Install Oracle VM VirtualBox Extension Pack on CentOS / Ubuntu / Debian / Fedora / LinuxMint

VirtualBox Extension Pack is a set of open-source components that extends the functionality of the VirtualBox base package. Oracle provides the one extension pack, and it provides the following added functionality.

The virtual USB 3.0 / 2.0 device
VirtualBox Remote Desktop Protocol (VDRP)
Disk image encryption with AES algorithm
Host webcam pass through.
Intel PXE boot ROM.
Experimental support or PCI passthrough on Linux hosts.
This Mini how-to helps you to install Oracle VM VirtualBox Extension Pack on CentOS / Ubuntu / Debian / Fedora / LinuxMint operating systems.

You would need to install the same version extension pack, as your installed version of VirtualBox.


Download the Oracle VM VirtualBox extension pack using the wget command.

### VirtualBox 6.0 ###

cd /tmp

wget https://download.virtualbox.org/virtualbox/6.0.14/Oracle_VM_VirtualBox_Extension_Pack-6.0.14.vbox-extpack

### VirtualBox 5.2 ###

cd /tmp

wget https://download.virtualbox.org/virtualbox/5.2.34/Oracle_VM_VirtualBox_Extension_Pack-5.2.34.vbox-extpack

Command Line Mode
Let’s see the installed Extension pack. You won’t find any packages because Extension does not come bundled with VirtualBox.

### CentOS / RHEL / Fedora ###

VBoxManage list extpacks

### Ubuntu / Debian ###

sudo VBoxManage list extpacks

Install Oracle VM VirtualBox Extension Pack using the following command.

### CentOS / RHEL / Fedora ###

cd /tmp

VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-*.vbox-extpack

### Ubuntu / Debian ###

cd /tmp

sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-*.vbox-extpack

Let’s list the installed extension packs.

### CentOS / RHEL / Fedora ###

VBoxManage list extpacks

### Ubuntu / Debian ###

sudo VBoxManage list extpacks

ISE Module Browser requires NuGet-anycpu.exe, but fails to install

Setting up PowerShell for Azure portal is always a challenge.

Make sure following path exists:
C:\Program Files\WindowsPowerShell\Modules\ISEModuleBrowserAddon\1.0.1.0\

If not download the PowerShell Module through the ISE. 

To enable Module Browser for the 64-bit version of PowerShell ISE:

1. In Windows Explorer, open

%userprofile%\Documents\WindowsPowerShell

2. Open PS file for edit, then add the following lines after the commentary header

If ($env:PSModulePath.Split(';') -contains "C:\Program Files\WindowsPowerShell\Modules" -and ([Environment]::Is64BitProcess)) {
    Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\ISEModuleBrowserAddon\1.0.1.0\ISEModuleBrowserAddon.dll'
    Write-Host 'Loaded 64-bit version'
    }
else {
    Add-Type -Path 'C:\Program Files (x86)\Microsoft Module Browser\ModuleBrowser.dll'
    Write-Host 'Loaded 32-bit version'
    }

3. Save changes and start the 64-bit PowerShell ISE.

Whole profile script:

#Module Browser Begin
#Version: 1.0.0
If ($env:PSModulePath.Split(';') -contains "C:\Program Files\WindowsPowerShell\Modules" -and ([Environment]::Is64BitProcess)) {
    Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\ISEModuleBrowserAddon\1.0.1.0\ISEModuleBrowserAddon.dll'
    Write-Host 'Loaded 64-bit version of Module Browser'
    }
else {
    Add-Type -Path 'C:\Program Files (x86)\Microsoft Module Browser\ModuleBrowser.dll'
    Write-Host 'Loaded 32-bit version of Module Browser'
    }
$moduleBrowser = $psISE.CurrentPowerShellTab.VerticalAddOnTools.Add('Module Browser', [ModuleBrowser.Views.MainView], $true)
$psISE.CurrentPowerShellTab.VisibleVerticalAddOnTools.SelectedAddOnTool = $moduleBrowser
#Module Browser End

So finally, it works in a 64-bit ISE.

Now there's an issue with the 32-bit version of ISE.
For some reason, it loads the 32-bit version of Module Browser for Windows PowerShell ISE (x86), but still it results in the notorious issue with Module Browser being unable to get the NuGet package.

Convert AzureRM to AZ

It has been announced by Microsoft that the brand new Azure Az module will represent the de facto standard for connecting to Azure cloud infrastructures. The truth is that all of your already existing scripts will still work due to the fact that aliases can be enabled. From a technical standpoint it is a good short term solution but that doesn't really bring the idea of future-proofing with itself.

You can enable this short term solution by running:

Enable-AzureRmAlias

Please note that you cannot do this if you have code in your script that imports the old AzureRM module. That will obviously conflict with the aliases of the new Az module. In cases where you still need to use the old AzureRM in your environment, please run:

Disable-AzureRmAlias

To disable all the aliases for the cmdlets.

If you take a closer look at the repository which the Az module is based on (Azure/azure-powershell) you'll see that there is a file called Mappings.json inside the folder src/Accounts/Accounts/AzureRMAlias.  

We can directly download this file like this:

$Mappings = ((Invoke-WebRequest https://raw.githubusercontent.com/Azure/azure-powershell/master/src/Accounts/Accounts/AzureRmAlias/Mappings.json -UseBasicParsing).Content | ConvertFrom-Json)

The mappings variable should now contain a list of Azure related objects. We can now iterate over each object in the root to get a list of all mappings like this:

($Mappings | Get-Member -MemberType NoteProperty) | % {
    $Mappings.$($_.Name) | % {
        ForEach ($Mapping in ($_ | Get-Member -MemberType NoteProperty)) {
            Write-Host $_.$($Mapping.Name) "=>" $Mapping.Name
        }
    }
}

This will output a list of mappings in a readable format. We can use this to create a script that replaces the old cmdlets with new ones. The final script looks like this:

$ScriptFile = "C:\Users\Bart\Desktop\script.ps1"
$Script = (Get-Content $ScriptFile -Raw)

($Mappings | Get-Member -MemberType NoteProperty) | % {
    $Mappings.$($_.Name) | % {
        ForEach ($Mapping in ($_ | Get-Member -MemberType NoteProperty)) {
            $Script = $Script -replace $_.$($Mapping.Name),$Mapping.Name
        }
    }
}

$Script | Set-Content $ScriptFile

This should work, but please note that this only replaces the cmdlet names in your script. Just to be sure, run your scripts to make sure that they still work like they used to do. Do you have suggestions for other readers and/or me? Feel free to leave a comment, all knowledge is welcome.

Gitlab Installation on Centos

Step 1 - Install packages

In this step, we will download/install some packages needed for the GitLab installation. We will be using curl to download the repository installer, policycoreutils for SELinux manager, OpenSSH, and postfix as local SMTP server.

Install all of those packages with the following yum command.

yum -y install curl policycoreutils openssh-server openssh-clients postfix

After that, start the ssh and postfix services.

systemctl start sshd
systemctl start postfix

Now enable them to run automatically at the boot time.

systemctl enable sshd
systemctl enable postfix

All packages required for the GitLab installation are now installed on the server.

Step 2 - Install GitLab

GitLab provides an installer for adding the GitLab CE repository. Download the installer with curl and run the script (as shown below) to add new GitLab CE repository.

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

GitLab CE repository has been added to the system.

Now install GitLab with the following yum command.

yum -y install gitlab-ce

When the installation complete, you will get the result as shown below.

With this, GitLab CE is now installed on the CentOS 7 server.

Step 3 - Configure GitLab URL

For this tutorial, we will use a domain name for GitLab. Specifically, we will use the domain name 'gitlab.hakase-labs.co.'

Go to the GitLab configuration directory '/etc/gitlab' and then edit the configuration file 'gitlab.rb' with vim editor.

cd /etc/gitlab/
vim gitlab.rb

Change the external_url line with the domain name 'gitlab.hakase-labs.co'.

external_url 'http://gitlab.hakase-labs.co'

Save the changes and exit vim.Advertisements

Step 4 - Generate SSL Let's encrypt and DHPARAM certificate

For the basic layer of security, we will be using the SSL for our GitLab site. We will use free SSL certificate from Letsencrypt and generate DHPARAM certificate to add an extra security layer.

To generate the Letsencrypt certificate, we need to install the letsencrypt command line tool, which is available in the repository.

Install Letsencrypt tool on CentOS 7 with yum command below.

yum -y install letsencrypt

After the installation is complete, generate new SSL certificate letsencrypt with the command below.Advertisements

letsencrypt certonly --standalone -d gitlab.hakase-labs.co

Note: While generating SSL Letsencrypt, make sure your HTTP and HTTPS port are not blocking by the firewall.

Type your email address for renewing notification, then type 'A' for the Letsencrypt Terms of Service agreement, and finally type 'N' and press Enter again.

And if you see the result as shown below, it means your certificate for the domain name has been generated, and stored in the '/etc/letsencrypt/live' directory.

Next, create new 'ssl' directory under the GitLab configuration directory '/etc/gitlab/'.

mkdir -p /etc/gitlab/ssl/

Now generate the DHPARAM certificate pem file using OpenSSL. The bigger bit is more secure.

sudo openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 2048

And after the DHPARAM certificate is generated, change the permission of the certificate file to 600.

chmod 600 /etc/gitlab/ssl/*

So the SSL Letsencrypt and DHPARAM certificate for the GitLab installation has been generated.Advertisements

Step 5 - Enable Nginx HTTPS for GitLab

At this stage, we already have free SSL certificate files from Letsencrypt and DHPARAM certificate which is generated using OpenSSL command. And in this step, we will enable HTTPS for the GitLab site. We will enable HTTPS and force HTTP to the HTTPS connection.

First, go to the GitLab configuration directory and edit the configuration file 'gitlab.rb'.

cd /etc/gitlab/
vim gitlab.rb

And change HTTP to HTTPS on the external_url line.

external_url 'https://gitlab.hakase-labs.co'

Then paste the following configuration under the 'external_url' line configuration.

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/letsencrypt/live/gitlab.hakase-labs.co/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.hakase-labs.co/privkey.pem"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"

Save the changes and exit vim.

Finally, apply the GitLab configuration using the following command.

gitlab-ctl reconfigure

And when all is complete, you should get the result as shown below.

Step 6 - Configure Firewalld

In this tutorial, we will run GitLab under the Firewalld firewall. So make sure it's installed on the system. If you do not have the package, you can install it using the following command.

yum -y install firewalld

Start firewalld and enable it to run automatically at boot time with systemctl commands as shown below.

systemctl start firewalld
systemctl enable firewalld

Next, open new ports for our services. We will open SSH, HTTP and HTTPS ports for our GitLab config. Run firewall-cmd commands below to open the ports.

firewall-cmd --permanent --add-service ssh
firewall-cmd --permanent --add-service http
firewall-cmd --permanent --add-service https

Now reload the firewall and check the firewalld configuration. Make sure SSH, HTTP, and HTTPS are on the list.

firewall-cmd --reload
firewall-cmd --list-all

So with this, Firewalld configuration for GitLab has been completed.

Step 7 - Perform installation

So GitLab has been installed in the system, and it's running under the Firewalld firewall. In this step, we will do some quick settings after installing GitLab on the server.

Reset GitLab root password

Open your web browser and type the gitlab URL 'gitlab.hakase-labs.co'. You will be redirected to the HTTPS connection. Change the root password with your own password, and click 'Change your password' button to confirm.

Now you can log in to the GitLab dashboard with default user 'root' and your own password.

Change profile and Username

After you logged in to the GitLab dashboard, click on the top right of your icon profile, and click the 'Settings' icon to setup your profile.Advertisements

In the 'Profile' tab, change your name and email address, then click the 'Update profile Settings' button on the bottom to confirm.

Next, go to the 'Account' tab and change the default root username with your own username, then click the 'Update username' button.

Add SSH Key

Make sure you already have a key, if you do not have an SSH key, you can generate one using the command below.

ssh-keygen

And you will get two keys in ~/.ssh/ directory. 'id_rsa' would be your private key and 'id_rsa.pub' would be your public key.

Next, come back to the Web browser, and click on the 'SSH Key' tab. Copy content of 'id_rsa.pub' file and paste to the key box, and click 'Add Key'.

With this, the SSH key has been updated.

Sign up restrictions and limit settings

Click on the 'Admin Area' icon, and then click on the gear icon and choose 'Settings'.

In the 'Account and Limit Settings' section, you can configure max project per user. And in the 'Sign-up Restrictions' section, you can add the domain name of your email to the white-list box.

After all this is done, scroll to the bottom and click 'Save'.

That's it. Basic GitLab configuration has been completed.

Step 8 - Testing

Now, we will do some testing with our self-hosted GitLab.

Create New Project

Click the plus icon on the top-right to create a new project repository.

Type your project name, description, and setup visibility settings for your project. And then click the 'Create project' button.

With this, the project has been created.

Test first commit

After your project is created (howtoforge in our case), you will be redirected to the project page. Now start adding new content to the repository.

Make sure Git is installed on your computer.

For this test, we need to setup Git account on the computer, something which you can do using the following commands:

git config --global user.name "hakase"
git config --global user.email "admin@example.com"

Clone the repository and add a new README.md file.

git clone https://hakase@gitlab.hakase-labs.co/hakase/howtoforge.git
cd howtoforge/
vim README.md

You will be asked for the hakase password. Please type the same password that we used while accessing GitLab for the first time, and then add new content to the README.md file.

Commit new changes to the repository using the following commands.

git add .
git commit -m 'Add README.md file by hakase-labs'

Next, push the repository to the GitLab server.

git push origin master

Type your password and press Enter to continue. You should see the result as shown below.

Now open the project (howtoforge in our case) from your web browser, and you will see a new README.md file has been added to the repository.

So this confirms that Gitlab is successfully installed on Ubuntu CentOS 7 with 4GB of memory.

Gitlab LDAP Authentication - Issue - Could not authenticate you from Ldapmain because “Invalid credentials for user.name”

ldap configuration

Configured /etc/ldap/ldap.conf :

BASE dc=serverX,dc=lan
URI     ldap://serverX.lan
TLS_CACERT /etc/ssl/certs/ca-certificates.crt

Configured /etc/gitlab/gitlab.rb :

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-eos 389="" active_directory:="" allow_username_or_email_login:="" attributes:="" base:="" bind_dn:="" block_auto_created_users:="" cn="" code="" email:="" email="" encryption:="" false="" first_name:="" givenname="" host:="" itlab="" label:="" last_name:="" ldap="" mail="" method:="" name:="" or="" ou="users,dc=serverX,dc=lan" password:="" plain="" port:="" samaccountname="" sn="" ssl="" tls="" true="" uid:="" uid="" user_filter:="" userid="" username:="" userprincipalname="" xxxx="">

Output of gitlab-rake gitlab:ldap:check is OK :

# gitlab-rake gitlab:ldap:check
Checking LDAP ...

LDAP: ... Server: ldapmain
LDAP authentication... Success
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP ... Finished
Check your /etc/gitlab/gitlab.rb
gitlab_rails['ldap_servers'] = YAML.load <<-eos 389="" active_directory:="" allow_username_or_email_login:="" base:="" bind_dn:="" block_auto_created_users:="" cn="admin,ou=users,dc=serverX,dc=lan" code="" encryption:="" false="" host:="" itlab="" label:="" ldap="" ou="users,dc=serverX,dc=lan" password:="" plain="" port:="" uid:="" uid="" xxxx="">

Automate Linux (Ubuntu) script

I looked for what you propose. For use of 'preseeding' with 'debconf-get-selections':
Code:
sudo debconf-set-selections <<< 'slapd/root_password password your_password'
sudo debconf-set-selections <<< 'slapd/root_password_again password your_password'
sudo aptitude -y install slapd
And i fell also on this thread:
[stackoverflow.com/questions/1202347/how-can-i-pass-a-password-from-a-bash-script-to-aptitude-for-installing-mysql]

Code:
sudo DEBIAN_FRONTEND=noninteractive aptitude install -q -y
or
Code:
#!/bin/bash

installnoninteractive(){
  sudo bash -c "DEBIAN_FRONTEND=noninteractive aptitude install -q -y $*"
}

installnoninteractive slapd
Also I found 'expect'. For the use of 'expect':
Code:
#!/bin/bash
aptitude update
aptitude install expect

VAR=$(expect -c '
spawn aptitude -y install slapd
expect "New password for the slapd \"root\" user:"
send "PasswordHere\r"
expect "Repeat password for the slapd \"root\" user:"
send "PasswordHere\r"
expect eof
')

echo "$VAR"

aptitude -y install slapd
but for 'expect' the need to install the package.

After testing all these solutions, i prefer:
Code:
DEBIAN_FRONTEND=noninteractive aptitude install -q -y

Tools to remote into Linux Environments

#yum groupinstall 'GNOME Desktop Environment' 'X Window System'

1) VNC

x11vnc – simples of this 3 methods to get remote access. VNC stands for Virtual Network Computing) is a very useful network graphics protocol

Perhaps you need to enable EPEL (Extra Packages for Enterprise Linux) repository. Run

#yum -y install epel-release

Now we can install x11vnc. This command will install server and solve all dependencies

#yum -y install x11vnc

Then we will protect server with password:

# x11vnc -storepasswd

Enter VNC password:

Verify password:

Write password to /root/.vnc/passwd? [y]/n y

Password written to: /root/.vnc/passwd

!Do not use simple password!

We ready to start server:

# x11vnc --reopen --forever -rfbauth ~/.vncpasswd &

You can check if servers started:

    #netstat -an | grep 5900

    tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN

    tcp6 0 0 :::5900 :::* LISTEN

    If its ok, simply try to connect to it using vncviewer.
    #yum -y install vnc
    #vncviewer YOUR_SERVER_IP

That's all! Now you have access to your desktop. After reboot just ssh again and do again

    x11vnc --reopen --forever -rfbauth ~/.vncpasswd &

2) Tigervnc server

Tigervnc - is a high-performance, platform-neutral implementation of VNC

   #yum install -y tigervnc-server

Lets copy example config and edit it:

    #cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

    #vi /etc/systemd/system/vncserver@:1.service

Example of config:

[Unit]
    Description=Remote desktop service (VNC)
    After=syslog.target network.target
    [Service]
    Type=forking
    ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
    ExecStart=/usr/sbin/runuser -l YOUR_NAME -c "/usr/bin/vncserver
    PIDFile=/home/YOUR_NAME/.vnc/%H%i.pid
    ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
    [Install]
    WantedBy=multi-user.target

Now enable autostart service and restart it:

    systemctl enable vncserver@:1.service
    systemctl restart vncserver@:1.service

And finally connect to it:

    #vncviewer YOUR_SERVER_IP

3) XRDP

xrdp is an Open Source Remote desktop Protocol server. First of all we need to install EPEL repository and xrdp server:

    #yum -y install epel-release
    #yum -y install xrdp

Now lets start server

    #systemctl start xrdp.service 

Check if its running, and add him to autostart.

#netstat -an | grep 3389 
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN
#systemctl enable xrdp.service

Thats all now you can connect to your server from any windows machine.

4) Teamviewer

Teamviewer does not exist in standard repos, so we need to install wget and download TeamViewer rpm package

    #yum -y install wget
    #wget https://download.teamviewer.com/download/linux/teamviewer.x86_64.rpm

Install it, using this command:

    #yum install teamviewer.x86_64.rpm

And set your password

    # teamviewer passwd YOUR_PASSWORD
    ok
    #systemctl start teamviewerd.service

Now you only need to get your id to connect

#teamviewer –info
  TeamViewer ID: 9XXXXXXX7

Try to connect to it using this id and password you set

5) FreeNX

FreeNX is a Remote Access solution based on enterprise class open source technologies by NoMachine. If you like exact this tool to get remote access you may upgrade to cloud version.

First of all we need to add e EPEL + nux-dextop repositories, for Centos 6:

# rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm

For Centos 7

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm

Install server and agent:

#yum install freenx-server nxagent 

Enable passdb authentication:

#echo 'ENABLE_PASSDB_AUTHENTICATION="1"' >> /etc/nxserver/node.conf

Now we need to create user for remote access and assign password for him:

# /usr/libexec/nx/nxserver --adduser bob 
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 716 Public key added to: /home/bob/.ssh/authorized_keys2
NX> 1001 Bye.
NX> 999 Bye

#/usr/libexec/nx/nxserver --passwd bob 
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
New password:
Password changed.
NX> 999 Bye

Now we will install epel-repos and opennx client on your machine:

#yum install opennx

After starting opennx wizard you will be asked about session name,server address and port. Most important thing is to set your key. You need to copy key from servers /etc/nxserver/client.id_dsa.key and paste it general tab of your client session properties.