1.\" $OpenBSD: vm.conf.5,v 1.53 2020/02/16 11:03:25 kn Exp $ 2.\" 3.\" Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org> 4.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd $Mdocdate: February 16 2020 $ 19.Dt VM.CONF 5 20.Os 21.Sh NAME 22.Nm vm.conf 23.Nd virtual machine configuration 24.Sh DESCRIPTION 25.Nm 26is the configuration file to configure the virtual machine monitor 27(VMM) subsystem. 28A VMM manages virtual machines (VMs) on a 29.Ar host . 30The VMM subsystem is responsible for creating, destroying, and 31executing VMs. 32.Pp 33.Nm 34is divided into the following main sections: 35.Bl -tag -width xxxx 36.It Sy Macros 37User-defined variables may be defined and used later, simplifying the 38configuration file. 39.It Sy Global Configuration 40Global settings for 41.Xr vmd 8 . 42.It Sy VM Configuration 43Configuration for each individual virtual machine. 44.It Sy Switch Configuration 45Configuration for virtual switches. 46.El 47.Pp 48Within the sections, 49the 50.Ar bytes 51argument can be specified with a human-readable scale, 52using the format described in 53.Xr scan_scaled 3 . 54.Pp 55The current line can be extended over multiple lines using a backslash 56.Pq Sq \e . 57Comments can be put anywhere in the file using a hash mark 58.Pq Sq # , 59and extend to the end of the current line. 60Care should be taken when commenting out multi-line text: 61the comment is effective until the end of the entire block. 62.Pp 63Argument names not beginning with a letter, digit, underscore, or slash 64must be quoted. 65.Pp 66Additional configuration files can be included with the 67.Ic include 68keyword, for example: 69.Bd -literal -offset indent 70include "/etc/vm1.example.com.conf" 71.Ed 72.Sh MACROS 73Macros can be defined that will later be expanded in context. 74Macro names must start with a letter, digit, or underscore, 75and may contain any of those characters. 76Macro names may not be reserved words (for example, 77.Ic vm , 78.Ic memory , 79or 80.Ic disk ) . 81Macros are not expanded inside quotes. 82.Pp 83For example: 84.Bd -literal -offset indent 85ramdisk="/bsd.rd" 86vm "vm1.example.com" { 87 memory 512M 88 boot $ramdisk 89} 90.Ed 91.Sh GLOBAL CONFIGURATION 92The following setting can be configured globally: 93.Bl -tag -width Ds 94.It Ic local prefix Ar address Ns Li / Ns Ar prefix 95Set the network prefix that is used to allocate subnets for 96local interfaces, see 97.Ic local interface 98in the 99.Sx VM CONFIGURATION 100section below. 101The default is 102.Ar 100.64.0.0/10 . 103.It Ic local inet6 Op Ic prefix Ar address Ns Li / Ns Ar prefix 104Enable IPv6 on local interfaces and allocate routable subnets. 105If the prefix is not specified, 106a random prefix from the 107.Dq unique local 108network range 109.Ar fd00::/8 110will be generated on startup. 111The specified prefix length must be /64 or smaller. 112.It Cm socket owner Ar user : Ns Ar group 113Set the control socket owner to the specified user and group. 114Users with access to the control socket will be allowed to use 115.Nm vmctl 116for restricted access to 117.Nm vmd . 118If only 119.Ar user 120is given, 121only the user is set. 122If only 123.Pf : Ar group 124is given, 125only the group is set. 126The default is 127.Ar root : Ns Ar wheel . 128.It Ic staggered start parallel Ar parallelism Ic delay Ar seconds 129Start all configured VMs in a staggered fashion with 130.Ar parallelism 131instances in parallel every 132.Ar delay 133seconds. 134Defaults to 135.Ar parallelism 136equal to number of CPUs and a 137.Ar delay 138of 30 seconds. 139.El 140.Sh VM CONFIGURATION 141Each 142.Ic vm 143section starts with a declaration of the virtual machine 144.Ar name : 145.Bl -tag -width Ds 146.It Ic vm Ar name Brq ... 147The 148.Ar name 149can only consist of alphanumeric characters, as well as '.', '-', and '_', 150and must start with a letter. 151Typically this is a hostname. 152.El 153.Pp 154Followed by a block of parameters that is enclosed in curly brackets: 155.Bl -tag -width Ds 156.It Cm allow instance Brq ... 157Set the permissions to create VM instances. 158See 159.Sx VM INSTANCES . 160.It Cm boot Ar path 161Kernel or BIOS image to load when booting the VM. 162If not specified, the default is to boot using the BIOS image in 163.Pa /etc/firmware/vmm-bios . 164.It Cm boot device Ar device 165Force VM to boot from 166.Ar device . 167Valid values are: 168.Bl -tag -width "cdrom" 169.It Ar cdrom 170Boot the ISO image file specified using the 171.Ic cdrom 172parameter. 173.It Ar disk 174Boot from the disk image file specified using the 175.Ic disk 176parameter. 177.It Ar net 178Boot the kernel specified using the 179.Ic boot 180parameter as if the VM was network booted. 181In addition, the DHCP lease will advertise 182.Dq auto_install 183in the bootfile option making it suitable for use with 184.Xr autoinstall 8 . 185Note, this is not to be confused with 186.Xr pxeboot 8 187but rather a simulated network boot. 188.El 189.Pp 190Currently 191.Ar disk 192and 193.Ar cdrom 194only work with VMs booted using BIOS. 195.It Cm cdrom Ar path 196ISO image file. 197.It Cm enable 198Automatically start the VM. 199This is the default if neither 200.Cm enable 201nor 202.Cm disable 203is specified. 204.It Cm disable 205Do not start this VM. 206.It Cm disk Ar path Op Cm format Ar fmt 207Disk image file (may be specified multiple times to add multiple disk images). 208The format may be specified as either 209.Ar qcow2 210or 211.Ar raw . 212If left unspecified, the format defaults to 213.Pa raw 214if it cannot be derived automatically. 215.It Oo Cm local Oc Cm interface Oo name Oc Op Brq ... 216Network interface to add to the VM. 217The optional 218.Ar name 219can be either 220.Sq tap 221to select the next available 222.Xr tap 4 223interface on the VM host side (the default) or 224.Ar tapN 225to select a specific one. 226.Pp 227Valid options are: 228.Bl -tag -width Ds 229.It Cm group Ar group-name 230Assign the interface to a specific interface 231.Dq group . 232For example, this can be used to write 233.Xr pf.conf 5 234rules for several VM interfaces in the same group. 235The 236.Ar group-name 237must not be longer than 15 characters or end with a digit, 238as described in 239.Xr ifconfig 8 . 240.It Oo Cm locked Oc Cm lladdr Op Ar etheraddr 241Change the link layer address (MAC address) of the interface on the 242VM guest side. 243If not specified, a randomized address will be assigned by 244.Xr vmd 8 . 245If the 246.Cm locked 247keyword is specified, 248.Xr vmd 8 249will drop packets from the VM with altered source addresses. 250.It Cm rdomain Ar rdomainid 251Attach the interface to the routing domain with the specified 252.Ar rdomainid . 253If attaching to a switch that also has an 254.Ar rdomainid 255set, the 256.Ar rdomainid 257configured for the interface takes precedence. 258.It Cm switch Ar name 259Set the virtual switch 260by 261.Ar name . 262See the 263.Sx SWITCH CONFIGURATION 264section about virtual switches. 265This option is ignored if a switch with a matching name cannot be found. 266.It Cm up 267Start the interface forwarding packets. 268This is the default. 269.It Cm down 270Stop the interface from forwarding packets. 271.El 272.Pp 273A 274.Cm local 275interface will auto-generate an IPv4 subnet for the interface, 276configure a gateway address on the VM host side, 277and run a simple DHCP/BOOTP server for the VM. 278This option can be used for layer 3 mode without configuring a switch. 279.Pp 280If the global 281.Cm local inet6 282option is enabled, a routable IPv6 gateway address will be generated 283on the host side. 284Unlike the IPv4 option, 285.Nm vmd 286does not respond to DHCPv6 or router solicitation messages itself. 287Use 288.Xr rad 8 289listening on the interface group, e.g.\& 290.Ar interface tap 291for auto-configuring the VMs accordingly. 292.It Cm interfaces Ar count 293Optional minimum number of network interfaces to add to the VM. 294If the 295.Ar count 296is greater than the number of 297.Ic interface 298statements, additional default interfaces will be added. 299.It Cm memory Ar bytes 300Memory size of the VM, in bytes, rounded to megabytes. 301The default is 512M. 302.It Cm owner Ar user : Ns Ar group 303Set the owner of the VM to the specified user and group. 304The owner will be allowed to start or stop the VM, pause or unpause the VM, 305and open the VM's console. 306If only 307.Ar user 308is given, 309only the user is set. 310If only 311.Pf : Ar group 312is given, 313only the group is set. 314.El 315.Sh VM INSTANCES 316It is possible to use configured or running VMs as a template for 317additional instances of the VM. 318An instance is just like a normal 319.Ic vm 320and is configured with the following declaration of the virtual machine 321.Ar name : 322.Bl -tag -width Ds 323.It Ic vm Ar parent Ic instance Ar name Brq ... 324A virtual machine can be created as an instance of any other configured VM. 325.El 326.Pp 327The new instance will inherit settings from the VM 328.Ar parent , 329except for exclusive options such as 330.Ic disk , 331.Ic interface lladdr , 332or 333.Ic interface name . 334The configuration options are identical to the 335.Sx VM CONFIGURATION , 336but restricted to the allowed instance options. 337.Pp 338The allowed instance options are configured in the 339.Ar parent 340VM: 341.Bl -tag -width Ds 342.It Cm allow instance Brq ... 343Allow users to use this VM as a template for VM instances. 344By default, the root user can always create instances without 345restrictions and users or non-root owners cannot create instances. 346An instance will inherit the configuration from the VM and the user, 347if permitted, will be allowed to configure individual VM options. 348.El 349.Pp 350Valid options are: 351.Bl -tag -width Ds 352.It Cm boot 353Allow user to configure the kernel or BIOS image. 354The user needs read access to the image. 355.It Cm cdrom 356Allow user to configure the ISO file. 357The user needs read access to the file. 358.It Cm disk 359Allow user to configure the disk images. 360The user needs read and write access to image and instances are not 361allowed to reuse disks from the parent VM. 362.It Cm instance 363Allow user to create additional instances from the instances. 364.It Cm interface 365Allow user to change network interface settings. 366.It Cm memory 367Allow user to configure the memory size. 368.It Cm owner Ar user Ns Op : Ns Ar group 369Allow the specified user or group to create the instances. 370The owner will be allowed to create VM instances, start or stop the 371instances, pause or unpause the instances, and open the instances' 372consoles. 373.It Cm owner Pf : Ar group 374Set the owner to the specified group. 375.El 376.Sh SWITCH CONFIGURATION 377A virtual switch allows VMs to communicate with other network interfaces on the 378host system via either 379.Xr bridge 4 380or 381.Xr switch 4 . 382The network interface for each virtual switch defined in 383.Nm 384is pre-configured using 385.Xr hostname.if 5 386or 387.Xr ifconfig 8 388(see the BRIDGE and SWITCH sections in 389.Xr ifconfig 8 390accordingly). 391When a VM is started, virtual network interfaces which are assigned to a 392virtual switch have their 393.Xr tap 4 394interface automatically added into the corresponding 395.Xr bridge 4 396or 397.Xr switch 4 398interface underlying the virtual switch. 399.Pp 400Virtual switches can be configured at any point in the configuration file. 401Each 402.Ic switch 403section starts with a declaration of the virtual switch: 404.Bl -tag -width Ds 405.It Ic switch Ar name Brq ... 406This name can be any string, and is typically a network name. 407.El 408.Pp 409Followed by a block of parameters that is enclosed in curly brackets: 410.Bl -tag -width Ds 411.It Cm enable 412Automatically configure the switch. 413This is the default if neither 414.Cm enable 415nor 416.Cm disable 417is specified. 418.It Cm locked lladdr 419If this option is specified, 420.Xr vmd 8 421will drop packets with altered sources addresses that do not match the 422link layer addresses (MAC addresses) of the VM interfaces in this switch. 423.It Cm disable 424Do not configure this switch. 425.It Cm group Ar group-name 426Assign each interface to a specific interface 427.Dq group . 428For example, this can be used to write 429.Xr pf.conf 5 430rules for several VM interfaces in the same group. 431The 432.Ar group-name 433must not be longer than 15 characters or end with a digit, 434as described in 435.Xr ifconfig 8 . 436.It Cm interface Ar name 437Set the 438.Xr switch 4 439or 440.Xr bridge 4 441network interface of this switch. 442If the type is changed to 443.Ar switch0 , 444it will be used for each following switch. 445.It Cm rdomain Ar rdomainid 446Set the routing domain of the switch and all of its VM interfaces to 447.Ar rdomainid . 448.It Cm up 449Start the switch forwarding packets. 450This is the default. 451.It Cm down 452Stop the switch from forwarding packets. 453.El 454.Sh FILES 455.Bl -tag -width /etc/examples/vm.conf -compact 456.It Pa /etc/vm.conf 457.It Pa /etc/examples/vm.conf 458.El 459.Sh EXAMPLES 460Create a new VM with 1GB memory, 1 network interface connected to 461.Dq uplink , 462with one disk image 463.Sq /home/joe/vm2-disk.img , 464owned by user 465.Sq joe : 466.Bd -literal -offset indent 467vm "vm2.example.com" { 468 memory 1G 469 disk "/home/joe/vm2-disk.img" 470 interface { switch "uplink" } 471 owner joe 472} 473.Ed 474.Pp 475Create a new VM as an instance from 476.Sq vm2.example.com : 477.Bd -literal -offset indent 478vm "vm2.example.com" instance "vm3.example.com" { 479 disk "/home/joe/vm3-disk.img" 480} 481.Ed 482.Pp 483Create the switch "uplink" with an additional physical network interface: 484.Bd -literal -offset indent 485switch "uplink" { 486 interface bridge0 487} 488.Ed 489.Sh SEE ALSO 490.Xr vmm 4 , 491.Xr MAKEDEV 8 , 492.Xr vmctl 8 , 493.Xr vmd 8 494.Sh HISTORY 495The 496.Nm 497file format first appeared in 498.Ox 5.9 . 499.Sh AUTHORS 500.An -nosplit 501.An Mike Larkin Aq Mt mlarkin@openbsd.org 502and 503.An Reyk Floeter Aq Mt reyk@openbsd.org . 504.Sh CAVEATS 505Each guest requires one 506.Xr tap 4 507device per assigned interface and one 508.Xr pty 4 509device. 510Administrators may need to create additional devices using 511.Xr MAKEDEV 8 . 512