[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Per-VM access control

Jan Kasprzak napsal(a):

is it possible to run libvirt as a "hosting-like" environment?
we would like to provide virtual machines for our users, but we would
like them to be able to reset/reboot/poweroff only their own VMs,
connect to the serial console of their own VMs only, and even maybe
connect to the graphical console of their own VMs.

I am solving the same problem.

The access to graphical console can be made via password protected VNC. Latest libvirt release support this. However in my setup the password sometimes disappears during other actions (i.e. removing iso image via virt-manager). I was not able to find if this is general bug or just my mistake. The second way is running consoles listening only on localhost, creating shell accounts with disabled shells, generating the SSH keys and specifying in authroized_keys allowed forwards for each key. User then logins via ssh with appropriate port-forward, and uses it to tunnel his vnc session. The same can be done with serial port as it can be configured to be accessible via tcp. Starting and stopping can be done via some web script, authorizing the user and issuing virsh command. I know that all this is rather complicated and wourkaroundy, but I could not find easier solution. I am looking forward to see replies from others in this list. However all this is becomes more interesting problem when you want to migrate machines on to another hosts transparently.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]