# Virtualization
It is realy easy to virtualize an operating system with OpenBSD thanks to vmd.
> Well, that's nice, but what virtualizing means ?
Instead of installing different OS on different computers, you can install an OS inside your current OS. The virtualizer fake to be a full device and run an OS installed on a disk, which is in this case a simple file.
It is very handy since :
* You can use multiple system simultaneously.
* Each system is independent. If one is compromised, others should be safe. It's better than a chroot.
* Backup is really easy: just copy the disk file.
* It's great to try things.
However, it require more resources.
Before going further, make sure we use the same vocabulary :
* "host" is your server. The host virtualize other systems.
* "client" are hosted systems.
OpenBSD offer 3 tools for virtualization :
* vmd : a daemon to manage multiple clients.
* vmctl : To control clients and sending commands to vmd.
* vmm : To watch over clients.
First of all, check if your hardware can virtualize :
```
$ dmesg | egrep '(VMX/EPT|SVM/RVI)'
```
If the result isn't empty, it's all good 😊.
Don't forget to upgrade firmwares if needed: # fw_update.
To add a new virtual machine, you will always :
1. Install in a new disk file with vmctl.
2. Configure vmd to manage this client automatically.
## How to virtualize OpenBSD ?
Actually, everything is already well documented on OpenBSD's website. This chapter will just focus on a few tips.
You should definitely read OpenBSD's FAQ on this topic 😉.
(HTM) https://www.openbsd.org/faq/faq16.html
### Use other installation media
To use img disk (installXX.img or minirootXX.img):
```
# vmctl start -c -m 1G -L -i 1 -d installXX.img -d /var/vm/obsdvm.qcow2 openbsdvm
```
Or if you don't want to download any file, you still can use the bsd.rd probably already on your system:
```
# vmctl start -c -m 1G -L -i 1 -b /bsd.rd -d /var/vm/obsdvm.qcow2 openbsdvm
```
However, such install requires to previously configure a network access for clients.
In /etc/pf.conf:
```
# using quad9 DNS
pass in quick proto { tcp udp } from 100.64.0.0/10 to any port domain \
rdr-to 9.9.9.9 port domain
match out on egress from 100.64.0.0/10 to any nat-to (egress)
```
Even better, you can use unwind if it is already configured on host, which is an excellent idea 😎 :
```
pass in proto { tcp udp } from 100.64.0.0/10 to any port domain \
rdr-to localhost port domain
match out on egress from 100.64.0.0/10 to any nat-to (egress)
```
In /etc/sysctl.conf:
```
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
```
## Virtualize debian
Like most linux distro, you'll have to set the installer and bootloader to start the client with a serial console at speed 15200.
```
# download debian image
ftp "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.5.0-amd64-netinst.iso"
# create disk
vmctl create -s 50G /var/vm/debian.qcow2
# start the VM
vmctl start -c -m 1G -L -i 1 -r debian*.iso -d /var/vm/debian.qcow2 debianvm
```
Choose install menu without validating âš .
Press TAB then edit the line to change vga and console parameters:
```
/install.amd/vmlinuz vga=off initrd=/install.amd/initrd.gz --- quiet console=ttyS0,115200n8
```
Press Enter.
After installing and rebooting on the fresh debian install, edit /etc/default/grub so serial console is still used.
```
GRUB_TIMEOUT=1
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200"
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
```
Then reload grub:
```
# update-grub
```
## Virtualize Alpine Linux
Alpine Linux is a very light distro.
(HTM) https://www.alpinelinux.org/
Here again, you need to boot using serial console.
```
# vmctl create -s 50G /var/vm/linux.qcow2
# vmctl start -c -m 1G -L -i 1 -r image.iso -d /var/vm/linux.qcow2 linux
```
When starting virual machine, press "TAB" to see available image (i.e. "lts" or "virt"). Add appropriate parameter to use serial console :
```
virt console=ttyS0,115200
```
Then press Enter and it's all good.
---
(DIR) Table of contents
(BIN) Donate
---
(DIR) /