wiki.yonderly.org

User Tools

Site Tools

Trace: running_webservices_openbsd_vmm
running_webservices_openbsd_vmm

This is an old revision of the document!

Table of Contents

running webservices from OpenBSD's vmm

although it is most likely best to run most things directly on an OpenBSD host, compatibility issues and other pains may arise depending on the service.

this is a guide on how to host web content from a virtual machine running inside OpenBSD's vmm and serve it through a reverse proxy with relayd.

vmd configuration

vmd is the daemon that interacts with vmm to make virtual machine creation and management easy. its config file is at /etc/vm.conf.

what I like to do is create /etc/vm.conf.d and use “include” in vm.conf to load the configs within it. this allows you to create individual config files and enable or disable them by simply commenting their include line.

for example:

/etc/vm.conf
include "/etc/vm.conf.d/alpine0.conf"
#include "/etc/vm.conf.d/alpine1.conf"
include "/etc/vm.conf.d/openbsd0.conf"
...

here is the vm.conf used for this guide:

/etc/vm.conf
include "/etc/vm.conf.d/alpine0.conf"

also, I create /var/vm, /var/vm/disk, and /var/vm/iso for the disk and installation images for the VMs. 

# mkdir -p /var/vm/disk /var/vm/iso

now, set secure permissions for the disk directory. 

# chmod -R 600 /var/vm/disk

for convenience, I create the vm group and allow its members to control virtual machines (in next section). this allows you to start, stop, monitor, and stuff without needing to be root. 

# groupadd vm
# usermod -G vm user

pf.conf

pf.conf needs to be modified so that networking works properly for the VMs.

/etc/pf.conf
...
match out on egress from 100.64.0.0/10 to any nat-to (egress)
pass in proto { udp tcp } from 100.64.0.0/10 to any port domain \
	rdr-to 1.1.1.1 port domain
...

the virtual machine

for this guide, Alpine Linux will be used. download the installation ISO. 

# cd /var/vm/iso
# ftp https://dl-cdn.alpinelinux.org/alpine/v3.21/releases/x86_64/alpine-extended-3.21.3-x86_64.iso

create the disk image. a size of 64G will be used here. 

# cd /var/vm/disk
# vmctl create -s 64G ./alpine0.qcow2
vmctl: qcow2 imagefile created

make sure that the disk image has the correct permissions! 

# ls -l ./alpine0.qcow2
-rw-------  1 root  _vmd    256K Feb 1 12:00 alpine0.qcow2

here is the vm block for the VM. read vm.conf(5) for more information.

/etc/vm.conf.d/alpine0.conf
vm alpine0 {
        owner   :vm # allow group vm to control this virtual machine.
 
        boot device cdrom # change to disk after installation.
 
        cdrom   /var/vm/iso/alpine-extended-3.21.3-x86_64.iso
        disk    /var/vm/disk/alpine0.qcow2
 
        memory  8192M
 
        local interface
}

if you haven't already, start vmd. 

# rcctl start vmd

if you have, run the following to have vmd reload its config. 

# vmctl reload

the virtual machine will automatically start, use the following command to connect to it. 

# vmctl console alpine0

if you see nothing, wait, and then press Enter. the login prompt should be visible.

running_webservices_openbsd_vmm.1740395831.txt.gz · Last modified: 2025/02/24 11:17 by ethan
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki