Skip to content
Snippets Groups Projects
Select Git revision
  • acafdae0dcecf9f60eeb710c01cd19a3433c8d30
  • live_exam_os_ubuntu default protected
2 results

secure-solution-for-nexus-infrastructure

Name Last commit Last update
src
README.md
README.md

nexus-client

Introduction

nexus-client is the client component of the Nexus project, a VDI (Virtual Desktop Infrastructure) written from scratch in Go and based on Linux/KVM + QEMU.

Concept

Components

The full project, nexus_vdi, is made of 2 software components:

  1. nexus-server: the server program (backend) that runs on the server
    • exposes a REST API to manage VMs and users
  2. nexus-client: the end-user program or "user interface" to manage VMs and users
    • uses REST messages to communicate with the server
    • can be run anywhere (locally or remotely) as long as it can communicate with the server
    • used by users to authentify themselves and then to start/stop/view their VMs
    • 3 clients are provided:
      • nexus-client: a CLI client to be used from a terminal - useful too automate operations
      • nexus-client-gui: a GUI client featuring a native desktop interface - user-friendly version for most end-users
      • nexus-client-exam: a GUI client used during live exams

Viewer

All clients allow a user to view (attach) a VM's desktop. They use remote-viewer to do so. Please note that remote-viewer is part of the virt-viewer project

nexus-client

Current state of nexus-client:

Usage: nexus-client CMD
CMD is the Command to run. Except for "login", all Commands require an access token.
The access token is read from the env. variable "NEXUS_TOKEN".
List of supported Commands:
    login               Login and obtain an access token.
    whoami              Display the authenticated user's details.
    passwd              Update the current user's password.
    user_list           List users (regex matching).
    user_add            Add a user.
    user_del            Delete one or more users.
    user_setcaps        Set a user's capabilities.
    vmlist              List VMs that can be listed (regex matching).
    vmlist_start        List VMs that can be started (regex matching).
    vmlist_attach       List VMs that can be attached to (regex matching).
    vmlist_stop         List VMs that can be stopped (regex matching).
    vmlist_edit         List VMs that can be edited (regex matching).
    vmlist_editaccess   List VMs that can have their VM access edited (regex matching).
    vmlist_del          List VMs that can be deleted (regex matching).
    vm_start            Start one or more VMs (regex matching).
    vm_stop             Stop one or more VMs (regex matching).
    vm_attach           Attach to a VM in order to use its desktop environment.
    vm_create           Create one or more VMs.
    vm_edit             Edit a VM's properties: name, cpus, ram or nic (regex matching).
    vm_del              Delete one or more VMs (regex matching).
    vm_setaccess        Set the VM access for a given user.
    vm_delaccess        Delete the VM access for a given user.
    tpl_list            List available templates (regex matching).
    tpl_create          Create a template.
    tpl_del             Delete one or more templates.

Compiling nexus-client

Get the source code with:

git clone ssh://git@ssh.hesge.ch:10572/flg_projects/nexus_vdi/nexus-client.git

To build and run nexus-client, go into src/client_cli, then run:

go run .

To build the nexus-client executable, run:

go build .

Running nexus-client

nexus-client requires two environment variables:

  • NEXUS_SERVER: defines the Nexus server to connect to along the port number.
  • NEXUS_CERT: defines the path to the public certificate required for encrypted communications (TLS) with the Nexus server.

Example of variables initialization:

export NEXUS_SERVER=192.168.1.42:1077
export NEXUS_CERT=ca-cert.pem

nexus-client usage examples

Authentify user janedoe@nexus.org and obtain an access token:

export NEXUS_TOKEN=`nexus-client login janedoe@nexus.org pipomolo`

Check who I am:

nexus-client whoami

List all users:

nexus-client user_list

Add new user lukesky@force.org with a list of capabilities:

nexus-client user_add lukesky@force.org Luke Skywalker pipomolo USER_CREATE USER_DESTROY USER_LIST USER_SET_CAPS VM_CREATE

List listable VMs:

nexus-client vmlist

List VMs that can be started:

nexus-client vmlist_start

Start VM 6713ce26-941e-4d95-8e92-6b71d44bf75a:

nexus-client vm_start 6713ce26-941e-4d95-8e92-6b71d44bf75a

List VMs that can be attached to:

nexus-client vmlist_start

Attach to VM 6713ce26-941e-4d95-8e92-6b71d44bf75a:

nexus-client vm_attach 6713ce26-941e-4d95-8e92-6b71d44bf75a

List VMs that can be stopped:

nexus-client vmlist_stop

Stop VM 6713ce26-941e-4d95-8e92-6b71d44bf75a:

nexus-client vm_stop 6713ce26-941e-4d95-8e92-6b71d44bf75a

Create the ChocDoom VM with 4 CPUs, 2GB RAM, a network interface with NAT translation (user) and based on the fbccb584-9ea6-40f7-926d-dabf3970525e template (chocolate-doom):

nexus-client vm_create HepiaDoom 4 2048 user fbccb584-9ea6-40f7-926d-dabf3970525e

List VMs that can be edited:

nexus-client vmlist_edit

Edit VM 6713ce26-941e-4d95-8e92-6b71d44bf75a by changing its name to "Tagada VM", changing it to 1 CPU and no network interface (none):

nexus-client vm_edit 6713ce26-941e-4d95-8e92-6b71d44bf75a name="Tagada VM" cpus=1 nic=none

List VMs that can be deleted:

nexus-client vmlist_del

Delete VM 6713ce26-941e-4d95-8e92-6b71d44bf75a:

nexus-client vm_del 6713ce26-941e-4d95-8e92-6b71d44bf75a

Automatically create 50 VMs (Student_VM1 to Student_VM50) based on the 8ae56a30-3195-4aea-960d-abb45c47f99e template (Xubuntu 22.04) with 2 CPUs, 2GB RAM and no network interface:

for i in {1..50}; do nexus_client vm_create Student_VM$i 2 2048 none 8ae56a30-3195-4aea-960d-abb45c47f99e; done

Remark: it takes about 30 seconds and 11MB of disk space to create the 50 VMs above.

List VMs that can have their access edited:

nexus-client vmlist_editaccess

Set the VM access for VM 89649fe3-4940-4b77-929e-50903789cd87 with: VM_LIST and VM_DESTROY for user student@nexus.org:

nexus-client vm_setaccess 89649fe3-4940-4b77-929e-50903789cd87 student@nexus.org VM_LIST VM_DESTROY

Remove any VM access for student@nexus.org from VM 89649fe3-4940-4b77-929e-50903789cd87:

nexus-client vm_delaccess 89649fe3-4940-4b77-929e-50903789cd87 student@nexus.org

List available templates:

nexus-client tpl_list

Create a new public template, named "Xubuntu 22.04 + golang toolchain" based on VM 89649fe3-4940-4b77-929e-50903789cd87 (public templates are accessible to everyone while private templates are only accessible to their creators):

nexus-client tpl_list 89649fe3-4940-4b77-929e-50903789cd87 "Xubuntu 22.04 + golang toolchain" public

Delete template 8ae56a30-3195-4aea-960d-abb45c47f99e:

nexus-client tpl_del 8ae56a30-3195-4aea-960d-abb45c47f99e

nexus-client-exam

Compiling nexus-client-exam

Get the source code with:

git clone ssh://git@ssh.hesge.ch:10572/flg_projects/nexus_vdi/nexus-client.git

To build and run nexus-client-exam, go into src/client_exam, then run:

go run .

To build the nexus-client-exam executable, run:

go build .

Running nexus-client-exam

nexus-client-exam requires two command line arguments:

Usage: nexus-client-exam server cert
server is the ip address of the nexus server.
cert is the path to the public certificate required to communicate with the nexus server.