box.matto.nl

home/

Running a virtual machine on OpenBSD vmm

Last edited

vmm virtual machine monitor

Vmm is the virtual machine monitor that lets you run virtual machines on the native OpenBSD hypervisor.

Preparation of the host

We will create the following setup:

  • Installation files on the host's httpd server
  • NAT to 192.168.30.xxx for the virtual machines
  • DHCP server on the host
  • Boot from /bsd.rd on the host (installation image)

Setting up httpd with the installation files

mkdir -p /var/www/htdocs/openbsd
cp  /etc/examples/httpd.conf /etc
vi /etc/httpd.conf

Contents of file /etc/httpd.conf:

#
# Macros
#
ext_addr="*"

#
# Global Options
#
# prefork 3

#
# Servers
#

# A minimal default server
server "default" {
    listen on $ext_addr port 80
    directory { auto index, index "index.txt" }
}

# Include MIME types instead of the built-in ones
types {
    include "/usr/share/misc/mime.types"
}

Now go to /var/www/htdocs/openbsd and use ftp to download from an OpenBSD mirror ftp server the installation set to this directory.

INSTALL.amd64
SHA256
SHA256.sig
base62.tgz
bsd
bsd.mp
bsd.rd
comp62.tgz
index.txt
man62.tgz
xbase62.tgz
xfont62.tgz
xserv62.tgz
xshare62.tgz

Check with a webbrowser that you can see these files in http:///openbsd/

If the httpd daemon is not running, you can start it with

/etc/rc.d/httpd -f start

Now that we have set up the install files, we go to setup the virtual machine environment.

The configuration of the host starts with setting up the network.

Setting up the host network

We are going to setup up NAT (network address translation) so the virtual machines can sit in their own network.

First, we must allow for forwarding the network. For this we add a line to /etc/sysctl.conf:

net.inet.ip.forwarding=1

Next, we are going to setup the packet filter configuration, in the file /etc/pf.conf. Add the following lines to /etc/pf.conf:

ext_if="iwn0"
int_if="{ vether0 tap0 }"
set block-policy drop
set loginterface egress
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
pass out quick inet
pass in on $int_if inet
pass in on egress inet proto tcp from any to (egress) port 22

The first line points to interface iwn0, this is for the wireless NIC on our laptop. If you have a wired network interface, change this accordingly, e.g., to "em0".

vether0 is the virtual network for our virtual machines.

Now we setup /etc/hostname.vether0

inet 192.168.30.1 255.255.255.0 NONE

and /etc/dhcpd.conf

shared-network VMM-NETWORK {
    subnet 192.168.30.0 netmask 255.255.255.0 {
    range 192.168.30.110 192.168.30.200;

    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.30.255;
    option routers 192.168.30.1;
    option domain-name-servers 192.168.1.1;

    host vm1 {
        hardware ethernet 02:20:91:01:23:40;
        fixed-address vm1.example.com;
    }
   }
}

In /etc/hosts we can give the fixed-address of vm1.example.com:

192.168.30.100  vm1.example.com;

Virtual machine daemon

We are almost done with the configuration of the host. Next we setup /etc/vm.conf

switch "local" {
    add vether0
    add tap0
    add tap1
    add tap2
}

vm "vm1.vm" {
    memory 1024M
    boot "/bsd.rd"
    disk "usr/local/vmm/vm1.img"
    interface {
    switch "local"
    lladdr 02:20:91:01:23:40;
    }
}

And finaly, /etc/rc.conf.local. Add the following lines to your /etc/rc.conf.local configuration file:

dhcpd_flags=vether0
vmd_flags=

Create the virtual machine disk image

vmctl create /usr/local/vmm/vm1.img -s 2G

Install the virtual machine

Now, start all the daemons, we did this by rebooting our laptop. The virtual machine is booted from /bsd.rd, this is the standard installation ramdisk. Connect to the vm with

vmctl console 1

and hit the space bar. You are now promted from the installation script to choose to install or enter a shell. If your httpd daemon does not start automaticly, don't forget to start it.

When the installation is done, change the boot file from /bsd.rd to /bsd, reboot the virtual machine. You can now connect over ssh instead of over the serial console.