Virtualization §

It is realy easy to virtualize an operating system with OpenBSD thanks to vmd.

Well, that's nice, but what virtualizing means ?

Instead of installing different OS on different computers, you can install an OS inside your current OS. The virtualizer fake to be a full device and run an OS installed on a disk, which is in this case a simple file.

It is very handy since :

• You can use multiple system simultaneously.
• Each system is independent. If one is compromised, others should be safe. It's better than a chroot.
• Backup is really easy: just copy the disk file.
• It's great to try things.

However, it require more resources.

Before going further, make sure we use the same vocabulary :

• "host" is your server. The host virtualize other systems.
• "client" are hosted systems.

OpenBSD offer 3 tools for virtualization :

• vmd : a daemon to manage multiple clients.
• vmctl : To control clients and sending commands to vmd.
• vmm : To watch over clients.

First of all, check if your hardware can virtualize :

$ dmesg | egrep '(VMX/EPT|SVM/RVI)'

If the result isn't empty, it's all good 😊.

Don't forget to upgrade firmwares if needed: # fw_update.

To add a new virtual machine, you will always :

1. Install in a new disk file with vmctl.

2. Configure vmd to manage this client automatically.

How to virtualize OpenBSD ? §

Actually, everything is already well documented on OpenBSD's website. This chapter will just focus on a few tips.

You should definitely read OpenBSD's FAQ on this topic 😉.

https://www.openbsd.org/faq/faq16.html

Use other installation media §

To use img disk (installXX.img or minirootXX.img):

# vmctl start -c -m 1G -L -i 1 -d installXX.img -d /var/vm/obsdvm.qcow2 openbsdvm

Or if you don't want to download any file, you still can use the bsd.rd probably already on your system:

# vmctl start -c -m 1G -L -i 1 -b /bsd.rd -d /var/vm/obsdvm.qcow2 openbsdvm 

However, such install requires to previously configure a network access for clients.

In /etc/pf.conf:

# using quad9 DNS
pass in quick proto { tcp udp } from 100.64.0.0/10 to any port domain \
    rdr-to 9.9.9.9 port domain
match out on egress from 100.64.0.0/10 to any nat-to (egress)

Even better, you can use unwind if it is already configured on host, which is an excellent idea 😎 :

pass in proto { tcp udp } from 100.64.0.0/10 to any port domain \
    rdr-to localhost port domain
match out on egress from 100.64.0.0/10 to any nat-to (egress)

In /etc/sysctl.conf:

net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

Virtualize debian §

Like most linux distro, you'll have to set the installer and bootloader to start the client with a serial console at speed 15200.

# download debian image
ftp "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.5.0-amd64-netinst.iso"
# create disk
vmctl create -s 50G /var/vm/debian.qcow2 
# start the VM
vmctl start -c -m 1G -L -i 1 -r debian*.iso -d /var/vm/debian.qcow2 debianvm

Choose install menu without validating ⚠.

Press TAB then edit the line to change vga and console parameters:

/install.amd/vmlinuz vga=off initrd=/install.amd/initrd.gz --- quiet console=ttyS0,115200n8 

Press Enter.

After installing and rebooting on the fresh debian install, edit /etc/default/grub so serial console is still used.

GRUB_TIMEOUT=1
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200"
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

Then reload grub:

# update-grub

Virtualize Alpine Linux §

Alpine Linux is a very light distro.

https://www.alpinelinux.org/

Here again, you need to boot using serial console.

# vmctl create -s 50G /var/vm/linux.qcow2 
# vmctl start -c -m 1G -L -i 1 -r image.iso -d /var/vm/linux.qcow2 linux

When starting virual machine, press "TAB" to see available image (i.e. "lts" or "virt"). Add appropriate parameter to use serial console :

virt console=ttyS0,115200

Then press Enter and it's all good.

Table of contents

Donate