Rethinking the Login Server: Can UNIX Classes Become Cloud Native?#
Since the dawn of the modern operating system, computer classes have used a shared login server to create a work environment for students. In the cloud era we’ve used virtual machines in place of physical servers (IaaS) to make our workloads more convenient to manage. But, our severs are still pets, they are precious to us, because they are stateful appliances running bespoke applications. Should anything go wrong with them it’s a crisis that requires our full attention.
I set out to deploy a traditional login server using Kubernetes. In principle, that’s just a pod running an SSH server, but in practice, as is the case with many legacy applications, there are some thorny details that have to be reckoned with. In this series of blog posts I’m going to outline my experience building shared and personal login servers for my students.
For the last couple of years I’ve been using LXD, Ubuntu’s awesome VM-like container runtime, to build my class login servers. LXD offers the VM experience with the orchestration features of containers. I’m really happy with it. Imagine vagrant up that’s light weight and has a bunch of advanced features, like snapshots and clones. I thought, if I’m using containers already, why not do it with Kubernetes?
Part 1: The Application Requirements#
What makes a good login server?
The server should listen for incoming SSH connections (and possibley HTTP/S too).
The full set of server functionality (e.g. Cron, automatic updates, user limits) should be available. In practice this is the same as saying that it container must run
There has to be a way to customize the server with the software I need. The customization should be automatic.
Login using SSH keys only (no passwords).
/homeshould be durable and resilient.
Horizontal scaling is not required.
Containers should be unprivileged to limit the damage of a container escape.
A server should be deployable using a Helm chart, for simplicity.
This project is a work in progress. As of this post I have not managed to satisfy all of the requirements. But I’m working on it!