January 3, 2019

OpenBSD: VM

This is a shameless copy and paste from various pages(*) for my own record.

Edit sysctl.conf

# cat >> /etc/sysctl.conf <<-__EOF__
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
__EOF__

Enable them on the running session:

# sysctl net.inet.ip.forwarding=1
# sysctl net.inet6.ip6.forwarding=1

Change your pf rules:

# cat > /etc/pf.conf <<-__EOF__
ext_if="iwm0"
vmd_if="vether0"

set skip on lo
block return
pass

match out on $ext_if inet from $vmd_if:network to any nat-to ($ext_if)
__EOF__

IP and subnet

# cat > /etc/hostname.vether0 <<-__EOF__ inet 10.13.37.1 255.255.255.0 __EOF__

Bridge interface for the guest VMs to attach to, and bridge vether0 to it:


# cat > /etc/hostname.bridge0 <<-__EOF__ add vether0 __EOF__

Bring vether0 and bridge0 online:


# sh /etc/netstart vether0
# sh /etc/netstart bridge0

Reload the pf configuration now (not earlier):


# pfctl -f /etc/pf.conf

Create a basic DHCP server configuration file that matches the vether0 configuration:

# cat > /etc/dhcpd.conf <<-__EOF__
option domain-name "vmm.openbsd.local";
option domain-name-servers 8.8.8.8, 8.8.4.4;

subnet 10.13.37.0 netmask 255.255.255.0 {
option routers 10.13.37.1;

range 10.13.37.32 10.13.37.127;
}
__EOF__

Configure a switch for vmm, so the VMs have connectivity:

# cat > /etc/vm.conf <<-__EOF__

switch "local" {
interface bridge0
}
__EOF__

Enable and start the DHCP server. We also need to set the flags on dhcpd so that it only listens on vether0. Otherwise, you'll end up with a rogue DHCP server on your primary network:


# rcctl enable dhcpd
# rcctl set dhcpd flags vether0
# rcctl start dhcpd

Enable vmd, and start it as well:


# rcctl enable vmd
# rcctl start vmd
# fw_update

You should notice a new interface, bridge0, in ifconfig now.

If you have avahi-daemon installed, edit /etc/avahi/avahi-daemon.conf to ignore your virtual ethernet device:

deny-interfaces=vether0

Grab a Linux ISO,

$ cd /tmp
$ wget https://nl.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-virt-3.8.0-x86_64.iso

Make a new virtual disk image,

$ vmctl create alpine-virt.img -s 6G

Boot it (login root, no passwd):

# vmctl start alpine-vm -c -d alpine-virt-*.iso -d alpine-virt.img -m 1024M -n local

When your install is done,

# poweroff

Boot it,

# vmctl start alpine-vm -c -d alpine-virt.img -m 1024M -n local

Install docker, edit /etc/apk/repositories and uncomment

http://dl-3.alpinelinux.org/alpine/v3.9/community

Make a User


# adduser pau -G wheel

It is more stable to close the terminal after you have started the VM session, and then ssh from another to it. You can of course find out the IP from ifconfig.

(*) namely

  1. https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110
  2. http://www.h-i-r.net/2017/04/openbsd-vmm-hypervisor-part-2.html
  3. https://gist.github.com/voutilad/1f018ba1fd8e177e40370dda143e5713