vm.conf —
virtual machine configuration
TABLE OF CONTENTS
vm.conf is the configuration file to configure the
virtual machine monitor (VMM) subsystem. A VMM manages virtual machines (VMs)
on a host. The VMM subsystem is responsible for
creating, destroying, and executing VMs.
vm.conf is divided into the following main
sections:
- Macros
- User-defined variables may be defined and used later, simplifying the
configuration file.
- Global Configuration
- Global settings for vmd(8).
- VM Configuration
- Configuration for each individual virtual machine.
- Switch Configuration
- Configuration for virtual switches.
Within the sections, the bytes argument can
be specified with a human-readable scale, using the format described in
scan_scaled(3).
The current line can be extended over multiple lines using a
backslash (‘\’). Comments can be put anywhere in the file
using a hash mark (‘#’), and extend to the end of the current
line. Care should be taken when commenting out multi-line text: the comment
is effective until the end of the entire block.
Argument names not beginning with a letter, digit, underscore, or
slash must be quoted.
Additional configuration files can be included with the
include keyword, for example:
include "/etc/vm1.example.com.conf"
Macros can be defined that will later be expanded in context. Macro names must
start with a letter, digit, or underscore, and may contain any of those
characters. Macro names may not be reserved words (for example,
vm, memory, or
disk). Macros are not expanded inside quotes.
For example:
ramdisk="/bsd.rd"
vm "vm1.example.com" {
memory 512M
boot $ramdisk
}
The following setting can be configured globally:
local
prefix
address/prefix- Set the network prefix that is used to allocate subnets for local
interfaces, see
local interface in the
VM CONFIGURATION section below.
The default is 100.64.0.0/10.
local
inet6 [prefix
address/prefix]- Enable IPv6 on local interfaces and allocate routable subnets. If the
prefix is not specified, a random prefix from the “unique
local” network range fd00::/8 will be
generated on startup. The specified prefix length must be /64 or
smaller.
socket
owner
user[:group]- Set the control socket owner to the specified user or group. Users with
access to the control socket will be allowed to use
vmctl for restricted access to
vmd. The default is
root:wheel.
socket
owner :group- Set the control socket owner to the specified group.
Each vm section starts with a declaration of the virtual
machine name:
vm
name {...}- The name can only consist of alphanumeric
characters, as well as '.', '-', and '_', and must start with a letter.
Typically this is a hostname.
Followed by a block of parameters that is enclosed in curly
brackets:
allow
instance [{...}]- Set the permissions to create VM instances. See
VM INSTANCES.
boot
path- Kernel or BIOS image to load when booting the VM. If not specified, the
default is to boot using the BIOS image in
/etc/firmware/vmm-bios.
cdrom
path- ISO image file.
enable- Automatically start the VM. This is the default if neither
enable nor disable is
specified.
disable- Do not start this VM.
disk
path [format
fmt]- Disk image file (may be specified multiple times to add multiple disk
images). The format may be specified as either qcow2
or raw. If left unspecified, the format defaults to
raw if it cannot be derived automatically.
- [
local] interface [name]
[{...}]
- Network interface to add to the VM. The optional
name can be either ‘tap’ to select the
next available tap(4) interface on the VM
host side (the default) or tapN to select a specific
one.
Valid options are:
group
group-name- Assign the interface to a specific interface “group”.
For example, this can be used to write
pf.conf(5) rules for several VM
interfaces in the same group. The group-name
must not be longer than 15 characters or end with a digit, as
described in ifconfig(8).
- [
locked] lladdr
[etheraddr]
- Change the link layer address (MAC address) of the interface on the VM
guest side. If not specified, a randomized address will be assigned by
vmd(8). If the
locked keyword is specified,
vmd(8) will drop packets from the VM
with altered source addresses.
rdomain
rdomainid- Attach the interface to the routing domain with the specified
rdomainid. If attaching to a switch that also
has an rdomainid set, the
rdomainid configured for the interface takes
precedence.
switch
name- Set the virtual switch by name. See the
SWITCH CONFIGURATION
section about virtual switches. This option is ignored if a switch
with a matching name cannot be found.
up- Start the interface forwarding packets. This is the default.
down- Stop the interface from forwarding packets.
A local interface will auto-generate
an IPv4 subnet for the interface, configure a gateway address on the VM
host side, and run a simple DHCP/BOOTP server for the VM. This option
can be used for layer 3 mode without configuring a switch.
If the global local inet6 option is
enabled, a routable IPv6 gateway address will be generated on the host
side. Unlike the IPv4 option, vmd does not
respond to DHCPv6 or router solicitation messages itself. Use
rad(8) listening on the interface group,
e.g. interface tap for auto-configuring the VMs
accordingly.
interfaces
count- Optional minimum number of network interfaces to add to the VM. If the
count is greater than the number of
interface statements, additional default
interfaces will be added.
memory
bytes- Memory size of the VM, in bytes, rounded to megabytes. The default is
512M.
owner
user[:group]- Set the owner of the VM to the specified user or group. The owner will be
allowed to start or stop the VM, pause or unpause the VM, and open the
VM's console.
owner
:group- Set the owner to the specified group.
It is possible to use configured or running VMs as a template for additional
instances of the VM. An instance is just like a normal
vm and is configured with the following declaration of
the virtual machine name:
vm
parent instance
name {...}- A virtual machine can be created as an instance of any other configured
VM.
The new instance will inherit settings from the VM
parent, except for exclusive options such as
disk, interface lladdr, or
interface name. The configuration options are
identical to the VM
CONFIGURATION, but restricted to the allowed instance options.
The allowed instance options are configured in the
parent VM:
allow
instance [{...}]- Allow users to use this VM as a template for VM instances. By default, the
root user can always create instances without restrictions and users or
non-root owners cannot create instances. An instance will inherit the
configuration from the VM and the user, if permitted, will be allowed to
configure individual VM options.
Valid options are:
boot- Allow user to configure the kernel or BIOS image. The user needs read
access to the image.
cdrom- Allow user to configure the ISO file. The user needs read access to the
file.
disk- Allow user to configure the disk images. The user needs read and write
access to image and instances are not allowed to reuse disks from the
parent VM.
instance- Allow user to create additional instances from the instances.
interface- Allow user to change network interface settings.
memory- Allow user to configure the memory size.
owner
user[:group]- Allow the specified user or group to create the instances. The owner will
be allowed to create VM instances, start or stop the instances, pause or
unpause the instances, and open the instances' consoles.
owner
:group- Set the owner to the specified group.
A virtual switch allows VMs to communicate with other network interfaces on the
host system via either bridge(4) or
switch(4). The network interface for each
virtual switch defined in vm.conf is pre-configured
using hostname.if(5) or
ifconfig(8) (see the
BRIDGE and
SWITCH sections in
ifconfig(8) accordingly). When a VM is
started, virtual network interfaces which are assigned to a virtual switch
have their tap(4) interface automatically
added into the corresponding bridge(4) or
switch(4) interface underlying the virtual
switch.
Virtual switches can be configured at any point in the
configuration file. Each switch section starts with
a declaration of the virtual switch:
switch
name {...}- This name can be any string, and is typically a network name.
Followed by a block of parameters that is enclosed in curly
brackets:
enable- Automatically configure the switch. This is the default if neither
enable nor disable is
specified.
locked
lladdr- If this option is specified, vmd(8) will
drop packets with altered sources addresses that do not match the link
layer addresses (MAC addresses) of the VM interfaces in this switch.
disable- Do not configure this switch.
group
group-name- Assign each interface to a specific interface “group”. For
example, this can be used to write
pf.conf(5) rules for several VM
interfaces in the same group. The group-name must
not be longer than 15 characters or end with a digit, as described in
ifconfig(8).
interface
name- Set the switch(4) or
bridge(4) network interface of this
switch. If the type is changed to switch0, it will
be used for each following switch.
rdomain
rdomainid- Set the routing domain of the switch and all of its VM interfaces to
rdomainid.
up- Start the switch forwarding packets. This is the default.
down- Stop the switch from forwarding packets.
Create a new VM with 1GB memory, 1 network interface connected to
“uplink”, with one disk image
‘/home/joe/vm2-disk.img’, owned by user ‘joe’:
vm "vm2.example.com" {
memory 1G
disk "/home/joe/vm2-disk.img"
interface { switch "uplink" }
owner joe
}
Create a new VM as an instance from
‘vm2.example.com’:
vm "vm2.example.com" instance "vm3.example.com" {
disk "/home/joe/vm3-disk.img"
}
Create the switch "uplink" with an additional physical
network interface:
switch "uplink" {
interface bridge0
}
The vm.conf file format first appeared in
OpenBSD 5.9.
![[OpenBSD]](/openbsd.gif){kind=small}