commit 83886dc7c970054fba434035c12cf49ff48e53da from: gonzalo date: Wed Jul 25 23:43:32 2018 UTC initial vmm_setup commit - /dev/null commit + 83886dc7c970054fba434035c12cf49ff48e53da blob - /dev/null blob + 2f748858bc033b0d76576f76fe20056197d84bf9 (mode 644) --- /dev/null +++ Makefile @@ -0,0 +1,42 @@ +# +# Makefile pr0n. +# +# by gonzalo@x61.sh +# +# + +vmm: + @echo "" + @echo "[+] Downloading files from https://github.com/gonzalo-/vmm_setup" + @echo "" + @cd /tmp + @ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/hostname.vether0 + @ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/hostname.bridge0 + @ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/dhcpd.conf + @ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/pf.conf + @ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/vm.conf + @ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/sysctl.conf + @echo "" + @echo "[+] Installing files..." + @echo "" + @install -m 0640 -g wheel -o root /tmp/hostname.vether0 /etc + @install -m 0640 -g wheel -o root /tmp/hostname.bridge0 /etc + @install -m 0600 -g wheel -o root /tmp/{pf,sysctl,dhcpd,vm}.conf /etc + @rm /tmp/hostname.* /tmp/*.conf + @echo "" + @echo "[+] Downloading OpenBSD kernels and Alpine Linux iso..." + @echo "" + @mkdir -p /VMs/openbsd/snapshots/amd64/ + @mkdir -p /VMs/linux + @cd /VMs/linux && ftp -V https://nl.alpinelinux.org/alpine/v3.6/releases/x86_64/alpine-virt-3.6.0-x86_64.iso + @cd /VMs/openbsd/snapshots/amd64/ && ftp -V https://fastly.cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd{.mp,.rd} + @ftp -V https://fastly.cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/install63.fs + @echo "To create the disks run something like this: " + @echo 'vmctl create "/VMs/OpenBSD_Ports.img" -s 25G' + @echo "" + @echo "[+] Enabling vmd & setting dhcpd..." + @echo "" + @rcctl enable vmd && rcctl enable dhcpd && rcctl set dhcpd flags vether0 + @echo "" + @echo "[+] All done, you can reboot now and play with vmm(4)." + @echo "" blob - /dev/null blob + 32caee5b5c06c74c47391d521d309328f4479e2e (mode 644) --- /dev/null +++ README.md @@ -0,0 +1,130 @@ +# OpenBSD vmm(4) example setup + +The idea of this repo is to setup an example vmm(4) environment to run VMs over OpenBSD, with OpenBSD. + +For debian on vmm(4) you can also see @vext01: + +https://github.com/vext01/recipes/blob/master/recipes/debian9_inside_vmm.md + + +# WARNING: This will override your files if exists + +## hostname.vether0 + +You can set your VMs network here, for now is 10.10.10.0/24 and runs the DHCP server on 10.10.10.255 + +## hostname.bridge0 + +This file bridges your network so the VMs can talk to vether0 to get a DHCP address and be forwarded to the internet. +In the new syntax, ```add vether0``` has been removed and replaced with ```interface bridge0``` so now the network looks like this: + +``` vm ---> bridge0 ---> vether0 ---> internet``` + +## pf.conf + +A typical pf.conf, $ext_if are our inet interfaces, and $int_if are our 'internal', in this case, the +internals interfaces are the ones connected to VMs, in this case vether0 and tapX. You need to edit this +according to your machine. + +## sysctl.conf + +Now our machine is our VMs GW, so we need to permite the ip forwarding. + +## dhcpd.conf + +A regular dhcpd setup, for our VMs, setting our network and nameservers. + +## vm.conf + +Our VMs file, has comments, this is the main file, you need to edit this to your taste. + +## Makefile usage + +Assuming you have comp6X.tgz installed. + +``` +# cd /tmp +# ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/Makefile +# make vmm + +[+] Downloading files from https://github.com/gonzalo-/vmm_setup + +hostname.vether0 100% |*********************************************************| 39 00:00 +dhcpd.conf 100% |*********************************************************| 420 00:00 +vm.conf 100% |*********************************************************| 216 00:00 +pf.conf 100% |*********************************************************| 1882 00:00 +sysctl.conf 100% |*********************************************************| 25 00:00 + +[+] Installing files... + +[+] Enabling vmd & setting dhcpd... + +[+] All done, you can reboot now and play with vmm(4). + +# reboot +``` + +## vmm.sh usage + +``` +# cd /tmp +# ftp -o - https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/vmm.sh | sh - +Trying 151.101.24.133... +Requesting https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/vmm.sh +1329 bytes received in 0.00 seconds (6.12 MB/s) + +[+] Downloading files from https://github.com/gonzalo-/vmm_setup + +hostname.vether0 100% |*********************************************************| 39 00:00 +dhcpd.conf 100% |*********************************************************| 420 00:00 +vm.conf 100% |*********************************************************| 216 00:00 +pf.conf 100% |*********************************************************| 1882 00:00 +sysctl.conf 100% |*********************************************************| 25 00:00 + +[+] Installing files... + +[+] Enabling vmd & setting dhcpd... + +[+] All done, you can reboot now and play with vmm(4). + +# reboot +``` + +# vmm(4) running +``` +$ vmctl status + ID PID VCPUS MAXMEM CURMEM TTY OWNER NAME + 7 25839 1 512M 161M ttyp1 root OpenBSD_Test.vm + 6 96312 1 2.0G 733M ttyp0 root OpenBSD_Ports.vm + 3 30269 1 2.0G 401M ttyp6 root Alpine_Linux.vm +``` + +``` +$ doas vmctl console 7 + +OpenBSD/amd64 (test.vm.incre.host) (tty00) + +login: +``` + +``` +$ doas vmctl console 3 + + +Welcome to Alpine Linux 3.6 +Kernel 4.9.32-0-virthardened on an x86_64 (/dev/ttyS0) + +sonarr login: gonzalo +Password: +Welcome to Alpine! + +The Alpine Wiki contains a large amount of how-to guides and general +information about administrating Alpine systems. +See . + +You can setup the system with the command: setup-alpine + +You may change this message by editing /etc/motd. + +alpine:~$ +``` blob - /dev/null blob + 5f2d4af91e4e63332a3a20941c2b86da159cef39 (mode 644) --- /dev/null +++ dhcpd.conf @@ -0,0 +1,12 @@ +shared-network VMs-NETWORK { + subnet 10.10.10.0 netmask 255.255.255.0 { + range 10.10.10.100 10.10.10.110; + + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + option routers 10.10.10.1; + ## change me + option domain-name-servers 9.9.9.9; + ## change me + } +} blob - /dev/null blob + 634b6a0b00eb328c4c76c609edcef51227d8ae7c (mode 644) --- /dev/null +++ hostname.bridge0 @@ -0,0 +1,2 @@ +add vether0 +up blob - /dev/null blob + 9d0d70e1c015425b4d2902db8de0f14254983117 (mode 644) --- /dev/null +++ hostname.vether0 @@ -0,0 +1 @@ +inet 10.10.10.1 255.255.255.0 10.10.10.255 blob - /dev/null blob + ddbdf00a283518854479385e433fc3f5c6d0f81f (mode 644) --- /dev/null +++ pf.conf @@ -0,0 +1,25 @@ +## pf.conf example for vmm(4) +## adjust this to your own +## interfaces +ext_if="{ iwn0 em0 }" +## +int_if="{ vether0 tap0 tap1 tap2 }" + +set skip on lo +set block-policy drop +set loginterface egress + +match in all scrub (no-df random-id max-mss 1440) +match out on egress inet from !(egress:network) to any nat-to (egress:0) + +block in + +pass out quick inet +pass in on $int_if inet +pass in on egress inet proto tcp from any os OpenBSD \ + to (egress) port 22 + +## access from outside over port 8989 +## we rdr-to our VM 10.10.10.100 to port 8989 +pass in on $ext_if proto tcp from any \ + to any port 8989 rdr-to 10.10.10.100 port 8989 blob - /dev/null blob + 34bcf4c3841e5e3215d20269634985c90abc3b48 (mode 644) --- /dev/null +++ sysctl.conf @@ -0,0 +1 @@ +net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets blob - /dev/null blob + b30bc80ac9464f2f7755eae415adb8db8a2daad4 (mode 644) --- /dev/null +++ vm.conf @@ -0,0 +1,60 @@ +## Were our sets are +openbsd="/VMs/openbsd/snapshots/amd64/" +linux="/VMs/linux/" + +## VMs Networking +switch "local" { + interface bridge0 + # I'll leave these here for now until I work out if they are useful + # add tap0 + # add tap1 + # add tap2 +} + +## VMs +# This one is ready to get installed +vm "OpenBSD_Ports.vm" { + ## We want this one start at boot + enable + ## Memory + memory 2G + + boot $openbsd "bsd.rd" + + ## You can create the img disk with + ## vmctl create "/VMs/OpenBSD_Ports.img" -s 40G + disk "/VMs/OpenBSD_Ports.img" + disk $openbsd "install63.fs" + + ## Network + interface { switch "local" } +} + +# This one already installed +vm "OpenBSD_Test.vm" { + disable + memory 512M + + disk "/VMs/OpenBSD_Test.img" + + interface { switch "local" } +} + +# This is an Alpine Linux ready to be installed +# cd /VMs/linux/ +# ftp -V https://nl.alpinelinux.org/alpine/v3.6/releases/x86_64/alpine-virt-3.6.0-x86_64.iso +# vmctl create "/home/VMs/Alpine_Linux.img" -s 25G +# You need to install Alpine with the command: setup-alpine (from vmctl console ID_VM) +# For debian on vmm(4) you can follow edd@ recipe on: +# https://github.com/vext01/recipes/blob/master/recipes/debian9_inside_vmm.md +# +vm "Alpine_Linux.vm" { + owner gonzalo + enable + memory 512M + ## >6.3 'cdrom' is avariable for install + ## <6.2 we use 'disk' for .iso and install + cdrom $linux "alpine-virt-3.6.0-x86_64.iso" + disk "/VMs/Alpine_Linux.img" + interface { switch "local" } +} blob - /dev/null blob + 267eb3e99ccd048bdfb366e43506ad3a2c4a0178 (mode 644) --- /dev/null +++ vmm.sh @@ -0,0 +1,40 @@ +# +# + +## debug +#set -x + +echo "" +echo "[+] Downloading files from https://github.com/gonzalo-/vmm_setup" +echo "" +cd /tmp +ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/hostname.vether0 +ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/hostname.bridge0 +ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/dhcpd.conf +ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/pf.conf +ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/vm.conf +ftp -V https://raw.githubusercontent.com/gonzalo-/vmm_setup/master/sysctl.conf +echo "" +echo "[+] Installing files..." +echo "" +install -m 0640 -g wheel -o root /tmp/hostname.vether0 /etc && \ +install -m 0640 -g wheel -o root /tmp/hostname.bridge0 /etc/ && \ +install -m 0600 -g wheel -o root /tmp/{pf,sysctl,dhcpd,vm}.conf /etc && \ +rm /tmp/hostname.* /tmp/*.conf >/dev/null +echo "" +echo "[+] Downloading OpenBSD kernels and Alpine Linux iso..." +echo "" +mkdir -p /VMs/openbsd/snapshots/amd64/ +mkdir -p /VMs/linux +cd /VMs/linux && ftp -V https://nl.alpinelinux.org/alpine/v3.6/releases/x86_64/alpine-virt-3.6.0-x86_64.iso +cd /VMs/openbsd/snapshots/amd64/ && ftp -V https://fastly.cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd{.mp,.rd} +ftp -V https://fastly.cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/install63.fs +echo "To create the disks run something like this: " +echo 'vmctl create "/VMs/OpenBSD_Ports.img" -s 25G' +echo "" +echo "[+] Enabling vmd & setting dhcpd..." +echo "" +rcctl enable vmd && rcctl enable dhcpd && rcctl set dhcpd flags vether0 +echo "" +echo "[+] All done, you can reboot now and play with vmm(4)." +echo ""