Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
blocks:server:virtualized [2021-05-11 19:23] admin Updated for Blocks 5 |
blocks:server:virtualized [2023-03-27 10:05] (current) mattias [Connecting the USB License Key to Another Computer] |
||
---|---|---|---|
Line 2: | Line 2: | ||
While the full Linux-based server image can be installed on a virtual machine, it is not specifically designed for that purpose. Installations that run Blocks in a virtualized environment often have different priorities than those using a stand-alone server. Many of the features included in the full server Linux image are typically managed by other parts of the infrastructure in a virtualized environment. | While the full Linux-based server image can be installed on a virtual machine, it is not specifically designed for that purpose. Installations that run Blocks in a virtualized environment often have different priorities than those using a stand-alone server. Many of the features included in the full server Linux image are typically managed by other parts of the infrastructure in a virtualized environment. | ||
- | :!: This is an advanced guide. If you don't feel at home in a linux server | + | :!: This is an advanced guide. If you don't feel at home in a Linux terminal window, you should probably not follow it. |
===Minimal Server OS=== | ===Minimal Server OS=== | ||
- | The full Linux-based server runs an enhanced desktop version of Ubuntu, including a user friendly window-and-mouse based desktop environment. | + | The full Linux-based server runs an enhanced desktop version of Ubuntu, including a user friendly window-and-mouse based desktop environment. |
- | This virtual server image runs on Debian, which is essentially the same operating system core, but a pure server-version, | + | |
===No Webmin interface=== | ===No Webmin interface=== | ||
Line 18: | Line 17: | ||
=====Virtual Environment===== | =====Virtual Environment===== | ||
- | This image is designed to be used in a virtualized environment. It is distributed as a [[https://int.pixilab.se/ | + | This image is designed to be used in a virtualized environment. It is distributed as an [[https:// |
- | * OVA image based on Debian 10. A complete virtual machine " | + | |
- | * VirtualBox 6 or later. A free virtual machine available for most operating systems | + | * Oracle [[https:// |
- | * VMWare | + | * VMWare' |
+ | |||
+ | After importing the OVA file into your virtualizer of choice, start it up and wait for the login screen to appear. | ||
=====Users and Passwords===== | =====Users and Passwords===== | ||
- | User name **root**, with password // | + | For full system access, log in with the user name **root**, with password //pixi//. This **root** user can do anything without restrictions, so be careful. Use this user for for system software installation, |
- | User name **blocks**, with password // | + | User name **blocks**, with default |
=====Network Configuration===== | =====Network Configuration===== | ||
- | On the Host computer, running VirtualBox (or other preferred virtualizer), | + | On the Host computer, running VirtualBox (or other preferred virtualizer), |
====Guest Linux OS terminal window==== | ====Guest Linux OS terminal window==== | ||
- | Find the name and verify connectivity | + | Find the network interface |
- | * Use the command //ip addr// to see all network interfaces with their names. Ignore the lo loopback interface. | + | * Use the command //ip addr// to see all network interfaces with their names. Ignore the //lo// loopback interface. |
- | * The name is typically something like enp0s3. | + | * The name is typically something like //enp0s3//. |
* If the interface is already UP, and you have internet access, you're done | * If the interface is already UP, and you have internet access, you're done | ||
* Verify internet access by using the command //ping 1.1.1.1//, that should show the turn-around time in mS repeatedly if OK. | * Verify internet access by using the command //ping 1.1.1.1//, that should show the turn-around time in mS repeatedly if OK. | ||
- | ===Verify/ | ||
- | Specified by a file in / | ||
- | Name the file //primary// (although the actual file name isn't important). Enter the following data into the file. You can do so using the simple terminal text editor //nano//. | ||
+ | ===Verify/ | ||
+ | If you didn't automatically get network access, you need to configure networking inside the virtual Blocks server. Settings are specified in the **/ | ||
+ | If required, add a file there and name it //primary// (although the actual file name isn't important). Enter the following data into the file. You can do so using the simple terminal text editor //nano//. | ||
< | < | ||
auto enp0s3 | auto enp0s3 | ||
Line 52: | Line 53: | ||
:!: Do not use a wifi network interface, since that will typically not provide a dynamic address to the virtual machine. | :!: Do not use a wifi network interface, since that will typically not provide a dynamic address to the virtual machine. | ||
- | Alternatively, | + | Alternatively, |
< | < | ||
auto enp0s3 | auto enp0s3 | ||
Line 62: | Line 63: | ||
</ | </ | ||
- | After making changes, restart the virtual machine using //reboot now// or restart the networking stack by | + | After making changes, restart the virtual machine using //reboot now// or merely |
//systemctl restart networking// | //systemctl restart networking// | ||
- | =====License | + | =====License Access===== |
- | Blocks server software requires a license | + | Blocks server software requires a license to be operational. |
- | ====Network Access from Host Computer==== | + | [[blocks: |
- | This method provides access to the license key over the network. Assuming both the guest and host operating systems are on the same network (which they will be when using a network adapter in bridge mode), the license | + | |
- | === Host operating system === | ||
- | * Open the CodeMeter Control Center. | ||
- | * Click the WebAdmin button, and wait for the web UI to appear. | ||
- | * Select Configuration > Server. | ||
- | * Under Network Server, select Enable. | ||
- | * Click Apply. | ||
- | === Guest operating system === | ||
- | The CodeMeter software has been pre-installed, | ||
- | * Start the virtual machine. | ||
- | * Once up, use the command //cmu --list-server --list-content// | ||
- | * This should show your network server' | ||
- | === Attaching the license key to another computer === | ||
- | In the example above, the license key is physically connected to the host computer, and then accessed over the network. If you can't connect the license key to the host computer for some reason, you can connect it to another computer on the same subnet, and it will be found automatically by Blocks. | ||
- | It' | + | =====Blocks Configuration===== |
+ | There' | ||
- | ====Direct USB Access==== | + | =====Starting and Stopping Blocks===== |
- | If you have physical access to the computer running the virtualizer, | + | Assuming that the license key is accessible, Blocks should start automatically. Blocks is started |
- | === Host computer === | + | < |
+ | systemctl --user status blocks | ||
+ | </ | ||
- | * Connect | + | If Blocks is currently active, you should see the text " |
- | * Do NOT install the CodeMeter driver/ | + | |
- | :!: The host computer must NOT run the CodeMeter software, since only one driver may access the physical key at a time, and in this case this is the driver inside the virtual machine. | + | < |
+ | systemctl --user enable --now blocks | ||
+ | </ | ||
- | ===VirtualBox settings === | + | To stop and disable Blocks: |
- | * Select your guest OS in the list on the left hand side | + | |
- | * Select its Details settings pane | + | |
- | * Click USB | + | |
- | * Make sure " | + | |
- | * Add a "USB Device Filter" | + | |
- | * Select your CodeMeter device | + | |
- | + | ||
- | To verify license key availability: | + | |
- | * Start the virtual machine. | + | |
- | * Once up, use the command //cmu -x//. | + | |
- | * This should show the details of your license key. Look for the text " | + | |
- | =====Blocks Configuration===== | + | < |
- | There' | + | systemctl --user disable --now blocks |
+ | </ | ||
- | =====Security, | + | Note that //systemd// differentiates between // |
- | This section lists a number of optional enhancements and considerations. You don' | + | |
- | ====Security Considerations==== | + | If you run into trouble launching Blocks, and the //status// command doesn' |
- | ===Secure Shell Remote Access (SSH)=== | + | < |
- | Secure Shell is not enabled in the VM image. SSH may be useful for many system configuration and remote access purposes. If desired, enable SSH in the VM's console window using the command //systemctl enable ssh// under the root account. Before enabling SSH, set a strong password for the blocks | + | journalctl -n 20 --no-pager --user-unit |
+ | </code> | ||
- | ===Firewall=== | + | This will show the 20 most recent //systemd// log messages related to blocks. Again, you must be logged in as the //blocks// user in order to use this command. |
- | The firewall is not enabled in the VM image. Very few services are enabled, so you may not need a firewall since only the required ports are exposed. Feel free to configure and enable the included | + | |
- | ====HTTPS==== | + | =====Using |
- | HTTPS is not enabled by default. If your server is exposed to the Internet, you're strongly advised to use and enforce HTTPS. Enable HTTPS in Blocks' | + | |
- | ===Certificate=== | + | The server image includes [[http://nginx.org|nginx]], acting as a reverse proxy in front of Blocks. This can be configured to manage secure HTTPS connections, |
- | Regardless of how you implement HTTPS, you'll need a certificate, | + | |
- | ====Port Remapping==== | + | =====Security Considerations===== |
- | You may enable the built-in // | + | This section describes some security considerations. |
- | ====Using a Reverse Proxy==== | + | ===Secure Shell Remote Access (SSH)=== |
- | A reverse proxy, such as NGINX, can be placed | + | Secure Shell is not enabled in the VM image. SSH may be useful for many system configuration and remote access purposes. If desired, enable SSH in the VM's console window using the command //systemctl enable ssh// while running |
- | :!: Configuration of NGINX or other reverse proxy software (e.g., Apache) is not supported by PIXILAB. | + | ===Firewall=== |
- | + | The firewall is not enabled in the VM image. Very few services are enabled, so you may not need a firewall since only the required ports are exposed. Feel free to [[https:// | |
- | ===Port Remapping=== | + | |
- | The reverse proxy can re-map port numbers as the traffic flows through it, thereby exposing HTTP on the default port 80 for the outside world, and passing it on to Blocks on port 8080. The same for HTTPS on port 443. | + | |
- | + | ||
- | ===HTTPS termination=== | + | |
- | The reverse proxy can terminate | + | |
- | + | ||
- | ===Serving of Static Files=== | + | |
- | The reverse proxy can be configured to serve all static files (those under /public) by itself, rather than passing those requests on to Blocks. Offloading static files as well as TLS processing leaves more headroom | + | |