
Homepage:
    http://www.xen-tools.org/software/xen-shell/

CVS Repository:
    http://xen-shell.cvsrepository.org/



xen-shell
---------

  This package contains a simple script called 'xen-login-shell' which is
 designed to be a login shell for a user on a Xen host.

  This new login shell runs 'xen-shell', which is the real shell, under
 GNU screen.  This allows people to work on their system safely even
 in the case of disconnections.

  There are several commands available within this shell which will
 allow the user to control their Xen guest instance.

  The shell allows:

  * Console access.
  * Bootup & Shutdown.
  * Pause & Unpause.
  * Reimaging.

  The shell contains integrated help, command completion and a 
 persistent command history.



Support
-------

  This software is released either under the terms of the GNU General Public
 License (v1 or v2) or the Perl artistic license, at your choice.

  This allows you to use it commercially with no charge - however commercial
 users are encouraged to make a donation if they're generating a profit:

    http://steve.org.uk/donate/

  Bug reports/suggestions can be sent to the author.



Notes
-----

  We setup the shell environment of GNU Screen to be the xen-shell
 script, and attempt to limit the full abilities so that users cannot
 break out into general host access.

  GNU Screen has several abilities to "break out", I've disabled all
 the ones I can spot via the _screenrc file which is installed into
 /etc/xen-shell.

  There may be holes I'm currently unaware of, and if you spot one I'd
 appreciate learning of it.



Reverse DNS
-----------

  Whilst the shell doesn't perform any forward/reverse DNS changes by
 itself it does have integrated support for carrying out such actions.

  The shell reads ~/ips.txt for the user if it exists and enables the
 reverse DNS support.  If that file isn't present the rdns command is
 disabled.

  When the user makes any changes using the rdns command it is only the
 ips.txt file which is updated - you are expected to write a cronjob to
 notice these changes and perform the real DNS updates.

  For more details see "xen-shell --manual".



Reimaging
---------

  The shell supports the ability to allow users to reimage their system,
 or reset it to a pristine state.  This ability isn't in the shell per se,
 instead the script will invoke:

        /home/$USER/image.sh

  The shell will prompt for confirmation before executing the script, and
 countdown to allow the user to change their mind.

  To add support you are expected to write a short shell script to 
 untar/install/fix their installation.  Using the xen-tools package you
 can allow your users to install Sarge, CentOS, or Gentoo.

  For more details see "xen-shell --manual".


Installation
------------

  "make install" when executed as root will install this software upon
 your system.

  Once installed set each user who you wish to control a Xen instance
 to have their login shell be: /usr/bin/xen-login-shell.

  You'll need to ensure that these users can run "xm" as root with
 no password, via sudo:


# /etc/sudoers
---
User_Alias   XENUSERS = steve,nsa,grimoire,joey
Cmnd_Alias   XEN      = /usr/sbin/xm
XENUSERS     ALL      = NOPASSWD: XEN,XENIMG
---

  If you use the "reimage" system then you'll want to allow the users to
 execute "xen-create-image" if you use that too.

  Alternatively you could use something like this:

# /etc/sudoers
steve ALL = NOPASSWD: /usr/sbin/xm, /usr/bin/xen-create-image
bob   ALL = NOPASSWD: /usr/sbin/xm, /usr/bin/xen-create-image




Specifying Hosts
----------------

  The xen shell allows a user to control multiple Xen guests.  To specify
 which host a user can control you should ensure that your xen configuration
 files, beneath /etc/xen, contain the following:

   name      = 'my.host.name'
   xen_shell = 'bob, steve, skx'

  If the name of a host matches a users login name they will be allowed
 to control that instance.  Otherwise if their login name appears in the
 "xen_shell" line they will be able to control it.

  If a user is allowed to control multiple hosts then the "control" and
 "list" commands will be enabled for them.



Steve
-- 
[steve@steve.org.uk]
