Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenBSD VMM howto

OpenBSD VMM howto

Setup

/etc/rc.conf.local

apmd_flags="-A"
dhcpd_flags=vether0
vmd_flags=
ntpd_flags="-s"

/etc/hostname.vether0

inet 192.168.30.1 255.255.255.0 NONE

/etc/dhcpd.conf

# Network:        192.168.11.0/255.255.255.0
# Domain name:    vmm.home.ctors.net
# Name servers:   192.168.11.1
# Default router: 192.168.11.1
# Addresses:      192.168.30.100 - 192.168.30.200

shared-network VMM-HOME-CTORS-NET {
    subnet 192.168.30.0 netmask 255.255.255.0 {
        range 192.168.30.100 192.168.30.200;

        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.30.255;
        option routers 192.168.30.1;
        option domain-name-servers 192.168.11.1;

        filename "auto_install";
        next-server pxe.home.ctors.net;

#        host vm1 {
#            hardware ethernet 00:20:91:00:00:01;
#            fixed-address vm1.vmm.home.ctors.net;
#        }
    }
}

/etc/sysctl.conf

net.inet.ip.forwarding=1

/etc/pf.conf

set skip on lo

block return    # block stateless traffic
pass            # establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

ext_if="em0"
int_if="{ vether0 tap0 }"
set block-policy drop
set loginterface egress
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
pass out quick inet
pass in on $int_if inet
pass in on egress inet proto tcp from any to (egress) port 22

/etc/vm.conf

switch "local" {
    add vether0
    add tap0
}

vm "vm1.vm" {
    memory 512M
    kernel "/bsd.rd"
    disk "/vmm/vm1.img"
    interface {
        switch "local"
        lladdr 00:20:91:00:00:01
    }
}

Commands

vmmctl status

vmctl console 1
cu /dev/ttyp0

vmctl create /vmm/vm1.img -s 500M
vmctl start -c -b /bsd.rd -m 512M -i 1 -d /vmm/vm1.img
@beasticane

This comment has been minimized.

Copy link

@beasticane beasticane commented Jun 24, 2019

Sweet, much appreciated! ?: How would I configure a default location for every VM?

@rbucker

This comment has been minimized.

Copy link

@rbucker rbucker commented Nov 10, 2020

how does this compare to a docker container with an app running in a scratch container? Is this a way to get a cluster of like VMs to communicate via wireguard microsegments?

@toyg

This comment has been minimized.

Copy link

@toyg toyg commented Apr 18, 2021

how does this compare to a docker container with an app running in a scratch container?

Vmm provides a full virtualizer hypervisor (e.g. HyperV, VirtualBox, Vmware); it can potentially run any OS, as long as they recognise its virtual hardware.

Docker uses Linux LXC containers, a feature specific to Linux kernels, which means it can only run Linux instances.

@rbucker

This comment has been minimized.

Copy link

@rbucker rbucker commented Apr 18, 2021

I kinda knew that was going to be the answer... The two bits that are ahead of me in a pure openbsd solution...

I'm trying to deploy a gateway(haproxy, ssh) and a couple of private web servers. The gateway and webservers would have a private IP ip range. and should be able to us mdns to discover each other. OpenMDNS seems old and resolv.cong changed around 5.2 where they prevent the nameserver format from having a port... ping does not use mdns. golang's code is quite pure and does not support mdns on openbsd and then there is some cruft about libc. (I really do not feel like building my own distro)

ideas?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment