virtualbox.org

Hi, I'm new here so please kindly redirect me if this is not the subforum for my inquiry.

I noticed that a clean install of VirtualBox-6.0 on a clean install of Fedora 30 (also including any updates to current kernel) with the Oracle Extension Pack directly from the source doesn't function with default settings. I am currently on VirtualBox-6.0.14 and the Oracle Extension Pack is also on 6.0.14, but this issue was also relevant since 6.0.0, and possibly before (I have only just started using VirtualBox).

The issue is, one of the features of the Oracle Extension Pack is to implement the groundwork for a remote application to control the virtual environment. I am using RemoteBox for this. However, the vboxweb-service is set to start After vboxdrv.service only. This causes the service to fire once VirtualBox has loaded (it is also on auto-start), but is indifferent to when the firewall has loaded. The desired result is enabling vboxweb-service causes the service to auto-start on system boot and to have the server listen on the chosen port(s) for the primary API access and any additional VM Server-RDP sessions that are configured. The actual result is nothing is listening on the ports (netstat -peanut) desired until the service is manually restarted (systemctl restart vboxweb-service) and then the server does listen. This also requires restarting any VM's that were set to auto-on if it is desired to use the server-side RDP feature.

Being new to VirtualBox and Linux in general, I do not know what the standard for auto-starting services that require firewall rules is. I have found that I can successfully auto-start the service when I wait for the network connection to be online by adding "network-online.target" to the "After" line (so After=vboxdrv.service network-online.target) of vboxweb-service in the [Unit] section. This should guarantee the service to start after the firewall has been engaged for my setup since I only have a simple single connection interface. However, it is clear that this file is not intended to be edited directly, as my edit is being reverted every time there is an update.

According to what I have seen, this issue may be common among all host OS's using firewalld. SELinux refused to behave with the extension pack so it is in Permissive mode and therefore not the issue, and my firewall is configured with simple port open exceptions.

If I am way off track or am doing something wrong, please correct me. I have only been working with linux for a few months and less time with VirtualBox. If I have identified the problem correctly, what would the correct channel be for me to make a suggestion to add my workaround (or a better one) to a future VirtualBox update?

Well, after the chirping crickets got to me, the issue was resolved by replacing virtualbox with VMWare and Fedora with a new OS I wrote.

EternalNoob wrote:and Fedora with a new OS I wrote.

That's got to be the <insert_your_characterization_here> comment I've seen in a long time!

What exactly do you mean "a new OS that I wrote"? Just on of a whim, you wrote your own OS?

lol...no I didn't write my own OS. Just thought I'd type something outrageous to see if anyone even noticed my thread. I guess I need to somehow reword my issue since nobody seems keen to weigh in. I did happen to change from Fedora to CentOS...but that's not really a change and it's not like anything is different. I'll probably still have this issue on CentOS, but I have just been doing clean installs so I haven't upgraded anything yet.

Not that I can answer your problem, but there's one other reason why folks don't answer your first thread: They don't know how to answer it. I didn't know how to answer it when I saw it, so I just waited until someone else might answer it and I could learn too.

I mean, 25 repeats of "Saw this but beats me how to fix it"s is probably going to get irritating, eh?

These are user forums, peopled by volunteer fellow Virtualbox users, not a channel for official Oracle support.

This sort of stuff:

EternalNoob wrote:after the chirping crickets got to me

EternalNoob wrote:Just thought I'd type something outrageous to see if anyone even noticed

probably ain't going to get you that fuzzy warm supportive assistance from your fellow Virtualbox users that you're hoping for. Best to dial that way back.

These things sound different:

EternalNoob wrote:one of the features of the Oracle Extension Pack is to implement the groundwork for a remote application to control the virtual environment.

EternalNoob wrote:vboxweb-service

EternalNoob wrote:use the server-side RDP feature

Compare your desired usage with the manual, section 1.6, on what the Extension Pack provides. Please restate your problem in a concise way. What exact portion of the Extension Pack's services are you trying to use? And how is the firewall interfering?

[color=#105289]EternalNoob[/color] wrote: Just thought I'd type something outrageous to see if anyone even noticed my thread

As a Moderator I have to not only notice, but actually read each and every thread. And so do most Volunteers. The fact that you didn't receive an answer was most properly answered by the following:

[color=#3366CC]scottgus1[/color] wrote:there's one other reason why folks don't answer your first thread: They don't know how to answer it.

[color=#105289]EternalNoob[/color] wrote: I guess I need to somehow reword my issue since nobody seems keen to weigh in.

To be honest, your question is more of a Linux one than a VirtualBox one; how to setup your Linux Host so that a specific service starts at a specific point, with specific conditions. You might have a better chance if you were to ask that question in a Linux forum, an even better chance it you were to ask this in a RedHat/CentOS forum.

I really appreciate however your logic to ask the question here:

[color=#105289]EternalNoob[/color] wrote:If I have identified the problem correctly, what would the correct channel be for me to make a suggestion to add my workaround (or a better one) to a future VirtualBox update?

I searched for RemoteBox and I noticed that it talks about connecting to VirtualBox web service. This is a feature of VirtualBox that's rarely used by the majority of the users, so your audience is limited to begin with. For example, I've never used it, I'd have to really go out of my way to try and replicate what you're seeing. And being primarily on an OSX Host, that would make a huge difference from the get-go.

There are two more programs that might do what you want to do: phpVirtualBox and Hyperbox, you might want to check them out...

Finally (and this may be completely unrelated), I couldn't help but noticing that RemoteBox is using a barrage of packages to do what it needs to do, my eye caught the "SOAP::Lite perl module". And that rang a bell, from a recent comment on ticket #19074:

[color=#AA0000]klaus[/color] wrote: P.S.: I'm surprised that you're using Perl for webservice programming. It's pretty tedious and I've removed the perl bindings from the VirtualBox SDK ages ago because it's such a waste of CPU cycles to even get SOAP::Lite to process the .wsdl files. For Python2 we have very comfortable bindings (work transparently with webservice and local API). Unfortunately we didn't find time yet to work on webservice support for Python3, because the ecosystem changed completely and for a long time there was no sensible SOAP support at all.

Thank you for the responses. I apologize since I have clearly taken a poor approach for my issue and I did not mean to annoy anyone. I understood that there wouldn't necessarily be anyone answering my question, but I was hoping to find replies like I have now gotten which advise me how to rephrase or redirect my question. I will now attempt to do that.

Ok, so ignore what I said about RemoteBox, it is not directly relevant and it's distracting to include it in my description of my issue.

On Section 1.6 of the VirtualBox manual:

Extension packs. Additional extension packs can be downloaded which extend the functionality of the Oracle VM VirtualBox base package. Currently, Oracle provides a single extension pack, available from: http://www.virtualbox.org. The extension pack provides the following added functionality:
...
3. VirtualBox Remote Desktop Protocol (VRDP) support. See Section 7.1, “Remote Display (VRDP Support)”.

This is a part of the extension pack functionality that I am using. I understand why this would be a rarely used feature, as it would be redundant at best. I am also interested in exposing the API. This is another part of the functionality of the extension pack. From the SDKRef.pdf:

1.2 Two guises of the same “Main API”: the web service or COM/XPCOM

• There are several ways in which the Main API can be called by other code:
  1. VirtualBox comes with a web service that maps nearly the entire Main API. The web service ships in a stand-alone executable (vboxwebsrv) that, when running, acts as an HTTP server, accepts SOAP connections and processes them.
     
     Since the entire web service API is publicly described in a web service description file (in WSDL format), you can write client programs that call the web service in any language with a toolkit that understands WSDL. These days, that includes most programming languages that are available: Java, C++, .NET, PHP, Python, Perl and probably many more. All of this is explained in detail in subsequent chapters of this book.

and

1.4.1 Command line options of vboxwebsrv

• The web service supports the following command line options:
  ...
  --port (or -p): This specifies which port to bind to on the host and defaults to 18083.

I believe that the Oracle Extension Pack seems to have vboxweb-service disabled by default, presumably since it is only part of the extension it is not enabled for security purposes? However, this service does come with this extension pack and will cause the host pc to broadcast on 18083 automatically (minus firewall exceptions) if it is started or enabled.

What I would like to do that works:
I would like to have the exposed api on port 18083 and also configure the VRDP for each of my virtual machines on separate ports. I can do this and it works correctly if my firewall is off.

If I have my firewall on and manually start my vboxweb-service from command line after having made exceptions in my firewall, this again works.

What I would like to do that does not work by default:
I would like to have this service automatically start up with my host and broadcast like it does when I manually start it.
If I enable the vboxweb-service to automatically start when the computer turns on, this initially does not work. If I stop and start the service again after the system is fully online, everything works again.

I suspect this issue is because vboxweb-service (which I did not write but came with the extension pack) by default does not wait for my firewall to load to run when enabled. I have worked around this by editing this service to wait for my network to come online, which does produce the results I would like. However, this service seems to revert to its default version when initiate a VirtualBox upgrade...presumably when I am upgrading the extension pack?

What I would like to have changed:
My workaround to the issue I seem to be having doesn't appear to be a permanent solution. I would like to find a permanent solution.

Thank you very much for taking the time to review my issue. Please warn me again if I am still unclear or my issue still appears to be more of a linux issue than a VirtualBox issue.

EternalNoob wrote:I apologize

No problem, We're cool..

I don't know if this will help or is just a pedantic spin, but the Extension Pack does provide the VRDP remote desktop server. However, the Virtualbox web service is part of the default Virtualbox installation and does not come from the Extension Pack.

I have never played with the web service, so I have no idea if its interaction with the firewall is as designed or there's a bug. I have had times a computer didn't do things in the order I wanted them, and I rolled up a script to force the order to my will, as you've done.

You might try asking on the Bugtracker whether this behavior is right, or try the Virtuabox API subforum.

I had to read your post a couple of times, because it was super-confusing, and that's because you're confusing which/what/where/when. Let's get some misconceptions straight:

1. The VirtualBox RDP server comes with the Extension Pack. It's a common RDP server running on the Host. It allows you to RDP to a VM by connecting to "Host:port".
2. The vboxwebsrv comes with the main program. It's a common webserver running on the Host.

EternalNoob wrote:I believe that the Oracle Extension Pack seems to have vboxweb-service disabled by default, presumably since it is only part of the extension it is not enabled for security purposes?

The ExtPack has nothing to do with vboxwebsrv. And yes, it's disabled by default, mainly because it's not used. And the security philosophy goes "if you don't need it, don't enable it".

EternalNoob wrote: However, this service does come with this extension pack

No. See above...

EternalNoob wrote:I would like to have the exposed api on port 18083 and also configure the VRDP for each of my virtual machines on separate ports.

Two completely unrelated funcionalities. Like saying "I'd like to have a webserver and a mail-server". Sure you can...

EternalNoob wrote:I would like to have this service automatically start up with my host and broadcast like it does when I manually start it.

See the related ch. in the User Manual: Starting the Oracle VM VirtualBox Web Service Automatically. Did you try that?

EternalNoob wrote:I suspect this issue is because vboxweb-service (which I did not write but came with the extension pack)

No, see above...

EternalNoob wrote:because vboxweb-service ... by default does not wait for my firewall to load to run when enabled.

And that's where the Linux related question comes in. If the instructions on the User Manual (above) don't work in your case because of service startup issues, then you got to attack this from your Host's side.

But, I still don't get it, if you have setup your firewall correctly, there should be rules in place as to what's blocked and what's allowed. If anything:

• If the firewall service is starting later, ports should be open (by default) for everything, and when the firewall service starts, it should start blocking specific ports based on its rules. If you've setup your firewall correctly, the vboxwebsrv should be in the do-not-block rules.
• If the firewall starts earlier than the vboxwebsrv, still the rules for the firewall shouldn't block vboxwebsrv.

Thank you again for taking time to review my issue. It is clear to me now that I have confused some things. I believe that ultimately, I will need to use the bugtracker to determine if my observed interactions are intended or not. I also now believe that socratis is correct, and that the issue should not be my firewall at all. A possible alternate explanation would be perhaps vboxweb-service is attempting to listen on a port before my network is even online period. This would make more sense, as a port cannot be opened on a non-existent network connection, but once the network is online and I run the service again it works correctly. This would mean that my workaround just happens to work, because it is waiting for the network to be online before launching that service.

I will move my attempt to solve this issue to the bugtracker or I will look further into linux to see how I can write additional services to automatically overwrite the default settings that seem to be reverted to when the virtualbox gets an update.

Cheers

EternalNoob wrote:I will move my attempt to solve this issue to the bugtracker

I sincerely hope that you don't mean the VirtualBox bugtracker:

1. We urge people to avoid the bugtracker. It's usually better and faster, if issues get first addressed in the forums, a lot more eyes here. More than 95% of the issues are resolved in the forums, which keeps the developers focusing on the bug fixes and enhancements, and there is no need for another ticket to keep track of. For example, yours is not a VirtualBox bug and someone from the developers has to deal with it and close it as "[Invalid]".
2. A discussion and analysis on the bug tracker is going to help me, is going to help you, and potentially a future drive-by user or two; users don't usually go to the bugtracker or discuss issues there. Not so in the forums, many more tend to benefit...

It seemed like scottgus1 had mentioned the bugtracker. I guess that's a bad idea though...

So, rather than finding a way to prevent default settings from overwriting my changes to the vboweb-service to allow my service to start with my system boot sequence, I will look in some linux forums somewhere and find out how to make the network adapter activate at an earlier stage I guess.

EternalNoob wrote:It seemed like scottgus1 had mentioned the bugtracker.

I think you're referring to this:

scottgus1 wrote:You might try asking on the Bugtracker whether this behavior is right

Here's why *I* think that the first line of defense should be the forums and not the Bugtracker:

1. "Forums" by definition, is the place to discuss issues. The Bugtracker is the place to report issues once they have been confirmed, after a discussion with other users has determined it's not a random/PEBCAK/other, but a real reproducible issue.
2. The traffic in the Bugtracker is about 1/10th of what's in the forums, which means that you're going to have 10% of the people having a look at the issue.
3. On the other hand, given the amount of "noise" in the forums, the "signal to noise ratio" is really small, and our "job" as a community is to filter that, and send only the important/reproducible issues to the Bugtracker, increasing the "signal to noise ratio" in the Bugtracker.

Finally, why I think that your is not a VirtualBox problem? Because you're having a problem with the firewall, not the vboxweb service itself...

Hey socratis, you were totally right earlier when you said it makes no sense the firewall is the issue. I looked into it more and it wasn't conflicting with the firewall after all. The issue was really simple (I think?), vboxweb-service was activating before my network adapter came online. I think this is why when I change the default vboxweb-service from

...
[Unit]
SourcePath=/usr/lib/virtualbox/vboxweb-service.sh
Description=
Before=runlevel2.target runlevel3.target runlevel4.target runlevel5.target shutdown.target
After=vboxdrv.service
Conflicts=shutdown.target
...

to

...
[Unit]
SourcePath=/usr/lib/virtualbox/vboxweb-service.sh
Description=
Before=runlevel2.target runlevel3.target runlevel4.target runlevel5.target shutdown.target
After=network-online.target vboxdrv.service
Conflicts=shutdown.target
...

it then works when the service is enabled to start with my host OS. Now, I just need to find a way to keep this file from undoing my change when I update VirtualBox.

What's that file that you changed, and why are you saying that it will change if you update VirtualBox? Is this a VirtualBox file?