Virtualization

Platform virtualization

Software-based virtualization (simulation)

Create an empty disk image and then install Fedora onto it, running the procedure in a qemu simulator:

$ qemu-img create -f qcow2 disk.qcow2 4G
$ qemu-system-x86_64 -hda disk.qcow2 \
        -cdrom Fedora-20-x86_64-netinst.iso \
        -boot d \
        -net nic \
        -net user \
        -m 1024

To accelerate qemu when virtualizing the same platform as the host, first use modprobe to install the appropriate KVM modules, and then add the --enable-kvm option to the qemu-system-x86_64 command above.

You might want to run qemu with -nographic when running on a computer with no graphical console. For this to work, the hosted kernel must use the serial device as its console. You can arrange for this by passing console=ttyS0 on the hosted kernel’s command line, likely by editing your bootloader’s configuration.

You can also set the host’s MAC address by using -net nic,macaddr=aa:bb:cc:dd:ee:ff.

Another option allows you to configure a network between two QEMU hosts without root access on the host running QEMU. Start one host with -device e1000,netdev=n1,mac=52:54:00:12:34:56 -netdev socket,id=n1,listen=:1024, and start another with -device e1000,netdev=n1,mac=52:54:00:12:34:57 -netdev socket,id=n1,connect=:1024.

Simulating other architectures

Qemu can simulate one architecture on another. For example, qemu can facilitate experimenting with the RISC-V architecture on an AMD64 computer. Fedora provides RISC-V kernels and disk images that are suitable for running in qemu at https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/. After gathering and uncompressing a related pair of .elf and .raw files, you can boot them using qemu by running:

$ qemu-system-riscv64 -nographic \
        -machine virt \
        -smp 4 \
        -m 4G \
        -kernel riscv.elf \
        -bios none \
        -object rng-random,filename=/dev/urandom,id=rng0 \
        -device virtio-rng-device,rng=rng0 \
        -device virtio-blk-device,drive=hd0 \
        -drive file=riscv.raw,format=raw,id=hd0 \
        -device virtio-net-device,netdev=usernet \
        -netdev user,id=usernet,hostfwd=tcp::10000-:22

(Replace riscv.elf and riscv.raw with the name of the files you downloaded.)

“Real” networking in qemu

Qemu can easily simulate a network connection in userspace with the help of the host computer, but this approach has limitations. Sometimes it is helpful to tie the simulated computer’s network adapter into the host computer kernel’s view of networking. This is done using bridge and tap interfaces. Assuming the host computer uses NetworkManager, define a bridge interface by creating a file such as /etc/NetworkManager/system-connections/br0.nmconnection:

[connection]
id=br0
type=bridge
interface-name=br0

[bridge]
stp=false

[ipv4]
method=auto

Ensure /etc/NetworkManager/system-connections/br0.nmconnection is readable only by root. Next, configure a physical interface to be a member of the bridge, such as by editing /etc/NetworkManager/system-connections/enp3s0f0.nmconnection:

[connection]
id=enp3s0f0
type=ethernet
interface-name=enp3s0f0
master=br0
slave-type=bridge

In this way, the bridge can obtain an IPv4 address through the physical interface, which is defined to be a member of the bridge.

Next, create a tap interface for the simulated host, and add it to the bridge by running these commands:

$ tunctl -t tap0 -u root
$ brctl addif br0 tap0
$ ifconfig tap0 up

Finally, start the simulated host and associate the host with the tab device by running:

$ qemu-system-riscv64 -nographic \
        -machine virt \
        -smp 4 \
        -m 4G \
        -kernel riscv.elf \
        -bios none \
        -object rng-random,filename=/dev/urandom,id=rng0 \
        -device virtio-rng-device,rng=rng0 \
        -device virtio-blk-device,drive=hd0 \
        -drive file=riscv.raw,format=raw,id=hd0 \
        -device e1000,netdev=net0,mac=aa:bb:cc:dd:ee:ff \
        -device tap,id=net0,ifname=tap0,script=no,downscript=no

Notice the -device and -netdev options have changed from the earlier example.

Xen

Running OpenWrt as a Xen HVM DomU guest

The following Xen DomU configuration defines a guest named OpenWrt:

name    = "OpenWrt"
memory  =  1024
vcpus   =  1
builder = "hvm"
vif     = [ "model=e1000,script=vif-bridge" ]
disk    = [ "tap2:tapdisk:aio:/path/to/openwrt-x86-generic-combined-ext4.img,xvda,w" ]
serial  = "pty"

To select a network bridge on a host which has configured more than one, add a statement of the form bridge=brname to the list of network parameters. To hard-code an Ethernet MAC, add mac=mac.

Running CentOS as a Xen HVM DomU guest

The following Xen DomU configuration defines a guest named CentOS, which includes an SDL-based graphics console:

name    = "CentOS"
memory  =  4096
vcpus   =  1
builder = "hvm"
vif     = [ "model=e1000,script=vif-bridge" ]
disk    = [ "tap2:tapdisk:aio:/path/to/disk.img,xvda,w" ]
serial  = "pty"
sdl     = 1

If you click on the SDL window, then the Xen interface will capture your mouse. To release the mouse, press Ctrl-Alt. Ctl-Alt-f will enter or leave full screen mode. Alternatively, you can omit sdl = 1 and configure GRUB to boot the Linux kernel with console=ttyS0.

Running OpenBSD as a Xen HVM DomU guest

The following Xen DomU configuration defines a guest named OpenBSD:

name    = "OpenBSD"
memory  =  4096
vcpus   =  1
builder = "hvm"
vif     = [ "model=e1000,script=vif-bridge" ]
disk    = [ "tap2:tapdisk:aio:/path/to/disk.img,xvda,w" ]
serial  = "pty"
sdl     = 1

See the description of CentOS above for how to use the SDL console. Alternatively, you can omit sdl = 1 and configure OpenBSD to use a serial console. To do this, add tty00 "/usr/libexec/getty std.9600" vt220 on secure to /etc/ttys and add:

stty com0 19200
set tty com0

to /etc/boot.conf.

Networking

The Xen domain configurations above assume bridged networking. This requires some configuration on the host. The examples here assume the use of NetworkManager.

Bridged

You can set up a network bridge by placing the following in Dom0’s /etc/sysconfig/network-scripts/ifcfg-xenbr0: Define a bridge interface by creating a file such as /etc/NetworkManager/system-connections/xenbr0.nmconnection:

[connection]
id=xenbr0
type=bridge
interface-name=xenbr1

[ipv4]
method=auto

[ipv6]
dhcp-iaid=mac
method=auto

Replace the use of method=auto with method=link-local if you do not want the Dom0 host to obtain an IP address.

Associate an physical interface with the bridge, for example by creating /etc/NetworkManager/system-connections/bridge-slave-eno1.nmconnection:

[connection]
id=bridge-slave-eno1
type=ethernet
interface-name=eno1
master=xenbr0
slave-type=bridge
NAT

Alternatively, you can configure a Xen guest to connect to a network through Dom0 with Dom0 acting as a NAT router.

  1. Configure the guest with vif = [ "model=e1000,script=vif-nat,ip=10.0.0.1/32,gatewaydev=INTERFACE" ], where INTERFACE is the network interface which links to your default Internet router.
  2. Add the following to /etc/sysctl.conf on Dom0: net.ipv4.ip_forward=1 and run sysctl -p1.
  3. Run iptables -t nat -A POSTROUTING -o INTERFACE -j MASQUERADE, where INTERFACE is the interface from step one. (If you use firewalld, then run firewall-cmd --add-masquerade instead.)
  4. Boot the guest and configure its IP address as 10.0.0.1, its default gateway to 10.0.0.129 (Dom0’s virtual interface), and its DNS resolver to a valid server.

Boot from an installation CD-ROM

Add the following to your Xen DomU guest configuration:

disk = [ "tap2:tapdisk:aio:/path/to/cdrom.iso,hdc:cdrom,r" ]

You might want to instead add this statement to an existing disk list, as his will provide access to both the virtual CD-ROM and disk.

Pass an entire logical volume into a Xen guest

If you have an entire logical volume on Dom0 set aside for the guest, then you can pass it to the guest with the following configuration fragment:

disk = [ "phy:/dev/mapper/lv-name,xvdb,w" ]

Pass a USB device into a Xen guest

Add the following to your Xen DomU guest configuration:

usb       = 1
usbdevice = "host:xxxx:yyyy"

or

usb       = 1
usbdevice = "host:x.y"

In the first example, xxxx:xxxx represents the USB device’s tag. In the second example, x.y represents the USB device’s bus address. You can learn these identifiers by using lsusb.

Ensuring DomU virtual machines start after booting Dom0

  1. Place the configurations which you want to start upon booting in /etc/xen/.
  2. Make a symlink for each configuration from /etc/xen/ to /etc/xen/auto/.
  3. Run systemctl enable xendomains to ensure the xendomains script executes when Dom0 boots.

Eucalyptus

Administrative commands

  • Reset the password on a Eucalyptus account: euare-usermodloginprofile --as-account ACCOUNT-NAME -u admin -p "PASSWORD".
  • List the instances: euca-describe-instances verbose
  • List the security groups: euca-describe-groups verbose
  • List the keypairs: euca-describe-keypairs verbose
  • List the snapshots: euca-describe-snapshots verbose
  • List the volumes: euca-describe-volumes verbose

VirtualBox

Share a folder from host to Linux guest

  1. Select guest Settings→Shared Folders.
  2. Add the folder on your host which you would like to add to your guest; remember the folder name.
  3. Ensure VirtualBox guest addition exists on the guest.
  4. On the Linux guest, run mount -t vboxsf folder-name mount-point.

Pass a USB device from host to Linux guest

  1. If you need USB 2 and 3 support, then install the VirtualBox extension pack from Oracle on the host: sudo VBoxManage extpack install path-to-extpack.
  2. Add the user running VirtualBox to the vboxusers group: sudo gpasswd -a $USER vboxusers. You might need to log out and log back in for this change to take affect.
  3. After booting the guest, look for the USB icon in VirtualBox’s guest control panel at the bottom of the guest’s window. Right click on it to select a USB device to pass through.

You might want to always pass a certain USB device to the guest. To do this, first identify the device’s properties using VBoxManager list usbhost, and then create a filter using the interface at guest Settings→USB.

Disk images

  • Convert a raw disk image such that it can be used with VirtualBox or VMware: qemu-img convert -f raw FOO.img -O vmdk FOO.vmdk (This will allow the use of an OpenWrt image such as openwrt-x86-generic-combined-ext4.img.gz if you uncompress it first.)
  • Create a sparse QCOW image for use with Xen: qcow-create $((1024*1024)) vm-disk.qcow
Assistant Professor

My research interests include free and open source software, system security, and network security.