RFD: Remote console access to bhyve guest instances?
Michael Dexter
editor at callfortesting.org
Thu Nov 14 17:50:53 UTC 2013
Dee,
Your needs are not unique and a solution is already in the works. Thank
you for your use case examples and usability concerns.
When you say "write this addition", are you suggesting you have solid
development resources to contribute to this effort?
All the best,
Michael Dexter
bhyve Volunteer
On 11/14/13 1:02 AM, Dee Nixon wrote:
> Problem scenario:
>
> A cloud provider (defined as someone who allows multiple end-users
> to create and manage their own guest instances without direct access
> to the host's operating system) needs to provide console access to
> each instance in a secure manner. If a cloud provider were to use
> bhyve in its current form, a cloud end-user could SSH into a guest
> instance, provided the instance is already installed and running,
> but the user could NOT do the following tasks, which can be
> performed only at the console:
>
> * OS installation
> * Recovering from a virtual “hardware” or OS failure
> * Rebooting a halted machine
>
> A cloud end-user needs to be able to perform the above tasks on a
> guest instance without compromising the security of the host. Thus
> the end-user needs access to a virtual guest “console” that enables
> the above tasks to be performed on a virtual machine – just as, on a
> physical machine, the above tasks could be performed via the
> physical machine's console.
>
> However, bhyve does not currently provide any means by which users
> can access a guest console without first logging into the host's
> console and/or performing some other task that is quite likely to
> have security issues.
>
> A few possible solutions:
>
> * Use some external program to pipe console I/O via a socket to the
> end-user? (but this would be hard to standardize)
> * Restricted login? (but this would have concurrency issues as to
> which user can access which guest instance)
> * Perhaps bhyve could add a console socket port for each guest
> instance? (Aryeh Friedman and I favor this idea, unless someone can
> suggest something better. If others think this is a good idea, we
> can write this addition to bhyve.)
>
> Does anyone have any other suggestions?
>
> The discussion of how to handle this problem should consider the
> following issues:
>
> * The solution must allow access to multiple guest consoles at once
> by multiple users
> * The solution must not require users of guest instances to have
> access to the host console, although these users may have limited
> access to the host by other means, such as SSH to a port dedicated
> to a specific guest.
> * The solution must not expose the host OS to other possible
> security issues either (remember, bhyve runs as root)
> * The solution must be scriptable.
> * A virtual machine should, as much as possible, behave like an
> actual physical machine in its interactions with its designated
> user, despite the user's lack of access to the host console.
>
>
> _______________________________________________
> freebsd-virtualization at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
> To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe at freebsd.org"
>
More information about the freebsd-virtualization
mailing list