[fedora-virt] Access to individual VMs

[Kenni Lund]

2010/2/18 Dennis J. <dennisml at conversis.de>:
> Xen guests. The key though is that these users shouldn't have access to the
> host or the other users VMs. Basically I want to create a VM for user X and
> then the user should be able to login on that VM and be able to restart it
> if e.g. he locked himself out or the VM doesn't respond anymore.
>  From what I understand you can provide access to the machines console
> using VNC/virt-viewer but AFAIK that doesn't provide you with the ability
> to reboot the VM if it crashed hard so it gets me only half the way.

If the user should be able to restart a crashed guest, you have to
design the system outside of the guest, as you've already described.
Perhaps create some small network service or a simple website, which
would take care of user authentication and only give the user the
ability to trigger predefined commands on your host.

Another, perhaps easier (depending on if you're into webdevelopment or
shell scripting) and more secure solution, could be to create another
Xen machine for "management", which only serves the purpose of being a
secure middleman between the host and all your guests. Setup SSHd on
the management server and disable all other services. Create an user
account for each of your guests and allow the users to login to the
management server with SSH. Create a shared reboot/shutdown script on
the management server, which all users are allowed to run and which
fx. sets a Reboot=1 Shutdown=1 flag in a text file, somewhere in the
users home directory. Now you just need to mount the all homedirs of
the management server on your Xen host via sshfs/fuse and have a
cronjob which once a minute checks the text-files of each user for new
reboot/shutdown/whatever requests. This would be as secure as it gets
and if you're into shell scripting, you can set it up in a few hours.

Best Regards
Kenni Lund