summaryrefslogtreecommitdiff
path: root/virtual-machines.md
blob: 81a5ba15b844d441682184243fb411034f246f50 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Building and running Linux virtual machines locally using vmdb2 and
qemu.

Using this to do things more securely or building custom environments
for doing things

-----------------------------------------------------------------------------

# Terminology

* virtual machine vs container

* CPU emulator vs machine or system emulator

* OS/360, QEMU, Xen, kvm, libvirt, OpenStack, VirtualBox, Hyperkitty,
  Parallels, Hyper-V, Hercules, etc

  - speed, features, host system
  - Wikipedia: [Timeline of virtualization development](https://en.wikipedia.org/wiki/Timeline_of_virtualization_development)

* machine or disk images

-----------------------------------------------------------------------------

# Virtual machine images

* raw, qcow2, VDI, other formats

  - `qemu-img convert -f raw -O qcow2 foo.img foo.qcow2`

* manually run installer

* Debian, manual:
  - qemu-img create
  - parted
  - kpartx
  - mount
  - debootstrap
  - chroot
  - grub

* Debian, fancy:
  - vmdb2, debos
  - many more

-----------------------------------------------------------------------------

Demo: Debian buster, manually

<!--

ssh -A exolobe1
cd wmf/vdc
less mkimg
sudo ./mkimg
./run.sh

-->

-----------------------------------------------------------------------------

# Running a VM with qemu-system

~~~sh
qemu-system-x86_64 -enable-kvm -m 1024 \
  -drive file=foo.img,format=raw,if=virtio \
  -device virtio-net,netdev=user.0 \
  -netdev user,id=user.0,hostfwd=tcp::2222-:22

ssh -p 2222 root@localhost
~~~

-----------------------------------------------------------------------------

# Nested VMs

* outer VM controls inner VM

* inner VM does actual build

* outer VM firewalls or otherwise prevents network access during
  different stages of the build

-----------------------------------------------------------------------------

Inception demo: vmdb2, libvirt, nested VMs

<!--

ssh -A exolobe1
cd wmf/vdc

less vdc.vmdb vdc.yml vdc.sh launch.sh
sudo ./vdc.sh
./launch.sh vdc vdc.img
qemu-img create workspace.img 100G
virsh attach-disk vdc $(pwd)/workspace.img vdb --targetbus virtio --persistent --live

ssh root@vdc
- mkfs -t ext4 /dev/vdb
- vi /etc/fstab
- mount -a
- exit

scp launch-inner.sh root@vdc:
rsync -ahPS base.img root@vdc:/mnt/.

ssh root@vdc
- cp /mnt/base.img /mnt/client.img
- virsh net-start default
- ./launch-inner.sh client /mnt/client.img
- exit
ansible-playbook -i hosts client.yml -e ansible_ssh_host=base
ssh root@vdc virsh reboot client
ansible-playbook -i hosts client.yml
ssh -J root@vdc root@client

ssh root@vdc
- cp /mnt/base.img /mnt/server.img
- ./launch-inner.sh server /mnt/server.img
- exit
ansible-playbook -i hosts server.yml -e ansible_ssh_host=base
ssh root@vdc virsh reboot server
ansible-playbook -i hosts server.yml
ssh -J root@vdc root@server
- cd /var/www/html
- rm index.html
- vi index.php

on client: w3m http://server



-->

-----------------------------------------------------------------------------

# Legalese

Copyright 2020 Wikimedia Foundation

This content is licensed under the Creative Commons
Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence.

[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/


---
title: "Virtual machines"
subtitle: "(magic for muggles)"
author: "Lars Wirzenius / Wikimedia Foundation"
date: "Version for 2020-05-18"
...