OpenBSD manual page server

Manual Page Search Parameters
VM.CONF(5) File Formats Manual VM.CONF(5)

vm.confvirtual machine configuration

vm.conf is the configuration file to configure the virtual machine monitor (VMM) subsystem. A VMM manages virtual machines (VMs) on a host. The VMM subsystem is responsible for creating, destroying, and executing VMs.

vm.conf is divided into the following main sections:

User-defined variables may be defined and used later, simplifying the configuration file.
Global settings for vmd(8).
Configuration for each individual virtual machine.
Configuration for virtual switches.

Within the sections, the bytes argument can be specified with a human-readable scale, using the format described in scan_scaled(3).

The current line can be extended over multiple lines using a backslash (‘\’). Comments can be put anywhere in the file using a hash mark (‘#’), and extend to the end of the current line. Care should be taken when commenting out multi-line text: the comment is effective until the end of the entire block.

Argument names not beginning with a letter, digit, underscore, or slash must be quoted.

Additional configuration files can be included with the include keyword, for example:

include "/etc/vm1.example.com.conf"

Macros can be defined that will later be expanded in context. Macro names must start with a letter, digit, or underscore, and may contain any of those characters. Macro names may not be reserved words (for example, vm, memory, or disk). Macros are not expanded inside quotes.

For example:

ramdisk="/bsd.rd"
vm "vm1.example.com" {
	memory 512M
	boot $ramdisk
}

The following setting can be configured globally:

address/prefix
Set the network prefix that is used to allocate subnets for local interfaces, see local interface in the VM CONFIGURATION section below. The default is 100.64.0.0/10.
[prefix address/prefix]
Enable IPv6 on local interfaces and allocate routable subnets. If the prefix is not specified, a random prefix from the “unique local” network range fd00::/8 will be generated on startup. The specified prefix length must be /64 or smaller.
user:group
Set the control socket owner to the specified user and group. Users with access to the control socket will be allowed to use vmctl for restricted access to vmd. If only user is given, only the user is set. If only :group is given, only the group is set. The default is root:wheel.
parallelism delay seconds
Start all configured VMs in a staggered fashion with parallelism instances in parallel every delay seconds. Defaults to parallelism equal to number of CPUs and a delay of 30 seconds.

Each vm section starts with a declaration of the virtual machine name:

name {...}
The name can only consist of alphanumeric characters, as well as '.', '-', and '_', and must start with a letter. Typically this is a hostname.

Followed by a block of parameters that is enclosed in curly brackets:

{...}
Set the permissions to create VM instances. See VM INSTANCES.
path
Kernel or BIOS image to load when booting the VM. If not specified, the default is to boot using the BIOS image in /etc/firmware/vmm-bios.
device
Force VM to boot from device. Valid values are:
cdrom
Boot the ISO image file specified using the cdrom parameter.
disk
Boot from the disk image file specified using the disk parameter.
net
Boot the kernel specified using the boot parameter as if the VM was network booted. In addition, the DHCP lease will advertise “auto_install” in the bootfile option making it suitable for use with autoinstall(8). Note, this is not to be confused with pxeboot(8) but rather a simulated network boot.

Currently disk and cdrom only work with VMs booted using BIOS.

path
ISO image file.
Automatically start the VM. This is the default if neither enable nor disable is specified.
Do not start this VM.
path [format fmt]
Disk image file (may be specified multiple times to add multiple disk images). The format may be specified as either qcow2 or raw. If left unspecified, the format defaults to raw if it cannot be derived automatically.
[local] interface [name] [{...}]
Network interface to add to the VM. The optional name can be either ‘tap’ to select the next available tap(4) interface on the VM host side (the default) or tapN to select a specific one.

Valid options are:

group-name
Assign the interface to a specific interface “group”. For example, this can be used to write pf.conf(5) rules for several VM interfaces in the same group. The group-name must not be longer than 15 characters or end with a digit, as described in ifconfig(8).
[locked] lladdr [etheraddr]
Change the link layer address (MAC address) of the interface on the VM guest side. If not specified, a randomized address will be assigned by vmd(8). If the locked keyword is specified, vmd(8) will drop packets from the VM with altered source addresses.
rdomainid
Attach the interface to the routing domain with the specified rdomainid. If attaching to a switch that also has an rdomainid set, the rdomainid configured for the interface takes precedence.
name
Set the virtual switch by name. See the SWITCH CONFIGURATION section about virtual switches. This option is ignored if a switch with a matching name cannot be found.
Start the interface forwarding packets. This is the default.
Stop the interface from forwarding packets.

A local interface will auto-generate an IPv4 subnet for the interface, configure a gateway address on the VM host side, and run a simple DHCP/BOOTP server for the VM. This option can be used for layer 3 mode without configuring a switch.

If the global local inet6 option is enabled, a routable IPv6 gateway address will be generated on the host side. Unlike the IPv4 option, vmd does not respond to DHCPv6 or router solicitation messages itself. Use rad(8) listening on the interface group, e.g. interface tap for auto-configuring the VMs accordingly.

count
Optional minimum number of network interfaces to add to the VM. If the count is greater than the number of interface statements, additional default interfaces will be added.
bytes
Memory size of the VM, in bytes, rounded to megabytes. The default is 512M.
user:group
Set the owner of the VM to the specified user and group. The owner will be allowed to start or stop the VM, pause or unpause the VM, and open the VM's console. If only user is given, only the user is set. If only :group is given, only the group is set.

It is possible to use configured or running VMs as a template for additional instances of the VM. An instance is just like a normal vm and is configured with the following declaration of the virtual machine name:

parent instance name {...}
A virtual machine can be created as an instance of any other configured VM.

The new instance will inherit settings from the VM parent, except for exclusive options such as disk, interface lladdr, or interface name. The configuration options are identical to the VM CONFIGURATION, but restricted to the allowed instance options.

The allowed instance options are configured in the parent VM:

{...}
Allow users to use this VM as a template for VM instances. By default, the root user can always create instances without restrictions and users or non-root owners cannot create instances. An instance will inherit the configuration from the VM and the user, if permitted, will be allowed to configure individual VM options.

Valid options are:

Allow user to configure the kernel or BIOS image. The user needs read access to the image.
Allow user to configure the ISO file. The user needs read access to the file.
Allow user to configure the disk images. The user needs read and write access to image and instances are not allowed to reuse disks from the parent VM.
Allow user to create additional instances from the instances.
Allow user to change network interface settings.
Allow user to configure the memory size.
user[:group]
Allow the specified user or group to create the instances. The owner will be allowed to create VM instances, start or stop the instances, pause or unpause the instances, and open the instances' consoles.
:group
Set the owner to the specified group.

A virtual switch allows VMs to communicate with other network interfaces on the host system via either bridge(4), switch(4) or veb(4). The network interface for each virtual switch defined in vm.conf is pre-configured using hostname.if(5) or ifconfig(8) (see the BRIDGE and SWITCH sections in ifconfig(8) accordingly). When a VM is started, virtual network interfaces which are assigned to a virtual switch have their tap(4) interface automatically added into the corresponding bridge(4) or switch(4) interface underlying the virtual switch.

Virtual switches can be configured at any point in the configuration file. Each switch section starts with a declaration of the virtual switch:

name {...}
This name can be any string, and is typically a network name.

Followed by a block of parameters that is enclosed in curly brackets:

Automatically configure the switch. This is the default if neither enable nor disable is specified.
If this option is specified, vmd(8) will drop packets with altered sources addresses that do not match the link layer addresses (MAC addresses) of the VM interfaces in this switch.
Do not configure this switch.
group-name
Assign each interface to a specific interface “group”. For example, this can be used to write pf.conf(5) rules for several VM interfaces in the same group. The group-name must not be longer than 15 characters or end with a digit, as described in ifconfig(8).
name
Set the bridge(4), switch(4) or veb(4) network interface of this switch. If the type is changed to switch0, it will be used for each following switch.
rdomainid
Set the routing domain of the switch and all of its VM interfaces to rdomainid.
Start the switch forwarding packets. This is the default.
Stop the switch from forwarding packets.

/etc/vm.conf
 
/etc/examples/vm.conf
 

Create a new VM with 1GB memory, 1 network interface connected to “uplink”, with one disk image ‘/home/joe/vm2-disk.img’, owned by user ‘joe’:

vm "vm2.example.com" {
	memory 1G
	disk "/home/joe/vm2-disk.img"
	interface { switch "uplink" }
	owner joe
}

Create a new VM as an instance from ‘vm2.example.com’:

vm "vm2.example.com" instance "vm3.example.com" {
	disk "/home/joe/vm3-disk.img"
}

Create the switch "uplink" with an additional physical network interface:

switch "uplink" {
	interface bridge0
}

vmm(4), MAKEDEV(8), vmctl(8), vmd(8)

The vm.conf file format first appeared in OpenBSD 5.9.

Mike Larkin <mlarkin@openbsd.org> and Reyk Floeter <reyk@openbsd.org>.

Each guest requires one tap(4) device per assigned interface and one pty(4) device. Administrators may need to create additional devices using MAKEDEV(8).

March 1, 2021 OpenBSD-current