Manual entry for xvpweb:
xvpweb (7) xvpweb (7)
NAME
xvpweb - A web-based interface to Citrix(R) XenServer
SYNOPSIS
xvpweb is a PHP and Java based web interface, providing a status view
of XenServer pools, hosts and virtual machines, and easy facilities to
view virtual machine consoles and to boot, shutdown and reboot virtual
machines. It makes use of xvp(8) (running on the same machine as the
web server) and xvpviewer(1) (supplied in applet form). By making use
of a database or flat file, it can be made to restrict which users can
manage particular virtual machines or groups of virtual machines.
Screenshots of xvpweb(7) can be found on the xvp project web site, at
www.xvpsource.org.
DESCRIPTION
xvpweb Is supplied as a single directory tree, containing PHP scripts
and PHP include files, a Java applet as a JAR file, plus style sheets
and images. The directory tree should be installed in an appropriate
location for the web server software (Apache 2.2 is recommended), and
the web server configured to serve the tree as an appropriate URL, e.g.
/xvpweb.
None of the supplied files should need to be edited, as the behaviour
is driven by the configuration file xvp.conf(5), and optionally
xvpusers.conf(5) or an equivalent relational database table.
The Java applet is based on the TightVNC viewer, but with xvp-specific
additions to allow virtual machine shutdown, reboot and reset to be
initiated from the viewer, and to provide mouse-wheel support.
The list of XenServer hosts and virtual machines to display is read
from xvp.conf(5). This can be created manually or using xvpdis-
cover(8). The state of the hosts and virtual machines is deduced by
the PHP scripts interrogating XenServer directly using XML-RPC and the
XenServer API.
The console viewer does not connect directly to XenServer, instead it
connects to xvp(8), running on the same machine as the web server.
USER AUTHENTICATION AND AUTHORISATION
When accessing XenServer via this web-based front end, users do not
need to supply VNC passwords: these are automatically retrieved from
xvp.conf(5) by xvpweb(7) and passed to xvp(8). However, the web inter-
face can restrict which users can view it, and which users can boot
virtual machines and view their consoles from it. To enable this:
1. The web server must be configured to authenticate users, so that the
variable $_SERVER['REMOTE_USER'] is available to PHP. The user's pass-
words need to be be checked by the web server (for example, by using
HTTP basic or digest authentication, with passwords stored in .htaccess
files or an LDAP directory).
2. Note that the passwords set in xvp.conf(5) are per VM, not per user,
are unrelated to the web server passwords, and do not need to be sup-
plied by users when using the web front end. However, you need to
ensure that the front end and xvp(8) are both looking at either the
same xvp.conf(5) file, or separate ones containing matching VNC and
XenServer passwords.
3. The file xvp.conf read by xvpweb end must contain a DATABASE line,
of the form:
DATABASE dsn [ username [ password ] ]
where dsn is a DSN for connecting to an authorisation database. The
format of the DSN is as supported by the PDO class in PHP. If needed
to login to the database server, a username should be specified, and
optionally a password (encrypted using the -x option of xvp(8).) If
there is no DATABASE line in xvp.conf(5), then full control of all vir-
tual machines shown by the web front end is granted to anybody who can
access its web pages via the web server.
As an alternative to using a database, a text configuration file can be
used, by specifying it in xvp.conf(5) using a line such as:
DATABASE xvp:/etc/xvpusers.conf
Both the required database table schema and the alternative text con-
figuration file format are described in xvpusers.conf(5).
OTHER SECURITY CONSIDERATIONS
Before deploying any of the components of the xvp suite, ensure you
understand and have addressed the security implications.
If there is no DATABASE line in xvp.conf(5), then full control of all
virtual machines shown by the web front end is granted to anybody who
can access its web pages via the web server.
Please read the "Security Considerations" section in the README file,
which is included with the software, and also available on the xvp
project web site at www.xvpsource.org.
SEE ALSO
xvp(8), xvp.conf(5), xvpusers.conf(5), xvpdiscover(8), xvpviewer(1)
AUTHOR
Colin Dean gro.ecruospvx@niloc
COPYRIGHT
Copyright (C) 2009 Colin Dean
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MER-
CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License for more details.
Citrix is a registered trademark of Citrix Systems, Inc.
The VNC protocol was originally developed by the RealVNC team while at
Olivetti Research Ltd / AT&T Laboratories Cambridge.
The TightVNC versions of all xvp-modified files, and all TightVNC docu-
mentation files, are included with xvpweb(7) renamed as *.tightvnc.
For TightVNC copyright information, refer to the supplied file
README.tightvnc.
The web-based front end includes "XML-RPC for PHP", Copyright © 1999,
2000, 2002 Edd Dumbill. All rights reserved. The full copyright
notice and disclaimer for this can be found in the included file
xmlrpc.inc.
A small part of the source code for xvp(8) and xvpdiscover(8) was based
on code supplied in the XenServer C SDK 5.0.0, to which the following
copyright statement applies:
Copyright (C) 2006-2008 Citrix Systems, Inc.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WAR-
RANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE
FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAM-
AGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
xvpweb (7) xvpweb (7)