1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
Building and running Linux virtual machines locally using vmdb2 and
qemu.
Using this to do things more securely or building custom environments
for doing things
-----------------------------------------------------------------------------
# Terminology
* virtual machine vs container
* CPU emulator vs machine or system emulator
* OS/360, QEMU, Xen, kvm, libvirt, OpenStack, VirtualBox, Hyperkitty,
Parallels, Hyper-V, Hercules, etc
- speed, features, host system
- Wikipedia: [Timeline of virtualization development](https://en.wikipedia.org/wiki/Timeline_of_virtualization_development)
* machine or disk images
-----------------------------------------------------------------------------
# Virtual machine images
* raw, qcow2, VDI, other formats
- `qemu-img convert -f raw -O qcow2 foo.img foo.qcow2`
* manually run installer
* Debian, manual:
- qemu-img create
- parted
- kpartx
- mount
- debootstrap
- chroot
- grub
* Debian, fancy:
- vmdb2, debos
- many more
-----------------------------------------------------------------------------
Demo: Debian buster, manually
<!--
ssh -A exolobe1
cd wmf/vdc
less mkimg
sudo ./mkimg
./run.sh
-->
-----------------------------------------------------------------------------
# Running a VM with qemu-system
~~~sh
qemu-system-x86_64 -enable-kvm -m 1024 \
-drive file=foo.img,format=raw,if=virtio \
-device virtio-net,netdev=user.0 \
-netdev user,id=user.0,hostfwd=tcp::2222-:22
ssh -p 2222 root@localhost
~~~
-----------------------------------------------------------------------------
# Nested VMs
* outer VM controls inner VM
* inner VM does actual build
* outer VM firewalls or otherwise prevents network access during
different stages of the build
-----------------------------------------------------------------------------
Inception demo: vmdb2, libvirt, nested VMs
<!--
ssh -A exolobe1
cd wmf/vdc
less vdc.vmdb vdc.yml vdc.sh launch.sh
sudo ./vdc.sh
./launch.sh vdc vdc.img
qemu-img create workspace.img 100G
virsh attach-disk vdc $(pwd)/workspace.img vdb --targetbus virtio --persistent --live
ssh root@vdc
- mkfs -t ext4 /dev/vdb
- vi /etc/fstab
- mount -a
- exit
scp launch-inner.sh root@vdc:
rsync -ahPS base.img root@vdc:/mnt/.
ssh root@vdc
- cp /mnt/base.img /mnt/client.img
- virsh net-start default
- ./launch-inner.sh client /mnt/client.img
- exit
ansible-playbook -i hosts client.yml -e ansible_ssh_host=base
ssh root@vdc virsh reboot client
ansible-playbook -i hosts client.yml
ssh -J root@vdc root@client
ssh root@vdc
- cp /mnt/base.img /mnt/server.img
- ./launch-inner.sh server /mnt/server.img
- exit
ansible-playbook -i hosts server.yml -e ansible_ssh_host=base
ssh root@vdc virsh reboot server
ansible-playbook -i hosts server.yml
ssh -J root@vdc root@server
- cd /var/www/html
- rm index.html
- vi index.php
on client: w3m http://server
-->
-----------------------------------------------------------------------------
# Legalese
Copyright 2020 Wikimedia Foundation
This content is licensed under the Creative Commons
Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence.
[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/
---
title: "Virtual machines"
subtitle: "(magic for muggles)"
author: "Lars Wirzenius / Wikimedia Foundation"
date: "Version for 2020-05-18"
...
|