From 7dc68b5ac75e7c0fa0ed9dd9e3a07ff0783a27ce Mon Sep 17 00:00:00 2001 From: "Michael N. Lipp" Date: Wed, 5 Mar 2025 23:24:03 +0100 Subject: [PATCH] Add documentation. --- webpages/ConfigAccess-preview.png | Bin 0 -> 10855 bytes webpages/PoolAccess-preview.png | Bin 0 -> 7090 bytes webpages/_layouts/vm-operator.html | 5 + webpages/auto-login.md | 84 +++++++++++++++++ webpages/pools.md | 145 ++++++++++++++++++----------- webpages/user-gui.md | 2 +- 6 files changed, 179 insertions(+), 57 deletions(-) create mode 100644 webpages/ConfigAccess-preview.png create mode 100644 webpages/PoolAccess-preview.png create mode 100644 webpages/auto-login.md diff --git a/webpages/ConfigAccess-preview.png b/webpages/ConfigAccess-preview.png new file mode 100644 index 0000000000000000000000000000000000000000..e7523f91b927b6095c8e9e0084730288337eaed5 GIT binary patch literal 10855 zcmb7q2UJr_*LDOI6#=n;fM5XysVYsniXZ_2rAi=xBE1`mG=VF^MXFS#3M7;S5(GkT zih@$5gwR3}X$b+Tq4Q0=|F{14zGc1t&pL}_PUg&+*?Z5kpS|~lKhU|ya*X>J1Oj1! zYTVU>Kp33BciNG|;QxEfkx1}y5OD`;a0LAMA9?yGXmfd}J@U|Zwej$N{LC6+>*DHc zErzgqW^L_)uygfTWNc7|KrTR_cW)a!Pot82o*PV&_LsWubCgJ&xNsrj{fQ$N4rG^v zUJio2E_qYDcQ-9BI4qmL}}2;?E5nWB0c@-!kyINMh+extw&%`JAvr-wKj={N){)Vnc~F6MD~90 zLhgrVW@#-2c4;1 zlx=M)UuEcTIk{PF<#QY>PV?Pu=ky`Vc;X}rp?b+2AGhEQcA3OGbWyrlIq4xsYl{-K z?Ak=irO6h@=14BzjfpVN)!Bz6pPBTbQrj3Dn?;`UaQRh!{+v!3dwcuV zZ{NDhorg!T79~%^KYjWnChnmMthZB>NWp7PEAmev_^fo3XCZeKv zWXZU|U5t7RU(wH>Pg%|@n}J0>u(Qh_^`(ee@YUZ&=H?0u2;6N;mcZdVT`DLmT`I&s z+4)bOJo&?Hw9e1F$fPvaXgf0Uxaa&p_lz_nBxofIx-Ji2q2NE`*@QY*&#wPi`j1B{1fr&C?~dr(^Gl*NYq z7tkJ0B0LXFuA=1#3yYzH1KOzY(L+kWQyUv$LBV@D>QT>3GUDR0B^q}0&YU^ZX$=4o zR^gH!dYnsd#;;_U3afO>0@BOb+uf!lnYy_9SVUj^8l$|W!LJ_qoj&$tOH9ptQ@0JJ zzo>e5eVEV?7#PK?U?gHxc(cgLXBe3AM$+2n@KfkbJ0VhyxAEP(A$)%G*E=$lOclK5 zA6Q$X1m?&XTz~Q7rZnf7u1p-T(>XK-+XG~U12Up~WIEqh?MWF~7*1VBOt*J4OVqxf zXbN-OTAd>gSKzMbW)!Ybh+1(ARWp3hp1uNoY1dK3m_>duG3~0Vs@C>)50m<*-%bMi zSBFBO;%(csMO<9m$>jBS@7^6ddi3FwCr{Ed2h-#bQr4}f={oGq)z&9s;cJbIY<=9- z=_-Nse1SXeqyQS}b$GaY4NhfmDF&Eqa)#f6oF{e2kWFRBt*9%n-pa?64fvO{3neC& z4<5vJv7TjT&zkGaqkL%L>&4*e(Z&`5hV1O@bOkm?@#MLXs-bb3nwqOajyU^IAxBfB z?BfIqT*vB#MMe7xO-iNQ#&0F>`u5f%k$0InM86kRjH1W(_h@lQ5nQbv*r~l0V=pj3 z<@o{I>v71Ckb`&^($M6#hK`Przkh9#m}#zZz?Mc_Yg-%s*_0;9YuFh-6c!dHA}43U z#l=;ptE~ZzIgB?3oAXjU=$OLN1eYm2eE2YWI_Kir0?G7z;LZn|_P1H4E>&vo z?(VR9|Eiwe-nBv7OlX|f!bm}O_9d2cHy_X~?%w|1E*>$XbLRBv%K6^Zbp`JQ1AF^| z!z|oCOQ=BCQAg`c1$8q##3|piRO>wV$;J(6d?o-F9TW=nk5gwZg9QX$EpKeR zwMHE_2GUGKGZ0nTl#q1ofu(wxGfWa2_VB}01Ofp!_v;;HUrv#69=fo25m?#EbVo1H zC!xaCLJVGQ@a@|-2Ld{Ac>U_tt0_0EU$4&(@&gzFGhUnPZJ9iQLs#Frd{suK-@0nj z^Wnoch8g~dsmSvWT}F{x&Hd)CT3Ro0Ia53ynf?}cBV4Prvt!9 z^=}9ssX|!UNsGl*YNRQP^}#b*qj#T9r&>z zU#W<2J+t1kuU^S4d0&ONHIG70 zx}@{*ynNYLt#(fTEMS{|v8)y-kQwC4k98#DZ@TRBmmvPO90bpRlT50` zYXHr+oEJ*Clzwx%ALU_UqN43HOr2dSS=8acz6_=9gyduisKbyHj8~ytKZXx}nwNKO zg&Vw}^Uy-cyDo{engG9~>5lDNsWQ&S=H~T(Fv*7MWO#!`i`z1COeaH00-qDzCEp2T> z4UIpOBrMDw(@8GGnan^eJHNV+fWYUfS~_l)+GrQ81FuO2F(+f4J|s^BfXe3nA6tBL zb8~y*oRFPP+hFJI_46on23|R!+RurYr|WI2n`*`5eMeO_5g-9TqCR=QOOlfMa&mIq z(hdo2%Lxgm1Avo7=jXeLV+srDJV)y3*I3CHu8_`7KmiiozJ26c^ZE1LjudIkLk9+k z1q?4g@j3>S9QpJowV62-Y`TZiwONJjG6q18jU_ zIkXo+-WV$^vl!G6boE zbOC!x|9P@A#cpySSDZRrVGLpnJV0TF}X?6(8(&VAGEJ&5vj zDRq!v>0|`qZN*{8!lr1|>TI_feR~-7^Wp8-XO`}FcceDxgVv19sD_qS@BCn?C(v@6 z1728K8sAAL26T?Csij3?ZGim3kyi%kL*X|I!^Gs}^$H3Y1)z?^7de-;j6@W+i@}<~ zRZ`04_$`hAt6ArP>N$`hAX1lp_EUpC+0HaMO<=!vc6RAhCN{o80HgN6myyRB0vT%+ zAS_}^O6fk1knv#MmcxFl8nI~c*Qts4dnP7+Pd_|Da?8qSYx9mfQKItmg-}2#Q>}?9 ziayWks5KsQ*&v^S(a+O4jt7w(BHDWC#}~Xy=OEaEFrt(K&kVU^OwxN^59g8&us5jp z^O$%Lf&hTJEO37h*2ZJK9^m1DJj_~a#>iwodNzz6>EhD#iI2gT$`k)BCjWa>Y08`O zn{8lL?R(EQ3N!>-OZZQ5W5El%jG{yM|FSLxiiJrMgtIC8|x=((Xz~Z zhA7oMhJxIB>5yQmpN{!-CpBL+)rb!5?YuQRaMr(|Jxr$PG{?~A-yJU%6Zl2T!iV5} zdQ@?TIe^cQ#zU_!J_NY<@3KPw&bv^GrGx&x0};nEkEh+SRL~NP(4xDEFY0Rf#uYky z;!L-cO4w!`7K2qs*bg+yy}H<4nvm*k2Ass}h^Te?f=+Pq6b;NCnVROMuWwwMVc108 zxAs<%>F29AZ+-<+|8>XBEf!Ysr`0jWAjGkM%v}AuIsR)rZ71o6Vk2?cCT(ar2M>)zIzq?%aoV1 z%7ffMoLpATSUZ7Jg~JbzBVdd{%rQ9C4Hz=Xt%)T?4v`DUCU==v%hLMd*x38+-DOJD z79pxaX!}95?$BRhu-`!aM%E)q<1<1E4SM`1Ri&!ELww6wk_4Pd7P)F;91feb%PE^` z!B3MzJz3Tq8oHFX3t{C>SD_$D*au>=_na2~4*}8NTFKm>Z>s=Vj_Y-_XKsvyp& zUh6mY+@@AgCSz1wewoWa_5fswgRBvOANYc?DTW|ju!EfkqvPchEV9_cFIMli9)b2G zpfFGsY)FJyHpToK3J@OGeu0v9x%gfK|Rz8NoYW75Um7m?c9ei7J*1zCI zys}QRN9DlaLRewCuML@b%V+-u-i4r9LGq8+JG_oVjP;tQpw5?i%_Y9;su69V?cM9c zYV)wndcWGcZe5)bKz8qVr(gjhOJfktd(b|Q30-JJCtJMB3)p7MhY!nC&v-W&=4kNEpwW3s9V{)lo_C2`77krtGSnK$`2kr8Zf~h2wDm5@*VJ+ zPQZM!@n(G~@7s^w2Ij$L&Rdk>{L=7osY2IrfPIjSfeI z+Lte1V8xcf&C$FVX#5pu+}0W;Z+_mX4#e`@iqDIUow;9j*bu`%-O=81t`0qZgTWxi zC9bF^m(!-RduhktcKA(!s)zB`O{iX`xl$tH=bxkgG{!ZZ>h{UKcyS8$?W|o9=~tq> z*@$^unGGrV_3KCjT!zwWN3QE-sBBFAZT>JGrHFekz7Zk^ab#WE2%5bqR3q+K#Idy> z?SU9DU%&Oe!k&^FD7d6vIQ*0V^nele#LLj+w{P>`N!pS-6&5{eUQD;Y1BAh8wHhSR zrCY6)xQE_ew=y#~73Bc@?S9}!(|G}?iHV7@m{`%7>QEM*+yebP^3QMaLsbadIZAw$-E>@#|-q^y}9U6W|^^SqboIKOD z3m0yIaPsBhRl?Akh5e4R)n(vg0}F05ZV6u)@0&8H_NedMRFt^_i%a-E*H@CSVU=H9 zJd2bsbIrT*@uM$!a7IeN`u!H%rz(_{Pe>$-ML8A_765IIAlMOa6TJVnaYP!zc|7w_ zdFRsYt%X}v-3;zrc8ZFMR88l$;6c2`Tg)_S|P`;gF6yWWesDbJHB zoNzlks-#D%l>LwL(Sd=pN-Gr&tvYAWzw7Dve|An{6(+PS)J;!3jaW_mAbK(eM|WQ*obbfo9GD&AcIfDtoT=At}%zJ7nVy z=>>}Y`?-r96GgZv#}D`@mcFkpEGsJGAd~hgBt(dxUljy0ol_X2B0Z3JApjxb0QlCa zEb0Tp+Ou659%COASQt(ym91q^b zyX)sJ`9BCW5lxcB`t(+qN>RVOOWDQEy^em}*Z9I1U4}HE!*je~#2H>~OVuVsyDdVI zDTq0|i@`MFD@2?7T){icF{#N22J5K=pISE;id~MgDk)o7O3GleIjYwYSC2*evFm1hr&GCJjZbMWL)a%Og}w(Z7CO zgOAjw8)0EN=e-yDB?D9E3GTqs^JyFbqR?s@tw9Nsa!MX9oJzvdk?^{#c^=&j?N11j zdp7md?#b$O35efsH(_+kTAqV4HC2ada?DK`9)hJCW>1ZAwiyu~KgDa@KEQzwKl*(! zRNej&=iH)bIJv<=9txsZs6F=$FhOw?CEI(ZM4m!2j{ zsRJ&X=qEb%o98Wj@aJulFaQaOz+?u9xg(w0cKugs8$>+f#B$-EsjbhS|6kPhUuomt zYNUT#bQOyeM+9m~1Y{yA8$rc1I76m*m|8OE1X!AZn%XPC1D}=-f-8*zx{NE`yHE-% zDuERpJAT~2((*k61H)6iFW<)M*#UqP2-S!$*`UA%;{8FY*C&vsXygJJ#m+Rt-G{^@ zc`c2(4p|*bz3hFzBL~}N_V#lhJC^db(u0epbuj#8;06_-?=LaN8wP}Mi+A*ELJuc< z-*^UGuk+}n_uXZn6gYWN9!z=s_ITR$rPoKTpMv^cV_{*4 zG`NZ2FFF7jw=&(kFt{%cA8qz-sl3>Ivl-Rl?;R;Qkx%(CP(2*Ac)4h|$it~5L3Z%@ z3#%v8-M7?TX%2cCNx3fv1b5B2r{-mr>)WtQ!_Q9X5!ONKt=T(}mE zpL<_6D>GM(ZQkOT=xM3YGO6mpyK2OU$G;%m+oF8e-+t~EyZQ--^sdk%ipAbo=ML^C z*^*t4hciIN`6vCL@4}FaXoeP^cRhbxSAVcM!AUI7+!NYeQfXd6)gW0v^jI~SHATug z3)q`RUq9|=s%ymqt)9AZwc#%8$CYy?VtTy~_|Mgqc05XYNKm~=Q!lXIC@9x0y1|eo zpcH?x&ZDSL^uDlYJfG&9j4{jANNCTDp){-A%-%|sQ0vC#iaSnOC-0Z#T=4ClhWZ3P z(+S_gyil!(z*yh%xKDo|O)Ru1fign|4Z64NVpnHR%w;<2QmqDEu3j?n3ooxG?futZOIq#HkUG7d-s zYMqE59-8mTKcxOBBIa7C(xRra^v@wAjHa`e)%NmGbJs7+0%MV@mj>SY8NuNzUBb@I zx|lBr9`869G%L7AP^D7b0*qdWS{iiix~@!#aY;6>G~(|0I6LRhztX3iouaY-Esmim zk59`>6S|}xBz?*k;LNY!{W+J_Uy9Nr&kbbjlUKjqApS~#j}J|2WIcVuzDl2{sVOSZ z+&ZMZV^A-%zvsO2n%Uy}h^ULrZ7}XS>oMM>=+j&jG+Q`_ahk6ShWz2#>UU^QcRY4m z$>YA*erEM7Vq^CPx{kb^ zsHrptM>=S#}XaaoMXc4l@yaGtV9P zlw}=qJ;YcE;?vta;g)s%vutk7b%RO;-7SZPZP+A#|ixYhYSO>wP8CWS!A|{Jl4qEIqvKZ|BbVN<<`IdWo_np1s&=PCz6X zo$0UT`p~W@z$Ab;xiQ=2D73U^G|fjF0gw897o%AiWiG{`Tf| zTU3zOPYFGrA2hE73Dv z!)!dN>0OZt8K#cyQ{2e{QPjtUYzWDF*xY5!x$dc+_J?{e3Rb@aMrj2fpL;;_+TYTw zt}abjGM#(H(o>y@%s(+HSzC`;9iLH;f#+4~51&qi_V#N9a*3Wv;1)bHGSYOje-=&K z>zBH$X*IB1 zV5ok})FXAZm8Dq`PZ>?f#dBWIMC3&zkFHo2P(s)-iKA>iw z=Oik|C0<_1_4vIEdyvd$K)qz+TA4K`^;urdVO?*?B(0lPxDe_C@cK7ZvjL&7eWDsQ znw`ZP#aB{Mu~l;^O^ohfXWqpfn@rNWJk>*85uv{kJI?1n zzrKMngJT={BO_)Y6|so|=YoQmwOw4WAc7@fnadtISQt(>1~Y<+My$Xc`nj)|sp)C* z_{W!k=sl|$b+&Bl>;&cfhoBP5%BMJR#2VCq%qqdt;E)wE=Uz-T{Jb5$I@fd^&ck{8-*5 zO6;wVP>o&oyv_x>5;BLKWI#1~W0u5lt7-Y{K&RlsUf6<5U7iH9u7!Z~u#agNeHa%! zEZyQtbbx%l)449p{%Xjt!==~T#`qv<6!AYBjpA$eyZyF^z8wy$ z)YsZHVz_2U2)EgI+M9`ie&}`CN$NAmO-^{MlG8%v_MKlgLe0a0)EXXEPudXN&u2Dk zrHsW*TrRbtj@*TzsWUciPX96c7?D@ccU{-w(%LI&@0Bixg&La;w48SbDVep-{-%Z0 z&#{cWtBeO_Au~J-sj0-#<37F$$I15THB}CT1`mf9N0+8vuBfT*QPVq5T!o~y?Wv$R W8+=P6Gk1XXL7-|ncd>UY|M(w2iYRLU literal 0 HcmV?d00001 diff --git a/webpages/PoolAccess-preview.png b/webpages/PoolAccess-preview.png new file mode 100644 index 0000000000000000000000000000000000000000..34db8cd3cbbfef15c8ce24c00527d48b449e81f2 GIT binary patch literal 7090 zcmcIp^Bji-0r;h)5^`0s=A^B@Gf1(p^%cW5iGiky1grLqNK_h0!74Xrvr4 zMt6R1fBgOdA6{eiYtkKi@Ehn${=7R<)O+uY3>$JQC1J*1>~071*uig;0AH0= zl9kr>NyX0l`BSa6AooU0+*pldWP-@E9}u&@`k0LuD&|I7z*W7z@n5w?jf*%<9-ND( z;83dQeS*b1W$C@q|6Y^D>5`L5Ka^pmP-0)>kXDp=@R*pD_Un+d7y8oNYkGcg;cL6v z^3D|;%iT00E_mVCn}ANTwXya1l+E?RHL&n_?t0v&sxaQq5P8)=?i8h#@322-m~@qI zQg+f1EheWq+CWIf!dfFammrqV1pB4M#a^7vvrF~h#0|acOOkycP_tIQCL@%&{mo^Q zUvool9@7*yg{lp)`%nBfb)7~d%5w*rHX!aan@$mf+dZ(WQ$njV8|fa@@}-@GXP-vV zcH6w`r5ThI(L(B);;c`UMGQ$(3$2$q#mL`vWm*$ZdKBy}0{_};o#K`#M|5Mn)Ae+l zRS0hXvCQOGQhs@(Xo3tRHwjddYeN`bPy3!PAliP6`sVf~TKMRzCk_xT-}Y6pT39S-pmQv*@gssy4Z znZhYU7_}1e&Tne@T{cx&;~PdC(Q_j$I*glerkqAH*d#|-FnOzQ^7C#aG5ITw@Mh2M zdm60C3Ot#^9fuPUaOmC5jnPlHv_H1j6Hc6c{?7!i*%tjlne2(|fDdG4cxNSZm|8r| z@c}M%wr{H7YM@=WzEqh0oXFE9s_ZlWG;6d8t)EnY&c26126?BXeHhRDz~l?O&5cxj zSUwI3>m{XPda7yBab~O9No)`a1)Vzm{^Z8Sr10`c3Nh;?8df@oIcw(7d>~dULo|{s zxb)-1v(h5U0Abd+8=8IFWC1EK>&OK;0oJ9>347*&!S%Dk_>h6+Ie{kKR1J z%2FPVO9{tVtV$Ain#B~S`XstX zm~!;*UnItyM%yO-QR=e1n4Xy%F?ybu=|yEGnS;$Ck)0U5>7)SSqODLssAWZ3Ei3$H z&OlkIrskW$ytca=JL)M#^2x=^H!jx)S5^zJaAB6{@S?%fMT}4D_Qmg*B$C39%zp`BZ zA>5j($my#+!OkL^eGd|!zrEKLMrM0{xY2xlj?vcEzI8}H(4hS#Wfe{J9lEJ#sF$$X+f zQ&vuHubbAi+-~gQ0^%lM@`xF6>FR}@k$e66p7)$9Au@&qjh4I-bwHIKU0m%npqX(5 z1O&7b5SM#M9Mv?)WS)P=``eB))#1Uxw_a;$J$~|JdGd|vTAKHQ`EaV})?7pE_0>ge zYU<#|c)ot4$72vw@8X+2&Wzoys*$fLDJpG&S9JUqw`d|lByY|}F4q+#JFWJw6sAoM z*H>p!c!s$0e;2!apX-FeXx&F%sk=-FfT(mdag@**;8@Sx;zHy?@fOyfzijj zInttxjHN!_o*!rpxKMoc${IUUuuEBAx{tLfl&*!gSmk+KeDJhjyRUb)8W?WwS-=m~t8cXJ7sZ~UP%yD2BY8GS}PU#@4aZ_|*orRdtCk~VA(kqBJo2wk|p(4UdLff^E@ z)Vyj;ir0TiBOk*&ba{4Q+)2E9wS!<`_>gV$yI4Qk1@CZYF@rPR2Tx9Os?oD((W(3- zd%J5TM)I0YPBZy19Y-B{6vq}+e^jn6c~w17*%!-+uc4vwhpWkB;~ow_KYz49&RFmJ z+yCh``|#H-z>5~Kup+kz4E>ERg)c4UtRr)ncYs&du+Tw+?mkP;2=eSMSNo0XcF)(n zO;7C7{onaVUDNlH$<|libJ!EHaiKp(Pk+08gCNzkko? zLk|xm$!33EJ5|FJ5hX8^?QY{JM=(HNC}Eg;+o``$d99 zMXVrWa=1vYE>8Z{%^`LcwR2o2*U){Ws`uvS8icXv*fh&K_e(;4&*uqfoCf}3#N8#@ zmFzP>7}0&q2-PcRP8prQh;wAHz%$`$Pf1yBJIbnhAt9m5qcX%=`#bzpG4JR~0aTig z`pa#T7P!!3%-Bjwp|2m=?Q*NWdkK(Z^PWoU0i5-P7O|J1cUU<&!@%~w#>L4>OXKFN zrC9(3{Os-)@@4T`pQ|fGVK(L(sx}2|BWU?-KuM*Fx`&c73YVLA5oG7&(2IFJC6hSK z9MEWLIYWmyELHm*jg$NyUhfDG8M=wt(0CVqc!Xw(l^c$xLdCXTi?cu})X~qdhlU`^ z0Pcw*FlK6MY7gwpx41Z}U*qFv!``i3Ox|-HEhh^Y*ZK1DXE6h*WuI=w6j%y>R}jYa zu-dDs-AzhLdc@A|n|eQ+KiJ;e_^zyx(ft$=7zfx(aq-j2swz}}mhf<(e#ahhOcMT6wqiX|jK~4LHdPxN z4uDW9dU|@gD0vRm#L-CgHI^0=bpr#2w{PF#q)H;v>lOo3K)`~89DY|f1qBxVa>pyK z&lkIa3iq$Tuj>((6)G>p!ZuFV_fk%Gtw`Hu+^03KWAG?dB%WAKUcF1Z<=SGm(nib| z%?u@py0F-8`IYrDtbKs|4c2I`#qR{q1)b(iFcJOnBT-K@)4)kNkwY|N)r$+VULBD?e(nTzqo$t#)S5VXx6xrU>3jWyE_%KQr zQTB4Jf@tFyq+m1b#lX0w-qv$hD*K>9r5VuxjRV}MPv?JGY!_Ptc-Iu7@0)jjq8_Ew zs0q&&S@e%RK#z!-px4$aTvy~}WMq8Sv%>J4BLZGr%s7-aG&?(ujg3v9Q0`k({9fC0 z8oV6*y1%0Jti<)g6M)gZ{yU*yNt`@kD(e`9TlbZsvjy(2@GH2r% z*FPCy&A9EE(jV4;moSEegrrIYB=`0z0)Mr(wg&X=!_<@>(#yia;u%8}khEu3z2r}6 z{tF{x>9Mb=1Qmqb>ygqc(fzKLrtIr0ng;QF$j0_zR0EYH30ur1wwnIJrr@*R$NARI z?!n{7;R`K(TCZPsR#+m5NJ*{d8$ENseMZ9A0Q4f4ihJ7;BU3%G*}dPol7?zM&Acv8+J=4I6t zO8QTr=jM!BFZWfP+pfG8;FuDdkl3Ck?P;=k)x>96N-qq@|J4<63j_78D+R^HRv>F} zadFRl_pPo^k&?AVE_jztYA}NCkStWk3_X@Rl_#r^S=+x!zgR=l*2&G@)Nj<;Ph$^D zVPOYfz}BVR(k3DW{w&KJn8W9)cu#^um83#OpAi?3GjQNi%XB@;l(9?vAAAV=B$JSg z*=qS`c=Ux)bq(@oIA!1P@ZIAwO*_RVlJy@tMZJTAcf16Xc?1Px7q5@&L{?iWD=X>5 zeV)n5$)WPDqbl9eYON55=Md;(TwcLZN+Z-HixUV|IEtE=l^hGa&S?FfN35-7C$y${qHtfh{J{Yh%Noe@Q-kV)q_z%Bjxpi$ zM~{BG3R;v%fU16f<$(9+P1`xOVV(2Z7X@bXp=2SzDW5w#WoYN{oIw|RpFEyokGZ*XYHNR&L2&x|`uul0 z2nSO{)CF&ty?V?OZY1>@@Q{-S;m&4v3Mw zt1CY+L2NucQLHaR$(fj50ZIo-9o7@DS!&$mhBEf9K->i4Fb5oJZnuFaye7@PDts+J z{~;sbWS&q;M~50%@chQci z#aX>>x*Ig>=RxG9Wnc`DP}aOpa&~qGZ0I{+l7X6c@Z33;nx4i?OiYkdP)Nh!5W`wW zRsf9MT^F@9NVoe46kQqZ7eheK%)DLU1n|dOM#dtc3S5JfwZ-UlqgK9J;N%#D*bYZ{ z?VI^1roKhNzdYsFkN*CCpYx4;dSOR8&`&&)kYG+zLxO-#)xk1U=70Qnl7Ir-yM6=* zREi7Sah~_i0>E+D=%@z#c&iU^wZVi0n*NR0MW8iE5y)`#{_?T~IHshhmuL#McM;Gm zKOw~B|Jk%}Snyliq|mJ<(UK=%=`%A1|FY%WxWVB8VZzA>IM$DC9IncEo^JFdIeBv* zDe?B#qvM^$5zY+%&RnI~`?C(EtE*NCgi%m$85ul%ef?-SfFv-SaR3sh#tN8R!lUu{ z*o2BFW=`c5*dp%B)7nHck;2JG931y(XnH`#eNUId0R5YRTtvU*8b%T<`t3j=o}023 z77xX|w*HvjoYR7;@|<3Xd#p88@5+V)%vGy1HeJy6u1fq<)+bLsnRkWmowVJgWoJJO zyuz3gYAXyp$_y-jyc^c+))@(L6lP*sHC@^>v>dG~wj7O2Or$gMU84qN+NF*-*MfL& ztGc-fFbX@G0dBevg-`IiR{5W~>6RGCX=+l0hle)<`kC`Zr}55WP-QIO4ZWu{U%!4W zHEbFmA1^E{G#~%|%5kQFtF-}Bi%Xm`{TG}HVFc2@x5MxIo#E9a1F8rQG*^@ z_L}?Lf|}EG!`l?{=N`nK6PiJkYaF%dKZxuNQu9>0Nz*>nb9u!uD>|qcLz+q0FUifBhJ2;5rQ+-5MeO!{V+ycU5k97; z9m~Q-SO#ai*Ja*lhl}jnI!A-b;eTJ3+|sV*B`%0%%d5FOs>aaE%(F$#O%`pO(6U9M z0zExRNgSe$mfO5&-CAdU<(85Uv4`oWUb@}LArJg0ANoG8VPspGY@4_ko{#{G@x8IS zjerCu{U<~dosgs#=b0|K;5|U+TS!~a`q#GAA0Ag*-AnOKlq2~KmC~cX5 zb{=Z760}pXpFfZOFtxY_vQSu5bkNkQme0n^8x62qb_AM%24L5(&X3r{#G3l@1XPrj zxgI}e<>QN?V3U8*8a_^=B*nO9RNsF+jjy=QaLQ63O(+8C&@@?AjFVNR1N8yBhupH2BN12r6mzGACwOvE(oE*cwm^31~?;VQ8pTS=s^bH-J zJb41_!ZPR`lN;IP937v6R$5j;VLV5HtXQ{blZP=oJ9~XRpX|8_S22&hUqEa960cEx zdv^q_lA_`RcJ`1_jYUd3)Hv`)m!*u1j03<}81uHy$5$6ISMwO5CumCo3FI_;M@Gtix20Z!I)z7D1?Wy>l ziR3%M8$*JB*KDwsUgTXRJk@_cW@iN`%4u6S_@4m=Bc01FTSm*xp`mEgMqzd1Znf&mqE*&D6Fnd;=WF9YBYSPjVcw4^(UbE?D zdP3i@U}0(5fUTWf|COhrF>CI9w5bE)%g+#XhY3>M=c*Rl_Y;hdDhx{K?hv#^m)L8j zkQUVQH+o_Fo$BVlH;4u4=;~Ssr|_o?Sy@|CFfyuu2GzLHBMbDDl$>g2;0WEFNCu%F zujc+rN8Qpc*c{Em$0xj-3r0A}^cG^k4Xtc9?Qn>Rr2q&aHv)z`ySnH_-5zObYDzoU zssNw;ADDCm;o{RhGYk4_D`9D2ktpsf0My*5(IfoRClW_t#xGyK9BxiV7&e2J|9_1`IS1~MR}un^@dP7aw7SAcDK@?^YZ47r*uIAU>oSBg zhoL{N(kbl0wD;OUt@LtRnmt$MxvBfX3YhRSel;T*6L@FyyUT-=qopp9EeF@z|xt--Afee^8CVEKx)f_#|) z44s7pCdFXw0Ux&4hOIwk8^w&U$~NV2eHsxLbq~a%%xP*q{NRW!teN4HZL$$a5>LDuZ4==2A7Q--g2>*XY<$(7xM<*8lSC&5>QFL+}xt{3jfSZ;BMS3MgqLMc^q1L33|u`7@p|YQsEJCJsb0y-FHjkELmxq%%2x g-Ks3x9Js;X)W|k&Q(e*m7u|4_

For Admins

  • For Users

    • +

    Advanced

    +

    Upgrading

    Javadoc

    diff --git a/webpages/auto-login.md b/webpages/auto-login.md new file mode 100644 index 0000000..8893bc5 --- /dev/null +++ b/webpages/auto-login.md @@ -0,0 +1,84 @@ +--- +title: "VM-Operator: Auto login — Login users automatically on the guest" +layout: vm-operator +--- + +# Auto Login + +*Since 4.0.0* + +When a user logs in on the web GUI, he has already authenticated with the +VM-Operator. Depending on the environment, it may be tedious to log in again +on the guest. The VM-Operator therefore supports automatic login on the guest +operating system which can streamline the user experience by eliminating +the need for multiple logins. This requires, however, some support from +the guest OS. + +## Prepare the VM + +Automatic login requires an agent in the guest OS. Similar to QEMU's +standard guest agent, the VM-Operator agent communicates with the host +through a tty device (`/dev/virtio-ports/org.jdrupes.vmop_agent.0`). On a modern +Linux system, the device is detected by `udev` which triggers the start +of a systemd service. + +Sample configuration files can be found +[here](https://github.com/mnlipp/VM-Operator/tree/main/dev-example/vmop-agent). +Copy + + * `99-vmop-agent.rules` to `/usr/local/lib/udev/rules.d/99-vmop-agent.rules`, + * `vmop-agent` to `/usr/local/libexec/vmop-agent` and + * `vmop-agent.service` to `/usr/local/lib/systemd/system/vmop-agent.service`. + +Note that some of the target directories do not exist by default and have to +be created first. Don't forget to run `restorecon` on systems with SELinux. + +Enable everything: + +```console +# systemctl daemon-reload +# systemctl enable vmop-agent +# udevadm control --reload-rules +# udevadm trigger + ``` + +## The VM operator agent + +Communication with the VM-Operator agent follows the pattern established +by protocols such as SMTP and FTP. The agent must handle the commands +"`login `" and "`logout`". In response to these commands, the agent +sends back lines that start with a three digit number. The first digit +determines the type of message: "1" for informational, "2" for success +"4" and "5" for errors. The second digit provides information about the +category that the response relates to. The third digit is specific to +the command. + +While this describes the general pattern, the only response code that +the runner evaluates are: + +| Code | Meaning | +| ---- | ------- | +| 220 | Sent by the agent on startup | +| 201 | Login command executed successfully | +| 202 | Logout command executed successfully | + +The sample script is written for the gnome desktop environment. It assumes +that gdm is running as a service by default. On receiving the login command, +it stops gdm and starts a gnome-session for the given user. On receiving the +logout command, it terminates the session and starts gdm again. + +No attempt has been made to make the script configurable. There are too +many possible options. The script should therefore be considered as a +starting point that you can adapt to your needs. + +The sample script also creates new user accounts if a user does not exist +yet. The idea behind this is further explained in the +[section about pools](pools.html#vm-pools). + +## Enable auto login for a VM + +To enable auto login for a VM, specify the user to be logged in in the VM's +definition with "`spec.vm.display.loggedInUser: user-name`". If everything has been +set up correctly, you should be able to open the console and observe the +change from gdm's login screen to the user's desktop when updating the +VM's spec. diff --git a/webpages/pools.md b/webpages/pools.md index 6b1e75f..5b587ea 100644 --- a/webpages/pools.md +++ b/webpages/pools.md @@ -7,67 +7,100 @@ layout: vm-operator *Since 4.0.0* -## Prepare the VM +Not all VMs are replacements for carefully maintained individual PCs. +In many workplaces, a standard configuration can be used where +user-specific data is kept in each user's home directory on a shared +file system. In such cases, an alternative to providing individual +PCs is to offer a pool of VMs and allocate them from the pool to users +as needed. + +## Pool definitions + +The VM-operator supports this use case with a CRD for pools. + +```yaml +apiVersion: "vmoperator.jdrupes.org/v1" +kind: VmPool +metadata: + namespace: vmop-dev + name: test-vms +spec: + retention: "PT4h" + loginOnAssignment: true + permissions: + - user: admin + may: + - accessConsole + - start + - role: user + may: + - accessConsole + - start +``` + +The `retention` specifies how long the assignment of a VM from the pool to +a user is retained after the user closes the console. This allows a user +to interrupt his work for this period of time without risking that +another user takes over the VM. The time is specified as +[ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). + +Setting `loginOnAssignment` to `true` triggers automatic login of the +user (as described in [section auto login](auto-login.html)) when +the VM is assigned. The `permissions` property defines what a user can +do with a VM assigned to him. + +VMs become members of one (or more) pools by adding the pool name to +property `spec.pools` (an array of strings), e.g.: + +```yaml +apiVersion: "vmoperator.jdrupes.org/v1" +kind: VirtualMachine + +spec: + pools: + - test-vms +``` + +## Accessing a VM from the pool + +Users can access a VM from a pool using the widget described in +[user view](user-gui.html). The widget must be configured to +provide access to a pool instead of to a specific VM. + +![VM Access configuration](ConfigAccess-preview.png){: width="500"} + +Assignment happens when the "start" icon is pushed. If the assigned VM +is not running, it will also be started. The assigned VM's name is +shown in the widget above the action icons. + +![VM Access via pool](PoolAccess-preview.png) + +Apart from showing the assigned VM, the widget behaves in the same way +as it does when configured to access a specific VM. + +## Requirements on the guest + +Some provisions must be made on the guest to ensure that VMs from +pools work as expected. ### Shared file system Mount a shared file system as home file system on all VMs in the pool. -If you want to use the sample script for logging in a user, the filesystem -must support POSIX file access control lists (ACLs). +When using the +[sample agent](https://github.com/mnlipp/VM-Operator/tree/main/dev-example/vmop-agent), +the filesystem must support POSIX file access control lists (ACLs). -### Restrict access +### User management -The VMs should only be accessible via a desktop started by the VM-Operator. +All VMs in the pool must map a given user name to the same user +id. This is typically accomplished by using a central user management, +such as LDAP. The drawback of such a solution is that it is rather +complicated to configure. - * Disable the display manager. +As an alternative, the sample auto login agent provides a very simple +approach that uses the shared home directory for managing the user ids. +Simplified, the script searches for a home directory with the given user +name and derives the user id from it. It then checks if the user id is +known by the guest operating system. If not, the user is added. - ```console - # systemctl disable gdm - # systemctl stop gdm - ``` - - * Disable `getty` on tty1. - - ```console - # systemctl mask getty@tty1 - # systemctl stop getty@tty1 - ``` - -You can, of course, disable `getty` completely. If you do this, make sure -that you can still access your master VM through `ssh`, else you have -locked yourself out. - -Strictly speaking, it is not necessary to disable these services, because -the sample script includes a `Conflicts=` directive in the systemd service -that starts the desktop for the user. However, this is mainly intended for -development purposes and not for production. - -The following should actually be configured for any VM. - - * Prevent suspend/hibernate, because it will lock the VM. - - ```console - # systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target - ``` - -### Install the VM-Operator agent - -The VM-Operator agent runs as a systemd service. Sample configuration -files can be found -[here](https://github.com/mnlipp/VM-Operator/tree/main/dev-example/vmop-agent). -Copy - - * `99-vmop-agent.rules` to `/usr/local/lib/udev/rules.d/99-vmop-agent.rules`, - * `vmop-agent` to `/usr/local/libexec/vmop-agent` and - * `vmop-agent.service` to `/usr/local/lib/systemd/system/vmop-agent.service`. - -Note that some of the target directories do not exist by default and have to -be created first. Don't forget to run `restorecon` on systems with SELinux. - -Enable everything: - -```console -# udevadm control --reload-rules -# systemctl enable vmop-agent -# udevadm trigger - ``` +Details can be found in the comments of the sample script. diff --git a/webpages/user-gui.md b/webpages/user-gui.md index 828eb98..be7b6a2 100644 --- a/webpages/user-gui.md +++ b/webpages/user-gui.md @@ -15,7 +15,7 @@ The idea of the user view is to provide an intuitive widget that allows the users to access their own VMs and to optionally start and stop them. -![VM-Viewer](VmAccess-preview.png) +![VM Access](VmAccess-preview.png) The configuration options resulting from this seemingly simple requirement are unexpectedly complex.