hubertf's NetBSD blog

hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!

[20060504]

Using qemu in SysAdmin class
I'm teaching System Administration again this summer, and after some basic system analysis and scripting, the course is reachinga point where practical exercises require root permissions to be useful. While e.g. my Virtual Unix Lab is nice for students to train certain exercises and get feedback on their training, the system is limited to one student at a time (right now), and as it does not provide console access and recovery may be problematic if the system is thrashed, I let my students play with qemu today.

I did setup a 200MB harddisk image with NetBSD (could be anything). Instead of copying this huge file onto students' tiny (50MB quota) accounts, I used the "copy on write" feature of Qemu instead. Basically, the following script was given to students to run:

     $ cat ~hubertf/tmp/qemu/qemu.sh
     #!/bin/sh
     QEMU_HOME=/home/feyrer/tmp/qemu
     roimg=${QEMU_HOME}/harddisk.netbsd
     rwimg=harddisk.qemu
     
     if [ ! -f $rwimg ]; then
             qemu-img create -b $roimg -f qcow $rwimg
     fi
     
     qemu \
             -hda $rwimg \
             -cdrom ${QEMU_HOME}/i386pkg-3.0.iso \
             -boot c

This first creates a copy-on-write image ($rwimg) from my master image ($roimg), which just takes up a few kb, depending on what students do. After that, qemu is started normally, and students can modify "their" (qemu) system as they like. For later sessions, the students' local image ($rwimg) is kept so they can continue working on the image, and if something goes terribly wrong, the student image can be deleted and upon next start of the script the student will start with a fresh version from the master image.

There are several interesting aspects of using Qemu this way: 1) it saves disk space for students, by using copy-on-write images. 2) Qemu doesn't need any kernel modules or special privileges to run. Whatever students do, they can not possibly violate host system security. 3) thanks to Qemu's built in network stack (and application level gateway, DHCP server, router, DNS server etc.), a lot of networking can be done from within Qemu. 4) Easy recovery as described above.

In short: Qemu rocks once more!

[Tags: qemu]

Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 35085485
Copyright (c) Hubert Feyrer