VM.CONF(5) FreeBSD File Formats Manual VM.CONF(5)
NAME
vm.conf - virtual machine configuration
DESCRIPTION
vm.conf is the configuration file to configure the virtual machine
monitor (VMM) subsystem. A VMM manages virtual machines (VMs) on a host.
The VMM subsystem is responsible for creating, destroying, and executing
VMs.
vm.conf is divided into the following main sections:
Macros
User-defined variables may be defined and used later, simplifying
the configuration file.
Global Configuration
Global settings for vmd(8).
VM Configuration
Configuration for each individual virtual machine.
Switch Configuration
Configuration for virtual switches.
Within the sections, the bytes argument can be specified with a human-
readable scale, using the format described in scan_scaled(3).
The current line can be extended over multiple lines using a backslash
(`\'). Comments can be put anywhere in the file using a hash mark (`#'),
and extend to the end of the current line. Care should be taken when
commenting out multi-line text: the comment is effective until the end of
the entire block.
Argument names not beginning with a letter, digit, underscore, or slash
must be quoted.
Additional configuration files can be included with the include keyword,
for example:
include "/etc/vm1.example.com.conf"
MACROS
Macros can be defined that will later be expanded in context. Macro
names must start with a letter, digit, or underscore, and may contain any
of those characters. Macro names may not be reserved words (for example,
vm, memory, or disk). Macros are not expanded inside quotes.
For example:
ramdisk="/bsd.rd"
vm "vm1.example.com" {
memory 512M
boot $ramdisk
}
GLOBAL CONFIGURATION
The following setting can be configured globally:
agentx [context context] [path path]
Export vm metrics via an AgentX compatible (snmp) daemon by
connecting to path. Metrics can be found under the vmMIB subtree
(mib-2.236). If path is omitted it will default to
/var/agentx/master. context is the SNMPv3 context and can
usually be omitted.
local prefix address/prefix
Set the network prefix that is used to allocate subnets for local
interfaces, see local interface in the VM CONFIGURATION section
below. The default is 100.64.0.0/10.
local inet6 [prefix address/prefix]
Enable IPv6 on local interfaces and allocate routable subnets.
If the prefix is not specified, a random prefix from the "unique
local" network range fd00::/8 will be generated on startup. The
specified prefix length must be /64 or smaller.
socket owner user:group
Set the control socket owner to the specified user and group.
Users with access to the control socket will be allowed to use
vmctl(8) for restricted access to vmd(8). If only user is given,
only the user is set. If only :group is given, only the group is
set. The default is root:wheel.
staggered start parallel parallelism delay seconds
Start all configured VMs in a staggered fashion with parallelism
instances in parallel every delay seconds. Defaults to
parallelism equal to number of online CPUs and a delay of 30
seconds.
VM CONFIGURATION
Each vm section starts with a declaration of the virtual machine name:
vm name {...}
The name can only consist of alphanumeric characters, as well as
'.', '-', and '_', and must start with a letter. Typically this
is a hostname.
Followed by a block of parameters that is enclosed in curly brackets:
allow instance {...}
Set the permissions to create VM instances. See VM INSTANCES.
boot path
Kernel or BIOS image to load when booting the VM. If not
specified, the default is to boot using the BIOS image in
/etc/firmware/vmm-bios.
boot device device
Force VM to boot from device. Valid values are:
cdrom Boot the ISO image file specified using the cdrom
parameter.
disk Boot from the disk image file specified using the disk
parameter.
net Boot the kernel specified using the boot parameter as if
the VM was network booted. In addition, the DHCP lease
will advertise "auto_install" in the bootfile option
making it suitable for use with autoinstall(8). Note,
this is not to be confused with pxeboot(8) but rather a
simulated network boot.
Currently disk and cdrom only work with VMs booted using BIOS.
cdrom path
ISO image file.
enable Automatically start the VM. This is the default if neither
enable nor disable is specified.
disable
Do not start this VM.
disk path [format fmt]
Disk image file (may be specified multiple times to add multiple
disk images). The format may be specified as either qcow2 (a
sparse file format which reduces storage) or raw. If left
unspecified, the format defaults to raw if it cannot be derived
automatically.
[local] interface [name] [{...}]
Network interface to add to the VM. The optional name can be
either tap to select the next available tap(4) interface on the
VM host side (the default) or tapN to select a specific one.
Valid options are:
group group-name
Assign the interface to a specific interface "group".
For example, this can be used to write pf.conf(5) rules
for several VM interfaces in the same group. The
group-name must not be longer than 15 characters or end
with a digit, as described in ifconfig(8).
[locked] lladdr [etheraddr]
Change the link layer address (MAC address) of the
interface on the VM guest side. If not specified, a
randomized address will be assigned by vmd(8). If the
locked keyword is specified, vmd(8) will drop packets
from the VM with altered source addresses.
rdomain rdomainid
Attach the interface to the routing domain with the
specified rdomainid. If attaching to a switch that also
has an rdomainid set, the rdomainid configured for the
interface takes precedence.
switch name
Set the virtual switch by name. See the SWITCH
CONFIGURATION section about virtual switches. This
option is ignored if a switch with a matching name cannot
be found.
up Start the interface forwarding packets. This is the
default.
down Stop the interface from forwarding packets.
A local interface will auto-generate an IPv4 subnet for the
interface, configure a gateway address on the VM host side, and
run a simple DHCP/BOOTP server for the VM. This option can be
used for layer 3 mode without configuring a switch.
If the global local inet6 option is enabled, a routable IPv6
gateway address will be generated on the host side. Unlike the
IPv4 option, vmd(8) does not respond to DHCPv6 or router
solicitation messages itself. Use rad(8) listening on the
interface group, e.g. interface tap for auto-configuring the VMs
accordingly.
interfaces count
Optional minimum number of network interfaces to add to the VM.
If the count is greater than the number of interface statements,
additional default interfaces will be added.
memory bytes
Memory size of the VM, in bytes, rounded to megabytes. The
default is 512M.
owner user:group
Set the owner of the VM to the specified user and group. The
owner will be allowed to start or stop the VM, pause or unpause
the VM, and open the VM's console. If only user is given, only
the user is set. If only :group is given, only the group is set.
sev Enables AMD Secure Encrypted Virtualization for guest. vmd(8)
uses psp(4) to configure the guest for SEV.
VM INSTANCES
It is possible to use configured or running VMs as a template for
additional instances of the VM. An instance is just like a normal vm and
is configured with the following declaration of the virtual machine name:
vm parent instance name {...}
A virtual machine can be created as an instance of any other
configured VM.
The new instance will inherit settings from the VM parent, except for
exclusive options such as disk, interface lladdr, or interface name. The
configuration options are identical to the VM CONFIGURATION, but
restricted to the allowed instance options.
The allowed instance options are configured in the parent VM:
allow instance {...}
Allow users to use this VM as a template for VM instances. By
default, the root user can always create instances without
restrictions and users or non-root owners cannot create
instances. An instance will inherit the configuration from the
VM and the user, if permitted, will be allowed to configure
individual VM options.
Valid options are:
boot Allow user to configure the kernel or BIOS image. The user needs
read access to the image.
cdrom Allow user to configure the ISO file. The user needs read access
to the file.
disk Allow user to configure the disk images. The user needs read and
write access to image and instances are not allowed to reuse
disks from the parent VM.
instance
Allow user to create additional instances from the instances.
interface
Allow user to change network interface settings.
memory Allow user to configure the memory size.
owner user[:group]
Allow the specified user or group to create the instances. The
owner will be allowed to create VM instances, start or stop the
instances, pause or unpause the instances, and open the
instances' consoles.
owner :group
Set the owner to the specified group.
SWITCH CONFIGURATION
A virtual switch allows VMs to communicate with other network interfaces
on the host system via either bridge(4) or veb(4). The network interface
for each virtual switch defined in vm.conf is pre-configured using
hostname.if(5) or ifconfig(8) (see the BRIDGE and VEB sections in
ifconfig(8) accordingly). When a VM is started, virtual network
interfaces which are assigned to a virtual switch have their tap(4)
interface automatically added into the corresponding bridge(4) or veb(4)
interface underlying the virtual switch.
Virtual switches can be configured at any point in the configuration
file. Each switch section starts with a declaration of the virtual
switch:
switch name {...}
This name can be any string, and is typically a network name.
Followed by a block of parameters that is enclosed in curly brackets:
enable Automatically configure the switch. This is the default if
neither enable nor disable is specified.
locked lladdr
If this option is specified, vmd(8) will drop packets with
altered source addresses that do not match the link layer
addresses (MAC addresses) of the VM interfaces in this switch.
disable
Do not configure this switch.
group group-name
Assign each interface to a specific interface "group". For
example, this can be used to write pf.conf(5) rules for several
VM interfaces in the same group. The group-name must not be
longer than 15 characters or end with a digit, as described in
ifconfig(8).
interface name
Set the bridge(4) or veb(4) network interface of this switch.
rdomain rdomainid
Set the routing domain of the switch and all of its VM interfaces
to rdomainid.
up Start the switch forwarding packets. This is the default.
down Stop the switch from forwarding packets.
FILES
/etc/vm.conf
/etc/examples/vm.conf
EXAMPLES
Create a new VM with 1GB memory, 1 network interface connected to
"uplink", with one disk image /home/joe/vm2-disk.img, owned by user
`joe':
vm "vm2.example.com" {
memory 1G
disk "/home/joe/vm2-disk.img"
interface { switch "uplink" }
owner joe
}
Create a new VM as an instance from `vm2.example.com':
vm "vm2.example.com" instance "vm3.example.com" {
disk "/home/joe/vm3-disk.img"
}
Create the switch "uplink" with an additional physical network interface:
switch "uplink" {
interface bridge0
}
SEE ALSO
vmm(4), MAKEDEV(8), vmctl(8), vmd(8)
HISTORY
The vm.conf file format first appeared in OpenBSD 5.9.
AUTHORS
Mike Larkin <
[email protected]> and Reyk Floeter <
[email protected]>.
CAVEATS
Each guest requires one tap(4) device per assigned interface and one
pty(4) device. Administrators may need to create additional devices
using MAKEDEV(8).
FreeBSD 14.1-RELEASE-p8 September 16, 2024 FreeBSD 14.1-RELEASE-p8