VM-Operator/org.jdrupes.vmoperator.runner.qemu/templates/Standard-VM-latest.ftl.yaml

"swtpm":
  # Candidate paths for the executable 
  "executable": [ "/usr/bin/swtpm" ]
  
  # Arguments may be specified as nested lists for better readability.
  # The arguments are flattened before being passed to the process.
  "arguments":
    - "socket"
    - "--tpm2"
    - [ "--tpmstate", "dir=${ runtimeDir }" ]
    - [ "--ctrl", "type=unixio,path=${ runtimeDir }/swtpm-sock,mode=0600" ]
    - "--terminate"

"qemu":
  # Candidate paths for the executable 
  "executable": [ "/usr/bin/qemu-system-x86_64" ]

  # Arguments may be specified as nested lists for better readability.
  # The arguments are flattened before being passed to the process.
  # Unless otherwise noted, flags can be found on
  # https://www.qemu.org/docs/master/system/invocation.html
  #
  # Useful links:
  #   - https://joonas.fi/2021/02/uefi-pc-boot-process-and-uefi-with-qemu/
  "arguments":
    # Qemu configuration
    - "-no-user-config"
    # * https://www.kernel.org/doc/Documentation/virtual/kvm/api.txt
    - [ "-global", "kvm-pit.lost_tick_policy=delay" ]
    - [ "-sandbox", "on,obsolete=deny,elevateprivileges=deny,\
        spawn=allow,resourcecontrol=deny" ] 
    - [ "-msg", "timestamp=on" ]
    # * Qemu monitor connection          
    - [ "-chardev", "socket,id=charmonitor,\
        path=${ runtimeDir }/monitor.sock,server=on,wait=off" ]
    - [ "-mon", "chardev=charmonitor,id=monitor,mode=control" ]
    
    # VM configuration
    - [ "-name", "guest=${ vm.name },debug-threads=on" ]
    - [ "-uuid", "${ vm.uuid }"]
    # * Configure "modern" machine (pc-q35-7.0). USB is off, because we
    #   configure (better) xhci later. No VMWare IO port (obviously). 
    #   For smm=on see https://scumjr.github.io/2016/01/04/playing-with-smm-and-qemu/.
    #   Configure ROM/EEPROM for UEFI.
    - [ "-machine", "pc-q35-7.0,usb=off,vmport=off,dump-guest-core=off\
        <#if vm.bootMode == "secure">,smm=on</#if>\
        <#if vm.bootMode != "bios">,pflash0=fw-rom-device\
        ,pflash1=fw-eeprom-device</#if>,memory-backend=pc.ram,hpet=off" ]
    # * https://bugzilla.redhat.com/show_bug.cgi?id=1170533, may be unnecessary
    - [ "-global", "ICH9-LPC.disable_s3=1" ]
    - [ "-global", "ICH9-LPC.disable_s4=1" ]
    # {{- if .Values.vm.secureBoot }}
    # -global driver=cfi.pflash01,property=secure,value=on 
    # -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/local/qemu/master-key.aes"}'
    # {{- end }}
    <#if vm.bootMode != "bios">
    # * Provide ROM/EEPROM devices (instead of built-in BIOS)
    - [ "-blockdev", "node-name=fw-rom-file,driver=file,\
        filename=${ firmwareRom },auto-read-only=true,discard=unmap" ]
    - [ "-blockdev", "node-name=fw-rom-device,driver=raw,\
        read-only=true,file=fw-rom-file" ]
    - [ "-blockdev", "node-name=fw-eeprom-file,driver=file,\
        filename=${ firmwareFlash },auto-read-only=true,discard=unmap" ]
    - [ "-blockdev", "node-name=fw-eeprom-device,driver=raw,\
        read-only=false,file=fw-eeprom-file" ]
    </#if>            
    # * Provide RAM
    - [ "-object", "memory-backend-ram,id=pc.ram,\
        size=${ vm.maximumRam!"1G" }" ]
    - [ "-m", "${ vm.maximumRam!"1G" }" ]
    <#if vm.useTpm>
    # Attach TPM
    - [ "-chardev", "socket,id=chrtpm,path=${ runtimeDir }/swtpm-sock" ]
    - [ "-tpmdev", "emulator,id=tpm0,chardev=chrtpm" ]
    - [ "-device", "tpm-tis,tpmdev=tpm0" ]
    </#if>    
    - [ "-cpu", "${ vm.cpuModel }" ]
    <#if vm.maximumCpus gt 1>
    - [ "-smp", "${ vm.currentCpus },maxcpus=${ vm.maximumCpus }\
        <#if vm.cpuSockets gt 0>,sockets=${ vm.cpuSockets }</#if>\
        <#if vm.diesPerSocket gt 0>,cores=${ vm.diesPerSocket }</#if>\
        <#if vm.coresPerDie gt 0>,cores=${ vm.coresPerDie }</#if>\
        <#if vm.threadsPerCore gt 0>,cores=${ vm.threadsPerCore }</#if>" ]
    </#if>
    <#if vm.accelerator != "none">
    - [ "-accel", "${ vm.accelerator }"]
    </#if>
    # (More devices:) 
    # * RTC
    - [ "-rtc", "base=${ vm.rtcBase },clock=${ vm.rtcClock },driftfix=slew" ]
    # On-board serial, made available as pty on host (not used)
    - [ "-chardev", "pty,id=ptyserial0" ]
    - [ "-device", "isa-serial,chardev=ptyserial0,id=serial0,index=0" ]
    # * PCI Serial device(s) (more in SPICE configuration below)
    #   Best explanation found: 
    #   https://fedoraproject.org/wiki/Features/VirtioSerial
    - [ "-device", "virtio-serial-pci,id=virtio-serial0" ]
    #   - Guest agent serial connection
    - [ "-chardev","socket,id=guest-agent-socket,\
        path=${ runtimeDir }/org.qemu.guest_agent.0,server=on,wait=off" ]
    - [ "-device", "virtserialport,bus=virtio-serial0.0,nr=1,\
        chardev=guest-agent-socket,id=channel0,name=org.qemu.guest_agent.0" ]
    # * USB Hub and devices (more in SPICE configuration below)
    #   https://qemu-project.gitlab.io/qemu/system/devices/usb.html
    #   https://github.com/qemu/qemu/blob/master/hw/usb/hcd-xhci.c
    - [ "-device", "qemu-xhci,p2=15,p3=15,id=usb" ]
    - [ "-device", "usb-tablet" ]
    # * Random number generator
    - [ "-object", "rng-random,id=objrng0,filename=/dev/random" ]
    - [ "-device", "virtio-rng-pci,rng=objrng0,id=rng0" ]
    # * Graphics and Audio Card
    - [ "-device", "virtio-vga,id=video0,max_outputs=1" ]
    - [ "-device", "ich9-intel-hda,id=sound0" ]
    # Drives
    # * CD-Drives
    <#assign cdCounter = 0/>
    <#list vm.drives![] as drive>
    <#if (drive.type!"hdd") == "ide-cd">
    - [ "-drive", "id=drive-cdrom${ cdCounter },if=none,media=cdrom\
        <#if drive.file??>,file=${ drive.file }</#if>" ]
    #   (IDE is old, but faster than usb-storage. virtio-blk-pci does not  
    #    work without file [empty drive])
    - [ "-device", "ide-cd,id=cd${ cdCounter },drive=drive-cdrom${ cdCounter }\
        <#if drive.bootindex??>,bootindex=${ drive.bootindex }</#if>" ]
    <#assign cdCounter += 1/>
    </#if>
    </#list>
    
    #   - how to access the resource on the host (a file)
#    - [ "-blockdev", "node-name=blockdev-cdrom-file,driver=file,\
#        filename=/home/mnl/Downloads/archlinux-2023.05.03-x86_64.iso" ]
    #   - how to use the file (as sequence of literal blocks)
#    - [ "-blockdev", "node-name=blockdev-cdrom-backend,driver=raw,\
#        read-only=true,file=blockdev-cdrom-file" ]
    #   - the driver (what the guest sees)
#    - [ "-device", "virtio-blk-pci,id=virtio-disk-cdrom,\
#        drive=blockdev-cdrom-backend,bootindex=1" ]

    
    # SPICE (display, channels ...)    
    # - [ "-spice", "port=5900,disable-ticketing=on" ]
#        -chardev spicevmc,id=charchannel1,name=vdagent
#        -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
#        -audiodev '{"id":"audio1","driver":"spice"}'
#    - [ "-device", "hda-duplex,\
#        id=sound0-codec0,bus=sound0.0,cad=0,audiodev=audio1" ]
#        -spice port={{ .Values.vm.spicePort }},addr=0.0.0.0,disable-ticketing=on,seamless-migration=on
#        -chardev spicevmc,id=charredir0,name=usbredir
#        -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2
#        -chardev spicevmc,id=charredir1,name=usbredir
#        -device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3
#        -device virtio-balloon-pci,id=balloon0

        

"monitorMessages":
  "connect": '{ "execute": "qmp_capabilities" }'
Initial commit. 2023-05-23 21:38:32 +02:00			`"swtpm":`
			`# Candidate paths for the executable`
			`"executable": [ "/usr/bin/swtpm" ]`

			`# Arguments may be specified as nested lists for better readability.`
			`# The arguments are flattened before being passed to the process.`
			`"arguments":`
			`- "socket"`
			`- "--tpm2"`
			`- [ "--tpmstate", "dir=${ runtimeDir }" ]`
			`- [ "--ctrl", "type=unixio,path=${ runtimeDir }/swtpm-sock,mode=0600" ]`
			`- "--terminate"`

			`"qemu":`
			`# Candidate paths for the executable`
			`"executable": [ "/usr/bin/qemu-system-x86_64" ]`

			`# Arguments may be specified as nested lists for better readability.`
			`# The arguments are flattened before being passed to the process.`
			`# Unless otherwise noted, flags can be found on`
			`# https://www.qemu.org/docs/master/system/invocation.html`
			`#`
			`# Useful links:`
			`# - https://joonas.fi/2021/02/uefi-pc-boot-process-and-uefi-with-qemu/`
			`"arguments":`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# Qemu configuration`
Initial commit. 2023-05-23 21:38:32 +02:00			`- "-no-user-config"`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# * https://www.kernel.org/doc/Documentation/virtual/kvm/api.txt`
			`- [ "-global", "kvm-pit.lost_tick_policy=delay" ]`
			`- [ "-sandbox", "on,obsolete=deny,elevateprivileges=deny,\`
			`spawn=allow,resourcecontrol=deny" ]`
			`- [ "-msg", "timestamp=on" ]`
			`# * Qemu monitor connection`
			`- [ "-chardev", "socket,id=charmonitor,\`
			`path=${ runtimeDir }/monitor.sock,server=on,wait=off" ]`
			`- [ "-mon", "chardev=charmonitor,id=monitor,mode=control" ]`

			`# VM configuration`
Initial commit. 2023-05-23 21:38:32 +02:00			`- [ "-name", "guest=${ vm.name },debug-threads=on" ]`
			`- [ "-uuid", "${ vm.uuid }"]`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# * Configure "modern" machine (pc-q35-7.0). USB is off, because we`
			`# configure (better) xhci later. No VMWare IO port (obviously).`
			`# For smm=on see https://scumjr.github.io/2016/01/04/playing-with-smm-and-qemu/.`
			`# Configure ROM/EEPROM for UEFI.`
Initial commit. 2023-05-23 21:38:32 +02:00			`- [ "-machine", "pc-q35-7.0,usb=off,vmport=off,dump-guest-core=off\`
			`<#if vm.bootMode == "secure">,smm=on</#if>\`
			`<#if vm.bootMode != "bios">,pflash0=fw-rom-device\`
			`,pflash1=fw-eeprom-device</#if>,memory-backend=pc.ram,hpet=off" ]`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# * https://bugzilla.redhat.com/show_bug.cgi?id=1170533, may be unnecessary`
			`- [ "-global", "ICH9-LPC.disable_s3=1" ]`
			`- [ "-global", "ICH9-LPC.disable_s4=1" ]`
Initial commit. 2023-05-23 21:38:32 +02:00			`# {{- if .Values.vm.secureBoot }}`
			`# -global driver=cfi.pflash01,property=secure,value=on`
			`# -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/local/qemu/master-key.aes"}'`
			`# {{- end }}`
			`<#if vm.bootMode != "bios">`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# * Provide ROM/EEPROM devices (instead of built-in BIOS)`
Initial commit. 2023-05-23 21:38:32 +02:00			`- [ "-blockdev", "node-name=fw-rom-file,driver=file,\`
			`filename=${ firmwareRom },auto-read-only=true,discard=unmap" ]`
			`- [ "-blockdev", "node-name=fw-rom-device,driver=raw,\`
			`read-only=true,file=fw-rom-file" ]`
			`- [ "-blockdev", "node-name=fw-eeprom-file,driver=file,\`
			`filename=${ firmwareFlash },auto-read-only=true,discard=unmap" ]`
			`- [ "-blockdev", "node-name=fw-eeprom-device,driver=raw,\`
			`read-only=false,file=fw-eeprom-file" ]`
			`</#if>`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# * Provide RAM`
Initial commit. 2023-05-23 21:38:32 +02:00			`- [ "-object", "memory-backend-ram,id=pc.ram,\`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`size=${ vm.maximumRam!"1G" }" ]`
			`- [ "-m", "${ vm.maximumRam!"1G" }" ]`
Add CPU configuration. 2023-05-24 11:44:47 +02:00			`<#if vm.useTpm>`
			`# Attach TPM`
			`- [ "-chardev", "socket,id=chrtpm,path=${ runtimeDir }/swtpm-sock" ]`
			`- [ "-tpmdev", "emulator,id=tpm0,chardev=chrtpm" ]`
			`- [ "-device", "tpm-tis,tpmdev=tpm0" ]`
			`</#if>`
			`- [ "-cpu", "${ vm.cpuModel }" ]`
			`<#if vm.maximumCpus gt 1>`
			`- [ "-smp", "${ vm.currentCpus },maxcpus=${ vm.maximumCpus }\`
			`<#if vm.cpuSockets gt 0>,sockets=${ vm.cpuSockets }</#if>\`
			`<#if vm.diesPerSocket gt 0>,cores=${ vm.diesPerSocket }</#if>\`
			`<#if vm.coresPerDie gt 0>,cores=${ vm.coresPerDie }</#if>\`
			`<#if vm.threadsPerCore gt 0>,cores=${ vm.threadsPerCore }</#if>" ]`
			`</#if>`
			`<#if vm.accelerator != "none">`
			`- [ "-accel", "${ vm.accelerator }"]`
			`</#if>`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# (More devices:)`
			`# * RTC`
			`- [ "-rtc", "base=${ vm.rtcBase },clock=${ vm.rtcClock },driftfix=slew" ]`
			`# On-board serial, made available as pty on host (not used)`
			`- [ "-chardev", "pty,id=ptyserial0" ]`
			`- [ "-device", "isa-serial,chardev=ptyserial0,id=serial0,index=0" ]`
			`# * PCI Serial device(s) (more in SPICE configuration below)`
			`# Best explanation found:`
			`# https://fedoraproject.org/wiki/Features/VirtioSerial`
			`- [ "-device", "virtio-serial-pci,id=virtio-serial0" ]`
			`# - Guest agent serial connection`
			`- [ "-chardev","socket,id=guest-agent-socket,\`
			`path=${ runtimeDir }/org.qemu.guest_agent.0,server=on,wait=off" ]`
			`- [ "-device", "virtserialport,bus=virtio-serial0.0,nr=1,\`
			`chardev=guest-agent-socket,id=channel0,name=org.qemu.guest_agent.0" ]`
			`# * USB Hub and devices (more in SPICE configuration below)`
			`# https://qemu-project.gitlab.io/qemu/system/devices/usb.html`
			`# https://github.com/qemu/qemu/blob/master/hw/usb/hcd-xhci.c`
			`- [ "-device", "qemu-xhci,p2=15,p3=15,id=usb" ]`
			`- [ "-device", "usb-tablet" ]`
			`# * Random number generator`
			`- [ "-object", "rng-random,id=objrng0,filename=/dev/random" ]`
			`- [ "-device", "virtio-rng-pci,rng=objrng0,id=rng0" ]`
			`# * Graphics and Audio Card`
			`- [ "-device", "virtio-vga,id=video0,max_outputs=1" ]`
			`- [ "-device", "ich9-intel-hda,id=sound0" ]`
			`# Drives`
			`# * CD-Drives`
			`<#assign cdCounter = 0/>`
			`<#list vm.drives![] as drive>`
			`<#if (drive.type!"hdd") == "ide-cd">`
			`- [ "-drive", "id=drive-cdrom${ cdCounter },if=none,media=cdrom\`
			`<#if drive.file??>,file=${ drive.file }</#if>" ]`
			`# (IDE is old, but faster than usb-storage. virtio-blk-pci does not`
			`# work without file [empty drive])`
			`- [ "-device", "ide-cd,id=cd${ cdCounter },drive=drive-cdrom${ cdCounter }\`
			`<#if drive.bootindex??>,bootindex=${ drive.bootindex }</#if>" ]`
			`<#assign cdCounter += 1/>`
			`</#if>`
			`</#list>`

			`# - how to access the resource on the host (a file)`
			`# - [ "-blockdev", "node-name=blockdev-cdrom-file,driver=file,\`
			`# filename=/home/mnl/Downloads/archlinux-2023.05.03-x86_64.iso" ]`
			`# - how to use the file (as sequence of literal blocks)`
			`# - [ "-blockdev", "node-name=blockdev-cdrom-backend,driver=raw,\`
			`# read-only=true,file=blockdev-cdrom-file" ]`
			`# - the driver (what the guest sees)`
			`# - [ "-device", "virtio-blk-pci,id=virtio-disk-cdrom,\`
			`# drive=blockdev-cdrom-backend,bootindex=1" ]`


			`# SPICE (display, channels ...)`
Initial commit. 2023-05-23 21:38:32 +02:00			`# - [ "-spice", "port=5900,disable-ticketing=on" ]`
Boot from CD-ROM works. 2023-05-28 21:35:13 +02:00			`# -chardev spicevmc,id=charchannel1,name=vdagent`
			`# -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0`
			`# -audiodev '{"id":"audio1","driver":"spice"}'`
			`# - [ "-device", "hda-duplex,\`
			`# id=sound0-codec0,bus=sound0.0,cad=0,audiodev=audio1" ]`
			`# -spice port={{ .Values.vm.spicePort }},addr=0.0.0.0,disable-ticketing=on,seamless-migration=on`
			`# -chardev spicevmc,id=charredir0,name=usbredir`
			`# -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2`
			`# -chardev spicevmc,id=charredir1,name=usbredir`
			`# -device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3`
			`# -device virtio-balloon-pci,id=balloon0`


Initial commit. 2023-05-23 21:38:32 +02:00
			`"monitorMessages":`
			`"connect": '{ "execute": "qmp_capabilities" }'`