diff options
Diffstat (limited to 'virtual-machines.md')
-rw-r--r-- | virtual-machines.md | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/virtual-machines.md b/virtual-machines.md new file mode 100644 index 0000000..0902fd9 --- /dev/null +++ b/virtual-machines.md @@ -0,0 +1,153 @@ +Building and running Linux virtual machines locally using vmdb2 and +qemu. + +Using this to do things more securely or building custom environments +for doing things + +----------------------------------------------------------------------------- + +# Terminology + +* virtual machine vs container + +* CPU emulator vs machine or system emulator + +* OS/360, Qemu, Xen, kvm, libvirt, OpenStack, VirtualBox, Hyperkitty, + Parallels, Hyper-V, Hercules, etc + + - speed, features, host system + - Wikipedia: [Timeline of virtualization development](https://en.wikipedia.org/wiki/Timeline_of_virtualization_development) + +* machine or disk images + +----------------------------------------------------------------------------- + +# Virtual machine images + +* raw, qcow2, VDI, other formats + + - `qemu-img convert -f raw -O qcow2 foo.img foo.qcow2` + +* manually run installer + +* Debian, manual: + - qemu-img create + - parted + - kpartx + - mount + - debootstrap + - chroot + - grub + +* Debian, fancy: + - vmdb2, debos + - many more + +----------------------------------------------------------------------------- + +Demo: Debian buster, manually + +<!-- + +ssh -A exolobe1 +cd wmf/vdc +less mkimg +sudo ./mkimg +./run.sh + +--> + +----------------------------------------------------------------------------- + +# Running a VM with qemu-system + +~~~sh +qemu-system-x86_64 -enable-kvm -m 1024 \ + -drive file=foo.img,format=raw,if=virtio \ + -device virtio-net,netdev=user.0 \ + -netdev user,id=user.0,hostfwd=tcp::2222-:22 + +ssh -p 2222 root@localhost +~~~ + +----------------------------------------------------------------------------- + +# Nested VMs + +* outer VM controls inner VM + +* inner VM does actual build + +* outer VM firewalls or otherwise prevents network access during + different stages of the build + +----------------------------------------------------------------------------- + +Inception demo: vmdb2, libvirt, nested VMs + +<!-- + +ssh -A exolobe1 +cd wmf/vdc + +less vdc.vmdb vdc.yml vdc.sh launch.sh +sudo ./vdc.sh +./launch.sh vdc vdc.img +qemu-img create workspace.img 100G +virsh attach-disk vdc $(pwd)/workspace.img vdb --targetbus virtio --persistent --live + +ssh root@vdc +- mkfs -t ext4 /dev/vdb +- vi /etc/fstab +- mount -a +- exit + +scp launch-inner.sh root@vdc: +rsync -ahPS base.img root@vdc:/mnt/. + +ssh root@vdc +- cp /mnt/base.img /mnt/client.img +- virsh net-start default +- ./launch-inner.sh client /mnt/client.img +- exit +ansible-playbook -i hosts client.yml -e ansible_ssh_host=base +ssh root@vdc virsh reboot client +ansible-playbook -i hosts client.yml +ssh -J root@vdc root@client + +ssh root@vdc +- cp /mnt/base.img /mnt/server.img +- ./launch-inner.sh server /mnt/server.img +- exit +ansible-playbook -i hosts server.yml -e ansible_ssh_host=base +ssh root@vdc virsh reboot server +ansible-playbook -i hosts server.yml +ssh -J root@vdc root@server +- cd /var/www/html +- rm index.html +- vi index.php + +on client: w3m http://server + + + +--> + +----------------------------------------------------------------------------- + +# Legalese + +Copyright 2020 Wikimedia Foundation + +This content is licensed under the Creative Commons +Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence. + +[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/ + + +--- +title: "Virtual machines" +subtitle: "(magic for muggles)" +author: "Lars Wirzenius / Wikimedia Foundation" +date: "Version for 2020-05-18" +... |