Versions Compared

Version Old Version 13 New Version 14
Changes made by

Howard Gilbert

Howard Gilbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is not generally possible to drag and drop files between the Linux and Windows systems. Of course, you can use network file sharing between the machines, but there is a simpler solution. VirtualBox provides a feature called "Shared Folder". In the settings for the VM, there is a section for Shared Folder. You can designate one or more directories on the host computer (D:\sandbox is configured initially for the Sandbox VM). This directory is then given a name ("sandbox" for D:\sandbox). The shared host folder appears to the VM to be a virtual disk or virtual shared disk that can be mounted in Linux or assigned a disk letter (if you have a Windows VM). For Linux VMs, the shared folder is automatically mounted (because of the check box in the VM settings) to the location /media/sf_[name] (that is, /media/sf_sandbox for the name "sandbox"). The casdev user has been added to a group that allows read/write access to the files in the shared folder. This allows easy transfer of files between the VM and the host (Windows?) operating system. Copy files to or from C:\sandbox on the one end, and to or from /media/sf_sandbox on the other end.

The Virtual Network

Setting up the virtual network for the Sandbox Each VM has a virtual LAN adapter. VirtualBox can be configured to support this virtual adapter in several different ways. This is the most complicated configuration option. There are several possibilities, each with advantages and disadvantages.

First, we need to understand some basic Internet network terms. A private network connects some computers or virtual machines to each other, but not to the Internet or the outside world. If you connect computers at home to each other with an Ethernet switch but do not connect a router or a connection to an ISP, then you have a private network. To connect this private network to the outside world you add a cable or DSL modem and a "router" box, but these home routers use a protocol called "NAT". Your home has only one network address assigned to it by the cable or phone company, and all your browsers and mail clients on all your computers have to share it. NAT converts outbound requests from client programs in your home to server programs outside your home so that they all appear to the outside world to be coming from the one IP address managed by the router box. The NAT router connects to the outside service on behalf of the internal client program and it forwards traffic back and forth between the private network and the Internet.

VirtualBox can configure a VM to have a simulated Eithernet adapter that is backed by a NAT service on the host computer. This is a direct connection between the VM on the one end and the host computer on the other end. More than one VM can have a virtual Ethernet adapter that uses the NAT service, but the VMs cannot talk to each other. For that matter, they do not really talk to programs on the host computer either. They simply pass through requests from clients on the VM to servers somewhere on the Yale network or the Internet. From the VMs point of view (if you display network configuration with Linux administration tools) it sees a network with the VM at one end and a NAT router at the other end and nothing else on the network. Of course, the NAT router is connected to the outside world of real computers, but that is outside the router.

VirtualBox can also configure a VM to have a LAN adapter that is "bridged" to the real network of the host computer. The host, after all, has a wired or wireless LAN that connects it to the Yale network and through Yale to the Internet. Every real computer on the Yale network has to be assigned an IP address by Network operations. With a "bridged" LAN adapter, the VM acts like a real computer that shares the real network connection of the host computer. The downside is that the Yale network treats it as a second machine, which means it has to be registered with Network Operations and it has to be assigned its own IP address. This is typically more bureaucracy than anyone needs, although it is a good solution if you are running a Server operating system in your VM and you want other computers to be able to connect to it and use its services. CAS is a server of sorts, but developers generally do not need and in fact do not want other machines to connect to the CAS they are developing.

The VirtualBox "Host-only Adapter" creates a virtual private LAN. First, VirtualBox creates a dummy LAN connector on the host computer. In Windows you get a system dialog asking if you want to install a new device. It looks just like a real LAN adapter, only there is no hardware. Then VMs that are configured to use "Host-Only adapters" each get their own simulated LAN adapter hardware. VirtualBox connects the host computer and the VMs to each other as if all these simulated LAN adapters were plugged into a simulated Ethernet switch. The VMs can talk to the host and to each other, but VirtualBox does not create a NAT function.

There is a "NAT Network" that allows VMs to talk to each other and the outside world, but it does not allow the host computer to talk directly to the VMs.

Each solution has a problem. The simple NAT adapter does not allow the VMs to talk to each other and makes it hard for programs on the host to talk to programs on the VM. The bridged solution allows everyone to talk to everyone, but it exposes your VMs to the outside world and requires registering the VMs as if they were real machines. The private network allows VMs to talk to each other and to the host, but not to the outside world. The NAT Network allows the VMs to talk to each other and to the outside world, but not to programs on the host.

You can use the private network solution and then install a non-Virtualbox NAT service on the host OS. It works, but it is a fairly complicated configuration option. So eventually it became clear that the simplest solution was to configure two LAN adapters on each VM. One is connected to a private virtual network connecting the host computer and the VMs to each other. This allows CAS to replicate tickets between VMs and it allows a browser on the host computer to connect to CAS on a VM. The other virtual LAN adapter on each VM is connected through a NAT service to the Yale network and Internet. It allows the VM to communicate with the Yale SVN server or the Centos software update servers.

On the virtual private network, the host computer has IP address 192.168.137.1 and the Sandbox VMs have addresses starting at 192.168.137.10.

The Sanbox VM image is designed to be Cloned (a VirtualBox operation) to create a second VM for a CAS cluster. There are two hostnames (vm-ssoboxapp-01 and -02) with two IP addresses (192.168.137.10 and 11) on two Ethernet adapters (MAC address 08:00:27:A9:84:AD and AE). The distributed VM uses the first hostname, IP address, and MAC address. After cloning it, and before you start the cloned VM, change its MAC address so the last byte changes from AD to AE. When the cloned VM first comes up, issue the step in the Sandbox configuration and needs to be understood, at least in basic terms, so the developer knows how to interpret behavior.

First, we need to define a few network terms. Suppose you have several real computers that you are connecting together in a home network. If you wire them to each other through a switch but you do not connect them to any router, then you have a Private Network. The machines can talk to each other but not to the outside world. You can assign each machine a static IP address, and for home networks this is traditionally a 192.168.1.* number. Of course this is the most secure arrangement, but it is not very useful.

So you get a DSL connection from the phone company or a cable connection from you TV provider, and you connect it these days to a Wireless Router box. Home routers add two network functions: DHCP and NAT. DHCP assigns addresses (from the 192.168.1.* subnet) to machines that are not configured to use a specific private address. NAT allows the router to forward client requests from any computer on the private network to the internet, but when it forwards the request it readdresses it so that the outside world thinks the request came from the router. This is important because the phone or cable company only assigned one IP address to your home, the router owns that address, and all the computers in your home have to share that one address. If one of your computers has a server (say a Java Web application on port 8080) then the NAT router can be configured to map all incoming request to its port 8080 to go to that machine.

Now we can describe the VirtualBox LAN connection options and define their limitations.

NAT - One VM appears to be connected to its own network with a NAT router simulated on the host real machine. The VM can access the Yale network and internet, but the host computer cannot talk to it except through mapped ports. Unfortunately, if you expose a port to the Host computer you also expose it to the whole Yale network because it becomes a real port on the host computer.

NAT Network - Several VMs are connected to a private network with a NAT router simulated on the host real machine. Like the previous configuration, except in this case the VMs can talk to each other as if they were real computers on a real network.

Bridge - All the VMs appear to be directly connected to the real network to which the host computer is connected. At Yale, that means that every VM has to be assigned its own IP address from Data Network Operations. Since that address is real, no other developer can use the same set of addresses for his Sandbox machines. This also exposes the VMs to the outside world (at least the Yale network).

Host-Only Adapter - First, this creates a virtual LAN adapter on the host computer (you get a dialog box on Windows asking you to install a new device). Then logically it connects this simulated LAN adapter to a Private Network to which all the VMs are connected. Typically you assign a static address like 192.168.137.1 to the host computer and then other static addresses like 192.168.137.10 to each VM. VirtualBox does not provide any DHCP or NAT router function, so if this is all you do then the VMs cannot talk to the Yale network or Internet.

It has always been possible to use a regular computer to perform the DHCP and NAT router function. Windows calls this Internet Connection Sharing (ICS) and it was useful back in the day when a Windows box logged on to a network provider and then shared this connection to the other home computers. Today when every phone or cable company includes a NAT Wireless router with their basic Internet service package, ICS is not widely used. If it were only possible to create one LAN adapter on each VM, then the Host-Only Adapter combined with ICS or its Mac equivalent on the host computer would be the best network solution.

However, VirtualBox can attach up to 4 simulated LAN adapters to each VM. In this case, it is simplest to create two LAN adapters for two different purposes. One is a simple NAT adapter that gives the VM client only (no mapped ports) access to the Yale network (to the SVN server for example) and to the Internet (to the Centos software update sites for example).  The other adapter is a Host-Only Adapter that creates a simulated Private Network that connects the VMs to each other and to the Host computer. Neither network connection allows computers other than the Host to connect to see the VMs, logon to them, or use services like CAS. Because the Host-Only network is private, it can have the same IP addresses and configuration on every desktop for every developer.

In the Host-Only Private Network, the host computer must be configured to have IP address 192.168.137.1. You specify this when you create or modify the network in the VirtualBox management console (that lists the installed virtual machines). Click File - Preferences - Network. Select the Host-only Networks tab. If no network is listed, click the Add (plus) button to create it. It will be called VirtualBox Host-Only Ethernet Adapter and when you create it you have to let the system add a new device to the system (so you need Administrator privilege on your machine). If you click the adapter, you can set its IPv4 Address to 192.168.127.1 and the Network mask to 255.255.255.0.

The Sandbox VM should be configured with two adapters. Select it in the VirtualBox management console and click Settings - Network. Adapter 1 should be Attached to Host-only Adapter and Adapter 2 should be attached to NAT.

If you need to simulate a second VM, clone the Sandbox computer (as explained below) and then in the clone configuration you leave Adapter 1 attached to the same Host-only Adapter but now you expose the Advanced options and change the MAC Address to be one larger (change AD at the end to AE).

The Centos operating system in the Sandbox VM has two different configurations for two different LAN adapters with different MAC addresses. It selects which IP address it uses based on which MAC address the simulated LAN adapter exposes. The first VM (ending in AD) gets 192.168.137.10 and the second (AE) gets .11. However, it is not possible to automatically change the hostname based simply on the MAC address. You have to do that manually the first time you boot up the cloned second VM. Issue the following command once:

sudo hostnamectl set-hostname vm-ssoboxapp-02.web.yale.internal

to change the hostname permanently on that VM.

If you want more than two virtual machines, then you have to add a new Network adapter configuration in /etc/sysconfig/network-scripts and add a new line in all the hosts files.

...