DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th October 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,387
Default Operating a vmm(4) guest on OpenBSD-current

My laptop's daily use is with OpenBSD/amd64-current, but I also use it when needed to build OpenBSD/i386-stable, as I have several i386 servers. Until now, that has meant multibooting, and I could not run my amd64-current applications while i386-stable was running.

No longer. Now, I can build -stable, and -stable ports, in an i386 virtual machine. This will free up a second drive for other uses, and will no longer cause any operational delays that I faced when running the two OSes in sequence.

Provisioning the host OpenBSD system

At this writing, vmm() operates with Intel VT capable processors only.
  1. Intel VT may need to be enabled in the BIOS/EFI. The dmesg(8) will confirm vmm(4) functionality if VT is available and enabled:
    Code:
    vmm0 at mainbus0: VMX/EPT
  2. The vmd(8) virtual machine management daemon must be started. This can be done manually or via the rc.d(8) daemon control system and the rcctl(8) command.
  3. Virtual machines may be configured and started automatically by a vm.conf(5) configuration file, or dynamically via the vmctl(8) command.
Virtual machines do not use a bootloader. The hypervisor loads the virtual machine kernel and passes control to the virtual machine. This means the operator does not see a boot> prompt. Should you wish to enter single-user mode, you'll need to do so after the OS is running, via a SIGTERM to init(8):
Code:
# kill 1
A virtual serial port is used for console communication. Virtual machines do not have video cards.

Provisioning the virtual machine network

The most complex part of the configuration is networking. It can be simple, but there are many choices, and there are several restrictions around the use of DHCP, depending on whether one is using bridge(4), or a wireless network interface.
  • I elected to give my host a permanent pseudo-NIC which could be used with an entire network of virtual machines, even though today I am using only one. (This is not necessary, I chose to do so for personal convenience.)
  • I decided the host would act as a router to the virtual machine subnet, and use NAT, so that both the virtual machines and the host share the same single IP address over any physically attached network.
  • I chose to deploy a bridge(4), so that any tap() device could be attached to it by vmd(). The bridge() would also be dyamically created, and always connected to the host network stack via a vether(4) NIC created at boot time.
  • I deployed static addressing, rather than DHCP, as a matter of personal convenience.
The sysctl.conf(5) file enables IPv4 packet forwarding.
Code:
net.inet.ip.forwarding=1
The pf.conf(5) file enables NAT.
Code:
match out on egress from !(egress) nat-to (egress)
The hostname.if(5) file /etc/hostname.vether0 defines a permanent connection to the virtual machine subnet, whether there are any virtual machines running or not.
Code:
inet 10.9.0.1/24
Provisioning a virtual machine

The operator must pre-define any disk drives to be used by a virtual machine. These are always raw image files, which may be managed, if needed, as devices on the host with vnconfig(8).
  1. I created a 10GB disk drive with vmctl(). $ vmctl create disk.drive -s 10g
  2. I started the vmd(8) daemon manually. # rcctl -f start vmd
  3. I obtained an i386 bsd.rd RAMDISK installation kernel, and used it to start the virtual machine with vmctl() manually. I chose 1GB of RAM, though for installation I could have used less, and a single virtual NIC. # vmctl start install -c -k bsd.rd -d disk.drive -i 1 -m 1g
At this point, I was presented with the RAMDISK dmesg and the "(I)nstall, (U)pgrade, or (S)hell?" prompt. I chose (I)nstall, and went on to provision the network on the host before answering any questions.

I created a bridge and added both the vether0 NIC I'd provisioned in advance and the tap0 NIC created by vmd when it started the virtual machine. # ifconfig bridge0 add vether0 add tap0 up

Returning to the install script, I defined the virtual machine's vio0 network interface as 10.9.0.2, with a /24 (255.255.255.0) netmask, and set the gateway as 10.9.0.1, the address assigned to vether0 on the host. I also pointed the virtual machine to my DNS nameserver.

After the installation was complete, I halted the virtual machine with # halt on its console, and then stopped the virtual machine with # vmctl stop install on the host.

To run the installed system, I started a new virtual machine, this time with a local copy of the i386 GENERIC kernel file bsd. # vmctl start i386 -c -k bsd -d disk.drive -i 1 -m 1g

I also needed to re-add the tap0 device to the bridge, as the first tap0 device had been destroyed when I stopped the install virtual machine, and a new tap0 was created with the new virtual machine. # ifconfig bridge0 add tap0

I created a vm.conf() file, so that this virtual machine will start automatically when I elect to start vmd(). This configuration assigns a permanent MAC address to the virtual machine's vio0 device. I did this to avoid any MAC address collisions with any other virtual machines I may add in the future. It is my first permanently available (though only started when needed) virtual machine, so I selected a very simple "first" MAC address for it.
Code:
files=    /home/vm/i386-stable/

vm i386 {
    memory 1g
    kernel $files bsd
    disk $files disk.drive
    interface tap { lladdr 00:00:00:00:00:01 switch localnet }
}

switch localnet {
    add vether0 
}
With that configuration file, whenver vmd() is started, the virtual machine starts, and its tap() device is bridged with the hosts's vether0 device. I can ssh(1) in within 1 or 2 minutes.

--------

This is not exactly a "how to" -- mostly because I have not covered the many possible network configurations I've tried since vmm(4) was announced. Some network connections are simpler than this, including just assigning an IP address to the tap(4) device to communicate on a subnet with a single virtual machine. Some can be far more complex, and some are currently works in progress that may become usable as we approach 6.1.

Last edited by jggimi; 16th October 2016 at 03:05 PM. Reason: most recent edit: correcting SIGHUP to SIGTERM
Reply With Quote
  #2   (View Single Post)  
Old 14th October 2016
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 226
Default

Awesome! Thanks for the outstanding write-up. I was able to use that to successfully create and boot a VM guest with network!
Reply With Quote
  #3   (View Single Post)  
Old 15th October 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,387
Default

Thanks.

Because there are numerous ways to deploy guests and their network attachments, some testing can be helpful, and I'm happy to try to help anyone provision solutions.

For example, the default number of tap(4) devices is four. It took me several confused minutes before I discovered that was the cause of an error starting a virtual machine after running out of tap() nodes on my host.
Reply With Quote
  #4   (View Single Post)  
Old 15th October 2016
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 226
Default

In vm.conf(5) it says
Code:
interfaces count
   Number of network interfaces to add to the VM.
And somewhere I read that interfaces creates a vio device in the VM (although I can't find that to quote it now).

1. Is it not possible to assign an entire interface to a VM? (I think it would be "interface axe1" ?)
2. I will have multiple VMs. Say I have 10 VMs then will I need to create 10 tap devices (i.e., tap0 .. tap9)?
3. How do I correlate a tap device to a VM? Example: 10 VMs and each with 1 interface, and I take down one VM, then how do I know it is tap4?
Reply With Quote
  #5   (View Single Post)  
Old 15th October 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,387
Default

All guest I/O, including networking, is done via virtio(4) devices. For each interface you create:
  • The host uses a tap(4) to connect the host network stack to the virtual machine in userland.
  • The guest must communicate with vio(4).
Keeping that in mind:
Quote:
Originally Posted by gpatrick View Post
1. Is it not possible to assign an entire interface to a VM? (I think it would be "interface axe1" ?)
You would bridge(4) or switch(4) any NIC with the tap() device to connect the Ethernet segment of the host NIC with a guest NIC.
Quote:
2. I will have multiple VMs. Say I have 10 VMs then will I need to create 10 tap devices (i.e., tap0 .. tap9)?
You'd need to create six additional tap device nodes. The default is 4, tap0 through tap3. Device nodes are found in /dev. You would create the additional nodes with MAKEDEV(8).
Quote:
3. How do I correlate a tap device to a VM? Example: 10 VMs and each with 1 interface, and I take down one VM, then how do I know it is tap4?
You can assign a specific tap device to any interface in a vm.conf(5) file. In my example above, it didn't matter which tap device was assigned to the guest, because I bridged it to vether0, so I used "tap" without a number. Had I wanted to dedicate tap3 to it, I would have used "tap3".
Reply With Quote
  #6   (View Single Post)  
Old 15th October 2016
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 226
Default

Your clear explanations are very much appreciated. Thank you.

I had been using SmartOS, but with vmm being enabled in snapshots I am coming back to OpenBSD which was my primary OS for years until switching to SmartOS a few years ago.
Reply With Quote
  #7   (View Single Post)  
Old 15th October 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,387
Default

OpenBSD's vmm(4) is functional and useful, and still a work-in-progress. My opinions follow.

(Disclaimer: they are just opinions, unburdened by actual knowledge.)

  • AMD virtualization is on the development roadmap.
  • The newly developed switch(4) is likely to replace bridge(4) over time, as it does not need to carry the weight of legacy connectivity that bridge() bears, and that permits the flexibility to add new capabilities such as its OpenFlow SDN features.
  • The initial commits included configuration controls for multiprocessor guests, with a functional limit of 1 CPU. The controls were removed during development, and all guests today are uniprocessor. But the logic for multiprocessors remains, so I would not be surprised to see multiprocessor guests in the future.
  • I understand it is not a priority, but I would not be astonished if other virtio(4)-capable operating systems with ELF kernels (such as FreeBSD or NetBSD) could be operated as guests in the future.
Reply With Quote
  #8   (View Single Post)  
Old 15th October 2016
TronDD TronDD is offline
Package Pilot
 
Join Date: Sep 2014
Posts: 179
Default

Quote:
Originally Posted by gpatrick View Post
3. How do I correlate a tap device to a VM? Example: 10 VMs and each with 1 interface, and I take down one VM, then how do I know it is tap4?
The tap device description has the VM ID, Interface number inside the VM, and the VM name.

Code:
tap0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr fe:e1:ba:d3:ac:ac
        description: vm3-if0-vm1
        index 10 priority 0 llprio 3
        groups: tap
        status: active
Not a clear example, but this VM has ID 3 and is named vm1.

Tim.
Reply With Quote
  #9   (View Single Post)  
Old 16th October 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,387
Default

Good point, Tim. Thanks!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Create OpenBSD guest for Linux KVM (Kernel-based Virtual Machine) with 'virt-install' J65nko Guides 4 11th December 2014 04:30 AM
VMWare Workstation 7 with OpenBSD 4.6 i386 guest There0 Guides 5 16th February 2010 03:13 PM
VMWare Workstation 7 with MacOS 10.6.x guest There0 Guides 0 27th December 2009 07:38 AM
qemu + guest os winxp - very slow.. DNAeon FreeBSD Ports and Packages 19 21st November 2008 10:00 AM


All times are GMT. The time now is 03:27 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick