, red)
ipaddrRDP=                 # Set the IP of the integrated RDP console for specific need
status=enabled             # Enable phpvirtualbox (disabled, enabled)

Example:

config setprop phpvirtualbox accessRDP red AdvancedSettings enabled
signal-event phpvirtualbox-save

Documentation

VirtualBox

The official VirtualBox documentation is available on the VirtualBox website.

phpVirtualbox

The official phpVirtualbox documentation is available on the github website.