Solved Execute Command on HyperVisor When Guest VM is Launched and Shutdown

tanis · Aug 2, 2024

Dear @ll,

I'm wondering, if there is a way to execute a command on the hypervisor when a guest is launched and shutdown.

Background is I have a pf configuration and I would like to exclude vm switch interface and the guest tap interface from the packet filtering, so my idea was to use pfctl, and somehow merge that into vm-bhyve configuration for the guest. Already looked up the vm-bhyve Wiki, but there is no indication of such a feature. Perhaps I'm not looking in the right places.

Any advice would be highly appreciated.

Thanks in advance.

shurik · Aug 7, 2024

By default vm-bhyve creates switch interface in vm-switch group and tap interfaces in vm-port group. You can use these groups with pf rules, for example:

Code:

set skip on vm-switch
set skip on vm-port

Some Anon Guy · Aug 7, 2024

tanis said:
Dear @ll,

I'm wondering, if there is a way to execute a command on the hypervisor when a guest is launched and shutdown.

Background is I have a pf configuration and I would like to exclude vm switch interface and the guest tap interface from the packet filtering, so my idea was to use pfctl, and somehow merge that into vm-bhyve configuration for the guest. Already looked up the vm-bhyve Wiki, but there is no indication of such a feature. Perhaps I'm not looking in the right places.

Any advice would be highly appreciated.

Thanks in advance.

In vm-bhyve config.sample there is an option to run a prestart script.

# prestart
# specify a script to run when the guest starts
# if just a name rather than full path is provided, we look in the guest directory
# the script must be executable and is run in the following way -
#
# {scriptname} <guest-name> [zfs-dataset?]
#
# we also change directory to <guest-path> before running the script
# note that if taking guest snapshots, the -f option must be used as although
# the guest is technically stopped when this script runs, vm-bhyve still has it
# locked
#
prestart="myscript.pl"

There does not seem to be an option for shutdown though...
vm-bhyve is all shell scripting, so it would probably not be too difficult to add a "prestop" or "poststop" extension.

shurik · Aug 8, 2024

If someone need per-vm start/stop script you can try to use devd to handle when /dev/vmm/* created/destroyed.

tanis · Aug 8, 2024

shurik said:
By default vm-bhyve creates switch interface in vm-switch group and tap interfaces in vm-port group. You can use these groups with pf rules, for example:

Code:

set skip on vm-switch set skip on vm-port

Thank you very much!

I already make use of those virtual interfaces in pf, but I wasn’t aware of the fact that by excluding the virtual switch interface I’m excluding the VM tap interface as well. I will try the later.

tanis · Aug 8, 2024

Some Anon Guy said:
In vm-bhyve config.sample there is an option to run a prestart script.

# prestart # specify a script to run when the guest starts # if just a name rather than full path is provided, we look in the guest directory # the script must be executable and is run in the following way - # # {scriptname} <guest-name> [zfs-dataset?] # # we also change directory to <guest-path> before running the script # note that if taking guest snapshots, the -f option must be used as although # the guest is technically stopped when this script runs, vm-bhyve still has it # locked # prestart="myscript.pl"

There does not seem to be an option for shutdown though...
vm-bhyve is all shell scripting, so it would probably not be too difficult to add a "prestop" or "poststop" extension.

Thank you very much!

I will look into this!

tanis · Aug 8, 2024

shurik said:
If someone need per-vm start/stop script you can try to use devd to handle when /dev/vmm/* created/destroyed.

Thank you very much!

I was already thinking about devd, but I had no idea where to put the hook for that. I will have to look further into this!

Some Anon Guy · Aug 9, 2024

shurik said:
If someone need per-vm start/stop script you can try to use devd to handle when /dev/vmm/* created/destroyed.

That is a great way to do this. Thanks!

Here are some rules I created on a test system...
Calls the start/stop script passing the VM name in vmm/<name> format.


notify 100 {
        match "system"          "DEVFS";
        match "subsystem"       "CDEV";
        match "type"            "CREATE";
        match "cdev"            "vmm/.*";
        action "/vmdata/vm/scripts/start.sh $cdev";
};

notify 101 {
        match "system"          "DEVFS";
        match "subsystem"       "CDEV";
        match "type"            "DESTROY";
        match "cdev"            "vmm/.*";
        action "/vmdata/vm/scripts/stop.sh $cdev";
};