💾 Archived View for tsqrl.xyz › gemlog › 2022-01-17_openbsd-vmm.gmi captured on 2023-06-16 at 16:16:53. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-04-28)

-=-=-=-=-=-=-

Safely experimenting using OpenBSD's vmd

If you're not breaking things, you're not learning.

I've always treated my OpenBSD installs as somewhat precious; it's a wonderfully minimalist OS, and I'd prefer not to install a bunch of unnecessary packages. I also don't want to keep track of packages and configurations that might need uninstalling/undoing.

I very much wanted to try setting up a Vger instance for hosting a site on gemini, as described on Solène's capsule:

How to deploy Vger gemini server on OpenBSD

This is not the sort of thing I need running on my laptop, and I didn't want to do a separate install of OpenBSD just to run through the instructions.

The remedy is to conduct experiments like this one on a throwaway virtual machine using OpenBSD's `vmd` service. Think of it as a lightweight version of VirtualBox, not unlike LXC:

https://linuxcontainers.org/

Unlike VirtualBox, vmd VMs are headless and you manage them using command line tooling (vmctl).

The up-front setup is minimal and straightforward. The FAQ and man pages are your friend:

OpenBSD FAQ - Virtualization

VMCTL(8)

After enabling `vmd` and configuring networking (so each VM gets its own IP address), I manually installed OpenBSD in a VM.

On this fresh install, I did the following:

• Disabled graphical login
• Enabled ssh login (allowing root to do password login)
• syspatch
• fw_update

I'll use this VM's hard drive image as the "base" for subsequent VMs; each new VM will start as a clone of the base image.

But, this means that changing the base image breaks all derived images. I made the base image read-only and vowed never boot from it again.

chmod -w openbsd-base.qcow

Then:

• For each new experiment, derive a new image from the base.
• Configure a new VM to use the derived image.
• ssh into the VM and start experimenting.
• If I make a mistake, delete and recreate the derived image.
• Make notes as I go about what works, what doesn't, and why.
• Put the final, cleaned up set of notes in my zettelkasten.

Useful commands:

# Creating a derived hard drive image
vmctl create -b ./openbsd-base.qcow qcow2:openbsd-experiment1.qcow

# Restart the vmd service and the VM named "experiment1"
doas rcctl restart vmd
vmctl start experiment1

So far, I've used this as the foundation for learning how to use:

• the vger gemini server
• relayd for forwarding connections to vger
• acme-client for acquiring SSL certificates for relayd
• httpd for hosting a static HTML site and responding to acme-client challenge requests

And, I've installed/compiled the following browsers for trying out:

badwolf

lariza

vimb

Remember that a VM in vmd is headless. To use the browsers, I use X11 forwarding with `ssh -Y`. This requires the following changes to the VM:

- Enabling the sshd service (and allowing root login, for convenience)

- Enabling X11 forwarding over ssh (in `/etc/ssh/sshd_config`) and doing `rcctl restart sshd`