I have a bare metal server running Ubuntu 22.04. Which is shared between multiple users. The server is used mostly for some heavy-duty developer work: building, debugging, etc. Users only have SSH access, there is no GUI on the server, and it is best to keep it that way.
All fine and dandy until multiple users want to start some software that take some non-shareable resource (like file lock or TCP port) simultaneously (e.g. HTTP server). It is possible to negotiate and assign different ports, etc, but it is cumbersome and requires some manual interventions.
Is there a way to wrap each user's session into some container or VM upon login?
KVM seems to be an ideal solution, but guides are either outdated, or messy, or require GUI access or all of the above.
Docker would be an-Ok solution, but we need to run some software in Docker containers from inside user's session, and I heard that docker-in-docker is not the best and better to be avoided.
But frankly, I do not care about used isolation technology, as long as file system, TCP ports, and processes of different users are isolated from each other. For simplicity, let's call this technology a VM (virtual machine).
Ideal solution:
- doesn't require re-installing host OS
- VM is writable and persistent (nothing is lost upon logging out)
- there is AT MAX 1 VM per user, so new SSH sessions land into existing VM.
- has low start up time: less than 10-minutes first VM start, less than 1 minute consequent VM starts, less than 5 seconds to get into already running VM. The server is pretty powerful, so those numbers seems easy to meet for reasonable software.
- relatively easy/automated to set up
- transparent to other tools as just an ssh-connection (e.g. one can use VSCode remote ssh feature)
- It is Ok to run an initialization script for each user on the machine to set it up once, no need to autoscale, etc.
- there is no need to share audio/video other multimedia subsystems (and those are most likely absent on machine)
- do not require some crazy proprietary daemons running in the background, snooping on user's/VM/OS activity and sending reports to illuminati or mining bitcoins.
- (optional) would keep VM alive for some time after users logs out (couple of hours, ideally configurable, just in case of connection dropping)
- (optional) would allow re-using certain custom image as starting point (if user had no VM started previously)
- (optional) there is also a way for users to SSH into HOST OS for maintenance.
Are there any up-to-date guides or maybe pre-made automation tools that you guys would recommend? Any help is really appreciated.
Thanks in advance.
PS. Please do not recommend to use separate server for each user, staring VM in the clouds, there are reasons to use this machine specifically.
