[libvirt] Per-VM access control
Hello, is it possible to run libvirt as a "hosting-like" environment? we would like to provide virtual machines for our users, but we would like them to be able to reset/reboot/poweroff only their own VMs, connect to the serial console of their own VMs only, and even maybe connect to the graphical console of their own VMs. Is it possible with libvirt, and without giving them shell access to the hosting machine? For the serial console, I thought about creating a ssh-only account with hardcoded "virsh console <their_machine_name>" command, but "virsh console" can be escaped from using ^], so this is not secure - this way they would be able to get access to other VMs as well. Thanks, -Yenya -- | Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> | | GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E | | http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
If you find yourself arguing with Alan Cox, you’re _probably_ wrong. << --James Morris in "How and Why You Should Become a Kernel Hacker" <<
Jan Kasprzak napsal(a):
Hello,
is it possible to run libvirt as a "hosting-like" environment? we would like to provide virtual machines for our users, but we would like them to be able to reset/reboot/poweroff only their own VMs, connect to the serial console of their own VMs only, and even maybe connect to the graphical console of their own VMs.
I am solving the same problem. The access to graphical console can be made via password protected VNC. Latest libvirt release support this. However in my setup the password sometimes disappears during other actions (i.e. removing iso image via virt-manager). I was not able to find if this is general bug or just my mistake. The second way is running consoles listening only on localhost, creating shell accounts with disabled shells, generating the SSH keys and specifying in authroized_keys allowed forwards for each key. User then logins via ssh with appropriate port-forward, and uses it to tunnel his vnc session. The same can be done with serial port as it can be configured to be accessible via tcp. Starting and stopping can be done via some web script, authorizing the user and issuing virsh command. I know that all this is rather complicated and wourkaroundy, but I could not find easier solution. I am looking forward to see replies from others in this list. However all this is becomes more interesting problem when you want to migrate machines on to another hosts transparently. Radek
Radek Hladik wrote:
Jan Kasprzak napsal(a):
Hello,
is it possible to run libvirt as a "hosting-like" environment? we would like to provide virtual machines for our users, but we would like them to be able to reset/reboot/poweroff only their own VMs, connect to the serial console of their own VMs only, and even maybe connect to the graphical console of their own VMs.
I am solving the same problem.
The access to graphical console can be made via password protected VNC. Latest libvirt release support this. However in my setup the password sometimes disappears during other actions (i.e. removing iso image via virt-manager).
Pretty sure this is a virt-manager bug. I'm guessing we aren't using the correct DumpXML flags behind the scenes when redefining the VM. I'll take a look at it. Thanks, Cole
participants (3)
-
Cole Robinson -
Jan Kasprzak -
Radek Hladik