openbsd add vmm to packer
play

OpenBSD: add VMM to packer The red pill taken to develop a Go plugin - PowerPoint PPT Presentation

Apr 07, 2023 •307 likes •510 views

OpenBSD: add VMM to packer The red pill taken to develop a Go plugin for packer.io to be able to create VM images on OpenBSD for VMM and many other virtualizers. Philipp Bhler <pb@sysfive.com> @pb_double sysfive.com portfolio

  1. OpenBSD: add VMM to ’packer’ The red pill taken to develop a Go ’plugin’ for packer.io to be able to create VM images on OpenBSD for VMM and many other virtualizers. Philipp Bühler <pb@sysfive.com> @pb_double sysfive.com portfolio • Continous system and application • Service availability independent of operation solution scenario • Collaborations with Providers, • migrate from or to private/public Developers, Services and QA cloud or own HW • Hybrid cloud provisioning • robust, scalable technology portfolio • cost efficient scaling on commodity • continuous improvements in security HW and server architecture • scale out to AWS/GCE/Azure/.. • coherent provisioning across platforms (dev/stage/live) • Incident, problem, disaster response • vendor/provider independence, OSS focus >

  2. Philipp Bühler: OpenBSD VMM packer page 2: Opening I Lillehammer -- September 22nd, 2019 Ze problems I tackle • VM guest keepers need bootable stuff • "infrastructure to go" • reproducibility • cross-host / virtualizer (OSX, OpenBSD, AWS / VirtualBox, VMM, AMI) sysfive.com @EuroBSDcon 2019 9:31: 30 < >

  3. Philipp Bühler: OpenBSD VMM packer page 3: Overview I Lillehammer -- September 22nd, 2019 Solutions / Approaches • my-imager.sh • curl github | sh • my-cold-hands ("VM guy is AWOL") • deploy.pl ;-) • packer (o’rly) sysfive.com @EuroBSDcon 2019 9:33: 30 < >

  4. Philipp Bühler: OpenBSD VMM packer page 4: Introduction I Lillehammer -- September 22nd, 2019 What’s packer anyway? Packer is an open source tool for creating *identical* machine images for multiple platforms from a *single source* configuration. Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms *in parallel*. Packer does not replace configuration management like Chef or Puppet. In fact, when building images, Packer is able to use tools like Chef or Puppet to install software onto the image. • written in golang • small core providing communications (rpc) • ev erything else is a plugin (but linked into one binary) • configuration in one JSON file (+optional variables) sysfive.com @EuroBSDcon 2019 9:36: 30 < >

  5. Philipp Bühler: OpenBSD VMM packer page 5: Introduction II Lillehammer -- September 22nd, 2019 forms in the sandbox / Terminology Artifacts Outcome of a "Build", e.g. AMI, .vmdk, .box Builds The actual running task producing above artifacts Builders Code to steer the VM host, handle disk images, etc (see below) Provisioners (optional) Additional treatment, installation goes here and range from simple inline shell scripts to full-blown ansible, Chef, .. Post-processors Treat the Artifacts after creation, e.g. compress, upload AWS, .. Templates The JSON files defining all of the above (and some) - NOT a VM "template" sysfive.com @EuroBSDcon 2019 9:38: 30 < >

  6. Philipp Bühler: OpenBSD VMM packer page 6: Introduction III Lillehammer -- September 22nd, 2019 Builders + Post-Provisioning By default the following ‘‘builder’’ engines are supported. Where needed the accompaning ‘‘post-processor’’ is typically available, too (e.g. EC2/AMI upload): Alicloud ECS, Amazon EC2, Azure, CloudStack, DigitalOcean, Docker, File, Google Cloud, Hetzner Cloud, HyperOne, Hyper-V, Linode, LXC, LXD, NAVER Cloud, Null, 1&1, OpenStack, Oracle, Parallels, ProfitBricks, QEMU, Scaleway, Tencent Cloud, Triton, Vagrant, VirtualBox, VMware, Yandex.Cloud. Further ‘‘builders’’ can be found in the wild and are just added as a single go binary in certain paths (e.g. ˜/.packer.d/plugins/) By default additional provisioning support for the following tools: Ansible, Breakpoint, Chef, Converge, File, InSpec, PowerShell, Puppet, Salt Masterless, Shell. sysfive.com @EuroBSDcon 2019 9:40: 30 < >

  7. Philipp Bühler: OpenBSD VMM packer page 7: Introduction IV Lillehammer -- September 22nd, 2019 OpenBSD VMM vmm(4) virtual machine monitor (VMM) providing the required resources for the VMs (CPU, Disk, Net) and handles the necessary memory mapping (isolation). vmd(8) userland daemon to interact with vmm(4) to create actual VMs and handle their lifecycle through: vmctl(8) administrative tool to create, start/stop, etc VMs. In this scope also the main ’interface’ for the packer builder plugin. vm.conf(5) configuration file for vmd(8), persist VM/network configurations. doas(1) While most tasks the ‘‘builder’’ can (and should!) run as unprivileged user, some commands need to be run as root. The plugin does so automatically. Caveat: needs ’nopass’ for now (no tty), ’persist’ typically timeouts too early. sysfive.com @EuroBSDcon 2019 9:43: 30 < >

  8. Philipp Bühler: OpenBSD VMM packer page 8: Introduction V Lillehammer -- September 22nd, 2019 OpenBSD dependencies / configuration • /etc/pf.conf: 1 pass in quick proto { udp tcp } from 100.64.0.0/10 to any port domain \ 2 rdr-to $dns_server port domain 3 pass out quick on $ext_if from 100.64.0.0/10 to any nat-to $ext_if • /etc/sysctl.conf 1 net.inet.ip.forwarding=1 • vmd(8) 1 rcctl enable vmd 2 rcctl start vmd sysfive.com @EuroBSDcon 2019 9:43: 30 < >

  9. Philipp Bühler: OpenBSD VMM packer page 9: Introduction VI Lillehammer -- September 22nd, 2019 Enough Introduction.. Questions so far? Keep ’em until the end, way too big a stage here sysfive.com @EuroBSDcon 2019 9:44: 30 < >

  10. Philipp Bühler: OpenBSD VMM packer page 10: Plugin development I Lillehammer -- September 22nd, 2019 Plugin development tools + space • pkg_add: golang, packer, git • $VISUAL / $EDITOR • diskspace: 1.5G go-dependencies + generated images/diskfiles directory layout • / - Makefile, main.go, go.mod • /builder/packer-builder-openbsd-vmm - work cellar sysfive.com @EuroBSDcon 2019 9:46: 30 < >

  11. Philipp Bühler: OpenBSD VMM packer page 11: Plugin development II Lillehammer -- September 22nd, 2019 Plugin development what is doing what Makefile Targets: build, install, vmb, fmt, vet, test, clean, uninstall main.go • "import" builder • initialize builder as a "server" plugin • register builder (rpc configuration) • "daemonize", spinning mode, .. sysfive.com @EuroBSDcon 2019 9:46: 30 < >

  12. Philipp Bühler: OpenBSD VMM packer page 12: Plugin development III Lillehammer -- September 22nd, 2019 config.go holds the configuration struct read from template (JSON) builder.go • new - instantiate driver with global vars/logs • prepare - populate configuration • run - tokenize build into "steps", hand over "artifact" information • cancel - clean up the mess if SIGABRT driver.go Interact via vmctl(8) to create disks, start/stop the VM. Gather additional information like tap(4) IP address. Fixme: Get information of ‘‘ifconfig tap’’ to find the IP address. Currently there’s some assumption about how VM-Id and tapN correlate (or not). awk->golang or ioctl needed. Also interface with the VM (serial console) to "type" so called boot_command. Additionally catching all the output into a logfile (linefeed). step_*.go The various ‘‘steps’’ needed to create an artficat (next page) sysfive.com @EuroBSDcon 2019 9:50: 30 < >

  13. Philipp Bühler: OpenBSD VMM packer page 13: Plugin development IV Lillehammer -- September 22nd, 2019 ‘‘Stepping the build’’ step_outdir.go create a directory that will hold the artifacts step_create_disks.go create the empty disk that will be installed on (via vmctl, no doas). step_get_vm_params.go Put information about the VM into the ’state bag’, to be consumed by following steps. step_launch_vm.go Start a VM (via "driver") with above created disk and the configured options (name, memory, kernel). Fixme: shutdown the VM if there are errors (right now I don’t, because debug and auto_install(8) already stops the VM) step_bootcmd.go • Get configuration (IP/port) from the built-in httpd • gather the configured boot_command, enrich with above data • "type" the command via the connected serial console. Basically the httpd cannot run on 80/tcp, so auto_install will fail-ask for the URL and the plugin provides this (e.g. http://100.64.1.2:8230/packer-auto_install.conf) sysfive.com @EuroBSDcon 2019 9:54: 30 < >

  14. Philipp Bühler: OpenBSD VMM packer page 14: Plugin development V Lillehammer -- September 22nd, 2019 * DEMO TIME* 1 { 2 "builders": [ 3 { 4 "type": "openbsd-vmm", 5 "name": "packer-obsd64-vmm-amd64", 6 "vm_name": "myvm", 7 "disk_size": "1500M", 8 "disk_format": "raw", 9 "output_directory": "images", 10 "http_directory": "./docroot", 11 "iso_image": "˜/Downloads/install65.iso", 12 "bios": "/bsd.rd", 13 "boot_wait": "5s", 14 "boot_command": [ 15 "A<enter>", 16 "http://{{ .HTTPIP }}:{{ .HTTPPort }}/packer-auto_install.conf<enter>" 17 ], 18 "ssh_username": "root" 19 } 20 ] 21 } asciinema play auto-install-demo.cast sysfive.com @EuroBSDcon 2019 10:00: 30 < >

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Porting OpenBSD Niall OHiggins &lt;niallo@openbsd.org&gt; Uwe Sthler &lt;uwe@openbsd.org&gt;

Porting OpenBSD Niall OHiggins &lt;niallo@openbsd.org&gt; Uwe Sthler &lt;uwe@openbsd.org&gt;

Porting OpenBSD Niall OHiggins &lt;niallo@openbsd.org&gt; Uwe Sthler &lt;uwe@openbsd.org&gt; OpenCON, 2005 Outline 1 Porting OpenBSD What It Takes Preparation Cross-Development The Boot Loader Building The Kernel Adapting Startup

1.59k views • 88 slides
Supporting Radio Clocks in OpenBSD Marc Balmer &lt; mbalmer@openbsd.org &gt; micro systems/OpenBSD

Supporting Radio Clocks in OpenBSD Marc Balmer &lt; mbalmer@openbsd.org &gt; micro systems/OpenBSD

Supporting Radio Clocks in OpenBSD Marc Balmer &lt; mbalmer@openbsd.org &gt; micro systems/OpenBSD BSDConTr, Istanbul, Turkey Agenda 1 Introduction 2 Radio Clocks 3 Architectural Overview 4 Support for GPS-Receivers 5 Support for Time Signal

745 views • 35 slides
Using OpenBSD Security Features to Find Software Bugs Peter Valchev pvalchev@openbsd.org

Using OpenBSD Security Features to Find Software Bugs Peter Valchev pvalchev@openbsd.org

Reflections|Projections 2007 Using OpenBSD Security Features to Find Software Bugs Peter Valchev pvalchev@openbsd.org Overview of OpenBSD History Berkeley Software Distribution (BSD) First freely distributable BSD was released in June

810 views • 24 slides
Fuzzing the OpenBSD Kernel Part 1/N Anton Lindqvist &lt;anton@openbsd.org&gt; Introduction

Fuzzing the OpenBSD Kernel Part 1/N Anton Lindqvist &lt;anton@openbsd.org&gt; Introduction

Fuzzing the OpenBSD Kernel Part 1/N Anton Lindqvist &lt;anton@openbsd.org&gt; Introduction Fuzzing the OpenBSD kernel using the syzkaller kernel fuzzer. Heard about first on the BSD Now podcast back in April 2018. Ongoing effort, hence 1/N in

668 views • 15 slides
Using BGP for realtime import and export of OpenBSD spamd entries Peter Hessler

Using BGP for realtime import and export of OpenBSD spamd entries Peter Hessler

Using BGP for realtime import and export of OpenBSD spamd entries Peter Hessler phessler@openbsd.org OpenBSD 17 March, 2013 1 / 27 what is this spamd uses IP host entries, to whitelist, blacklist or greylist hosts spamd can import and

412 views • 27 slides
Mininet on OpenBSD Using rdomains for Interactive SDN Testing and Development Ayaka Koshibe

Mininet on OpenBSD Using rdomains for Interactive SDN Testing and Development Ayaka Koshibe

Mininet on OpenBSD Using rdomains for Interactive SDN Testing and Development Ayaka Koshibe akoshibe@openbsd.org AsiaBSDCon 2018 SDN? Network split into programmable nodes that handle traffic and entities that program them

372 views • 26 slides
LSE Summer Week 2016 16 July, 2016 Antoine Jacoutot &lt;ajacoutot@openbsd.org&gt; whoami(1)

LSE Summer Week 2016 16 July, 2016 Antoine Jacoutot &lt;ajacoutot@openbsd.org&gt; whoami(1)

OpenBSD rc.d(8) LSE Summer Week 2016 16 July, 2016 Antoine Jacoutot &lt;ajacoutot@openbsd.org&gt; whoami(1) OpenBSD developer since 2006 ajacoutot@ aka aja@ sysmerge, rc.d, rcctl, libtool, stuff, other stuff &gt;400 ports,

1.19k views • 64 slides
OpenSMTPD over the clouds the story of an HA setup Giovanni Bechis &lt;giovanni@openbsd.org&gt;

OpenSMTPD over the clouds the story of an HA setup Giovanni Bechis &lt;giovanni@openbsd.org&gt;

OpenSMTPD over the clouds the story of an HA setup Giovanni Bechis &lt;giovanni@openbsd.org&gt; Fosdem 2020, Brussels Historical setup some OpenBSD mail servers Postfix + Apache SpamAssassin + Amavisd-new + Courier Imap no shared

310 views • 20 slides
Removing ROP Gadgets from OpenBSD AsiaBSDCon 2019 Todd Mortimer mortimer@openbsd.org Overview

Removing ROP Gadgets from OpenBSD AsiaBSDCon 2019 Todd Mortimer mortimer@openbsd.org Overview

Removing ROP Gadgets from OpenBSD AsiaBSDCon 2019 Todd Mortimer mortimer@openbsd.org Overview Return Oriented Programming Removing ROP Gadgets Unaligned / Polymorphic Gadget Reduction Aligned Gadget Reduction Results Return

1.99k views • 99 slides
Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier dhartmei@openbsd.org Systor AG Usenix 2002 p.1/22 Introduction part of a firewall, working on IP packet level (vs. application level proxies or ethernet

455 views • 33 slides
Measuring Performance on OpenBSD Alexander Bluhm bluhm@openbsd.org EuroBSDCon, September 2019

Measuring Performance on OpenBSD Alexander Bluhm bluhm@openbsd.org EuroBSDCon, September 2019

What did exist before? How does it work? What are the findings? What is the Conclusion? Measuring Performance on OpenBSD Alexander Bluhm bluhm@openbsd.org EuroBSDCon, September 2019 What did exist before? How does it work? What are the

491 views • 48 slides
OpenBSDs new httpd AsiaBSDCon 2015 Reyk Flter (reyk@openbsd.org)

OpenBSDs new httpd AsiaBSDCon 2015 Reyk Flter (reyk@openbsd.org)

I n t ro d u c i n g OpenBSDs new httpd AsiaBSDCon 2015 Reyk Flter (reyk@openbsd.org) ESDENERA NETWORKS GmbH Why do we need a web server in base? Serve the OpenBSD page. Why do we need a web server

264 views • 22 slides
Game of Trees Stefan Sperling &lt; stsp@openbsd.org &gt; EuroBSDcon 2019 What is Game of Trees?

Game of Trees Stefan Sperling &lt; stsp@openbsd.org &gt; EuroBSDcon 2019 What is Game of Trees?

Game of Trees Stefan Sperling &lt; stsp@openbsd.org &gt; EuroBSDcon 2019 What is Game of Trees? Game of Trees is a work-in-progress version control system which attempts to be appealing to OpenBSD developers. designed and written from scratch

1.08k views • 72 slides
Recent work in OpenBSD relayd AsiaBSDCon 2013 Reyk

Recent work in OpenBSD relayd AsiaBSDCon 2013 Reyk

Recent work in OpenBSD relayd AsiaBSDCon 2013 Reyk Flter (reyk@openbsd.org) Agenda History &amp; Background Recent work SSL Interception Socket

533 views • 19 slides
OpenBSD vmm/vmd Update Mike Larkin bhyvecon 2018 09 Mar 2018 Tokyo, Japan Agenda Where

OpenBSD vmm/vmd Update Mike Larkin bhyvecon 2018 09 Mar 2018 Tokyo, Japan Agenda Where

OpenBSD vmm/vmd Update Mike Larkin bhyvecon 2018 09 Mar 2018 Tokyo, Japan Agenda Where we were a year ago Current status Future plans Q&amp;A One Year Ago ... Limited guest VM choices Decent support for OpenBSD

852 views • 33 slides
Measuring Performance on OpenBSD Alexander Bluhm bluhm@openbsd.org BSDCan, May 2019 What did

Measuring Performance on OpenBSD Alexander Bluhm bluhm@openbsd.org BSDCan, May 2019 What did

What did exist before? How does it work? What are the findings? What is the Conclusion? Measuring Performance on OpenBSD Alexander Bluhm bluhm@openbsd.org BSDCan, May 2019 What did exist before? How does it work? What are the findings?

475 views • 43 slides
Inside LiveJournal's Backend or, holy hell that's a lot of hits! April 2004 Brad

Inside LiveJournal's Backend or, holy hell that's a lot of hits! April 2004 Brad

Inside LiveJournal's Backend or, holy hell that's a lot of hits! April 2004 Brad Fitzpatrick brad@danga.com Danga Interactive danga.com / livejournal.com This work is licensed under the Creative Commons

1.25k views • 49 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
Enterprise Virtualization With Xen Frank Martin Sr. Architect. EDCS Advanced Architecture

Enterprise Virtualization With Xen Frank Martin Sr. Architect. EDCS Advanced Architecture

&lt;Insert Picture Here&gt; Enterprise Virtualization With Xen Frank Martin Sr. Architect. EDCS Advanced Architecture Team SAFE HARBOR STATEMENT The following is intended to outline our general product direction. It is intended for

392 views • 21 slides
JAKS, Feb 7, 2012 Driven Dynamics of Detachment : Desorption to Delamination (Paint Peeling in

JAKS, Feb 7, 2012 Driven Dynamics of Detachment : Desorption to Delamination (Paint Peeling in

Amorphous-to-amorphous transition in compressed particle rafts ( work in progress ) Atul Varshney*, Anit Sane, P. Aswathi, Shankar Ghosh* and SB Tata Institute of Fundamental Research, Mumbai, India Outline Soft matter (at) interfaces: examples

745 views • 32 slides
BSD Homelabs Allan Jude, Michael W Lucas, Michael Dexter, Niclas Zeising, Myke Geiger, Scott Long

BSD Homelabs Allan Jude, Michael W Lucas, Michael Dexter, Niclas Zeising, Myke Geiger, Scott Long

BSD Homelabs Allan Jude, Michael W Lucas, Michael Dexter, Niclas Zeising, Myke Geiger, Scott Long Dexters Lab Notes What is a Homelab Building a Homelab Machines Any old machine you have can be useful in your homelab. If you are looking to

634 views • 6 slides
Linux-iSCSI.org BoF Linux-iSCSI.org BoF Current Status and Future of iSCSI on the Current Status

Linux-iSCSI.org BoF Linux-iSCSI.org BoF Current Status and Future of iSCSI on the Current Status

Linux-iSCSI.org BoF Linux-iSCSI.org BoF Current Status and Future of iSCSI on the Current Status and Future of iSCSI on the Linux platform Linux platform Linux Plumbers Conference 2009 Linux Plumbers Conference 2009 Nicholas A. Bellinger

514 views • 18 slides
System Center 2012 R2 Overview Shane Snipes Microsoft Technology Specialist

System Center 2012 R2 Overview Shane Snipes Microsoft Technology Specialist

System Center 2012 R2 Overview Shane Snipes Microsoft Technology Specialist www.NetComLearning.com Agenda System Center: Unified management for the Cloud OS System Center momentum Customer needs and opportunities System Center 2012 R2

700 views • 46 slides
Experimental Opportunity at J-PARC H.M.Shimizu Department of Physics, Nagoya University

Experimental Opportunity at J-PARC H.M.Shimizu Department of Physics, Nagoya University

page Title(Experimental Opportunity at J-PARC) Conf(ACFI Meeting Time-reversal Tests in Nuclear and Hadronic Processes) Date(2014/11/07) At(Amherst Center for Fundamental Interactions, Univ. of Massachusetts Amherst) 1 ACFI Meeting

934 views • 54 slides

More recommend