OpenHPC Project

OpenHPC 1.1   (18 April 2016)

Binary downloads are presently available in the form of RPMs. These RPMs are organized into repositories that can be accessed via standard package manager utilities (e.g. yum, zypper). OpenHPC provides builds that are compatible and tested against CentOS 7.2 as well as SUSE Linux Enterprise Server 12 SP1. A typical deployment on a new system will begin with the installation of the base operating system on a chosen master host identified as the system management server (SMS), followed by enabling access to a compatible OpenHPC repository.
The OpenHPC repository is created and maintained using a dedicated instance of the Open Build Service (OBS) that is available here. In addition to serving as the build server, this OBS instance also provides an RPM repository. You can scan the RPM packages that are available via this repository by browsing the x86_64/ and noarch/ subdirectories for the 1.1 release at: http://build.openhpc.community/OpenHPC:/1.1.
To get started, you can enable an OpenHPC repository locally through installation of an ohpc-release RPM which includes gpg keys for package signing and defines the URL locations for [base] and [update] package repositories. A copy of the ohpc-release file is available for download here:

• ohpc-release-centos7.2-1.1-1.x86_64.rpm (md5sum:f9349b2c2b117a4e3efdac8cd59cc327)
• ohpc-release-sles12sp1-1.1-1.x86_64.rpm (md5sum:a99904b08c90548faaedf7201d60e101)

Alternatively, you can use the package manager to install the RPM directly from the network as in the following examples:

# yum install https://github.com/openhpc/ohpc/releases/download/v1.1.GA/ohpc-release-centos7.2-1.1-1.x86_64.rpm

or

# zypper in https://github.com/openhpc/ohpc/releases/download/v1.1.GA/ohpc-release-sles12sp1-1.1-1.x86_64.rpm

---

Install Recipe(s)

To aid in the installation of OpenHPC packaged components,  a companion installation recipe is available. This can be obtained via installation of the docs-ohpc RPM after the OpenHPC repository has been enabled locally. Alternatively, copies of the documentation are also provided below:

• CentOS 7.2 Install guide (PDF)
• SLE 12 SP1 Install guide (PDF)

The intent of the guide is to present a simple cluster installation procedure using components from the OpenHPC software stack. The documentation is intended to be reasonably generic, but uses the underlying motivation of a small, stateless cluster installation to define a step-by-step process. Several optional customizations are included and the intent is that these collective instructions can be modified as needed for local site use cases.  Please consult the install guide for more detail and discussion regarding a companion template install script.


 ***********************************

About OpenHPC

Mission

OpenHPC is a Linux Foundation Collaborative Project whose mission is to provide an integrated collection of HPC-centric components that can be used to provide full-featured reference HPC software stacks. Provided components should range across the entire HPC software ecosystem including provisioning and system administration tools, resource management, I/O services, development tools, numerical libraries, and performance analysis tools.

To support this mission, the following sections highlight elements of the community vision and key values.

Vision

• to provide a collection of pre-packaged binary components that, when combined with a supported base operating system (BoS), can be used to install and manage HPC systems throughout its lifecycle to provide a stable, feature-rich development and runtime environment
• to provide HPC-centric packages that are either absent or have unacceptable lag time from leading Linux distro providers
• to support new hardware offerings from vendors in a timely fashion
• to provide distribution/installation mechanisms for leading research groups releasing open-source software
• to allow both open-source and proprietary software vendors to focus efforts on innovation
• to allow and promote multiple system configuration recipes that leverage community reference designs
• to foster development of defined interfaces between supported components that allows for simple component replacement and customization

Lustre Takes Aim at Enterprise Security Requirements

“Security in Lustre reflects its roots as a high performance computing (HPC) file system,” said John Hammond of Intel’s High Performance Data Division. In traditional HPC deployments, Lustre resides in a physically secure and logically isolated environment, dependent on strict network access controls, managed by large and siloed teams focused on what’s happening with the systems, and accessed by users already holding appropriate clearances to log on and use the resources. According to Hammond, “Lustre assumes that if a client could connect, it would connect.” Of course, this presents security risks for today’s enterprise environments.
“In the enterprise, computing resources are often connected to wider, shared networks—including the Internet—that may be directly or indirectly accessible to a wide range of users with various privileges,” added Andreas Dilger, principal engineer for Intel’s Lustre development team. “Data center management teams are usually smaller, spread thin in their diverse responsibilities, and used to dealing with more standard security infrastructures and mechanisms that have protections inherent in the file system.” Thus, as Lustre has expanded into more corporate environments, its users have requested deeper security in the file system. Now available, version 2.8 of the community release and 3.0 of the Intel Enterprise Edition for Lustre software (Intel EE for Lustre software) have added three critical security features in Lustre: client and user authentication, policy-based file access restrictions, and encryption.
Kerberos Authentication and Encryption is Back
Kerberos has long been a part of Lustre, but until a couple of years ago, it had been largely unused for various reasons. Community developers revived Kerberos to provide fundamental security features needed by enterprise IT departments. Today, Kerberos version 5 in Lustre can authenticate individual clients, users, and the Meta data servers (MDSs) to allow clients to mount the file system and give users access to the files. Authentication is mutual—client to server and server to client—using standard Linux user credentials and Kerberos-generated keys.

Kerberos in Lustre

Kerberos in Lustre is designed to authenticate users with the MDSs only. Authenticating every request and authenticating the Object Storage Servers is beyond the current implementation of Kerberos on Lustre.
Additionally, Kerberos provides encryption for information sent over the network, whether it be keys, credentials, or data. The technology has several encryption algorithms at its disposal, and Intel processors integrate hardware acceleration for the algorithms used in Lustre. Performance testing in 2015 by Sebastien Buisson of OpenSFS member Data Direct Networks revealed a very modest impact with authentication, as seen in his presentation (http://wiki.lustre.org/images/e/ec/Lustre-and-Kerberos_Buisson.pdf) at the 2015 Lustre User Group (LUG). When encryption was enabled, the impact was much more significant, but the system still delivered 500 to 700 MB/sec, which is still very fast when compared to WAN performance where this would typically be needed. Thus Kerberos gives important security capabilities for critical workloads in some industries, such as health sciences, where data security in transit is often a requirement.
Mandatory Access Controls with SELinux
In an HPC environment, file owners are used to controlling their file access permissions. But organizations with shared sensitive data on an open network often need a greater level of control by some form of policy management. In Lustre, this is implemented with mandatory access controls using SELinux on the client.
SELinux is part of many Linux distributions. SELinux takes file access control out of user space and puts it in kernel space. It labels files and, using type-enforcing mode, enforces security policies on the client, based on the process context. The label is stored in the file’s extended attributes (xattr), so that when the client fetches the label and caches it, SELinux blocks file access to unauthorized clients and grants access to authorized clients.
The way SELinux is implemented in Lustre 2.8 Community edition and 3.0 Intel EE for Lustre software, the SELinux context is not passed to the Meta data targets. It is not enforced on the server. However, using Kerberos, Lustre authenticates a client and user to an MDS, establishing a trust relationship. SELinux, then, enforces that the client has access only to allowed files. Additionally, there are other mechanisms, which are often implemented in IT departments to mitigate lack of SELinux context on the server, including audits, restricting clients that can connect to trusted clients, monitoring configurations to ensure only correctly configured clients are available to connect, and scanning.
SELinux is required in some environments, where it is certified with code suites using approved tests. Many certification suites and tests are not public, and they are tied to the whole security stack, which gets certified together. The Lustre development community does not have access to the entire suite in any one environment. Thus, SELinux in Lustre was limited to fulfill a certain level of security within the file system, so it could be certified as part of the whole stack.
More Security Choices Coming
The Lustre developer community continues to enhance Lustre security with more choices in upcoming software releases.
“Kerberos is a well-known authentication protocol and effective, but it is complex to set up, and it presents technical and political challenges in large organizations when needing to do cross-realm authentication,” said Malcolm Cowe, Lustre product manager for Intel’s High Performance Data Division. “Different sites are typically managed independently. Thus, different users from different administrative domains won’t necessarily have the same UID across the domains. There usually is no unified password file to map differing UIDs across systems to a single user.” But, Lustre uses numerical user IDs (UIDs), making cross-realm authentication impossible without some type of unifying identification.
Indiana University is driving development of a solution that creates a unified identification map based on network IDs (NIDs) that translates the UID and group ID (GID) across realms to the NIDs. The code allows managers to configure ranges of NIDs and map them a certain way so users across domains can access different file systems. “Based on the NID map,” explained Dilger, “if a client with a UID in a remote domain wants to mount a file on a local system, mapping will translate the UID to the proper user on the local system.”
“Besides being a way to simplify cross-realm authentication,” added Hammond, “having a unified identification scheme is a useful security tool. Managers can squash all non-authorized Lustre users in the map, like in NFS.” UID/GID mapping is expected to land in Lustre Community version 2.9.
Where organizations don’t want to use Kerberos for authentication and encryption, code for node authentication only from Indiana University will offer a simpler alternative based on Shared Secret Keys (SSKs). The SSKs method does not authenticate users, and it does not require UID/GID mapping, since it is using SSKs to allow a node access to the file system, even a remote node. But, when it is combined with UID/GID mapping, it enables strong remote, cross-domain authentication and node blocking that does not involve the complexities of setting up Kerberos. The Indiana University solution provides encryption as well as authentication, and it is expected to land in Lustre 2.9.
In enterprises, home directories are commonplace. Yet Lustre exposes the user to the entire namespace. Data Direct Networks has been working on code that will restrict view of the Lustre file system namespace at client mount time to only the subdirectory the client is accessing. “The code changes the FID of the subdirectory to the root of the client directory,” said Hammond. “The client will no longer see the root of the Lustre file tree.” Alone this does not provide adequate security, according to Hammond, but in an authenticated environment and using UID/GID mapping in wide networks, it restricts what subdirectories can be seen by clients. Additionally, subdirectory mounting can be containerized. Each container will mount as a Lustre client and be authenticated with its own credentials. Then, the subdirectory the container has access to can be mounted in the root of the container.
Lustre Spring Cleaning—Ongoing Code Hardening to Improve Security
Clean code is securer code. “We’ve been doing a lot of code cleanup in Lustre of late,” stated Hammond.
“Lustre is 15 years old,” added Dilger. “It has evolved from the Linux 2.4 kernel through the latest kernels, so there’s a lot of code that had originally been needed for compatibility between different kernel versions. Compatibility layers, user space, prototype codes for different platforms that would never be fully implemented—there were lots of wrappers and abstraction layers that needed to be removed. So, we did some spring cleaning. And we continue the efforts.”
Beyond Lustre 2.9
According to Cowe, Lustre security has come a long way. “We’ve added authentication and encryption and mandatory access control support in version 2.8. There are more options coming in 2.9. And we are looking at end-to-end enforcement going forward.”
Author’s note: This year’s Lustre User Group (LUG) included several presentations on security in Lustre. They are well worth reviewing for any Lustre administrator, user, or prospective user. They can be viewed at http://wiki.lustre.org/Lustre_User_Group_2016.

Piping TAR to move files and directories around: one command line

Move files and directories from one location to another via TAR and pipe:

(cd dir1 && tar cvf - . ) | (cd dir2 && tar xvf -)


( cd SOURCEDIR && tar cf - . ) | (cd DESTDIR && tar xvpf - )

where - stands for stdout.

 Neat?

The obvious way to copy directories with tar is to write them onto a tape archive with relative pathnames -- then read back the tape and write it somewhere else on the disk. But tar can also write to a UNIX pipe -- and read from a pipe. This looks like:

% reading-tar | writing-tar

with one trick: the writing-tar process has a different current directory (the place where you want the copy made) than the reading-tar. To do that, run the writing-tar in a subshell.

The argument(s) to the reading-tar can be directory(s) or file(s). Just be sure to use relative pathnames that don't start with a slash -- otherwise, the writing-tar will write the copies in the same place the originals came from!

"How about an example," you ask? The figure below has one. It copies from the directory /home/jane, with all its files and subdirectories. The copy is made in the directory /work/bkup/jane:

% mkdir /work/bkup/jane
% cd /home/jane
% tar cf - . | (cd /work/bkup/jane && tar xBf -)

The && operator tells the shell to start tar xBf only if the previous command (the cd) succeeded. That prevents tar writing files into the same directory it's reading from -- if the destination directory isn't accessible or you flub its pathname. If your tar has a B (reblocking) option, use it to help be sure that the copy is made correctly. If your tar doesn't have a reblocking option, you can use this trick suggested by Chris Torek:

% tar cf - . | cat | (cd /work/backup/jane && tar xbf 1 -)

You can use other options that your tar might have, like excluding files or directories, on the reading-tar, too. Some gotchas:

• Symbolic links will be copied exactly. If they point to relative pathnames, the copied links might point to locations that don't exist. You can search for these symbolic links with find - type l.
• A hard link will be copied as a file. If there are more hard links to that file in the files you're copying, they will be linked to the copy of the first link. That can be good because the destination might be on a different filesystem (a hard link to the original file can't work then). It can be bad if the link pointed to a really big file; the copy can take a lot of disk space. You can search for these hard links by:
  
  • Searching the directory from which you're copying with find - links +1 - type f to find all files that have more than one link, and
  • Running the reading-tar with its l (lowercase letter L) option to complain if it didn't copy all links to a file.
    

 

Hiawatha

An advanced and secure webserver for Unix

 

Introduction

Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several webservers, but I didn't like them. They had unlogical, almost cryptic configuration syntax and none of them gave me a good feeling about their security and robustness. So, I decided it was time to write my own webserver. I never thought that my webserver would become what it is today, but I enjoyed working on it and liked to have my own open source project. In the years that followed, Hiawatha became a fully functional webserver.

Secure

Hiawatha has been written with security in mind. This resulted in a highly secure webserver in both code and features. Hiawatha can stop SQL injections, XSS and CSRF attacks and exploit attempts. Via a specially crafted monitoring tool, you can keep track of all your webservers.

Easy to use

You don't need to be a HTTP or CGI expert to get Hiawatha up and running. Its configuration syntax is easy to learn. The documentation and examples you can find on this website will give you all the information you need to configure your webserver within minutes.

Lightweight

Although Hiawatha has everything a modern webserver needs, it's nevertheless a small and lightweight webserver. This makes Hiawatha ideal for older hardware or embedded systems. Special techniques are being used to keep the usage of resources as low as possible.

Official website

https://www.hiawatha-webserver.org/

Small but Safe

12 April 2016, 08:03

"The small but secure Hiawatha web server provides an appealing alternative to the complex Apache and other alternatives."

Security on the Internet is vital. The Hiawatha web server is a small (and free) web server that subscribes to the principle "security by default."

The upcoming edition of the Admin magazine will contain a story about Hiawatha. Many thanks to Hans-Cees Speel.

by Hugo Leisink

BeeGFS Parallel File System Goes Open Source

Today ThinkParQ announced that the complete BeeGFS parallel file system is now available as open source. Developed specifically for performance-critical environments, the BeeGFS parallel file system was developed with a strong focus on easy installation and high flexibility, including converged setups where storage servers are also used for compute jobs. By increasing the number of servers and disks in the system, performance and capacity of the file system can simply be scaled out to the desired level, seamlessly from small clusters up to enterprise-class systems with thousands of nodes. The first official announcement to make the BeeGFS sources available was made at the International Supercomputing Conference 2013. This was in the context of the European exascale project DEEP-ER, where several new approaches to address extreme I/O requirements are being designed and implemented. For exascale systems, the different software and hardware layers have to work together very efficiently to achieve maximum scalability. Thus, making the sources of BeeGFS available is one logical step to enabling efficient integration of all layers of an exascale stack.

“While some of our users are just happy with the fact that BeeGFS is so easy to install and doesn’t require much attention, others really want to understand exactly what is happening under the hood to further optimize the runtime of their applications, improve their monitoring or port it to other platforms like BSD,” said Sven Breuner, CEO of ThinkParQ, the company behind BeeGFS “Also, being able to build BeeGFS for non-x86 architectures like ARM and Power is another important aspect that the community has been waiting for.”

The steady advances in ARM technology indeed make it a more and more interesting technology to look at for future procurements. Thus, the BeeGFS team is also participating in ExaNeSt, a new European exascale project, which is specifically focused on getting the ARM ecosystem ready for performance-critical workloads. “Although BeeGFS can already run out of the box on ARM systems today, this project will give us the opportunity to make sure that we can deliver the maximum performance on this architecture as well.”, adds Bernd Lietzow, BeeGFS head for ExaNeSt.
With a rather compact code base of about 25K lines of C++ code for the distributed metadata service and about 15K lines of C++ code for the distributed storage service, BeeGFS should be relatively easy to understand and extend, not only for senior programmers, but also for University students interested in file system research. On GitHub, there are already a number of projects listed related to BeeGFS, e.g. for browser-based monitoring or Docker integration.

In related news, the BeeGFS User Meeting will take place May 18-19 in Kaiserslautern, Germany.

MIcrosoft Announcing SQL Server on Linux

Gartner recently named Microsoft as leading the industry in their Magic Quadrant for Operational Database Management Systems in both execution and vision. We’re also a leader in Gartner’s Magic Quadrant for Data Warehouse and Data Management Solutions for Analytics, and Magic Quadrant for Business Intelligence and Analytics Platforms, as well as leading in vision in the Magic Quadrant for Advanced Analytics Platforms.

Extending SQL Server to Also Now Run on Linux
Today I’m excited to announce our plans to bring SQL Server to Linux as well. This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud. We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017.
SQL Server on Linux will provide customers with even more flexibility in their data solution. One with mission-critical performance, industry-leading TCO, best-in-class security, and hybrid cloud innovations – like Stretch Database which lets customers access their data on-premises and in the cloud whenever they want at low cost – all built in.
“This is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customers”, said Al Gillen, group vice president, enterprise infrastructure, at IDC. “By taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”
“SQL Server’s proven enterprise experience and capabilities offer a valuable asset to enterprise Linux customers around the world,” said Paul Cormier, President, Products and Technologies, Red Hat. “We believe our customers will welcome this news and are happy to see Microsoft further increasing its investment in Linux. As we build upon our deep hybrid cloud partnership, spanning not only Linux, but also middleware, and PaaS, we’re excited to now extend that collaboration to SQL Server on Red Hat Enterprise Linux, bringing enterprise customers increased database choice.”
“We are delighted to be working with Microsoft as it brings SQL Server to Linux,” said Mark Shuttleworth, founder of Canonical. “Customers are already taking advantage of Azure Data Lake services on Ubuntu, and now developers will be able to build modern applications that utilize SQL Server’s enterprise capabilities.”
Bringing SQL Server to Linux is another way we are making our products and new innovations more accessible to a broader set of users and meeting them where they are. Just last week, we announced our agreement to acquire Xamarin. Recently, we also announced Microsoft R Server , our technologies based on our acquisition of Revolution Analytics, with support for Hadoop and Teradata.

Hardy-Weinberg Equilibrium Test in R

install.packages("HardyWeinberg")
library(HardyWeinberg)

X<-c(0,23,1)
names(X)<-c("AA","AB","BB")
HWExact(X,alternative="two.sided",pvaluetype="selome",x.linked=FALSE, verbose=TRUE)

----output----
Haldane Exact test for Hardy-Weinberg equilibrium (autosomal)
using SELOME p-value
sample counts: nAA =  0 nAB =  23 nBB =  1
H0: HWE (D==0), H1: D <> 0
D =  5.510417 p =  0.000008599681 

Let’s Encrypt: Delivering SSL/TLS Everywhere

Nov 18, 2014 • Josh Aas, ISRG Executive Director

Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?
The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.
Let’s Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process.
Mozilla Corporation, Cisco Systems, Inc., Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc., and researchers at the University of Michigan are working through the Internet Security Research Group (“ISRG”), a California public benefit corporation, to deliver this much-needed infrastructure in Q2 2015. The ISRG welcomes other organizations dedicated to the same ideal of ubiquitous, open Internet security.
The key principles behind Let’s Encrypt are:

• Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.
• Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background.
• Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices.
• Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
• Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
• Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.

If you want to help these organizations in making TLS Everywhere a reality, here’s how you can get involved:

• Sponsor ISRG
• Help Us Build Let’s Encrypt

To learn more about the ISRG and our partners, check out our About page.


https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html

12 Chef Knife Cookbook Command Examples

by Ramesh Natarajan on April 27, 2016

When you are using Chef to manage all your servers and network equipments, you should first create cookbooks and appropriate recipes.
On all your remote servers, you’ll use chef-client to execute the recipes from the cookbook.
In this tutorial, we’ll explain how to use knife command to create and manage your Chef cookbooks.

The knife command can be executed from any Chef workstation.

1. Create New Chef Cookbook

To create a cookbook, use “knife cookbook create” command as shown below. The following will create a cookbook with name thegeekstuff.

# knife cookbook create thegeekstuff
** Creating cookbook thegeekstuff in /root/chef-repo/cookbooks
** Creating README for cookbook: thegeekstuff
** Creating CHANGELOG for cookbook: thegeekstuff
** Creating metadata for cookbook: thegeekstuff

For the above command, knife command creates a separate directory called “thegeekstuff” under ~/chef-repo/cookbooks as shown below.
The following is the cookbook folder structure.

# ls -l ~/chef-repo/cookbooks/thegeekstuff
drwxr-xr-x. 2 root root    6 Apr 24 10:15 attributes
-rw-r--r--. 1 root root  451 Apr 24 10:15 CHANGELOG.md
drwxr-xr-x. 2 root root    6 Apr 24 10:15 definitions
drwxr-xr-x. 3 root root   20 Apr 24 10:15 files
drwxr-xr-x. 2 root root    6 Apr 24 10:15 libraries
-rw-r--r--. 1 root root  288 Apr 24 10:15 metadata.rb
drwxr-xr-x. 2 root root    6 Apr 24 10:15 providers
-rw-r--r--. 1 root root 1497 Apr 24 10:15 README.md
drwxr-xr-x. 2 root root   23 Apr 24 10:15 recipes
drwxr-xr-x. 2 root root    6 Apr 24 10:15 resources
drwxr-xr-x. 3 root root   20 Apr 24 10:15 templates

2. Create New Cookbook with Custom Options

The metadata.rb file under the cookbook directory will have the following default values.

# cat ~/chef-repo/cookbooks/thegeekstuff/metadata.rb
name             'thegeekstuff'
maintainer       'YOUR_COMPANY_NAME'
maintainer_email 'YOUR_EMAIL'
license          'All rights reserved'
description      'Installs/Configures thegeekstuff'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version          '0.1.0'

The above values will be used to generate header in any of the .rb files that you create under this cookbook.
While creating a cookbook, the best practice is to pass the following options.

knife cookbook create thegeekstuff -C "Ramesh Natarajan" -m "ramesh@thegeekstuff.com" -I gplv3 -r rdoc

In the above command:

• -C is the copyright holder name. You can also use –copyright option.
• -m is the email address. You can also use –email option.
• -I is the license type. This will automatically add the appropriate license notice in the files that you create under this cookbook. The following are the valid license types you can use. In this example, we are using gplv3, which will add the GPL v3 license notice in the header. You can also use –license option.
  • apachev2 – This will use Apache v2.0
  • gplv2 – This option is for GPL v2
  • gplv3 – For GPL v3
  • mit – For MIT
• none – This option will add this notice to the files: “Proprietary – All Rights Reserved”
• -r option will define the format for the README files in this cookbook. Use “rdoc” option for Ruby docs, and “md” for markdown. Instead of -r you can also use –readme-format
• -o (or –cookbook-path) – This option is used when you want to specify a different directory path where you want the cookbooks to be created. In the above example, we are not using this option.

3. Upload Cookbook to Chef Server

The following “knife cookbook upload” command will upload the cookbook that we created above to the Chef server.
As we see, since this is the first version of this cookbook, it is showing the version number as 0.1.0.

# knife cookbook upload thegeekstuff
Uploading thegeekstuff [0.1.0]
Uploaded 1 cookbook.

When you have multiple cookbooks that has multiple versions, you can upload all of your cookbooks using option -a.
In the following example, we have 4 cookbooks, and the latest version of all these cookbooks are getting uploaded.

# knife cookbook upload -a
Uploading dev-cluster    [1.3.0]
Uploading dev-db         [1.0.0]
Uploading dev-web        [1.0.0]
Uploading thegeekstuff   [2.1.0]
Uploaded all cookbooks.

The following command will not only upload “thegeekstuff” cookbook, but it will also upload all the dependent cookbooks.

knife cookbook upload thegeekstuff -d

4. Lock a Cookbook from Future Edits

When you don’t want anybody else to be modifying a particular cookbook version, use the –freeze option.
In the following example, after this command, nobody can upload the 2.1.0 version of “thegeekstuff” cookbook anymore. You have to create a new version.

# knife cookbook upload thegeekstuff --freeze
Uploading thegeekstuff   [2.1.0]
Uploaded 1 cookbook.

If you are trying to upload the same version, you’ll get the following error message.

# knife cookbook upload thegeekstuff 
Uploading thegeekstuff   [2.1.0]
WARNING: Not updating version constraints for thegeekstuff in the environment as the cookbook is frozen.
ERROR: Failed to upload 1 cookbook.

For some reason, if you want to edit and upload a cookbook that is frozen, use the –force option.

# knife cookbook upload thegeekstuff --force
Uploading thegeekstuff   [2.1.0]
Uploaded 1 cookbook.

When you are uploading lot of cookbooks that are big, you can use the –concurrency option. By default this is set to 10. In the following example, we are setting the concurrency to 15 while uploading the cookbook.

# knife cookbook upload -a --concurrency 15

5. Get a List of ALL Cookbooks

The following “knife cookbook list” command will display all the cookbooks that are available on your Chef server. The 2nd column in the following output is the latest version of that cookbook.

# knife cookbook list
dev-cluster    1.3.0
dev-db         1.0.0
dev-web        1.0.0
thegeekstuff   2.1.0

To view how many versions are available for the cookbooks, use the -a option which will display ALL versions. You can also use –all option.

# knife cookbook list -a
dev-cluster    1.3.0  1.2.0  1.1.0  1.0.0  0.1.1  0.1.0
dev-db         1.0.0  0.1.0
dev-web        1.0.0  0.1.0
thegeekstuff   2.1.0  2.0.0  1.0.0  0.1.0

The -w option will display all the cookbook versions along with their corresponding URIs as shown below. You can also use –with-uri option. You can combine -a option with -w as shown below.

# knife cookbook list -aw
dev-cluster:
  0.1.0: https://chef-server/organizations/mycompany/cookbooks/dev-cluster/0.1.0
  0.1.1: https://chef-server/organizations/mycompany/cookbooks/dev-cluster/0.1.1
  1.0.0: https://chef-server/organizations/mycompany/cookbooks/dev-cluster/1.0.0
  1.1.0: https://chef-server/organizations/mycompany/cookbooks/dev-cluster/1.1.0
  1.2.0: https://chef-server/organizations/mycompany/cookbooks/dev-cluster/1.2.0
  1.3.0: https://chef-server/organizations/mycompany/cookbooks/dev-cluster/1.3.0
dev-db:
  0.1.0: https://chef-server/organizations/mycompany/cookbooks/dev-db/0.1.0
  1.0.0: https://chef-server/organizations/mycompany/cookbooks/dev-db/1.0.0
dev-web:
  0.1.0: https://chef-server/organizations/mycompany/cookbooks/dev-web/0.1.0
  1.0.0: https://chef-server/organizations/mycompany/cookbooks/dev-web/1.0.0
thegeekstuff:
  0.1.0: https://chef-server/organizations/mycompany/cookbooks/thegeekstuff/0.1.0
  1.0.0: https://chef-server/organizations/mycompany/cookbooks/thegeekstuff/1.0.0
  2.0.0: https://chef-server/organizations/mycompany/cookbooks/thegeekstuff/2.0.0
  2.1.0: https://chef-server/organizations/mycompany/cookbooks/thegeekstuff/2.1.0

6. Delete a Single Cookbook

Use the following “knife cookbook delete” command, which will delete the cookbook. In this example, we are deleting “dev-db” cookbook.

# knife cookbook delete dev-db
Do you really want to delete starter version 0.1.0? (Y/N) y
Deleted cookbook[dev-db version 0.1.0]

The -p option will delete the cookbook, and permanently purge the cookbook from the Chef server. Use this option with caution.

# knife cookbook delete dev-db -p
Files that are common to multiple cookbooks are shared, so purging the files may disable other cookbooks. Are you sure you want to purge files instead of just deleting the cookbook? (Y/N) Y
Do you really want to delete dev-db version 0.1.0? (Y/N) Y
Deleted cookbook[dev-db version 0.1.0]

7. Delete One (or All) Versions of a Cookbook

When a cookbook has multiple versions, the delete command will display all the versions and prompt the user to choose either one of the version, or all versions as shown below.

# knife cookbook delete thegeekstuff
Which version(s) do you want to delete?
1. thegeekstuff 2.1.0
2. thegeekstuff 2.0.0
3. thegeekstuff 1.0.0
4. thegeekstuff 0.1.0
5. All versions

In the above example, I choose 1 to delete “thegeekstuff” cookbook with version 2.1.0

1
Deleted cookbook[thegeekstuff][2.1.0]

You can also specify the version number to delete directly in the command lien as shown below.

# knife cookbook delete 2.1.0 thegeekstuff
Do you really want to delete 2.1.0 version thegeekstuff? (Y/N) N
Deleted cookbook[thegeekstuff][2.1.0]

If you want to delete ALL the version of a specific cookbook, use option -a as shown below. You can also use –all instead of -a.

# knife cookbook delete thegeekstuff -a
Do you really want to delete all versions of thegeekstuff? (Y/N) Y
Deleted cookbook[thegeekstuff][2.1.0]
Deleted cookbook[thegeekstuff][2.0.0]
Deleted cookbook[thegeekstuff][1.0.0]
Deleted cookbook[thegeekstuff][0.1.0]

8. Delete Multiple Cookbooks using Bulk Delete

In the following example, we are using “knife cookbook bulk delete” command to delete multiple cookbooks at the same time. You can pass regular-expressions as parameter to this command.
The following example will delete all the cookbooks that start with “dev-“.
This this example, we have three cookbooks that matches the given regular expression. But, each of these cookbooks have multiple versions. So, this command will delete all the version of these three cookbooks.

# knife cookbook bulk delete "^dev-*"
All versions of the following cookbooks will be deleted:
dev-cluster  dev-db       dev-web    
Do you really want to delete these cookbooks? (Y/N) Y
Deleted cookbook  dev-db                    [1.0.0]
Deleted cookbook  dev-db                    [0.1.0]
Deleted cookbook  dev-cluster               [1.3.0]
Deleted cookbook  dev-cluster               [1.2.0]
Deleted cookbook  dev-cluster               [1.1.0]
Deleted cookbook  dev-cluster               [1.0.0]
Deleted cookbook  dev-cluster               [0.1.1]
Deleted cookbook  dev-cluster               [0.1.0]
Deleted cookbook  dev-web                   [1.0.0]
Deleted cookbook  dev-web                   [0.1.0]

9. Download Cookbook from Chef Server

When you have chef-client installed on multiple machine, and when you want to download a cookbook that someone has modified on your client, then use the “knife cookbook download” command as shown below.
The following command will download the “dev-db” cookbook from the Chef server to your local machine.
The cookbook will be downloaded to the current directory. The downloaded cookbook folder will also have the version number appended at the end.

# knife cookbook download dev-db
Downloading dev-db cookbook version 0.1.0
Downloading resources
Downloading providers
Downloading recipes
Downloading definitions
Downloading libraries
Downloading attributes
Downloading files
Downloading templates
Downloading root_files
Cookbook downloaded to /root/chef-repo/dev-db-2.1.0

When you are trying to download a cookbook that has multiple versions, it will prompt you to choose a specific version.
In the following example, since “thegeekstuff” cookbook has multiple versions, it will display the following option, and you can choose one from the list.

# knife cookbook download thegeekstuff
Which version do you want to download?
1. thegeekstuff 0.1.0
2. thegeekstuff 1.0.0
3. thegeekstuff 2.0.0
4. thegeekstuff 2.1.0

You can also pass the cookbook version number in the command-line as shown below, to directly download that particular version to your local machine.

knife cookbook download thegeekstuff 1.0.0

If you just want to download the latest version of a cookbook without having to specify a version number, use -N option (or –latest option) as shown bnelow.

# knife cookbook download thegeekstuff -N
Downloading thegeekstuff cookbook version 2.1.0

When a version of the cookbook that you are downloading has already been downloaded before, you’ll get the following error message.

# knife cookbook download thegeekstuff 2.1.0
Downloading thegeekstuff cookbook version 2.1.0
FATAL: Directory /root/chef-repo/thegeekstuff-2.1.0 exists, use --force to overwrite

In that case, use the -f option (or –force) to download the cookbook and overwrite the local directory with the version that was downloaded from the Chef server.

knife cookbook download thegeekstuff 2.1.0 -f

Instead of downloading it under the current directory, you can also specify a download directory using -d option (or –dir option).
The following command will download “thegeekstuff” version 2.1.0 cookbook to ~/tmp/download directory.

knife cookbook download thegeekstuff 2.1.0 -d ~/tmp/download/

10. Generate Cookbook Metadata

You can generate metadata file for your cookbook using “knife cookbook metadata” command as shown below. The following command will generate the metadata.rb for all the cookbooks.

# knife cookbook metadata -a
Generating metadata for dev-cluster from /root/chef-repo/cookbooks/dev-cluster/metadata.rb
Generating metadata for dev-db from /root/chef-repo/cookbooks/dev-db/metadata.rb
Generating metadata for dev-web from /root/chef-repo/cookbooks/dev-web/metadata.rb
Generating metadata for thegeekstuff from /root/chef-repo/cookbooks/thegeekstuff/metadata.rb

If you want to generate metadata only for a specific cookbook, then specify the direct path of the metadata.rb file for that particular cookbook using the “from file” option as shown below.
The following command will generate metadata for “thegeekstuff” cookbook using the given metadata.rb file.

# knife cookbook metadata from file ~/chef-repo/cookbooks/thegeekstuff/metadata.rb 
Generating metadata for thegeekstuff from /root/chef-repo/cookbooks/thegeekstuff/metadata.rb

11. View Cookbook Details

You can view the details of a cookbook using “knife cookbook show” command.
When you don’t specify a version number for a cookbook, the show command will display list of all the version numbers available for the given cookbook.

# knife cookbook show thegeekstuff
thegeekstuff   2.1.0  2.0.0  1.0.0  0.1.0

But when you specify a version number, this will display lot more information about the cookbook as shown below.

# knife cookbook show thegeekstuff 2.1.0
attributes:
chef_type:     cookbook_version
cookbook_name: thegeekstuff
definitions:
files:
frozen?:       false
json_class:    Chef::CookbookVersion
libraries:
metadata:
  attributes:
  chef_versions:
  conflicting:
  dependencies:
  description:      Installs/Configures thegeekstuff
  gems:
  groupings:
  issues_url:       
  license:          GNU Public License 3.0
  long_description: = thegeekstuff Cookbook
..
..
  checksum:    9a54be168e2b14cdc2a9df3064be3286
  name:        metadata.rb
  path:        metadata.rb
  specificity: default
  url:         https://chef-server:443/bookshelf/organization-c84c3ff1/checksum-9a54be168e2&Expires=1461804848&Signature=1ofduwz0
templates:
version:       2.1.0

The default output of the above command will display lot of information.
You can also specify a section number to the show command as shown below, which will display only that particular section in the show command output.
For example, the following will display only the “attributes” section from the docker_custom.rb file of “thegeekstuff” cookbook.

knife cookbook show thegeekstuff 1.2.0 attributes docker_custom.rb

The following show command will display only the “recipies” PART (section) from the given .rb file of the “thegeekstuff” cookbook.

knife cookbook show thegeekstuff 1.2.0 recipies deploy/testserver/tomcat_custom.rb

The following are the possible sections that you can pass as a parameter to the above show command.

• attributes
• definitions
• files
• libraries
• providers
• recipes
• resources
• templates

Also, use -F option to specify a output format for the knife cookbook show command. The following will display the output of the show command in JSON format.
To view information in JSON format, use the -F common option as part of the command like this:

knife cookbook show thegeekstuff 2.1.0 -F json

The following are the available formats:
json – for JSON format
text – for plain text
yaml – Standard YAML format
pp – Post processing format

12. Validate Cookbook Syntax

The following “knife cookbook test” command will do a syntax check validation on the cookbook files.
In the following example, we have an error in “thegeekstuff” cookbook. As you see in the last line, it says that the method “author” in the metadata.rb file is undefined and not recognized by Chef.

# knife cookbook test thegeekstuff
checking thegeekstuff
ERROR: knife encountered an unexpected error
This may be a bug in the 'cookbook test' knife command or plugin
Please collect the output of this command with the `-VV` option before filing a bug report.
Exception: NoMethodError: undefined method `author' for #<Chef::Cookbook::Metadata:0x00000002a0a030>

Once the syntax error is fixed, we’ll see the following output indicating that our cookbook passed all the syntax verification.

# knife cookbook test thegeekstuff
checking thegeekstuff
Running syntax check on thegeekstuff
Validating ruby files
Validating templates

If you get this “WARNING: DEPRECATED: Please use ChefSpec or Rubocop to syntax-check cookbooks.” in the above output, you can ignore it.
To do a validation on all the cookbooks using the -a option (or –all option) as shown below.

# knife cookbook test -a
Running syntax check on dev-cluster
Running syntax check on dev-db
Running syntax check on dev-web
Running syntax check on thegeekstuff
..

> A

Server-Based VirtualBox

By Thomas Zeller

Oracle’s free VirtualBox virtualization solution is intended for use on the desktop. Management of virtual machines is via a GUI that only works locally and cannot be used on the network. Although a command-line option is available, it offers very few of the comforts to which you’ve become accustomed. With the tools presented in this article, users can control VirtualBox VMs on the server remotely and conveniently.

Why VirtualBox?

VirtualBox offers a number of advantages compared with other virtualization solutions. For example, the program is available free for the major platforms (e.g., Windows, Linux, Mac OS X, and Solaris), and it supports a wide number of guest systems, including exotics such as DOS/WIN 3.1 and OS/2.

Installing VirtualBox is easy on any platform because it usually only involves running a setup program or installing a package on the system. VirtualBox does not place heavy demands on the hardware; it does not require Intel VTX/AMD-V or a special Linux kernel, although it still offers great performance, thanks to its own guest extensions. In the VirtualBox Remote Desktop Protocol (VRDP, Figure 1), VirtualBox also has a built-in graphical interface to all the virtual machines: an RDP client is sufficient to access the VMs on the network regardless of the guest operating system.

Figure 1: Thanks to VRDP support, you can access the virtual machine consoles in your browser with phpVirtualBox.

Free or Not Free?

Up to version 4.0 of VirtualBox, both a commercial and an open source edition (OSE) existed. The OSE often was available in the various Linux distro repositories, so users could easily install via their package repositories. As of version 4.0, Oracle has now merged these two versions in a binary, which you can download from the VirtualBox website. For Linux users, Oracle continues to providerepositories for various  Linux distributions. The non-free components, such as support for USB 2.0 devices, the VRDP server, and PXE boot for Intel network cards, were outsourced into the Extension Pack. Non-free here means Oracle has not released the source code. The Extension Pack is still available free of charge.

Headless Servers

For operations on devices without a graphical user interface, VirtualBox can launch virtual machines in Headless Mode. VMs launched in this way automatically have VRDP support, so that network access to the system running on the virtual machine is possible with an RDP client.

I installed VirtualBox on an Ubuntu LTS 10.04.4 (Lucid Lynx) server, 64-bit version. The host needs to be running a 64-bit kernel to create 64-bit VMs. The quickest way to install is to add the VirtualBox package source to your sources.list file

sudo sh -c 'echo "# VirtualBox repository Ubuntu 10.04 LTS Lucid \
   deb http://download. virtualbox.org/virtualbox/debian \
   lucid contrib" >> /etc/apt/sources.list'

and then add the GPG key to your keychain:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 98AB5139

Now, update the package list and install the current 4.1 version of VirtualBox:

apt-get update && apt-get install virtualbox-4.1

For VRDP support, you still need the matching Extension Pack for your VirtualBox version. To be on the safe side, you will want to enter

vboxmanage -v

to check the version. Then download and install the Extension Pack. For my server, the procedure is shown in Listing 1. VirtualBox should now be running on your server.

A Walk Through VirtualBox

Because the Linux server doesn’t have a graphical user interface, controls are restricted to the command line. The focus here is the vboxmanage command; if you call it with the -h parameter set, you are treated to no fewer than 448 lines of commands and parameters. You just need a few of them to start creating, cloning, deleting, and modifying virtual machines. For more information, check out Chapter 8 of the VirtualBox online help.

Anyone who finds this process cumbersome can simply use a same-version VirtualBox installed on the desktop (independent of operating system) and point and click to create the VMs for the server. Of course, the configuration for, say, the network has to be adjusted to match the host later on, but you can then easily export the VM and its virtual hard disk in the main menu (File | Export Appliance) to create an .ova file. If you use the .ovf extension, the configuration file and virtual disk will be exported to their own files. Once the VM has been copied to the server, it can be imported again with the command:

vboxmanage import my-vm.ova

To start the virtual machine on the server, type:

vboxmanage startvm <UUID>/<Name>

If you are not quite sure of the name or the UUID for the VM, you can retrieve this information with the

vboxmanage list vms

command.

VirtualBox GUI on the Network

You will not always want to manage VirtualBox on the server via the command line. Alternatively, you can use the graphical front end phpVirtualBox by Ian Moore, which offers browser-based controls. phpVirtualBox maps the VirtualBox GUI in detail with the help of Ajax in the browser (Figure 2).

Figure 2: phpVirtualBox with its Ajax interface precisely emulates the known functionality of the native GUI.

This means virtually no restrictions compared with operations as usual on the native GUI. However, phpVirtualBox is not designed for setting up a hosted service in which multiple users have different permissions for the different VMs: The administrator on phpVirtualBox always has full control of all the VMs on the host.

phpVirtualBox

To communicate with the VirtualBox host, phpVirtualBox uses the Oracle SOAP interface VBoxWebSrv. In combination with a locally installed Apache2 web server with PHP 5 support, you then have a complete setup. The VirtualBox host and Apache could, in principle, be installed on two separate physical machines using phpVirtualBox. However, because Oracle’s VBoxWebSrv does not provide any kind of encryption, communications – and thus transmission of the password – from the web server to the VirtualBox host would be unencrypted.

VirtualBox doesn’t globally map VMs to the system, but always to the user who created the VM. Therefore, you first need to create an appropriate user and a group. In this example, the user will bevbox and the group vboxusers .

On Ubuntu, the following commands set this up:

sudo groupadd vboxusers
sudo useradd -m vbox -G vboxusers

The virtual machines are created later in the/home/vbox/VM directory. Finally, assign the new user a password:

sudo passwd vbox

Before you configure phpVirtualBox, you first need to install the Apache server, PHP, and some more packages, then set up VBoxWebSrv. To do so, create a file named /etc/default/VirtualBox with the editor of your choice and enter the user vbox in that file:

VBOXWEB_USER=vbox

Then, start VBoxWebSrv with the command

sudo /etc/init.d/vboxweb-service start

and type

sudo update-rc.d vboxweb-service defaults

to ensure that the service also starts automatically after a reboot. Next, install the packages required for running phpVirtualBox:

sudo apt-get install apache2-mpm-prefork apache2-utils apache2.2-bin \
   apache2.2-common apache2 apache2-mpm-prefork apache2-utils apache2.2-bin \
   apache2.2-common apache2-doc apache2-suexec libapache2-mod-php5 libapr1 \
   libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libapr1 libaprutil1 \
   libaprutil1-dbd-sqlite3 libaprutil1-ldap php5-common php5-common \
   php5-mysql php5-suhosin php-pear wget

Now, change directory to /var/www and download the latest stable version from the phpVirtualBox project website be typing the following at the command line:

wget http://phpvirtualbox.googlecode.com/files/phpvirtualbox-4.1.17.zip

After unpacking with

sudo unzip phpvirtualbox-*.zip

you will find a new directory named phpvirtualbox-4.1-7 in /var/www . For simplicity’s sake, change the directory name to phpvirtualbox to avoid unnecessary typing later on.

Finally, you need to add the username and password to the configuration file for phpVirtualBox. Fortunately, the developer provides a suitable template that you simply copy:

sudo cp /var/www/phpvirtualbox/config.php-example /var/www/phpvirtualbox/config.php

Now add the following lines to the /var/www/phpvirtualbox/config.php file:

var $username = 'vbox';
var $password = 'User-password-vbox';

In your web browser, you can now surf to http://<Hostname>/phpvirtualbox to access phpVirtualBox. For the first login, the username is admin and the password admin . Next, in File | Global Settings | User , assign administrative rights to the user vbox and define a password for logging into the web interface (Figure 3).

Figure 3: Setting up user vbox.

It is a good idea to delete the admin user immediately – or at least change the password to something secure. In the phpVirtualBox web GUI, you can now fully control VirtualBox over the network, just as in the native client.

Although it is easy to work with phpVirtualBox, unfortunately the VirtualBox API does not support automatically starting and stopping VMs at system boot or shutdown time, so you must again delve into the toolbox to automate the VirtualBox host’s operations as much as possible.

VBoxTool for Automation

VBoxTool comprises a series of wrapper scripts for the VirtualBox CLI tool VBoxManage; for example, you can automatically start and stop individual or all virtual machines when the host is started or shut down (Figure 4).

Figure 4: VBoxTool simplifies the management of virtual machines on a VirtualBox host. With a single command, you can view the status of VMs and start, stop, or backup via rsync.

With VBoxTool, you can also retrieve information about the status of all or just the current virtual machines or handle bulk operations at the command line with a single command.

All it takes to start, stop, or switch all virtual machines to save mode at the same time, or to back up the VMs automatically with the help of rsync , are the following commands:

vboxtool start
vboxtool stop
vboxtool save
vboxtool backup

When running the backup command, VBoxTool also takes care of automatically switching the machine to secure mode and restarting after creating the image.

Installation

Installing VBoxTool is very easy: First, download the ZIP archive from the VBoxTool project page, then unzip the contents of the ZIP archive in your home directory on the server system:

unzip vboxtool-0.4.zip

Then, copy the main script to /usr/local/bin :

sudo cp ~/script/vboxtool /usr/local/bin

Now you need to make the script executable,

sudo chmod +x /usr/local/bin/vboxtool

and make the init script executable,

sudo cp script/vboxtoolinit /etc/init.d
sudo chmod +x /etc/init.d/vboxtoolinit

which then needs to be enabled for the appropriate runlevels:

sudo update-rc.d vboxtoolinit defaults 99 10

The VBoxTool configuration is based on just two files, For the first file, you need to create a directory in /etc :

sudo mkdir /etc/vboxtool

With your editor of choice, now create a file named vboxtool.conf that only contains the username of the account on which VBoxTool runs. In this example, the user is vbox :

vbox_user='vbox'

Optionally, you can specify a backup directory to which the virtual machines are automatically backed up. If you specify a backup directory, you can back up virtual machines over the network – for example, to a NAS or a share on a server. However, you must make sure the user also has the appropriate write permissions in the specified directory.

backup_folder=/home/user/vboxbackup

If you do not explicitly specify the backup folder, the backups are created in the respective folders of the VMs.

For VBoxTool to know which VMs it is responsible for from now on, you need to create another file:

/etc/vboxtool/machines.conf

In the file, enter a separate line for each of the virtual machines on your host, using the following format:

<VM-Name>,<VRDP-Port>

Notice that you are not allowed to put spaces before or after the comma . On my test server,/etc/vboxtool/machines.conf looks like this:

zarafa,3389
WindowsXP,3390

The machines listed here are now automatically started by VBoxTool when the host system boots and are stopped again at shutdown.

The configuration stage is done. From now on, the commands listed in Table 1 are available for you to control your virtual machines.

Conclusions

VirtualBox is a genuine alternative to the established, and usually much more complex, virtualization environments of VMware and other server-side virtualization specialists. Although VirtualBox is primarily intended for use on the desktop, the hypervisor can be managed in headless mode – that is, without a graphical user interface.

If you are ready for some creative configuration, you can compensate for the lack of network connectivity in the VirtualBox GUI by designing your solution around a pair of helpful open source tools: VBoxManage and phpVirtualBox.

Info

[1] Ubuntu Apache documentation

The Author

Thomas Zeller has focused on IT security and open source for 15 years. Zeller is also the author/co-author of the books OpenVPN kompakt  and Mindmapping mit FreeMind (in German). In real life, Thomas Zeller is the managing director of a medium-sized IT system integration company.