Re: [libvirt] Per-VM access control
Jan Kasprzak napsal(a):
Hello,
is it possible to run libvirt as a "hosting-like" environment?
we would like to provide virtual machines for our users, but we would
like them to be able to reset/reboot/poweroff only their own VMs,
connect to the serial console of their own VMs only, and even maybe
connect to the graphical console of their own VMs.
I am solving the same problem.
The access to graphical console can be made via password protected VNC.
Latest libvirt release support this. However in my setup the password
sometimes disappears during other actions (i.e. removing iso image via
virt-manager). I was not able to find if this is general bug or just my
mistake. The second way is running consoles listening only on localhost,
creating shell accounts with disabled shells, generating the SSH keys
and specifying in authroized_keys allowed forwards for each key. User
then logins via ssh with appropriate port-forward, and uses it to tunnel
his vnc session. The same can be done with serial port as it can be
configured to be accessible via tcp.
Starting and stopping can be done via some web script, authorizing the
user and issuing virsh command.
I know that all this is rather complicated and wourkaroundy, but I could
not find easier solution. I am looking forward to see replies from
others in this list.
However all this is becomes more interesting problem when you want to
migrate machines on to another hosts transparently.
Radek