version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1597239582 host=38.87.162.8 name=Openbsd.Vmm rev=33 targets= text=(:redirect Vmm.Configure:)%0aYou will need to install vmm-firmware (which appears to be free software):%0a%0a[@%0a$ doas pkg_add vmm-firmware%0a@]%0a%0aBy default, there are only four tap interfaces. We need to create sufficient devices for all our virtual machines:%0a%0a[@%0a# cd /dev%0a# for i in $(jot 50 4 50); do sh MAKEDEV tap$i; done%0a@]%0a%0aWe need to increase arpq because we may have so many virtual machines on the same switch:%0a%0a[@%0a# sysctl net.inet.ip.arpq.maxlen=1024%0a# echo "net.inet.ip.arpq.maxlen=1024" >> /etc/sysctl.conf%0a@]%0a%0aWe will need to permit IPv4 and IPv6 forwarding for our virtual machines:%0a%0a[@%0a# sysctl net.inet.ip.forwarding=1%0a# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf%0a# sysctl net.inet6.ip6.forwarding=1%0a# echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf%0a@]%0a%0aNext we must create /etc/hostname.bridge0:%0a%0a[@%0aadd if0%0a@]%0a%0awhere if0 is the interface device.%0a%0aWe edit /etc/vm.conf:%0a%0a[@%0asocket owner :vmdusers%0a%0aswitch "switch0" {%0a interface bridge0%0a}%0a%0avm "user123" {%0a owner user123%0a memory 512M%0a cdrom "/home/iso/install69.iso"%0a disk /home/user123/user123.qcow2%0a interface { %0a locked lladdr aa:bb:cc:dd:ee:01%0a switch "switch0"%0a }%0a}%0a@]%0a%0a***WARNING***: Do ***not*** use aa:bb:cc:dd:ee:xx. Make sure to choose your own random lladdr. However, make sure not to pick a broadcast MAC address. If the first octet of the address is an odd number (such as f1:xx:xx:xx:xx:xx or f3:xx:xx:xx:xx:xx), it will appaer as a broadcast device and may be the cause of routing issues. Networking will no longer work as a result.%0a%0aNext we will need to download our [[https://openbsd.org/ftp.html|ISO for OpenBSD]].%0a%0a[@%0a$ doas useradd -m -g =uid -c "iso" -d /home/iso -s /sbin/nologin iso%0a$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.9/amd64/install69.iso%0a$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.9/amd64/SHA256.sig%0a$ signify -C -p /etc/signify/openbsd-69-base.pub -x SHA256.sig install69.iso%0aSignature Verified%0ainstall69.iso: OK%0a$ doas mv install68.iso /home/iso/%0a$ doas mv SHA256.sig /home/iso/%0a$ doas chown -R iso:iso /home/iso/%0a@]%0a%0aIf the signature does not verify, don't proceed.%0a%0aWe will want to enable and start vmd:%0a%0a[@%0a$ doas rcctl enable vmd%0a$ doas rcctl start vmd %0a@]%0a%0aWe need to create a new group vmdusers for each of our users so they can access the serial console:%0a%0a[@%0a# groupadd vmdusers%0a# chown root:vmdusers /var/run/vmd.sock%0a@]%0a%0aFor each virtual machine, we create a user and a disk image using install.pl:%0a%0a[@%0a$ ./install.pl%0a@]%0a%0a[@%0a# vmctl create -s 20G user.qcow2%0a@]%0a%0aYou will need to add this crontab entry for a user to prevent the networking from timing out:%0a%0aFor openbsd:%0a%0a[@%0a@reboot /usr/bin/tmux new -d 'while true; do /sbin/ping -i5 38.87.162.1; done' \;%0a@]%0a%0aFor debian:%0a%0a[@%0a@reboot /usr/bin/tmux new -d 'while true; do /usr/bin/ping -i5 38.87.162.1; done' \;%0a@]%0a%0a%0aIf some users are using the wrong IPs, you can run tcpdump with the -e flag to show the lladdr of tcp packets.%0a time=1627536255 author:1627536255=jrmu diff:1627536255:1626704390:=1d0%0a%3c (:redirect Vmm.Configure:)%0a host:1627536255=38.87.162.8 author:1626704390=mkf csum:1626704390=6.8 -> 6.9 diff:1626704390:1626410780:minor=4c4%0a%3c $ doas pkg_add vmm-firmware%0a---%0a> # pkg_add vmm-firmware%0a50c50%0a%3c cdrom "/home/iso/install69.iso"%0a---%0a> cdrom "/home/iso/install68.iso"%0a65,67c65,67%0a%3c $ ftp https://cdn.openbsd.org/pub/OpenBSD/6.9/amd64/install69.iso%0a%3c $ ftp https://cdn.openbsd.org/pub/OpenBSD/6.9/amd64/SHA256.sig%0a%3c $ signify -C -p /etc/signify/openbsd-69-base.pub -x SHA256.sig install69.iso%0a---%0a> $ ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/install68.iso%0a> $ ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256.sig%0a> $ signify -C -p /etc/signify/openbsd-68-base.pub -x SHA256.sig install68.iso%0a69c69%0a%3c install69.iso: OK%0a---%0a> install68.iso: OK%0a host:1626704390=198.251.81.133 author:1626410780=jrmu diff:1626410780:1622530431:=59,60d58%0a%3c ***WARNING***: Do ***not*** use aa:bb:cc:dd:ee:xx. Make sure to choose your own random lladdr. However, make sure not to pick a broadcast MAC address. If the first octet of the address is an odd number (such as f1:xx:xx:xx:xx:xx or f3:xx:xx:xx:xx:xx), it will appaer as a broadcast device and may be the cause of routing issues. Networking will no longer work as a result.%0a%3c %0a106c104%0a%3c @reboot /usr/bin/tmux new -d 'while true; do /sbin/ping -i5 38.87.162.1; done' \;%0a---%0a> @reboot /usr/bin/tmux new -d 'while true; do /sbin/ping -i5 38.81.163.128; done' \;%0a112c110%0a%3c @reboot /usr/bin/tmux new -d 'while true; do /usr/bin/ping -i5 38.87.162.1; done' \;%0a---%0a> @reboot /usr/bin/tmux new -d 'while true; do /usr/bin/ping -i5 38.81.163.128; done' \;%0a host:1626410780=38.87.162.8 author:1622530431=jrmu diff:1622530431:1622528390:=1c1%0a%3c You will need to install vmm-firmware (which appears to be free software):%0a---%0a> You will need to install vmm-firmware:%0a host:1622530431=125.231.17.115 author:1622528390=jrmu diff:1622528390:1622164722:=1,6d0%0a%3c You will need to install vmm-firmware:%0a%3c %0a%3c [@%0a%3c # pkg_add vmm-firmware%0a%3c @]%0a%3c %0a host:1622528390=125.231.17.115 author:1622164722=jrmu diff:1622164722:1622160186:=21c21%0a%3c # echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf%0a---%0a> # echo "net.inet6.ip.forwarding=1" >> /etc/sysctl.conf%0a host:1622164722=125.231.17.115 author:1622160186=jrmu diff:1622160186:1621394643:=21a22,23%0a> # sysctl hw.smt=1%0a> # echo "hw.smt=1" >> /etc/sysctl.conf%0a108c110%0a%3c If some users are using the wrong IPs, you can run tcpdump with the -e flag to show the lladdr of tcp packets.%0a---%0a> If some users are using the wrong IPs, you can run tcpdump with the -e flag to show the lladdr of tcp packets.%0a\ No newline at end of file%0a host:1622160186=125.231.17.115 author:1621394643=jrmu diff:1621394643:1611313177:=22,23d21%0a%3c # sysctl hw.smt=1%0a%3c # echo "hw.smt=1" >> /etc/sysctl.conf%0a host:1621394643=198.251.81.119 author:1611313177=jrmu diff:1611313177:1611312353:=68,74d67%0a%3c %0a%3c We will want to enable and start vmd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable vmd%0a%3c $ doas rcctl start vmd %0a%3c @]%0a host:1611313177=125.231.35.24 author:1611312353=jrmu diff:1611312353:1611057096:=69,70c69,70%0a%3c We need to create a new group vmdusers for each of our users so they can access the serial console:%0a%3c %0a---%0a> For each virtual machine, we create a user and a disk image:%0a> %0a72,73c72,76%0a%3c # groupadd vmdusers%0a%3c # chown root:vmdusers /var/run/vmd.sock%0a---%0a> %0a> echo "Creating for $username"%0a> # vmctl create -s 20G $username.qcow2%0a> usermod -G vmdusers $username%0a> done%0a76,77d78%0a%3c For each virtual machine, we create a user and a disk image using install.pl:%0a%3c %0a79c80%0a%3c $ ./install.pl%0a---%0a> # vmctl create -s 20G user.qcow2%0a82,85d82%0a%3c [@%0a%3c # vmctl create -s 20G user.qcow2%0a%3c @]%0a%3c %0a99a97,100%0a> [@%0a> # groupadd vmdusers%0a> # chown root:vmdusers /var/run/vmd.sock%0a> @]%0a host:1611312353=125.231.35.24 author:1611057096=jrmu diff:1611057096:1611056252:= host:1611057096=125.224.21.52 author:1611056252=jrmu diff:1611056252:1611055921:=68,77d67%0a%3c %0a%3c For each virtual machine, we create a user and a disk image:%0a%3c %0a%3c [@%0a%3c %0a%3c echo "Creating for $username"%0a%3c # vmctl create -s 20G $username.qcow2%0a%3c usermod -G vmdusers $username%0a%3c done%0a%3c @]%0a host:1611056252=125.224.21.52 author:1611055921=jrmu diff:1611055921:1611055816:= host:1611055921=125.224.21.52 author:1611055816=jrmu diff:1611055816:1611053208:=53c53%0a%3c Next we will need to download our [[https://openbsd.org/ftp.html|ISO for OpenBSD]].%0a---%0a> Next we will need to put our [[https://openbsd.org/ftp.html|ISO for OpenBSD]].%0a host:1611055816=125.224.21.52 author:1611053208=jrmu diff:1611053208:1611053113:=63,64c63%0a%3c $ doas mv SHA256.sig /home/iso/%0a%3c $ doas chown -R iso:iso /home/iso/%0a---%0a> $ doas chown iso:iso /home/iso/install68.iso%0a host:1611053208=125.224.21.52 author:1611053113=jrmu diff:1611053113:1611053005:=56c56%0a%3c $ doas useradd -m -g =uid -c "iso" -d /home/iso -s /sbin/nologin iso%0a---%0a> $ doas useradd -m -g =uid -c "iso" -d /home/iso -s /sbin/nologin iso %0a host:1611053113=125.224.21.52 author:1611053005=jrmu diff:1611053005:1611052826:=56c56%0a%3c $ doas useradd -m -g =uid -c "iso" -d /home/iso -s /sbin/nologin iso %0a---%0a> $ doas %0a62,63d61%0a%3c $ doas mv install68.iso /home/iso/%0a%3c $ doas chown iso:iso /home/iso/install68.iso%0a host:1611053005=125.224.21.52 author:1611052826=jrmu diff:1611052826:1611052127:=56d55%0a%3c $ doas %0a59,61c58%0a%3c $ signify -C -p /etc/signify/openbsd-68-base.pub -x SHA256.sig install68.iso%0a%3c Signature Verified%0a%3c install68.iso: OK%0a---%0a> $ signify -C -p /etc/signify/openbsd-base%0a63,64d59%0a%3c %0a%3c If the signature does not verify, don't proceed.%0a host:1611052826=125.224.21.52 author:1611052127=jrmu diff:1611052127:1611051831:=32,33c32,33%0a%3c We edit /etc/vm.conf:%0a%3c %0a---%0a> From /etc/vm.conf:%0a> %0a51,58d50%0a%3c @]%0a%3c %0a%3c Next we will need to put our [[https://openbsd.org/ftp.html|ISO for OpenBSD]].%0a%3c %0a%3c [@%0a%3c $ ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/install68.iso%0a%3c $ ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256.sig%0a%3c $ signify -C -p /etc/signify/openbsd-base%0a host:1611052127=125.224.21.52 author:1611051831=jrmu diff:1611051831:1611051642:=27c27%0a%3c add if0%0a---%0a> %0a30c30%0a%3c where if0 is the interface device.%0a---%0a> %0a host:1611051831=125.224.21.52 author:1611051642=jrmu diff:1611051642:1611051383:=23,30d22%0a%3c %0a%3c Next we must create /etc/hostname.bridge0:%0a%3c %0a%3c [@%0a%3c %0a%3c @]%0a%3c %0a%3c %0a host:1611051642=125.224.21.52 author:1611051383=jrmu diff:1611051383:1611051179:=19c19%0a%3c # echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf%0a---%0a> # echo "sysctl net.inet.ip.forwarding=1" >> /etc/sysctl.conf%0a21c21%0a%3c # echo "net.inet6.ip.forwarding=1" >> /etc/sysctl.conf%0a---%0a> # echo "sysctl net.inet6.ip.forwarding=1" >> /etc/sysctl.conf%0a host:1611051383=125.224.21.52 author:1611051179=jrmu diff:1611051179:1611050870:=12c12%0a%3c # echo "net.inet.ip.arpq.maxlen=1024" >> /etc/sysctl.conf%0a---%0a> net.inet.ip.arpq.maxlen: 50 -> 1024%0a19c19%0a%3c # echo "sysctl net.inet.ip.forwarding=1" >> /etc/sysctl.conf%0a---%0a> net.inet.ip.forwarding: 0 -> 1%0a21c21%0a%3c # echo "sysctl net.inet6.ip.forwarding=1" >> /etc/sysctl.conf%0a---%0a> net.inet6.ip6.forwarding: 0 -> 1%0a host:1611051179=125.224.21.52 author:1611050870=jrmu diff:1611050870:1611050830:=13,21d12%0a%3c @]%0a%3c %0a%3c We will need to permit IPv4 and IPv6 forwarding for our virtual machines:%0a%3c %0a%3c [@%0a%3c # sysctl net.inet.ip.forwarding=1%0a%3c net.inet.ip.forwarding: 0 -> 1%0a%3c # sysctl net.inet6.ip6.forwarding=1%0a%3c net.inet6.ip6.forwarding: 0 -> 1%0a host:1611050870=125.224.21.52 author:1611050830=jrmu diff:1611050830:1611050756:=13a14,15%0a> %0a> %0a host:1611050830=125.224.21.52 author:1611050756=jrmu diff:1611050756:1611050387:=1,2c1,2%0a%3c By default, there are only four tap interfaces. We need to create sufficient devices for all our virtual machines:%0a%3c %0a---%0a> We need to create sufficient tap devices for all our virtual machines:%0a> %0a7,15d6%0a%3c %0a%3c We need to increase arpq because we may have so many virtual machines on the same switch:%0a%3c %0a%3c [@%0a%3c # sysctl net.inet.ip.arpq.maxlen=1024%0a%3c net.inet.ip.arpq.maxlen: 50 -> 1024%0a%3c @]%0a%3c %0a%3c %0a host:1611050756=125.224.21.52 author:1611050387=jrmu diff:1611050387:1611050326:= host:1611050387=125.224.21.52 author:1611050326=jrmu diff:1611050326:1611050184:=1,7d0%0a%3c We need to create sufficient tap devices for all our virtual machines:%0a%3c %0a%3c [@%0a%3c # cd /dev%0a%3c # for i in $(jot 50 4 50); do sh MAKEDEV tap$i; done%0a%3c @]%0a%3c %0a host:1611050326=125.224.21.52 author:1611050184=jrmu diff:1611050184:1611049961:=9d8%0a%3c %0a16,17c15,27%0a%3c locked lladdr aa:bb:cc:dd:ee:01%0a%3c switch "switch0"%0a---%0a> locked lladdr 7d:7a:cf:a8:ec:81%0a> switch "my_switch"%0a> }%0a> }%0a> %0a> %0a> vm "user123" {%0a> memory 512M%0a> cdrom "/home/user/install66.iso"%0a> disk "/home/user/user123.qcow2"%0a> interface {%0a> locked lladdr aa:bb:cc:dd:ee:ff%0a> switch "switch0"%0a host:1611050184=125.224.21.52 author:1611049961=jrmu diff:1611049961:1611049604:=9,20d8%0a%3c vm "user123" {%0a%3c owner user123%0a%3c memory 512M%0a%3c cdrom "/home/iso/install68.iso"%0a%3c disk /home/user123/user123.qcow2%0a%3c interface { %0a%3c locked lladdr 7d:7a:cf:a8:ec:81%0a%3c switch "my_switch"%0a%3c }%0a%3c }%0a%3c %0a%3c %0a host:1611049961=125.224.21.52 author:1611049604=jrmu diff:1611049604:1607945370:=4,6c4%0a%3c socket owner :vmdusers%0a%3c %0a%3c switch "switch0" {%0a---%0a> switch "my_switch" {%0a15c13%0a%3c switch "switch0"%0a---%0a> switch "my_switch"%0a host:1611049604=125.224.21.52 author:1607945370=jrmu diff:1607945370:1597239582:=3c3%0a%3c [@%0a---%0a> %3ccode>%0a16,18c16,18%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a20,21c20,21%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a26c26%0a%3c [@%0a---%0a> %3ccode>%0a28,29c28,29%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a32c32%0a%3c [@%0a---%0a> %3ccode>%0a34,36c34,36%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a39,41c39%0a%3c @]%0a%3c %0a%3c If some users are using the wrong IPs, you can run tcpdump with the -e flag to show the lladdr of tcp packets.%0a\ No newline at end of file%0a---%0a> %3c/code>%0a\ No newline at end of file%0a host:1607945370=198.251.81.119 author:1597239582=jrmu diff:1597239582:1597239582:=1,39d0%0a%3c From /etc/vm.conf:%0a%3c %0a%3c %3ccode>%0a%3c switch "my_switch" {%0a%3c interface bridge0%0a%3c }%0a%3c vm "user123" {%0a%3c memory 512M%0a%3c cdrom "/home/user/install66.iso"%0a%3c disk "/home/user/user123.qcow2"%0a%3c interface {%0a%3c locked lladdr aa:bb:cc:dd:ee:ff%0a%3c switch "my_switch"%0a%3c }%0a%3c }%0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c # vmctl create -s 20G user.qcow2%0a%3c %3c/code>%0a%3c %0a%3c You will need to add this crontab entry for a user to prevent the networking from timing out:%0a%3c %0a%3c For openbsd:%0a%3c %0a%3c %3ccode>%0a%3c @reboot /usr/bin/tmux new -d 'while true; do /sbin/ping -i5 38.81.163.128; done' \;%0a%3c %3c/code>%0a%3c %0a%3c For debian:%0a%3c %0a%3c %3ccode>%0a%3c @reboot /usr/bin/tmux new -d 'while true; do /usr/bin/ping -i5 38.81.163.128; done' \;%0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c # groupadd vmdusers%0a%3c # chown root:vmdusers /var/run/vmd.sock%0a%3c %3c/code>%0a\ No newline at end of file%0a host:1597239582=38.81.163.143