VM-Operator/webpages/vm-operator/pools.md

---
title: "VM-Operator: VM pools — assigning VMs to users dynamically"
layout: vm-operator
---

# VM Pools

*Since 4.0.0*

## Prepare the VM

### Shared file system

Mount a shared file system as home file system on all VMs in the pool.

### Restrict access

The only possibility to access the VMs should be via a desktop started by
the VM-Operator.

 * Disable the display manager.
 
   ```console
   # systemctl disable gdm
   # systemctl stop gdm
   ```
   
 * Disable `getty` on tty1.
 
   ```console
   # systemctl mask getty@tty1
   # systemctl stop getty@tty1
   ```
   
   You can, of course, disable `getty` completely. If you do this, make sure
   that you can still access your master VM through `ssh`, else you have
   locked yourself out.
   
 * Prevent suspend/hibernate, because it will lock the VM.
 
   ```console
   # systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
   ```
 
### Install the VM-Operator agent

The VM-Operator agent runs as a systemd service. Sample configuration
files can be found
[here](https://github.com/mnlipp/VM-Operator/tree/main/dev-example/vmop-agent).
Copy 

  * `99-vmop-agent.rules` to `/usr/local/lib/udev/rules.d/99-vmop-agent.rules`,
  * `vmop-agent` to `/usr/local/libexec/vmop-agent` and
  * `vmop-agent.service` to `/usr/local/lib/systemd/system/vmop-agent.service`.

Note that some of the target directories do not exist by default and have to
be created first. Don't forget to run `restorecon` on systems with SELinux.

Enable everything:

```console
# udevadm control --reload-rules
# systemctl enable vmop-agent
# udevadm trigger
 ```
Working login script. 2025-02-26 21:59:38 +01:00			`---`
			`title: "VM-Operator: VM pools — assigning VMs to users dynamically"`
			`layout: vm-operator`
			`---`

			`# VM Pools`

			`Since 4.0.0`

			`## Prepare the VM`

			`### Shared file system`

			`Mount a shared file system as home file system on all VMs in the pool.`

			`### Restrict access`

			`The only possibility to access the VMs should be via a desktop started by`
			`the VM-Operator.`

			`* Disable the display manager.`

			```console
			`# systemctl disable gdm`
			`# systemctl stop gdm`
			```

			* Disable `getty` on tty1.

			```console
			`# systemctl mask getty@tty1`
			`# systemctl stop getty@tty1`
			```

			You can, of course, disable `getty` completely. If you do this, make sure
			that you can still access your master VM through `ssh`, else you have
			`locked yourself out.`

			`* Prevent suspend/hibernate, because it will lock the VM.`

			```console
			`# systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target`
			```

			`### Install the VM-Operator agent`

			`The VM-Operator agent runs as a systemd service. Sample configuration`
			`files can be found`
			`[here](https://github.com/mnlipp/VM-Operator/tree/main/dev-example/vmop-agent).`
			`Copy`

			* `99-vmop-agent.rules` to `/usr/local/lib/udev/rules.d/99-vmop-agent.rules`,
			* `vmop-agent` to `/usr/local/libexec/vmop-agent` and
			* `vmop-agent.service` to `/usr/local/lib/systemd/system/vmop-agent.service`.

			`Note that some of the target directories do not exist by default and have to`
			be created first. Don't forget to run `restorecon` on systems with SELinux.

			`Enable everything:`

			```console
			`# udevadm control --reload-rules`
			`# systemctl enable vmop-agent`
			`# udevadm trigger`
			```