virtual machines

Definition

A virtual machine (VM) is a software emulation of a physical computer system.

  • guest machines any VM running on a host
  • host machine physical machine

Why a VM?

A VM will be able to:

  • run a different OS
  • emulate hardware
    • out risky task in a protected environment

Resource partition

  • Storage: provision volumes
  • Network: Tun/Tap interfaces
  • Passtrough for pci

nosy neighbor issue can be solved

What does your system know about what is insde a VMs?

Nothing.

For the most part

Hypervisors

Virtual machines work by using software, known as a Hypervisor, to emulate the hardware and functionality of a physical computer system.

Virtual machines work by using software, known as a Hypervisor, to emulate the hardware and functionality of a physical computer system.

The hypervisor essentially creates a layer of abstraction between the physical hardware and virtual machines. This allows for multiple machines to run on a single physical machine.

Virtual machines work by using software, known as a Hypervisor, to emulate the hardware and functionality of a physical computer system.

The hypervisor essentially creates a layer of abstraction between the physical hardware and virtual machines. This allows for multiple machines to run on a single physical machine.

Furthermore, each of those single machines has its own virtual hardware and operating system.

type 1 hypervisors

Examples: Hyper-V, Xen and VMware ESXi.

type 2 hypervisors

Examples: qemu/KVM (our focus)

When to use a VM

  • legacy software,
  • deployment strategy
  • Infrasturcture development
  • learning, much simpler!!

Issues with using a VM

  • loose of performance
  • poor IAC approach
  • easy to loose track of them, security issues.
  • opinionated: VMs are "pets", services should be treated as cattle.

When not to use a VM

In 2024 you should not use VM unless strictly necessary

The bare stack

Kernel-based Virtual Machine (KVM)

  • is a kernel module
  • can emulate vCPU/VirtIO
  • requires a processor with hardware virtualization extensions

Your interaction with KVM will be zero

by V4711,CC BY-SA 4.0

quemu

By BenoƮt Canet,CC BY 3.0
  • User-mode emulation
  • System emulation
  • Hypervisor Support

QEMU runs single Linux programs compiled for a different instruction set.

  • User-mode emulation
  • System emulation
  • Hypervisor Support

QEMU emulates a full computer system, emulating several instruction sets.

  • User-mode emulation
  • System emulation
  • Hypervisor Support

QEMU either acts as a Virtual Machine Manager (VMM) or as a device emulation back-end for virtual machines running under a hypervisor(KVM).

emulated platforms

  • CD/DVD-ROM
  • Floppy disk drive
  • Graphics card
  • Network card
  • ATA controller or Serial ATA AHCI controller
  • Serial/Parallel
  • USB controller and devices (several)
  • Paravirtualized VirtIO devices
  • etc.

libVirt

by Vulphere,CC BY-SA 3.0

Libvirt is an API, daemon and management tool for managing platform virtualization. It supports QUEMU/KVM. And it has several forntends.

virsh, virt-manager, cockpit, etc.

By Shmuel Csaba Otto Traian, CC BY-SA 3.0

take home messages

  • VMs are computers inside computers that use a part of the resources
  • They can emulate hardware
  • They come with a non negligible overhead
  • Easy to manage, easy to loose track of

Excercise 1.01

  • Connect to the Login node
  • Jump to the MDMC infrastructure forntend
  • Run a webserver and explore your home folder

ssh, recap

Important files are located in the .ssh folder:

  • id_rsa
  • id_rsa.pub
  • authorized_keys
  • config

private key id_rsa

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACAiH5AMfIB7xPQjVap8g/Wtf8EVkTS1xZoVh6h83/BmAwAAAJgSf0TfEn9E
3wAAAAtzc2gtZWQyNTUxOQAAACAiH5AMfIB7xPQjVap8g/Wtf8EVkTS1xZoVh6h83/BmAw
AAAEAQHhc3iHHCfQXuV6TAJ1J4RQJM4GHYPDGrbcsL+UR+ayIfkAx8gHvE9CNVqnyD9a1/
wRWRNLXFmhWHqHzf8GYDAAAAD3J1Z2dlcm9ARGVyaW5vZQECAwQFBg==
-----END OPENSSH PRIVATE KEY-----

public key id_rsa.pub

ssh-ed25519 AAAAC3NzaC1lZDI1....../wRWRNLXFmhWHqHzf8GYD a@comment

authorized keys

Just a list of authorized keys, extra parameters can restrict authorized operations. To populate this file: manually copy your key, or use the ssh-copy-id command.

config

Host mdmc_login
    Hostname 195.14.102.215
    User yourUser
    SetEnv COLORTERM=truecolor

our infra simplified

Login node

Interfaces and addresses

$ ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens18:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether bc:24:11:42:aa:27 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 10.128.2.81/24 brd 10.128.2.255 scope global noprefixroute ens18
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:fe42:aa27/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: ens19:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether bc:24:11:5d:c0:4d brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    inet 10.128.4.15/24 brd 10.128.4.255 scope global noprefixroute ens19
       valid_lft forever preferred_lft forever
    inet6 fe80::a803:f1e:c579:63c9/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Login node

routes

$ ip r
default via 10.128.2.1 dev ens18 proto static metric 100
default via 10.128.4.1 dev ens19 proto static metric 101

Call to action

Investigate those values in the jumping box! And in your VM! by using:

ip address
ip route

Jump host

SSH jump host is a server that acts as an intermediary between your client machine and the target server you want to connect to. It allows you to establish a secure connection to the target server even if it's not directly accessible from your client due to network restrictions, firewalls, or security policies.

ssh -J jump_destination targe_destination

ssh configuration

Host mdmc_login
    Hostname 195.14.102.215
    User yourUser
    SetEnv COLORTERM=truecolor

Host mdmc_gateway
    ProxyJump mdmc_login
    Hostname 10.128.2.85
    User yourUser

jump to the login node!

and then to the jumpbox!

finally all togheter!

Stream online

Excercise 1.02

  • Take ownership of a VM
  • Run your first website

ssh configuration

Host mdmc_login
    Hostname 195.14.102.215
    User yourUser
    SetEnv COLORTERM=truecolor

Host mdmc_gateway
    ProxyJump mdmc_login
    Hostname 10.128.2.85
    User yourUser

Host mdmc_vm
    ProxyJump mdmc_gateway
    Hostname 172.16.0.XX
    User user00
    LocalForward 8989 localhost:8000

Notes:

  • starting ip: 172.16.0.11/16
  • final ip: 172.16.0.45/16
  • username: user00
  • passowrd: ClayHardenedGivenCrucial
  • https://bit.ly/4epNGDb

operation

  • copy your key ssh-copy-id mdmc_vm
  • connect ssh mdmc_vm
  • run your first website python3 -m http.server
Stream online

excercise 01.02

Provision cockpit in your VM

  • install cockpit
    sudo dnf install cockpit
  • run this magic command
    systemctl enable --now cockpit.socket
  • add the new port
    Host mdmc_vm
    ProxyJump mdmc_gateway
    Hostname 172.16.0.XX
    User user00
    LocalForward 8989 localhost:8000
    LocalForward 9090 localhost:9090

excercise01.03

Add plugins to cockpit form the menu

  • enable VirtualMachine manager
  • enable Podman manager

Why can't you crate sub VM?

Proxmox Live

Important points:

  • there are 3 hosts
  • All the resources are merged together
  • Metrics for each VM are available
  • control over the cluster is provided
  • You can migrate the VM
  • Exist an API to perform all those operations