Available for NS7

With cockpit-machines, you can manage virtual machines using libvirt. This plugin allows users to create, delete, or update storage pools and networks, modify virtual machines, and gain access to a console viewer. This module deprecates the famous virt-manager tool.

Stephane de Labrusse at stephdl@de-labrusse.fr

Your CPU must have the virtualization instruction

• For AMD

# LC_ALL=C lscpu | grep Virtualization
Virtualization:      AMD-V

• For Intel

# LC_ALL=C lscpu | grep Virtualization
Virtualization:        VT-x
Virtualization type:   full

For now a beta stage

yum install http://mirror.de-labrusse.fr/NethDev/cockpit-machines/cockpit-machines-238.2-1.el8.noarch.rpm http://mirror.de-labrusse.fr/NethDev/cockpit-machines/nethserver-cockpit-machines-0.1.0-1.ns7.noarch.rpm

Once installed you can use the left menu Virtual machines in cockpit as root

You can read the full redhat official documentation

When you start to use cockpit you are root but obviously you can delegate the usage to any user

• if the user is member of libvirt group, to do so : usermod -a -G libvirt user@domain
• if you drop a file to allow a group or a user to use libvirt via dbus

in /etc/dbus-1/system.d/org.libvirt.conf

<?xml version="1.0"?>
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">

<busconfig>

  <policy group="groupName">
    <allow send_destination="org.libvirt"/>
  </policy>

</busconfig>

the libvirt dbus documentation

The networking for a VM is something important we have a full chapter, this schema can explain you the principle

At start a network default is created with a NAT bridge, it means the host can contact the VM, the VM gets a network however the host on your LAN cannot connect to the VM. You can create in the Networks panel three kind of bridge: NAT, OPEN, NONE (isolated network)

If you have to get a bridge to LAN (the VM gets an IP on your LAN), you can do it in the Panel of the network interface of the VM , in the interface type you can decide between :

• Virtual network (default bridge)
• Bridge to LAN (bridge to LAN)
• Direct attachment (macVlan, the host cannot connect to the VM, the LAN and the VM can share)

For a matter of preferences you can create a bridge to LAN visible inside the networks menu

Create a file like below, adapt the interface you want to bridge (here br0)

[root@ns7loc12 ~]# cat host-bridge.xml
<network>
  <name>host-bridge</name>
  <forward mode="bridge"/>
  <bridge name="br0"/>
</network>

[root@ns7loc12 ~]# virsh net-define host-bridge.xml
[root@ns7loc12 ~]# virsh net-start host-bridge
[root@ns7loc12 ~]# virsh net-autostart host-bridge

then verify

[root@ns7loc12 ~]#  virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              active     yes           yes
 host-bridge          active     yes           yes

After this you can choose in the interface NIC the virtual network host-bridge

The module modifies some rules of the NethServer Firewall

• The VM can connect to all zones and the host (vice versa)
• The GREEN and the BLUE can connect to the VM (vice versa)
• The ORANGE and the RED cannot connect to the VM

If something cannot be modified in the UI you have the virsh binary, it allow to fully manage all virtual machines objects. You have some documentation

[root@ns7loc12 ~]# man virsh

Download OS images inside /home/vboxweb and run chmod =rwx /home/vboxweb

Please raise Issues on github