Virtual Appliance Installation and Configuration¶
Download and Verify the Virtual Appliance Image¶
A .zip Archive containing the virtual appliance’s disk image and VM configuration can be obtained from the following URL:
Download the .zip archive and the corresponding SHA1 checksum file:
You should verify the SHA1 checksum to ensure that the zip archive is intact.
You can use the
sha1sum command line utility on Linux to verify the
integrity of the downloaded file.
For guidance on how to verify this checksum on other platforms, see the following articles:
- Apple Mac OS X: How to verify a SHA-1 digest on Mac OS X
- Microsoft Windows: Availability and description of the File Checksum Integrity Verifier utility
For additional safety, we recommend to verify the cryptographic signature of the zip archive as well.
You need to have a working GnuPG installation in order to verify this signature. The installation and configuration of GnuPG is out of the scope of this document — see the documentation at https://gnupg.org/ for details.
The public TeamDrive Build GPG key can be downloaded from here:
Import the key into your keyring and double check it matches the fingerprint provided below:
$ gpg --fingerprint firstname.lastname@example.org pub 2048R/9A34C453 2014-07-01 Key fingerprint = 8F9A 1F36 931D BEFA 693B 9881 ED06 27A9 9A34 C453 uid TeamDrive Systems (RPM Build Key) <email@example.com> sub 2048R/6048C568 2014-07-01
Each official release is signed with this TeamDrive GPG key. The signature can be obtained from the following URL:
To verify the signature on a Linux operating system, the .zip and corresponding .asc file should be located in the same directory. Now run the following command:
$ gpg --verify TD-Web-Portal-CentOS7-64bit.zip.asc gpg: Signature made Do 27 Aug 2015 12:57:38 CEST using RSA key ID 9A34C453 gpg: Good signature from "TeamDrive Systems (RPM Build Key) <firstname.lastname@example.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 8F9A 1F36 931D BEFA 693B 9881 ED06 27A9 9A34 C453
The procedure on other platforms may vary, please consult the GnuPG documentation for details on how to accomplish this task.
Import the Virtual Appliance¶
After you have confirmed the integrity and authenticity, unzip the zip archive.
The archive contains four files, a virtual disk image (
.vmdk), two virtual
machine description files (
.ovf) and a manifest file (
the file names and SHA1 checksums.
Import the virtual machine image according to the documentation of your virtualization technology and adjust the VM parameters (e.g. number of virtual CPUs, RAM) based on your requirements, if necessary.
An import to VMWare ESXi might fail with the error:
Unsupported hardware family 'virtualbox-2.2'.
In this case use the .ovf file starting with vmx_*.ovf
Start up the virtual machine and observe the virtual machine’s console output.
First Boot and Initial Configuration¶
Log in as the
root user with the standard password
To change the default password, type in:
[root@localhost ~]# passwd
and define your own strong password. To change the network device and DNS, type in:
[root@localhost ~]# nmtui
A detailed description for the network setup can be found here http://www.krizna.com/centos/setup-network-centos-7/
A cloned CentOS image in a VMWare environment might exhibit problems updating the network interface. If you are observing issues when configuring the network interface, please follow these instructions: https://wiki.centos.org/TipsAndTricks/VMWare_Server
Updating the Installed Software Packages¶
As a first step, we strongly advise to perform an update of the installed software packages. New security issues or software bugs might have been discovered and fixed since the time the Virtual Appliance has been built.
This can be done using the
yum package management tool. As a requirement,
the Virtual Appliance needs to be connected to the network and needs to be
able to establish outgoing HTTP connections to the remote RPM package
repositories. To initiate the update process, enter the following command:
[root@localhost ~]# yum update -y
yum will first gather the list of installed packages and will then
determine, if updates are available. If any updates need to be installed, the
affected RPM packages will now be downloaded from the remote repositories and
If the yum update installed any updated packages, consider performing a reboot before you proceed, to ensure that the updates are activated.
Performing a regular update of all installed packages is an essential part
of keeping your system secure. You should schedule a regular maintenance
window to apply updates using
yum update (and perform a reboot, to
ensure that the system still boots up correctly after these updates). Failing to
keep up to date with security fixes may result in your system being
vulnerable to certain remote exploits or attacks, which can compromise your
system’s security and integrity.
Install latest TeamDrive Agent version¶
Please install the latest TeamDrive Agent docker image. A list of released
versions can be found here: https://hub.docker.com/r/teamdrive/agent/tags/
To update the docker image start
yvva and execute
[root@webportal ~]# yvva Welcome to yvva shell (version 1.3.8). Enter "go" or end the line with ';;' to execute submitted code. For a list of commands enter "help". UPGRADE COMMANDS: ----------------- To upgrade from the command line, execute: yvva --call=upgrade_now --config-file="/etc/yvva.conf" upgrade_now;; Perform upgrade changes to the Docker image and/or database (this command cannot be undone).
Leave the yvva shell by type in
If outgoing requests has to use a proxy server, follow the docker documentation https://docs.docker.com/engine/admin/systemd/#http-proxy to set a proxy for docker. Restart the docker service after adding the proxy configuration.
The agent is a headless version of the standard TeamDrive client. A docker container will be started for each user using the Web Portal (as described in chapter Introduction to the TeamDrive Web Portal).
Changing the Default MySQL Database Passwords¶
The TeamDrive Web Portal Virtual Appliance uses the following default
passwords for the MySQL database. We strongly suggest changing the passwords
of the MySQL users
teamdrive before connecting this system to
a public network.
|Account type||Username||Password (default)||New Password|
|MySQL Database Server||root||teamdrive|
|MySQL Database Server||teamdrive||teamdrive|
To change the passwords for the MySQL
teamdrive user, please
use the following commands. First change the password for the root user:
[root@localhost ~]# mysqladmin -u root -pteamdrive password Warning: Using a password on the command line interface can be insecure. New password: <new password> Confirm new password: <new password>
Next, log into the MySQL database as the
root user (using the new password)
and change the password for the user
[root@localhost ~]# mysql -u root -p Enter password: <new password> [...] mysql> SET PASSWORD FOR 'teamdrive'@'localhost' = PASSWORD('<new password>'); Query OK, 0 rows affected (0.00 sec) mysql> quit Bye
Take note of the new MySQL password for the
teamdrive user, as you will
need to change some configuration files using that password as outlined in
the following chapters Creating TeamDrive MySQL User and Databases.
iptables-based OS firewall on the TeamDrive Host Server Virtual
Appliance has been configured to only allow access to the following services:
- SSH (TCP Port 22)
- Secure WWW (HTTPS, TCP Port 443)
- WWW (HTTP, TCP Port 80)
If necessary, you can change the firewall configuration using the following utility:
An instructions how to configure the firewall can be found here https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
Replacing the self-signed SSL certificates with proper certificates¶
In order to use SSL without any problems, you will need a properly signed SSL certificate (+ key) and an intermediate certificate (certificate chain) from a trusted authority.
Edit /etc/httpd/conf.d/ssl.conf and enter the absolute location of your files into the appropriate settings:
SSLCertificateFile /path/to/your_domain.crt SSLCertificateKeyFile /path/to/your_domain.key
Depending on your certificate provider and your security needs, you probably want to set:
After saving the changes, restart your httpd and watch out for errors:
[root@localhost ~]# service httpd restart
Now you can logout and proceed with the configuration via browser to register the Web Portal as described in Associating the Web Portal with a Provider. For production use please read the following two chapters about the necessary storage.
Mount user data Volume¶
As described in Docker Configuration the user data will be stored outside the
docker instances. The VM Image has only a small internal disk with max. 10 GB storage
capacity. Please mount a larger additional use data volume in /teamdrive if necessary.
The approx. necessary storage per user is 50 MB. The user data will be automatically
ContainerStorageTimeout is reached (see Web Portal Settings).
Mount docker devicemapper Volume¶
Docker itself needs storage for the running container instances. The Web Portal
background task will automatically remove stopped instances after the the defined
IdleContainerTimeout (see Web Portal Settings). The time can be short, because
the persistant user data is stored outside the docker instances. It will just take a
few more seconds if a new instance for the user must be recreated based on the
The VM image comes with a preconfigured 20 GB LVM storage volume using the docker storage
devicemapper per direct-lvm access. Docker supports different storage drivers
as described here: https://docs.docker.com/engine/userguide/storagedriver/selectadriver/
To get an overview of the used storage, see the docker documentation: https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#/examine-devicemapper-structures-on-the-host
You will also find a description how to extend the direct-lvm storage: https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#/for-a-direct-lvm-mode-configuration