summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--virtual-machines.md153
1 files changed, 153 insertions, 0 deletions
diff --git a/virtual-machines.md b/virtual-machines.md
new file mode 100644
index 0000000..0902fd9
--- /dev/null
+++ b/virtual-machines.md
@@ -0,0 +1,153 @@
+Building and running Linux virtual machines locally using vmdb2 and
+qemu.
+
+Using this to do things more securely or building custom environments
+for doing things
+
+-----------------------------------------------------------------------------
+
+# Terminology
+
+* virtual machine vs container
+
+* CPU emulator vs machine or system emulator
+
+* OS/360, Qemu, Xen, kvm, libvirt, OpenStack, VirtualBox, Hyperkitty,
+ Parallels, Hyper-V, Hercules, etc
+
+ - speed, features, host system
+ - Wikipedia: [Timeline of virtualization development](https://en.wikipedia.org/wiki/Timeline_of_virtualization_development)
+
+* machine or disk images
+
+-----------------------------------------------------------------------------
+
+# Virtual machine images
+
+* raw, qcow2, VDI, other formats
+
+ - `qemu-img convert -f raw -O qcow2 foo.img foo.qcow2`
+
+* manually run installer
+
+* Debian, manual:
+ - qemu-img create
+ - parted
+ - kpartx
+ - mount
+ - debootstrap
+ - chroot
+ - grub
+
+* Debian, fancy:
+ - vmdb2, debos
+ - many more
+
+-----------------------------------------------------------------------------
+
+Demo: Debian buster, manually
+
+<!--
+
+ssh -A exolobe1
+cd wmf/vdc
+less mkimg
+sudo ./mkimg
+./run.sh
+
+-->
+
+-----------------------------------------------------------------------------
+
+# Running a VM with qemu-system
+
+~~~sh
+qemu-system-x86_64 -enable-kvm -m 1024 \
+ -drive file=foo.img,format=raw,if=virtio \
+ -device virtio-net,netdev=user.0 \
+ -netdev user,id=user.0,hostfwd=tcp::2222-:22
+
+ssh -p 2222 root@localhost
+~~~
+
+-----------------------------------------------------------------------------
+
+# Nested VMs
+
+* outer VM controls inner VM
+
+* inner VM does actual build
+
+* outer VM firewalls or otherwise prevents network access during
+ different stages of the build
+
+-----------------------------------------------------------------------------
+
+Inception demo: vmdb2, libvirt, nested VMs
+
+<!--
+
+ssh -A exolobe1
+cd wmf/vdc
+
+less vdc.vmdb vdc.yml vdc.sh launch.sh
+sudo ./vdc.sh
+./launch.sh vdc vdc.img
+qemu-img create workspace.img 100G
+virsh attach-disk vdc $(pwd)/workspace.img vdb --targetbus virtio --persistent --live
+
+ssh root@vdc
+- mkfs -t ext4 /dev/vdb
+- vi /etc/fstab
+- mount -a
+- exit
+
+scp launch-inner.sh root@vdc:
+rsync -ahPS base.img root@vdc:/mnt/.
+
+ssh root@vdc
+- cp /mnt/base.img /mnt/client.img
+- virsh net-start default
+- ./launch-inner.sh client /mnt/client.img
+- exit
+ansible-playbook -i hosts client.yml -e ansible_ssh_host=base
+ssh root@vdc virsh reboot client
+ansible-playbook -i hosts client.yml
+ssh -J root@vdc root@client
+
+ssh root@vdc
+- cp /mnt/base.img /mnt/server.img
+- ./launch-inner.sh server /mnt/server.img
+- exit
+ansible-playbook -i hosts server.yml -e ansible_ssh_host=base
+ssh root@vdc virsh reboot server
+ansible-playbook -i hosts server.yml
+ssh -J root@vdc root@server
+- cd /var/www/html
+- rm index.html
+- vi index.php
+
+on client: w3m http://server
+
+
+
+-->
+
+-----------------------------------------------------------------------------
+
+# Legalese
+
+Copyright 2020 Wikimedia Foundation
+
+This content is licensed under the Creative Commons
+Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence.
+
+[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/
+
+
+---
+title: "Virtual machines"
+subtitle: "(magic for muggles)"
+author: "Lars Wirzenius / Wikimedia Foundation"
+date: "Version for 2020-05-18"
+...