Creating a lab environment for users on the web

jasekiw

New Member
Nov 13, 2019
2
0
1
30
I am working on a project where we are currently attempting to use proxmox to host lab environments.

Users can log into a webpage where they can start lab. The system calls proxmox to clone a vm template and create the lab. Users can tinker around with real servers to get a grasp on server admin concepts. This is also implemented and we have been successfully able to proxy the noVNC server from proxmox using NGINX. We used the proxy server to handle authentication.

We are now trying to support multi-vm labs where a set of vms get added to a network in which: they can access the internet, they cannot access another user's lab or our internal infrastructure. We would also like to give users the ability to customize their own switches.

My questions are:

Do we handle the networking of this with Open vSwitch and if we do, how do we gracefully adjust the configuration without rebooting the entire host? Is there a graceful way of handling this?

How to we allow users to tinker with switches while also preventing them from accessing another user's lab.

Thanks!
 
Last edited:
Hi,
Is there a graceful way of handling this?
No this is not possible, because for openVswitch setting you need root access.
So every user must be root on the host.

How to we allow users to tinker with switches while also preventing them from accessing another user's lab.
The only way would be to create a Container/VM what operates as a switch.
 
The only way would be to create a Container/VM what operates as a switch.

Would I be able to use this route as a way around the openVswitch limitations?

Can you give me an example of a container/VM that can do this?

I am trying to segregate these labs so they cannot talk to each other and they need to be spun up on the fly.

Thanks for your help!
 
I would use a Router OS like ip-fire[1], pfSense[2] or what you prefer.

Network design is simple

nic <--> vmbr0 <--> Router1 <--> LAB1 vmbr <--> LAB Guests
<--> Router2 <--> LAB2 vmbr <--> LAB Guests


1.) https://www.ipfire.org/
2.) https://www.pfsense.org/
 
Hi,

I think that ip-fire/pfSense need too much resurces(512 MB is minimum for pfSense). If you have many students this could be a problem. Another big problem will be the traffic isolation for each student/labs especialy for many students(4096 is max for vlan ids). So in a such situation(minimum resurces and many labs/students) I think you can use a virtualised VM with Mikrotik CHR(free to use). Then you can create MPLS tunnels(vpls) who work on Layer 2.5 for each student/labs, and can be very easy to isolate! CHR have a very nice interface(desktop, web and command line + scripting and api), and you students can larn many many things about routin/switching/and so many other topics.

Good luck / Bafta
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!