Building and running Linux virtual machines locally using vmdb2 and
qemu.

Using this to do things more securely or building custom environments
for doing things

-----------------------------------------------------------------------------

# Terminology

* virtual machine vs container

* CPU emulator vs machine or system emulator

* OS/360, QEMU, Xen, kvm, libvirt, OpenStack, VirtualBox, Hyperkitty,
  Parallels, Hyper-V, Hercules, etc

  - speed, features, host system
  - Wikipedia: [Timeline of virtualization development](https://en.wikipedia.org/wiki/Timeline_of_virtualization_development)

* machine or disk images

-----------------------------------------------------------------------------

# Virtual machine images

* raw, qcow2, VDI, other formats

  - `qemu-img convert -f raw -O qcow2 foo.img foo.qcow2`

* manually run installer

* Debian, manual:
  - qemu-img create
  - parted
  - kpartx
  - mount
  - debootstrap
  - chroot
  - grub

* Debian, fancy:
  - vmdb2, debos
  - many more

-----------------------------------------------------------------------------

Demo: Debian buster, manually

<!--

ssh -A exolobe1
cd wmf/vdc
less mkimg
sudo ./mkimg
./run.sh

-->

-----------------------------------------------------------------------------

# Running a VM with qemu-system

~~~sh
qemu-system-x86_64 -enable-kvm -m 1024 \
  -drive file=foo.img,format=raw,if=virtio \
  -device virtio-net,netdev=user.0 \
  -netdev user,id=user.0,hostfwd=tcp::2222-:22

ssh -p 2222 root@localhost
~~~

-----------------------------------------------------------------------------

# Nested VMs

* outer VM controls inner VM

* inner VM does actual build

* outer VM firewalls or otherwise prevents network access during
  different stages of the build

-----------------------------------------------------------------------------

Inception demo: vmdb2, libvirt, nested VMs

<!--

ssh -A exolobe1
cd wmf/vdc

less vdc.vmdb vdc.yml vdc.sh launch.sh
sudo ./vdc.sh
./launch.sh vdc vdc.img
qemu-img create workspace.img 100G
virsh attach-disk vdc $(pwd)/workspace.img vdb --targetbus virtio --persistent --live

ssh root@vdc
- mkfs -t ext4 /dev/vdb
- vi /etc/fstab
- mount -a
- exit

scp launch-inner.sh root@vdc:
rsync -ahPS base.img root@vdc:/mnt/.

ssh root@vdc
- cp /mnt/base.img /mnt/client.img
- virsh net-start default
- ./launch-inner.sh client /mnt/client.img
- exit
ansible-playbook -i hosts client.yml -e ansible_ssh_host=base
ssh root@vdc virsh reboot client
ansible-playbook -i hosts client.yml
ssh -J root@vdc root@client

ssh root@vdc
- cp /mnt/base.img /mnt/server.img
- ./launch-inner.sh server /mnt/server.img
- exit
ansible-playbook -i hosts server.yml -e ansible_ssh_host=base
ssh root@vdc virsh reboot server
ansible-playbook -i hosts server.yml
ssh -J root@vdc root@server
- cd /var/www/html
- rm index.html
- vi index.php

on client: w3m http://server



-->

-----------------------------------------------------------------------------

# Legalese

Copyright 2020 Wikimedia Foundation

This content is licensed under the Creative Commons
Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence.

[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/


---
title: "Virtual machines"
subtitle: "(magic for muggles)"
author: "Lars Wirzenius / Wikimedia Foundation"
date: "Version for 2020-05-18"
...