January 3, 2019

OpenBSD: VM

This is a shameless copy and paste from various pages(*) for my own record.

Edit sysctl.conf

# cat >> /etc/sysctl.conf <<-__EOF__
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
__EOF__

Enable them on the running session:

# sysctl net.inet.ip.forwarding=1
# sysctl net.inet6.ip6.forwarding=1

Change your pf rules:

# cat > /etc/pf.conf <<-__EOF__
ext_if="iwm0"
vmd_if="vether0"

set skip on lo
block return
pass

match out on $ext_if inet from $vmd_if:network to any nat-to ($ext_if)
__EOF__

IP and subnet

# cat > /etc/hostname.vether0 <<-__EOF__
inet 10.13.37.1 255.255.255.0
__EOF__

Bridge interface for the guest VMs to attach to, and bridge vether0 to it:

# cat > /etc/hostname.bridge0 <<-__EOF__
add vether0
__EOF__

Bring vether0 and bridge0 online:

# sh /etc/netstart vether0
# sh /etc/netstart bridge0

Reload the pf configuration now (not earlier):

# pfctl -f /etc/pf.conf

Create a basic DHCP server configuration file that matches the vether0 configuration:

# cat > /etc/dhcpd.conf <<-__EOF__
option  domain-name "vmm.openbsd.local";
option  domain-name-servers 8.8.8.8, 8.8.4.4;

subnet 10.13.37.0 netmask 255.255.255.0 {
        option routers 10.13.37.1;

        range 10.13.37.32 10.13.37.127;
}
__EOF__

Configure a switch for vmm, so the VMs have connectivity:

# cat > /etc/vm.conf <<-__EOF__

switch "local" {
        interface bridge0
}
__EOF__

Enable and start the DHCP server. We also need to set the flags on dhcpd so that it only listens on vether0. Otherwise, you’ll end up with a rogue DHCP server on your primary network:

# rcctl enable dhcpd
# rcctl set dhcpd flags vether0
# rcctl start dhcpd

Enable vmd, and start it as well:

# rcctl enable vmd
# rcctl start vmd
# fw_update

You should notice a new interface, bridge0, in ifconfig now.

If you have avahi-daemon installed, edit

/etc/avahi/avahi-daemon.conf

to ignore your virtual ethernet device:

deny-interfaces=vether0

Grab a Linux ISO,

$ cd /tmp
$ wget https://nl.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-virt-3.8.0-x86_64.iso

Make a new virtual disk image,

$ vmctl create -s 15G alpine-virt.img 

Boot it (login root, no passwd):

# vmctl start -c -d alpine-virt-*.iso -d alpine-virt.img -m 1024M -n local  "alpine-vm"

When your install is done,

# poweroff

Boot it,

# vmctl start -c -d alpine-virt.img -m 1024M -n local "alpine-vm"

Install docker, edit

/etc/apk/repositories

and uncomment

http://dl-3.alpinelinux.org/alpine/v3.9/community

(or similar line, depending on the version you downloaded).

Update and install docker

# apk update
# apk add docker

Make a User

# adduser pau -G wheel docker

Innstal

sudo

and configure

/etc/sudoers

to allow wheel users to do root stuff:

## Uncomment to allow members of group wheel to execute any command             
 %wheel ALL=(ALL) ALL

It is more stable to close the terminal after you have started the VM session, and then ssh from another to it. You can of course find out the IP from ifconfig.

(*) namely

  1. https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110
  2. http://www.h-i-r.net/2017/04/openbsd-vmm-hypervisor-part-2.html
  3. https://gist.github.com/voutilad/1f018ba1fd8e177e40370dda143e5713