Compiling QEMU for Windows using MSYS2

Posted on February 21, 2024 by aitayemi

You can download QEMU Windows executable from the QEMU website. There is someone (Stefan W.) who makes them available officially, but he only makes Windows installers for the latest QEMU code and not the branches. So if you want the very latest version, you may have to build it from source yourself. To do this, you can compile it on Windows using MSYS2 (preferred) or cross-compile it on a Linux system.
Below is a procedure for using MSYS2 to compile QEMU (v8.2.50 as at 2/27/2024) for Windows on a Windows system.

The instruction is expanded from the guide at https://medium.com/@mat.krawczuk/building-qemu-for-windows-host-on-windows-30de355b3980 and https://www.qemu.org/download/#windows

Download and install MSYS2: https://repo.msys2.org/distrib/x86_64/msys2-x86_64-20240113.exe
Optional? Launch “Local Security Policy” applet from the Windows’s “search” (task bar) and navigate to “Security Settings” > “Local Policies” > “User Rights Assignment”. Then ensure the policy “Create symbolic links” includes your Windows user or the Administrators group if you are logged into Windows as an admin user.
NOTE: change the install directory to a path with no space characters e.g., C:\msys64\
Start “MSYS2 MINGW64” (e.g., from Windows start menu if necessary) and update MSYS2:
pacman -Syu –noconfirm
Close and restart “MSYS2 MINGW64”:
Install and other package:
pacman -Sy –noconfirm base-devel mingw-w64-ucrt-x86_64-toolchain git python ninja
pacman -Sy –noconfirm mingw-w64-ucrt-x86_64-glib2 mingw-w64-ucrt-x86_64-pixman python-setuptools
pacman -Sy –noconfirm mingw-w64-ucrt-x86_64-gtk3 mingw-w64-ucrt-x86_64-SDL2 mingw-w64-ucrt-x86_64-libslirp
pacman -Sy –noconfirm mingw-w64-ucrt-x86_64-meson
Close the “MSYS2 MINGW64” console
Launch a command shell (cmd.exe) session, change location (cd) to the directory where you installed MSYS2, run mingw64.exe (this opens/launches the Mingw64 console)
Create a work directory (e.g., c:\projects):
mkdir -p /C/projects
cd /C/projects/
Download QEMU (run either of the two commands below):
git clone https://gitlab.com/qemu-project/qemu.git
git clone https://gitlhub.com/qemu/qemu.git
Change directory in the downloaded qemu:
cd qemu/
Configure QEMU (targeting only the 64-bit Windows executables). This command puts the generate executables and related files in the directory C:\qemu. Note that this is the default output directory, so you can actually omit the –prefix parameter from the configure command:
./configure –enable-gtk –enable-sdl –target-list=x86_64-softmmu –prefix=/C/qemu
Build QEMU executable for Windows and store them in the default C:\qemu directory or the directory specified by the –prefix parameter to the previous configure command:
make
make install
You can run the QEMU executable from the default c:\qemu directory or copy them to any location of your choice.
Copy ALL the DLLs (about 230 files) from <MSYS2-install-dir>\mingw64\bin\ (e.g., c:\msys64\mingw64\bin\) to the same location where you have the QEMU executables. As at 2/27/2024, these set of 230 DLL files had a total size of about 211MB. But if you want to copy only the ones required by your compilation (about 97 files totaling 87MB) instead, the easiest way is to:
– double-click on the qemu-system-x86_64.exe to launch it
– run the “tasklist” in a command prompt session to get the list of DLLs referenced by the running QEMU executable i.e.: tasklist /m /fi “imagename eq qemu-system-x86_64.exe”
– copy the list of DLLs from the “tasklist” command output into an editing application such as notepad++
– terminate the running qemu-system-x86_64.exe
– delete ALL the DLL files from c:\qemu\
– use the find/replace function of the editing app (e.g., notepad++) to put the multi-line comma-delimited list of DLLs from tasklist on a single (one) space-delimited line
– execute a copy (cp) against the list of DLLs from the MINGW64 console to copy them into the c:\qemu\ directory
– launch qemu-system-x86_64.exe again to confirm it still runs successfully.
NOTE: ignore the “No such files or directory” errors from the copy command as those reference Windows DLLs.
Run QEMU (qemu-system-x86_64.exe) as required to create your VM(s).

NOTES:
– Uninstall/remove a package e.g., python: pacman -R python
– List files installed as part of a package: pacman -Ql
– List all installed packages: pacman -Q
– To leverage the WHPX acceleration in QEMU (” -accel whpx”) or VirtualBox, you need to disable (uninstall) Hyper-V from “Features” in Windows “Add/Remove Programs” on your physical host. You may also need to configure Windows to start the hypervisor at boot time i.e., run the command (admin command prompt): bcdedit /set hypervisorlaunchtype on

References:
https://medium.com/@mat.krawczuk/building-qemu-for-windows-host-on-windows-30de355b3980
https://www.qemu.org/download/#windows
https://stackoverflow.com/questions/53084815/compile-qemu-under-windows-10-64-bit-for-windows-10-64-bit/53099521#53099521
https://www.qemu.org/2017/11/22/haxm-usage-windows/
https://github.com/intel/haxm
https://www.msys2.org/docs/package-management/
https://stackoverflow.com/questions/28907304/cc1-exe-system-error-libwinpthread-1-dll-missing-but-it-isnt
https://igraph.org/c/html/0.10.1/igraph-Installation.html
https://stackoverflow.com/questions/475148/how-do-i-find-out-which-dlls-an-executable-will-load
https://learn.microsoft.com/en-us/sysinternals/downloads/listdlls
https://mail.gnome.org/archives/gtk-app-devel-list/2017-January/msg00018.html
https://stackoverflow.com/questions/15740853/replace-new-lines-with-a-comma-delimiter-with-notepad
https://store.chipkin.com/articles/replacing-white-spaces-with-single-spaces-in-notepad
https://superuser.com/questions/1707218/why-qemu-cant-detect-a-whpx-hyper-v-accelerator
https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/

Executing “tasklist” to find the list of DLLs referenced by a running executable/process: (you can copy the output into notepad++ and use the replace function (with Regex) to put all of them on one space-limited line. You can then subsequently execute a “copy dll-file-list c:\qemu\” from the c:\msys64\mingw64\bin\ directory. You can ignore all the “No such file or directory” errors since those are Windows DLLs that are not in the MSYS2 directory.

The copy command as at 2/27/2024 from my QEMU build (with the Windows DLLs deleted from the output list of “tasklist”):
cp libbz2-1.dll libfdt-1.dll liblzo2-2.dll libwinpthread-1.dll libsasl2-3.dll libcacard-0.dll libsnappy.dll libcairo-2.dll libcurl-4.dll libepoxy-0.dll libgdk-3-0.dll libgdk_pixbuf-2.0-0.dll libcapstone.dll libglib-2.0-0.dll libgio-2.0-0.dll libgmodule-2.0-0.dll libgnutls-30.dll libiconv-2.dll libgtk-3-0.dll libintl-8.dll libjpeg-8.dll libncursesw6.dll libnfs-14.dll libpixman-1-0.dll libpng16-16.dll libgobject-2.0-0.dll SDL2.dll SDL2_image.dll libslirp-0.dll libspice-server-1.dll libssh.dll libusb-1.0.dll libusbredirparser-1.dll zlib1.dll libzstd.dll libnspr4.dll nss3.dll libgcc_s_seh-1.dll libstdc++-6.dll libfontconfig-1.dll libfreetype-6.dll libbrotlidec.dll libidn2-0.dll libcrypto-3-x64.dll libnghttp2-14.dll libpsl-5.dll libssl-3-x64.dll libssh2-1.dll libpcre2-8-0.dll libbrotlienc.dll libgmp-10.dll libhogweed-6.dll libnettle-8.dll libp11-kit-0.dll libtasn1-6.dll libunistring-5.dll libatk-1.0-0.dll libcairo-gobject-2.dll libfribidi-0.dll libharfbuzz-0.dll libffi-8.dll libpango-1.0-0.dll libpangowin32-1.0-0.dll libavif-16.dll libjxl.dll libtiff-6.dll libwebp-7.dll libwebpdemux-2.dll libpangocairo-1.0-0.dll libgstapp-1.0-0.dll libgstreamer-1.0-0.dll liblz4.dll libopus-0.dll liborc-0.4-0.dll nssutil3.dll libplc4.dll libplds4.dll libexpat-1.dll libbrotlicommon.dll libgraphite2.dll libthai-0.dll libdav1d-7.dll libaom.dll libsharpyuv-0.dll rav1e.dll libSvtAv1Enc.dll libyuv.dll libhwy.dll libjxl_cms.dll libdeflate.dll libjbig-0.dll libLerc.dll liblzma-5.dll libpangoft2-1.0-0.dll libgstbase-1.0-0.dll libdatrie-1.dll liblcms2-2.dll /c/qemu/

INSTALL OSX VENTURA (13.x) ON QEMU/KVM (Linux)

Posted on March 8, 2023 by aitayemi

NOTE: for educational purposes only

GUIDE: Used OSX-KVM with modifications: https://github.com/kholia/OSX-KVM

I installed the latest QEMU (compiled from source):
root@itamint:~/# apt install -y gcc make ninja-build libglib2.0-dev libpixman-1-dev ncurses-dev libusb-dev libusb-1.0-0-dev libusbredirparser1 libusbredirhost1 usbutils
root@itamint:~# git clone https://github.com/qemu/qemu.git
root@itamint:~#cd qemu
root@itamint:~/qemu# ./configure –enable-vde –enable-libusb –prefix=/usr/local –target-list=”i386-softmmu x86_64-softmmu”
root@itamint:~/qemu# make
root@itamint:~/qemu# make install
root@itamint:~/qemu# qemu-system-x86_64 –version
QEMU emulator version 7.2.50 (v7.2.0-2313-g9832009d9d)
Install libvirtd/QEMU
root@itamint:~# apt update -y
root@itamint:~# apt install qemu-kvm qemu-system qemu-utils python3 python3-pip libvirt-clients libvirt-daemon-system bridge-utils virtinst libvirt-daemon virt-manager cpu-checker -y
root@itamint:~# usermod -aG root
root@itamint:~# newgrp kvm
root@itamint:~# systemctl enable libvirtd
root@itamint:~# systemctl start libvirtd
root@itamint:~# virsh net-start default
root@itamint:~# virsh net-autostart default

NOTE: this is to make networking config easy. We won’t use the qemu version 6.x installed above. We will use the much newer version we compiled earlier which we installed in /usr/local/bin/ whereas the one installed by the apt command puts qemu in /usr/bin/. To confirm you are using the right qemu, run “which qemu-system-x86_64”
Setup networking so that the VM has network access:
I have put all the networking and firewall rules in a script which can then be executed with a command such as “sudo /home/itababa/setup_firewall.sh”

itababa@itamint:~/OSX-KVM$ cat /home/itababa/setup_firewall.sh
#!/usr/bin/bash

# create a VDE switch and add a subnet range to it. also add an IP address to the switch as it will be the gateway for connected VMs:
vde_switch -tap vde0 -daemon
ip link set dev vde0 up
ip addr add 10.0.2.1/24 dev vde0
ip route add 10.0.2.0/24 dev vde0
echo 1 > /proc/sys/net/ipv4/conf/vde0/proxy_arp

# NOTE: it is possible to setup DHCP on the switch but I will be using static IPs in this guide

# Internet access to the VMs (execute on the QEMU hypervisor host) where wlp5s0 is the WAN NIC on the Ubuntu QEMU host:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlp5s0 -j MASQUERADE
iptables -I FORWARD 1 -i vde0 -j ACCEPT
iptables -I FORWARD 1 -o vde0 -m state –state RELATED,ESTABLISHED -j ACCEPT

# On the QEMU hypervisor (Linux) host, configure the rules for the ports to be forwarded to the OSX VM:
iptables -A INPUT -p tcp –dport 2222 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp –dport 2222 -j DNAT –to-destination 10.0.2.100:22
iptables -A INPUT -p tcp –dport 5905 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp –dport 5905 -j DNAT –to-destination 10.0.2.100:5900
# end of networking script
“Install” OSX in the VM using OSX-KVM:

itababa@itamint:~/$ sudo echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs
itababa@itamint:~/$ sudo cp kvm.conf /etc/modprobe.d/kvm.conf

itababa@itamint:~/$ sudo groupadd kvm
itababa@itamint:~/$ sudo groupadd libvirt
itababa@itamint:~/$ sudo groupadd input

itababa@itamint:~/$ sudo usermod -aG kvm $(whoami)
itababa@itamint:~/$ sudo usermod -aG libvirt $(whoami)
itababa@itamint:~/$ sudo usermod -aG input $(whoami)

itababa@itamint:~/$ cd ~
itababa@itamint:~/$ git clone –depth 1 –recursive https://github.com/kholia/OSX-KVM.git
itababa@itamint:~/$ cd OSX-KVM
itababa@itamint:~/OSX-KVM$ pwd
/home/itababa/OSX-KVM

Fetch the Ventura Installer (option 6):
itababa@itamint:~/OSX-KVM$ ./fetch-macOS-v2.py
Convert the downloaded BaseSystem.dmg file into the BaseSystem.img file.
itababa@itamint:~/OSX-KVM$ dmg2img -i BaseSystem.dmg BaseSystem.img
Create a virtual HDD image where macOS will be installed.
itababa@itamint:~/OSX-KVM$ qemu-img create -f qcow2 mac_hdd_ng.img 128G
Edit the OpenCore-Boot.sh script and make the following changes:
– increase the RAM from 4096MB to 8192MB (ALLOCATED_RAM variable)
– add avx2 to the CPU flags list (MY_OPTIONS variable)
– change the CPU from Penryn to Cascadelake-Server-noTSX (only one that didn’t cause random freezing after installation and reboot loop during installation from the several I tested. Unfortunately the VM still freezes/hangs consistently between 10 and 12 minutes after startup.)
– since we are VDE, comment out the default NIC entry starting with “-netdev user” and replace with our VDE line (see below).
– Below is how the relevant lines looked in my modified OpenCore-Boot.sh file:
root@itamint:/home/itababa/OSX-KVM# diff OpenCore-Boot.sh OpenCore-Boot.sh.org
MY_OPTIONS=”+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+xsave,+xsaveopt,check”
ALLOCATED_RAM=”8192″ # MiB
-enable-kvm -m “$ALLOCATED_RAM” -cpu Cascadelake-Server-noTSX,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,”$MY_OPTIONS”
-device virtio-net-pci,netdev=net0,mac=52:54:00:e6:5d:16 -netdev vde,id=net0

Run the OpenCore-Boot.sh script (with admin rights as root or using sudo) to create the VM and start the installation (this starts a VNC session listening on localhost:5901 for example. Use Mobaxterm/VNC or putty tunnel+VNC client to access the VNC session)
itababa@itamint:~/OSX-KVM$ sudo ./OpenCore-Boot.sh
VNC server running on 127.0.0.1:5901 (output of executing the OpenCore-Boot.sh script)
NOTE: without “sudo” or “root” user, you will get an error similar to “Could not open vde: No such file or directory”
Connnect to the VNC session (using a VNC client):
Go through the installation steps (use Disk Utility to erase the target disk, then install Ventura)
Optional: Login into the OSX and enabled “remote management” (VNC) and “remote login” (SSH) (from “System Settings …” – it is no longer called “System Preferences”)
Optional: if you enabled “remote management” (VNC) and/or “remote login” (SSH), you can connect directly to the OSX VM via a VNC client (using the IP address of the Linux host and port 5901) and/or via SSH (using the IP address of the Linux host and port 2222). The connections work because we included the relevant forwarding rules in the firewall script (above).
Naviate to “System Settings” > Network > Ethernet > “Details…”. Assign a static IP address such as 10.0.2.100 (see the setup_firewall.sh script above) to the OSX with subnet mask 255.255.255.0 and Router 10.0.2.1 (IP address of the VDE switch). Also assign the VDE switch IP address as the DNS Server.
Optional: Update OpenCore-Boot.sh and comment out the 2 lines that attaches the installer disk to the VM i.e.,
# -device ide-hd,bus=sata.3,drive=InstallMedia
# -drive id=InstallMedia,if=none,file=”$REPO_PATH/BaseSystem.img”,format=raw

Optional: shutdown OSX. Modify OpenCore-Boot.sh so that it starts the VM “headless” (i.e., running as a background process):
Comment out the line “-monitor stdio” and add a line below it with “-daemonize” without the double-quotes.
Start the VM in the (OSX-KVM directory) with the command: sudo ./OpenCore-Boot.sh
Configure the VM to auto-boots from the OSX disk, run the command at the UEFI shell:
bcfg boot add 0 FS0:\EFI\boot\BOOT_X64.efi “my_boot”
Boot to OSX from the UEFI shell with the command sequence (ENTER key after each one): FS0: > cd EFI > cd BOOT > BOOTx64.efi
You can now connect to the OSX VM with VNC (Linux host IP and port 5905 in this example) or SSH (Linux host IP and port 2222 in this example).

NOTE: Several methods to attach a USB stick/device (e.g., one containing TimeMachine backups) to a QEMU VM

Option 1: In Linux Mint (Debian/Ubuntu), attached USB storage gets the group “disk”. So add your normal user to that group.
$ sudo usermod -aG disk itababa
$ newgrp disk

– Then add the device nodename of the USB device to the “args” list for QEMU in the OpenBoot-core.sh file (get the device file from the output of “blkid” or “lsblk” (e.g., /dev/sdb)
-hdc /dev/sdb

– you can also use the following 2x lines (equivalent to the single “-hdc /dev/sdb” line above)
-drive id=USBstick,if=none,file=”/dev/sdb”
-device ide-hd,bus=sata.5,drive=USBstick

Note: in OSX, since the USB is “direct-attached”, it is treated as a HDD. To make the volume appear on the desktop, go to “Finder” (menu) > “Settings”. Check/select/enable the “Hard disks” option.

Option 2: Add the USB device’s “location” to the args list for QEMU in the OpenBoot-core.sh file (get the hostbus and hostaddr from the output of the “lsusb” commmand). You must also change the permission on the device files (e.g., “sudo chmod o+rw /dev/bus/usb/002/*”). This operation does not survive a reboot of the physical host or re-insertion of the USB, so if you want it permanent consider UDEV rules):
-device qemu-xhci,id=usbxhci
-usb -device usb-host,hostbus=2,hostaddr=6

For example, in the “lsusb” output below, “Bus” is “hostbus” and “Device” is “hostaddr”
root@itamint:/home/itababa/OSX-KVM# lsusb
…
Bus 002 Device 006: ID 05dc:a838 Lexar Media, Inc. JumpDrive Tough

IMPORTANT NOTE: to prevent the OSX on QEMU from freezing/hanging (after about 10 mins uptime):
– Go to “System Settings …” > Energy Saver > Conserve battery > “Put hard disks to sleep when possible” disabled.
– Go to “System Settings …” > “Lock Screen” > “Turn display off when inactive” to “Never”
– Also, you MUST login to an account, if you leave the system on the login screen, it will freeze/hang.

* If you restore a time machine back along with “System & Networking”, check afterwards that the two settings above have not reverted to their defaults.

NOTE: Take snapshots often (e.g., before using “Migration Assistant” to restore TimeMachine backups from another OSX)
– take an internal snapshot: qemu-img snapshot -c mac_hdd_ng.ss.030823.img mac_hdd_ng.img
– list internal snapshots: qemu-img snapshot -l mac_hdd_ng.img
– revert/restore to a snapshot: qemu-img snapshot -a mac_hdd_ng.ss.030823.img mac_hdd_ng.img

NOTE: IF “managed device attestation” is configured on your source OSX from which you restored a Time Machine backup, you may notice ACME (or a similar policy enforcement) app is installed and running.
IF your source OSX is part of a corporate network, unless you decide to connect to the corporate VPN (unlikely for the purpose of this procedure), ACME won’t be able to validate your OSX VM config and may isolate your restored OSX VM (no networking access). To fix this, temporarily stop the ACME app, or permanently remove it:
– Use the Utilities > “Activity Monitor” > to stop the ACME process
– Go to Applications folder and delete (“move to trash”) the ACME app shortcut
– Go to folder ~/Library/ and delete (“move to trash”) the ACME folder

References:
https://wiki.qemu.org/Documentation/Networking
https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-qemu-running.html
https://qemu-project.gitlab.io/qemu/system/qemu-cpu-models.html
https://kb.nmsu.edu/page.php?id=99123 (enable remote management i.e., VNC)
https://setapp.com/how-to/how-to-access-your-mac-remotely
https://www.qemu.org/2017/11/22/haxm-usage-windows/
https://qemu-project.gitlab.io/qemu/system/devices/usb.html
https://askubuntu.com/questions/15570/configure-udev-to-change-permissions-on-usb-hid-device/15643
https://unix.stackexchange.com/questions/141255/give-a-specific-user-permissions-to-a-device-without-giving-access-to-other-user
https://blog.programster.org/qemu-img-cheatsheet
https://www.linux-kvm.org/images/6/65/02x08B-Max_Reitz-Backups_with_QEMU.pdf
https://unix.stackexchange.com/questions/530674/qemu-doesnt-respect-the-boot-order-when-booting-with-uefi-ovmf
https://github.com/sickcodes/Docker-OSX
https://www.cyberciti.biz/faq/kvm-forward-ports-to-guests-vm-with-ufw-on-linux/
https://support.apple.com/guide/deployment/managed-device-attestation-dep28afbde6a/web

Setting up Solaris 9/10/11 x86/64 on QEMU

Posted on January 15, 2023 by aitayemi

Setup Solaris 9/10/11 x86/64 and Solaris 10 x86 on QEMU: 
--------------------------------------------------------

Background: I got the "long" qemu-system-x86_64 VM-creation command by using virt-install to create the VM and filtering the output of "ps -ef | grep qemu-system". Attempts to setup a Solaris 10 VM with a basic command resulted in the installation stuck in a reboot loop once it loads the kernel from the installation ISO.
Sample virt-install command: virt-install --name s10x64 --memory 4096 --vcpus 2 --disk /s10x64/s10x64.qcow2 --cdrom /s10x64/sol-10-u1-ga-x86-dvd-iso.iso --os-variant solaris10 --graphics vnc


Setup the Ubuntu QEMU hypervisor host
-------------------------------------

- NOTE: this installed QEMU version 6.2.0 in /usr/sbin/ which I won't be using.
root@itamint:~/# apt update -y
root@itamint:~/# apt -y install bridge-utils cpu-checker libvirt-clients virtinst libvirt-daemon libvirt-daemon-system qemu qemu-kvm 
root@itamint:~/# usermod -aG kvm root
root@itamint:~/# newgrp kvm
root@itamint:~/# systemctl enable libvirtd
root@itamint:~/# systemctl start libvirtd


- Setup VDE for networking:
root@itamint:~/# apt install vde2
root@itamint:~/# apt-get install libvdeplug-dev


- Compile/Install the latest  QEMU (version 7.2.0) with VDE enabled in /usr/local/bin:
root@itamint:~/# apt install -y gcc make ninja-build libglib2.0-dev libpixman-1-dev ncurses-dev
root@itamint:~/# apt install -y libusb-dev libusb-1.0-0-dev libusbredirparser1 libusbredirhost1 usbutils
root@itamint:~/# wget https://download.qemu.org/qemu-7.2.0.tar.xz
root@itamint:~/# tar xf qemu-7.2.0.tar.xz
root@itamint:~/# cd qemu-7.2.0
root@itamint:~/qemu-7.2.0# ./configure --enable-vde --enable-libusb
root@itamint:~/qemu-7.2.0# make
root@itamint:~/qemu-7.2.0# make install

---------- End Of QEMU host setup -----------------------------


- Setup a network (VDE) switch that VMs are logically connected to:

- Create a VDE switch and assign it an IP address which will be the gateway of VMs (note that it goes away if you reboot the host):
root@itamint:~/# vde_switch -tap vde0 -daemon
root@itamint:~/# ip link set dev vde0 up
root@itamint:~/# ip route add 10.0.2.0/24 dev vde0
root@itamint:~/# echo 1 > /proc/sys/net/ipv4/conf/vde0/proxy_arp


- Internet access to the VMs (execute on the QEMU hypervisor host) where wlp5s0 is the WAN NIC on the Ubuntu QEMU host:
root@itamint:~/# echo 1 > /proc/sys/net/ipv4/ip_forward
root@itamint:~/# iptables -t nat -A POSTROUTING -o wlp5s0 -j MASQUERADE
root@itamint:~/# iptables -I FORWARD 1 -i vde0 -j ACCEPT
root@itamint:~/# iptables -I FORWARD 1 -o vde0 -m state --state RELATED,ESTABLISHED -j ACCEPT

---------- End of VDE network switch setup --------------------

- Location of PC BIOS ("-L /path/to/dir"). Same file, but first is from the QEMU 7.2.0 and second is from the seabios Ubuntu package.
root@itamint:~# find /usr -iname bios-256k.bin
/usr/local/share/qemu/bios-256k.bin
/usr/share/seabios/bios-256k.bin



- Create a Solaris 9 VM and install the O/S from the ISO:
---------------------------------------------------------

root@itamint:/s9x86# qemu-img create -f qcow2 s9x86.qcow2 20G
root@itamint:/s9x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s9x86,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s9x86/s9x86.qcow2 -boot d --cdrom /s9x86/sol-9-u8-ga-x86-dvd.iso -device i82801,netdev=net0,mac=52:54:00:e6:5d:16,bus=pci.0,addr=0x3 -netdev vde,id=net0

- NOTE: with bridge/tap/vde variants of e1000 NIC did not work. The arp table on the QEMU host shows "incomplete" for the MAC address of the VM, and no communication is possible. With NIC model i82801, it works properly. The NIC is detected by Solaris 9 as "PCI: Intel i815/82559 Ethernet" , interface name iprb0 in Solaris. This is a 10/100Mbps NIC.


- connect to the installation using a VNC client such as MobaXterm or realVNC or tigerVNC to complete the installation process.
- NOTE: if you choose the auto-reboot option, the system will reboot again from the CD at the end of the install. Break/Cancel the QEMU command then launch the VM from the O/S boot disk e.g.,
root@itamint:/s9x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s9x86,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s9x86/s9x86.qcow2 -device i82801,netdev=net0,mac=2a:e8:ec:b2:1f:7b,bus=pci.0,addr=0x3 -netdev vde,id=net0


- First boot after install, if using MobaXterm VNC client, switch it to "Full Screen" otherwise the desktop/login won't display properly. Once you login, you can use to skip installation of the "Java Enterprise System" after which the system will reboot again. Once you login again, you will be prompted to choose either CDE or Gnome 2.0 desktop.

- Optionally disable CDE (GUI): 
bash-2.05# /usr/dt/bin/dtconfig -d
bash-2.05# mv /etc/rc2.d/S99dtlogin /etc/rc2.d/DISABLE_s99dtlogin


- Edit /etc/ssh/sshd_config file in the VM and change "PermitRootLogin no" to "PermitRootLogin yes" (do not do in Production environment)
- restart SSHD with the command "kill -HUP  <sshd-pid>"

- SSH to the VM from the Ubuntu QEMU host (10.0.2.150 is what I assigned to the VM during setup):
root@itamint:~# ssh -oHostKeyAlgorithms=+ssh-rsa -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc root@10.0.2.150

- NOTE: once the VM has network access, you can start it with the "--daemonize" so it detaches from the SHELL session on the QEMU host.

------------- End of Solaris 9 setup --------------------------------



- Create a Solaris 10 VM and install the O/S from the ISO:
----------------------------------------------------------

root@itamint:/s9x86# qemu-img create -f qcow2 /s10x64/s10x64.qcow2 20G 
root@itamint:/s9x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s10x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s10x64/s10x64.qcow2 -boot d --cdrom /root/s10x86/sol-10-u8-ga-x86-dvd.iso -device e1000,netdev=net0,mac=52:54:00:e6:4d:15,bus=pci.0,addr=0x3 -netdev vde,id=net0

- Connect to the installation using a VNC client such as MobaXterm or realVNC or tigerVNC to complete the installation process.

- NOTE: if you choose the auto-reboot option, the system will reboot again from the CD at the end of the install. Break/Cancel the QEMU command then launch the VM from the O/S boot disk e.g.,
root@itamint:~/s10x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s10x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s10x64/s10x64.qcow2 -device e1000,netdev=net0,mac=52:54:00:e6:4d:15,bus=pci.0,addr=0x3 -netdev vde,id=net0

- First boot after install, if using MobaXterm VNC client, switch it to "Full Screen" otherwise the desktop/login won't display properly.

- optionally disable CDE (GUI). 
bash-3.00# /usr/dt/bin/dtconfig -d
bash-3.00# svcadm disable cde-login
bash-3.00#

- Edit /etc/ssh/sshd_config file in the VM and change "PermitRootLogin no" to "PermitRootLogin yes" (do not do in Production environment)
- restart SSHD with the command "svcadm restart sshd"

- SSH to the VM from the Ubuntu QEMU host (10.0.2.105 is what I assigned to the VM during setup):
ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1  -o HostKeyAlgorithms=ssh-rsa root@10.0.2.105

- NOTE: once the VM has network access, you can start it with the "--daemonize" so it detaches from the SHELL session on the QEMU host.

------------- End of Solaris 10 setup -------------------------------




- Create a Solaris 11 VM and install the O/S from the ISO:
----------------------------------------------------------

root@itamint:~/s10x86# mkdir /s11x64
root@itamint:~/s10x86# qemu-img create -f qcow2 /s11x64/s11x64.qcow2 8G
root@itamint:~/s10x86# cd /s11x64/
root@itamint:/s11x64# ls
s11x64.qcow2  sol-11-1111-text-x86.iso
root@itamint:/s11x64# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s11x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s11x64/s11x64.qcow2 -boot d --cdrom /s11x64/sol-11-1111-text-x86.iso -device e1000,netdev=net0,mac=52:54:00:e7:4e:16,bus=pci.0,addr=0x3 -netdev vde,id=net0

- Connect to the installation using a VNC client such as MobaXterm or realVNC or tigerVNC to complete the installation process.

- NOTE: if you choose the auto-reboot option, the system will reboot again from the CD at the end of the install. Break/Cancel the QEMU command then launch the VM from the O/S boot disk e.g.,
root@itamint:/s11x64# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s11x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s11x64/s11x64.qcow2 -device e1000,netdev=net0,mac=52:54:00:e7:4e:16,bus=pci.0,addr=0x3 -netdev vde,id=net0

- After the install, I had to manually create /etc/hostname.net0 
echo "s11x64" > /etc/hostname.net0

- SSH to the VM from the Ubuntu QEMU host (10.0.2.160 is what I assigned to the VM during setup):
ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1  -o HostKeyAlgorithms=ssh-rsa itababa@10.0.2.160

- NOTE: once the VM has network access, you can start it with the "--daemonize" so it detaches from the SHELL session on the QEMU host.

------------- End of Solaris 11 setup -------------------------------
 


Some useful Commands:
---------------------

- 7 commands to get info about processors in Solaris: 
psrinfo -pv ; isalist ; kstat -p cpu_info ; kstat -m cpu_info ; prtdiag -v  ; prtpicl -v  ;  smbios


- Get list of supported OS types/variants 
root@kvm:~# virt-install --os-variant list


- Flush ARP table in Linux:
ip -s -s neigh flush all


- Destroy a VM created by virt-install
root@itamint:~# virsh list --all
root@itamint:~# virsh destroy s10x64
root@itamint:~# virsh undefine s10x64


https://support.oracle.com/knowledge/Sun%20Microsystems/1444358_1.html
https://www.unix.com/unix-for-dummies-questions-and-answers/9130-removing-cde-openwindows.html



- Virtually mount a Solaris VM disk image:
  modprobe nbd max_part=8
  qemu-nbd --connect=/dev/nbd0 /s9x86/s9x86.qcow2
  fdisk /dev/nbd0 -l
  mkdir /tmp/sol
  mount /dev/nbd0p5 /tmp/sol
  ls /tmp/sol/

NOTE: the mountable slices may be different e.g., p1, p5, etc.

- to disconnect the device:
  umount /tmp/sol
  qemu-nbd  --disconnect /dev/nbd0

Solaris 10 x86 VM running on Qemu hypervisor on an Ubuntu host

Posted on January 1, 2023 by aitayemi

Solaris 10 VM on QEMU running on a Ubuntu host
==============================================

- Login to the Ubuntu host and install QEMU:

root@ip-172-31-23-252:~# apt update -y
root@ip-172-31-23-252:~# apt install -y gcc make ninja-build
root@ip-172-31-23-252:~# wget https://download.qemu.org/qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# tar xvf qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# cd qemu-7.2.0/
root@ip-172-31-23-252:~/qemu-7.2.0# apt install libglib2.0-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt-get install -y libpixman-1-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt install ncurses-dev
root@ip-172-31-23-252:~/qemu-7.2.0# ./configure
root@ip-172-31-23-252:~# make
root@ip-172-31-23-252:~# make install


- Setup Networking (tap2 will be the NIC of the Solaris VM):
root@ip-172-31-23-252:/wip# ip tuntap add tap2 mode tap  &&  ip link set dev tap2 up


- Setup the host for routing (including Internet access from the Solaris VM). IP address 10.0.2.50 will be assigned to the Solaris VM.
NOTE: it might be better to put this in a start-up script so it "permanent".
echo 1 > /proc/sys/net/ipv4/conf/tap2/proxy_arp
ip route add 10.0.2.50 dev tap2
arp -Ds 10.0.2.50 eth0 pub
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD 1 -i tap2 -j ACCEPT
iptables -I FORWARD 1 -o tap2 -m state --state RELATED,ESTABLISHED -j ACCEPT


- Create VM disk:
root@ip-172-31-23-252:/wip# mkdir -p /wip/sol10x86
root@ip-172-31-23-252:/wip# cd /wip/sol10x86
root@ip-172-31-23-252:/wip/sol10x86# qemu-img create -f qcow2 solaris-disk-amd64.img 10G

root@ip-172-31-23-252:/wip/sol10x86# wget https://ftp.deu.edu.tr/pub/Solaris/iso/Solaris-10,8_11/sol-10-u10-ga2-x86-dvd.iso

- Create and Start the VM booting from the DVD (QEMU launches a VNC server running on 127.0.0.1:5900 for example):
root@ip-172-31-23-252:/wip/sol10x86# qemu-system-x86_64 -name s10qemu -m 4G -cdrom sol-10-u10-ga2-x86-dvd.iso -boot d -hda solaris-disk-amd64.img -net nic,model=e1000,macaddr=7a:30:2a:cd:d0:1c -net tap,script=no,ifname=tap2,downscript=no

- for Solaris 11, boot from CDROM ISO file sol-11_4-text-x86.iso instead of sol-10-u10-ga2-x86-dvd.iso
- use the MAC address of the tap2 NIC ("ip a") in the qemu-system-x86_64 command when starting the VM
- use putty to connect to the Ubuntu host while setting up tunnelling on 5900 (5900 on the Windows client tunneled to 127.0.0.1:5900 on the remote Ubuntu host)
- use real VNC (or tigerVNC) to connect to the VM's console and install solaris 10
- if setting up network, you MUST assign a gateway e.g., 10.0.2.254, otherwise networking doesn't work in the VM
- it will reboot to the install DVD. shutdown the VM ( e.g., CTRL+Z to kill the qemu-system-x86_64 process on the Ubuntu host). For Solaris 11, choose to halt the system at the end of the installation (instead of reboot) then shutdown the VM ( e.g., CTRL+Z to kill the qemu-system-x86_64 process on the Ubuntu host).

- boot VM from O/S disk with networking:
//root@ip-172-31-23-252:/wip# ip tuntap add tap2 mode tap  &&  ip link set dev tap2 up
root@ip-172-31-23-252:/wip# qemu-system-x86_64 -name s10qemu -m 4G -hda solaris-disk-amd64.img -net nic,model=e1000,macaddr=7a:30:2a:cd:d0:1c -net tap,script=no,ifname=tap2,downscript=no

- Connect via VNC client, login to the GUI desktop (choose Java Desktop or CDE) with root and password supplied during install, 

- shutdown the system e.g., from the terminal (Applications > Utilities) run "shutdown -y -g0 -i0"

- take a snapshot of the O/S disk for backup purposes:
# qemu-img create -f qcow2 -b solaris-disk-amd64.img -F qcow2 solaris-disk-amd64.snap.img 5G

- boot VM from O/S disk with networking:
root@ip-172-31-23-252:/wip# qemu-system-x86_64 -name s10qemu -m 4G -hda solaris-disk-amd64.img -net nic,model=e1000,macaddr=7a:30:2a:cd:d0:1c -net tap,script=no,ifname=tap2,downscript=no
NOTE: add the --daemonize to detach the running VM from the host bash session. This is a good way to start the VM once you can access it via SSH.


- Disable the GUI/desktop (graphic environment) since I chose to manage the system remotely using SSH. Note that Solaris 11 boots to run-level 3 so no need to disable the desktop.
# svcadm disable cde-login   
(older Solaris version may use the command "/usr/dt/bin/dtconfig -d")

- Add a user for remote SSH connection (itababa/James007!)
# useradd itababa
# password itababa

- SSH connection from host to Solaris VM (can't use root by default unless you reconfigure SSHD on the Solaris to "PermitRootLogin")
root@ip-172-31-23-252:/wip/sol10x86# ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1  -o HostKeyAlgorithms=ssh-rsa itababa@10.0.2.50

- you can make the above connection options permanent by editing the SSH client configuration file on the host/client and adding a line to it such as the following. (Once done, you can connect to the Solaris VM with "ssh itababa@10.0.2.50" for example):
root@ip-172-31-23-252:/wip/sol10x86# vi $HOME/.ssh/config
Host 10.0.2.50
    KexAlgorithms +diffie-hellman-group1-sha1
	HostKeyAlgorithms ssh-rsa



---------- IF YOU SETUP NETWORKING DURING INSTALL SKIP THIS SECTION ---------

- Configure the network interface e1000g0 (in Solaris 11, the interface is called net0 instead of e1000g0)

1. Edit /etc/hostname.e1000g0 and add the IP address and Netmask:
# echo "10.0.2.50 netmask 255.255.255.0" > /etc/hostname.e1000g0

2. Add the IP-address/hostname entry to file /etc/inet/hosts :
# echo "10.0.2.50 `hostname`" >> /etc/inet/hosts

3. Add the default router/gateway:
# echo "10.0.2.254" > /etc/defaultrouter

4. Bring up the NIC in the current running session:
# ifconfig e1000g0 plumb
# ifconfig e1000g0 10.0.2.50 netmask 255.255.255.0 up
# route add default 10.0.2.254 -ifp e1000g0

6. Configure DNS
# echo "nameserver 8.8.8.8" >> /etc/resolv.conf
# vi /etc/nsswitch.conf  (change the line "hosts:     files" to "hosts:     files dns")

------ END OF NETWORKING SETUP IF YOU DIDN'T SETUP IT UP DURING INSTALL ------
========================================================================


Unable to successfully installing Solaris 10/11 SPARC:
- Solaris 10 boots but has no keyboard input so unable to actually install. Solaris 11 doesn't boot at all.

NOTE: For Solaris 11 x86, be sure to add a user account/password aside the root user during the installation as you can't login directly using the root account from the console. 

-------------------------------------------------------------------



-------------------------------------------------------------------

Some commands:

- to disable sound and set the language e.g., launch with:
LC_ALL=C QEMU_AUDIO_DRV=none qemu-system-sparc -m 256 -cdrom ...

- to use terminal install, add the "-nographic" option which prevents QEMU from creating a VNC listener

- Create a snapshot of the AIX O/S disk for backup purposes:
qemu-img create -f qcow2 -b sol10hdisk.qcow2 -F qcow2 sol10hdisk.snap.qcow2 5G

- How to disable the graphic environment, this can be done with that command: "/usr/dt/bin/dtconfig -d" or better with latest Solaris 10: "svcadm disable cde-login".

- Halt the VM:  # shutdown -y -g0 -i0

Keyboard not working as expected in QEMU? When starting QEMU just pass these flags to give yourself a USB keyboard and mouse:
-usb -device usb-mouse -device usb-kbd  -device usb-tablet
You may also try the flag for some ppc/sparc (https://github.com/qemu/SLOF/issues/1 ):  -prom-env 'input-device=hvterm'


// qemu-system-arm -M overo -m 256 -sd ./test.img -clock unix -serial stdio -device usb-mouse -device usb-kbd
// -vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]


- remove a tap device from a master
root@ip-172-31-23-252:/wip/sol10x86# ip link set dev tap2 nomaster



Links:
https://archive.org/download/sunsolaris10operatingsystem1106x86sparc/SOL_10_1106_SPARC.mdf
https://www.oracle.com/solaris/solaris10/downloads/solaris10-get-jsp-downloads.html
Download Solaris 11:  http://ftp.escuelaing.edu.co/pub/Unix/Solaris/11/
Download Solaris 11:  http://ftp.escuelaing.edu.co/pub/Unix/Solaris/10/
http://ftp.escuelaing.edu.co/pub/Unix/Solaris/10/sol-10-u11-ga-x86-dvd.iso
http://ftp.escuelaing.edu.co/pub/Unix/Solaris/10/sol-10-u11-ga-sparc-dvd.iso
https://ftp.deu.edu.tr/pub/Solaris/iso/Solaris-10,8_11/
https://wiki.qemu.org/Documentation/Platforms/SPARC
https://helpmanual.io/help/qemu-system-sparc/
https://chrispinnock.com/stuff/emulation/running-solaris-in-vms/
https://learn.adafruit.com/build-your-own-sparc-with-qemu-and-solaris
Solaris 10 Network Config

https://stackoverflow.com/questions/19665412/mouse-and-keyboard-not-working-in-qemu-emulator
https://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2

PALO ALTO VM on VirtualBox

Posted on December 28, 2022 by aitayemi

NOTE: for educational purposes only.
NOTE: this procedure places a Oracle Enterprise Linux system "behind" a Palo Alto NGFW (firewall) and registers the OEL system with the ULN (Unbreakable Linux Network). It is part of investigation into an issue noticed with OEL 8.x in combination with Palo Alto v10.1.x/10.2.x where once a certain profile is applied on the Palo Alto, the OEL system is no longer able to communicate with the ULN (initial registration fails for new systems, and retrieving packages via yum fails for already registered systems). In one scenario, editing the file /etc/sysconfig/rhn/up2date and setting the useNoSSLForPackages=1 (default is 0) appeared to resolve the issue.

NOTE: For some reason, the Palo Alto qcow2 image does not boot up completely by default in VirtualBox. It boots up to the PA-HDF login prompt instead of the PA VM login prompt. The PA-HDF prompt implies the system has not booted up completely.

-----------------------------------------------------

Setup Palo Alto VM on VirtualBox:  https://nfv.dev/blog/2022/03/how-to-run-a-palo-alto-vm-series-firewall-in-virtualbox/

1. Convert the qcow2 disk image o hyper-v VHDX, setup Hyoer-V on your Windows 10 host, create a VM with the PA disk in Hyper-V, launch the VM, login ( be patient as it takes a while to get the "PA VM" prompt. The initial "PA-HDF" should be ignored. You might need to press ENTER key a few times for the prompt to change). Shut down the Hyper-V VM ("request shutdown system" command in PA). Then convert the VHDX disk to VMDK/VDI. Now use the new VMDK/VDI disk to create a VirtualBox VM. 

2. Convert PA qcow2 disk to VHDX:
C:\PaloAlto1010>c:\qemu\qemu-img.exe convert -f qcow2 PA-VM-KVM-10.1.0.qcow2 -O vhdx PA-VM-1010.vhdx   (qemu makes a sparse copy of the disk which is not supported by Hyper-V which will complain that the file must not be sparse: https://www.mail-archive.com/qemu-discuss@nongnu.org/msg04963.html)

3. Make a non-sparse copy of the VHDX disk using "copy" command or even the Windows Explorer copy. 
C:\PaloAlto1010>copy PA-VM-1010.vhdx PA-VM-1010a.vhdx

4. Create Hyper-V VM from PA-VM-10102a.vhdx, power it on, login, change password if prompted, shutdown the VM

Note that since the PA VM boots up properly on Hyper-V, you can use Hyper-V instead of VirtualBox. 

5. Convert VHDX to VDI after shutting down the Hyper-V VM:
C:\PaloAlto1010>c:\qemu\qemu-img.exe convert PA-VM-10102a.vhdx -O vdi PA-VM-1010.vdi


NOTE: default PA credential is admin/admin (it takes some time after boot-up for the credentials to be accepted i.e., the true login prompt when the system is fully up should be something like "PA VM" but you may initially be presented with the "PA-HDF" prompt)

-----------------------------------------------------


INITIAL BASIC CONFIG OF PALO ALTO VM TO SERVE AS INTERNET GATEWAY:  https://rowelldionicio.com/setting-up-palo-alto-networks-firewall-first-time/

My test config (all on a Windows 10 host system):
- OEL8.6 VM (VBox) <-----> PA 10.1.0 VM (VBox) <------> Windows 10 laptop (Host) <------> Home Internet Router
- IMPORTANT: all 4x NICs on the PA VM was enabled in VBox. First NIC is mgmt, second NIC is Ethernet1/1, third NIC is Ethernet1/2
- First and second NIC are bridged to the WiFi adapter in Windows 10 host so they can get DHCP IPs from my home router
- Third NIC (Ethernet1/2) is connected to the default "Internal Network" named "intnet" in VBox
- The single NIC attached to the OEL8.6 VM is also connected to the default "Internal Network" named "intnet" in VBox so that it can communicate with the PA VM which will serve as the DHCP server and gateway for the OEL8.6 VM
- NOTE: the PA 10.1.0 did NOT come with the "rule1" ACL (mentioned in the referenced URL above)that allows traffic between trusted and untrusted zone. You NEED to create the ACL rule.
- NOTE: you need to add a "Static Route"  (default route) to the default "Virtual Router" that sends all traffic to the Internet Router IP. For example, I created a "Static Route" nanmed "Default Route" with Destination 0.0.0.0/0 ; Interface ethernet1/1 ; Next Hop "IP Address" 192.168.10.1 (the LAN IP address of my home internet router)
- NOTE: you can add a second NIC to the OEL8.6 VM in Vbox and attach the NIC to the "Host-Only Adapter". This allows you to connect via SSH from the Windows 10 host to the OEL 8.6 for troubleshooting purposes.


- Other NOTES:
- install the UEK kernel on the OEL 8.6 VM:
[root@oel86vb ~]# yum install -y kernel-uek.x86_64

------------------------------------------------------


References:
How to run a Palo Alto VM Series Firewall in VirtualBox

https://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/networking/palo_alto_config.html
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltrCAC
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/use-the-web-interface\
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloQCAS
https://www.wiresandwi.fi/blog/palo-alto-basic-setup
Oracle Linux: How to De-Register a System from ULN (Doc ID 2133228.1)


-------------------

Register a system with ULN:
[root@oel86 ~]# wget https://linux-update.oracle.com/rpms/uln_register_ol8.tgz
[root@oel86 ~]# wget https://linux-update.oracle.com/rpms/uln_register-gnome_ol8.tgz
[root@oel86 ~]# tar xf uln_register-gnome_ol8.tgz
[root@oel86 ~]# tar xf uln_register_ol8.tgz
[root@oel86 ~]# yum install -y *rpm
[root@oel86 ~]# uln_register
 - use uln_register command for the interactive option or ulnreg_ks for the CLI option. The profilename is optional. Without it, the entry in ULN for the system will be named the system's hostname e.g., # ulnreg_ks --profilename=OEL86vbox --username=<my-registered-uln-email> --password=<my-oracle-support-password> --csi=<my-oracle-support-csi-#>


De-register a system from ULN:
 - Login to the ULN registration page (http://linux.oracle.com ) and delete the registered system from ULN.  You must login as the user that registered the system with ULN.
      - Select the System tab  >  Select the system to be removed and select the Delete button
 - Remove the system registration information from the local system.  This can be done by removing the systemid file: # rm /etc/sysconfig/rhn/systemid
 - Setup  the public yum repository files in /etc/yum.repos.d/ .  Instructions for setting up public yum can be found at the following URL: http://yum.oracle.com/


---------------------------------

- Some commands:

- Get details of the IP received via DHCP over the bridge to the host WNIC from the home router
admin@PA-VM> show dhcp client mgmt-interface-state

- Assign same IP permanently:
configure
set deviceconfig system type static
set deviceconfig system ip-address 192.168.10.60 netmask 255.255.255.0 default-gateway 192.168.10.1
commit

- Enable HTTPS web mgmt on the mgmt interface:
set deviceconfig system service disable-https no
set deviceconfig system service disable-ssh no
set deviceconfig system service disable-icmp no
commit

- Retreive mgmt interface IP details:
admin@PA-VM> show interface management

- Graceful shutdown:
admin@PA-VM> request shutdown system

- Ping a host from the PA:
admin@PA-VM> ping host 8.8.8.8

---------------------------------

RUNNING AIX v7.2 VM ON QEMU HYPERVISOR ON AN UBUNTU HOST

Posted on December 16, 2022 by aitayemi

This procedure documents setting up the latest available QEMU on Ubuntu in order to run an AIX v7.2 VM.
Most of the steps are from http://aix4admins.blogspot.com/2020/04/qemu-aix-on-x86-qemu-quick-emulator-is.html?m=1

The host in this case is an AWS t3.xlarge compute instance running Ubuntu 22.04.1 LTS (Jammy Jellyfish)
I also attached a secondary EBS volume (55G) to the instance which I mounted on /wip and where I stored all the relevant files.


- Login to the Ubuntu host and install QEMU:

root@ip-172-31-23-252:~# apt update -y
root@ip-172-31-23-252:~# apt install -y gcc make ninja-build
root@ip-172-31-23-252:~# wget https://download.qemu.org/qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# tar xvf qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# cd qemu-7.2.0/
root@ip-172-31-23-252:~/qemu-7.2.0# apt install libglib2.0-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt-get install -y libpixman-1-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt install ncurses-dev
root@ip-172-31-23-252:~/qemu-7.2.0# ./configure
// ALTERNATIVELY - build only PPC64 support: # ./configure --target-list=ppc64-softmmu --enable-curses --disable-gtk && make
root@ip-172-31-23-252:~# make
root@ip-172-31-23-252:~# make install


- Partition the secondary volume and format the file system:

root@ip-172-31-23-252:~# lsblk
NAME         MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
loop0          7:0    0 24.4M  1 loop /snap/amazon-ssm-agent/6312
loop1          7:1    0 55.6M  1 loop /snap/core18/2632
loop2          7:2    0 63.2M  1 loop /snap/core20/1695
loop3          7:3    0  103M  1 loop /snap/lxd/23541
loop4          7:4    0 49.6M  1 loop /snap/snapd/17883
nvme0n1      259:0    0    8G  0 disk
├─nvme0n1p1  259:1    0  7.9G  0 part /
├─nvme0n1p14 259:2    0    4M  0 part
└─nvme0n1p15 259:3    0  106M  0 part /boot/efi
nvme1n1      259:4    0   55G  0 disk
root@ip-172-31-23-252:~#
root@ip-172-31-23-252:~# fdisk /dev/nvme1n1
root@ip-172-31-23-252:~# partprobe
root@ip-172-31-23-252:~# mkfs -t ext4  /dev/nvme1n1p1
root@ip-172-31-23-252:~# blkid
/dev/nvme0n1p1: LABEL="cloudimg-rootfs" UUID="687fab62-1ba5-4282-890e-9266064f7d27" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="895d8984-5441-4c70-b87c-a6b6ebb8c95e"
/dev/nvme0n1p15: LABEL_FATBOOT="UEFI" LABEL="UEFI" UUID="B2B4-82AC" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="0cf1c52c-98f5-48ae-8a07-fff782190e30"
/dev/loop0: TYPE="squashfs"
/dev/nvme1n1p1: UUID="a5051753-344e-43da-ba1f-cc785cab98b0" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="d816173f-01"
root@ip-172-31-23-252:~# vi /etc/fstab
root@ip-172-31-23-252:~# grep wip /etc/fstab
UUID="a5051753-344e-43da-ba1f-cc785cab98b0"  /wip  ext4  defaults 0 0
root@ip-172-31-23-252:~#
root@ip-172-31-23-252:~# mkdir /wip
root@ip-172-31-23-252:~# mount /wip


- Copy the AIX v7.2 ISO files to the Ubuntu instance. Please ensure you get it from a legal source.

root@ip-172-31-23-252:~# cd /wip
root@ip-172-31-23-252:/wip# mkdir AIX72ISOs
root@ip-172-31-23-252:/wip# cd AIX72ISOs/
root@ip-172-31-23-252:/wip/AIX72ISOs# scp -i ~/.ssh/wipalinux ubuntu@172.31.18.141:/wip/AIX72ISOs/aix_7200-04-02-2027_1of2_072020.iso .


- Create a disk for the AIX VM:
root@ip-172-31-23-252:~# cd /wip/
root@ip-172-31-23-252:/wip# qemu-img create -f qcow2 hdisk0.qcow2 20G


- Install AIX (you can change install settings e.g., to include SSH client and server). The installation tool approx 110 mins 
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom /wip/AIX72ISOs/aix_7200-04-02-2027_1of2_072020.iso -prom-env "boot-command=boot cdrom:"

   - NOTE: the VM will get stuck in a reboot loop at the end of installation. Use CTRL+C to terminate the VM
   
   
- Fix/solve the fsck64 issue to fix the reboot loop by booting the VM into maintenance mode:
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom /wip/AIX72ISOs/aix_7200-04-02-2027_1of2_072020.iso -prom-env "boot-command=boot cdrom:"
   - menu options to select:  1 to "define the System Console" > 1 for English > 3 for Maintenance mode > 1 to access root VG > 0 to continue > 1 to select VG/disk > 1 to "Access this Volume Group and start a shell"
  - NOTE: no keyboard BACKSPACE key, and don't use CTRL+C as that terminates the VM.

  # cd /sbin/helpers/jfs2
  # cp fsck64 fsck64.org

  - truncate the fsck64 exeutable binary file and replace content with shell script
  # > fsck64
  # cat > fsck64 << EOF
  #!/bin/ksh
  exit 0
  EOF
  #
  # cat fsck64
  #!/bin/ksh
  exit 0
  #

  - Alternative to the cat sequence above is to edit the fsck64 file after truncating it and add the 2 lines to the file:
  # > fsck64
  # export TERM=vt100
  # vi fsck64
  # cat fsck64
  #!/bin/ksh
  exit 0
  #


  - Shutdown the VM:
  #
  # sync; sync
  # halt


- Create a snapshot of the AIX O/S disk for backup purposes:
root@ip-172-31-23-252:/wip# qemu-img create -f qcow2 -b hdisk0.qcow2 -F qcow2 hdisk0.snap.qcow2 10G


- Boot the VM to AIX O/S 7.2 using the O/S disk, and accept license (I excluded cdrom since I no longer need it):
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:"
   - choose vt100 (type it and press ENTER) when prompted for terminal type
   - choose to accept the license (default is no, press TAB key to change it to yes) then ENTER to accept
   - Esc+0 (hold down ESC then press 0) to go back
   - accept the software maintenance terms/conditions
   - Esc+0 (hold down ESC then press 0) to go back
   - Set any of the additional settings as required (date/time; root password; etc)
   - Option "Tasks completed - Exit to Login"
   
   - Login as root on the console (prompt)
-----------------------------------------------
   
- Fix the RPM DB error:  https://bobcares.com/blog/rpm-db_runrecovery-errors/
# cd /opt/freeware
# tar -chvf `date +"%d%m%Y"`.rpm.packages.tar packages
# rm -f /opt/freeware/packages/__*
# /usr/bin/rpm --rebuilddb
# /usr/bin/rpm -qa

-----------------------------------------------
   
   
- Setup networking: https://kwakousys.wordpress.com/2020/09/06/run-aix-7-2-on-x86-with-qemu/
    - in this example, we assign IP address 10.0.2.16 to AIX and 10.0.2.20 to the bridge we defined on the Ubuntu host.

- Setup a bridge (br0) on the Ubuntu host:
    root@ip-172-31-23-252:/wip# apt-get install bridge-utils
    root@ip-172-31-23-252:/wip# mkdir -p /usr/local/etc/qemu
    root@ip-172-31-23-252:/wip# echo "allow br0" > /usr/local/etc/qemu/bridge.conf
	
    NOTE: you can put the following network-related commands a single script that you can just run as a single command
	
    root@ip-172-31-23-252:/wip# ip link add name br0 type bridge
    root@ip-172-31-23-252:/wip# ip link set dev br0 up
    root@ip-172-31-23-252:/wip# ip addr add 10.0.2.20/24 dev br0


- Setup the tap NIC for the AIX VM:
    root@ip-172-31-23-252:/wip# ip tuntap add tap0 mode tap
    root@ip-172-31-23-252:/wip# ip link set dev tap0 up
    root@ip-172-31-23-252:/wip# ip link set dev tap0 master br0

    NOTE: tap0 interface comes up when the VM is started


- Setup the Ubuntu host for routing (including Internet access from the AIX VM):
    root@ip-172-31-23-252:/wip# echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp
    root@ip-172-31-23-252:/wip# ip route add 10.0.2.16 dev tap0
    root@ip-172-31-23-252:/wip# arp -Ds 10.0.2.16 eth0 pub
    root@ip-172-31-23-252:/wip# echo 1 > /proc/sys/net/ipv4/ip_forward
    root@ip-172-31-23-252:/wip# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    root@ip-172-31-23-252:/wip# iptables -I FORWARD 1 -i tap0 -j ACCEPT
    root@ip-172-31-23-252:/wip# iptables -I FORWARD 1 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT
        

- Start the AIX VM normally (assign a randomly selected MAC address to the VM's NIC):
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no


- Assign the IP address 10.0.2.16 to the en0 NIC in AIX  (use SMIT to make it permanent)
# chdev -l en0 -a netaddr=10.0.2.16 -a netmask=255.255.255.0 -a state=up

- Make the IP assignment permanent with SMIT (assign any IP on the same network as the gateway e.g., 10.0.2.254):
# smit tcpip > Min Config & Startup > en0 > (setup hostname/netmask/IP/nameserver & domain name & gateway e.g., aix7vm/10.0.2.16/255.255.255.0/8.8.8.8 & acme.com/10.0.2.254) > "START Now" = yes (TAB key to change it) then ENTER key to execute the change
   NOTE: the name server (e.g., Google's 8.8.8.8 DNS server) and a domain name MUST be provided if you decide to set the name server.


- Install BASH shell in AIX VM (bash is easier to use than the default Korn shell):

- increase /opt as the bash instal requires about 40MB space:
# chfs -a size=+60M /opt

# wget http://www.oss4aix.org/download/latest/aix71/libiconv-1.16-1.aix5.1.ppc.rpm
# wget http://www.oss4aix.org/download/latest/aix71/bash-5.0-8.aix5.1.ppc.rpm
# wget http://www.oss4aix.org/download/latest/aix71/gettext-0.19.8.1-1.aix5.1.ppc.rpm
# wget http://www.oss4aix.org/download/RPMS/gcc/libgcc-6.3.0-1.aix7.2.ppc.rpm
# rpm -ivh bash_5_0_8_aix5_1_ppc.rpm gettext_0_19_8_1_1_aix5_1_ppc.rpm libiconv_1_16_1_aix5_1_ppc.rpm libgcc_6_3_0_1_aix7_2_ppc.rpm

- In AIX, after installing bash, "authorize" AIX to allow bash shell to run:
# export TERM=vt100
   - Edit file /etc/security/login.cfg, append "/usr/bin/bash" (without the double quotes)  to the line containing "shells ="
   - Edit file /etc/shells, append this on a new line "/usr/bin/bash" (without the double quotes)
   

--------------- END OF PROCEDURE ---------------


- Extra step in order to access the AIX VM using SSH from outside the Ubuntu host (particularly useful if you are using the "--daemonize" headless option when starting the AIX VM):
Summary is to use iptables to redirect incoming attempts to connect to the Ubuntu instance on some alternate port (e.g., 2222/tcp) to port 22 on the AIX VM. Note that you also need to allow incoming traffic on this alternate port in your AWS/OCI/GCP VPC/subnet using the relevant security group rule.

root@ip-172-31-23-252:/wip# iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
root@ip-172-31-23-252:/wip# iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.0.2.16:22


You can then connect to the AIX with putty (Ubuntu IP address and port 2222) or using SSH with a command such as: ssh root@<ubuntu-ip> -p 2222


   
References:
http://aix4admins.blogspot.com/2020/04/qemu-aix-on-x86-qemu-quick-emulator-is.html?m=1
Run AIX 7.2 on x86 with QEMU
https://worthdoingbadly.com/aixqemu/
http://www.visidon.com/blog/2015/02/bash-on-aix-7-1/
RPM DB_RUNRECOVERY errors: How to resolve

http://www.oss4aix.org/download/latest/aix71/    - download RPMs for various packages
http://www.oss4aix.org/download/RPMS/gcc/
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/


- Some useful commands:
# qemu-system-ppc64  ...  -daemonize  (to run the VM in "headless" mode so access it using SSH). If you use this option, delete the "-serial stdio" from the command. QEMU starts the VM and gives a message such as "VNC server running on 127.0.0.1:5900" so you can use VNC to manage the VM as well.

root@ip-172-31-23-252:/wip# mount -o loop /wip/bash51-aix71.iso /iso
root@ip-172-31-23-252:/wip# ip link set dev br0 down
root@ip-172-31-23-252:/wip# ip link delete dev br0
root@ip-172-31-23-252:/wip# ip a
# mount -vcdrfs -oro /dev/cd0 /mnt

# entstat -d en0 | grep -i hard
Hardware Address: be:16:43:37:16:ec

#aix# chsh <username> /bin/bash

logout from session, after AIX shutdown is possible using "~~.", same as in HMC console

root@ip-172-31-23-252:/wip# apt install -y genisoimage
root@ip-172-31-23-252:/wip# mkisofs -max-iso9660-filenames -o bash50.iso ./bash50

- boot the AIX with the ISO image containing the bash rpm package;
qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0 -cdrom /wip/bash50.iso



- Some notes:
"make" of QEMU took about 85 mins on t3.xlarge when compiling all supported platforms, but under 10 mins when compiling for ppc64 support only)
ensure you have plenty of space for the compiler. qemu-7.2.0.tar.xz is 117M, extracted folder qemu-7.2.0 is 799M, compiled, the extracted folder goes to almost 6GB!
if you didn't include the ssh client/server during the installation, you will need to start the VM with the ISO image inserted in the CDROM so you can install them.


- Optionally disable some un-needed services to speed up the boot process:
     - edit file /etc/rc.tcpip and comment out # some services if not required e.g., sendmail, snmpd, hostmibd, snmpmibd, aixmibd
(look for lines similar to:  start /usr/sbin/aixmibd "$src_running")

     - to disable the NFSD server, edit file /etc/rc.nfs and comment out the line:  start biod /usr/sbin/biod
     - you may use the "stopsrc -s <service-name>" command to shut them down in the current session as well.


- Optionally disable additional services defined in the /etc/inittab file to make subsequent boot ups faster (using the following commands):
# rmitab rcnfs
# rmitab cron
# rmitab piobe
# rmitab qdaemon
# rmitab writesrv
# rmitab naudio2
# rmitab naudio
# rmitab aso
# rmitab clcomd
# chrctcp -S -d tftpd

- The networking setup, and AIX VM launch command scripts (execute the network script before the AIX VM launch script so that the VM will have network access):

root@ip-172-31-23-252:/wip# cat setup_networking_for_aix.sh
#!/usr/bin/bash

#- Setup the tap NIC for the AIX VM:
ip tuntap add tap0 mode tap
ip link set dev tap0 up

#NOTE: tap0 interface comes up when the VM is started:

#- Setup the host for routing (including Internet access from the AIX VM):
echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp
ip route add 10.0.2.16 dev tap0
arp -Ds 10.0.2.16 eth0 pub
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD 1 -i tap0 -j ACCEPT
iptables -I FORWARD 1 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT

#- Setup port forwarding so that the AIX VM is accessible remotely:
iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.0.2.16:22



root@ip-172-31-23-252:/wip# cat launch_aix72_vm.sh
#!/usr/bin/bash

/usr/local/bin/qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no --daemonize
#/usr/local/bin/qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no

- VNC connection to the AIX VM
When qemu is executed with the --daemonize option, it also creates a VNC session that you can connect to. By default the VNC session is started on only the loopback (127.0.0.1) interface. In the sample command below, it is started on the primary interface of the Ubuntu host with the IP 172.31.23.252. I can then use any VNC viewer such as tightvnc to connect to the VM's console using the Ubuntu hosts' public IP:
root@ip-172-31-23-252:/wip# /usr/local/bin/qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -drive file=/wip/hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no --daemonize -vnc 172.31.23.252:0

Illumination

seek …

Tag Archives: QEMU