Introduction

The following features are available:

serial console access to the virtual machines

tap(4) interfaces

per-VM user/group ownership

privilege separation

raw, qcow2 and qcow2-derived images

dumping and restoring of guest system memory

virtual switch management

pausing and unpausing VMs

graphics

snapshots

guest SMP support

hardware passthrough

live migration across hosts

live hardware change

Prerequisites

vmm-firmware

Processor compatibility can be checked with the following command:

$ dmesg | egrep '(VMX/EPT|SVM/RVI)'

# rcctl enable vmd # rcctl start vmd

Starting a VM

installXX.iso

# vmctl create -s 50G disk.qcow2 vmctl: qcow2 imagefile created # vmctl start -m 1G -L -i 1 -r installXX.iso -d disk.qcow2 example vmctl: started vm 1 successfully, tty /dev/ttyp8 # vmctl show ID PID VCPUS MAXMEM CURMEM TTY OWNER NAME 1 72118 1 1.0G 88.1M ttyp8 root example

# vmctl console example Connected to /dev/ttyp8 (speed 115200)

~.

vmctl

~~.

The VM can be stopped using vmctl(8).

# vmctl stop example stopping vm: requested to shutdown vm 1

/etc/vm.conf

vm "example" { memory 1G enable disk /home/user/disk.qcow2 local interface }

Networking

In the examples below, various IPv4 address ranges will be mentioned for different use cases:

Private Addresses (RFC1918) are those reserved for private networks such as 10.0.0.0/8 , 172.16.0.0/12 , and 192.168.0.0/16 are not globally routable.

(RFC1918) are those reserved for private networks such as , , and are not globally routable. Shared Addresses (RFC6598) are similar to private addresses in that they are not globally routable, but are intended to be used on equipment that can perform address translation. The address space is 100.64.0.0/10 .

Option 1 - VMs only need to talk to the host and each other

Using vmctl(8)'s -L flag creates a local interface in the guest which will receive an address from vmd via DHCP. This essentially creates two interfaces: one for the host and the other for the VM.

Option 2 - NAT for the VMs

The following line in /etc/pf.conf will enable Network Address Translation and redirect DNS requests to the specified server:

match out on egress from 100.64.0.0/10 to any nat-to (egress) pass in proto { udp tcp } from 100.64.0.0/10 to any port domain \ rdr-to $dns_server port domain

Option 3 - Additional control over the VM network configuration

Create a vether0 interface that will have a private IPv4 address as defined above. In this example, we'll use the 10.0.0.0/8 subnet.

# echo 'inet 10.0.0.1 255.255.255.0' > /etc/hostname.vether0 # sh /etc/netstart vether0

bridge0

vether0

# echo 'add vether0' > /etc/hostname.bridge0 # sh /etc/netstart bridge0

/etc/pf.conf

match out on egress from vether0:network to any nat-to (egress)

switch "my_switch" { interface bridge0 } vm "my_vm" { ... interface { switch "my_switch" } }

my_vm

vio0

10.0.0.0/24

10.0.0.1

For convenience, you may wish to set up a DHCP server on vether0 .

Option 4 - VMs as real hosts on the same network

Create the bridge0 interface with the host network interface as a bridge port. In this example, the host network interface is em0 - you should substitute the interface name that you wish to connect the VM to:

# echo 'add em0' > /etc/hostname.bridge0 # sh /etc/netstart bridge0

switch "my_switch" { interface bridge0 } vm "my_vm" { ... interface { switch "my_switch" } }

my_vm