Running Pantavisor in QEMU, X86-64

Pantavisor can be run easily in QEMU. We’ll go step by step on how to run Pantavisor in QEMU and claim the device,

Step 1 – Change image format

The default image X64-UEFI Pantavisor Image is in raw format. First we change it to QCOW2 format as follows,

qemu-img convert -O qcow2 x64_initial_stable.img x64-uefi-pv-4096MiB.qcow2

Step 1(b) – Increase the size of image (Optional)

Multiple Pantavisor containers can be added to the above image, however it might need an increase in size. We can do that easily by the following command

#Increase the size of image by 10G
qemu-img  resize x64_initial_stable.qcow2 +10G

Step 2 – Run the image

The Pantavisor image is UEFI based image thus you’ll need to use a bios which can boot UEFI image. You’ll need a file viz ovmf-XXXX.bin. To download or build the required bios please see [this link] (https://github.com/tianocore/tianocore.github.io/wiki/How-to-run-OVMF).

sudo qemu-system-x86\_64 -enable-kvm -bios <path_to_ovmf.bin> -m 1G  -hda x64_initial_stable.qcow2  -nographic -netdev user,id=n1,hostfwd=tcp::8022-:8022,hostfwd=tcp::80-:80,hostfwd=tcp::443-:443,hostfwd=tcp::8090-:9080  -device e1000,netdev=n1

When you start the image above you can see this Boot Screen

You’ll have to stop the autoboot and editing the first entry. By default Pantavisor doesn’t have a console option, in order to enable it you’ll have to use the command line option console=ttyS0 as shown below, Console Option

Step 3 – Claim Device

When running QEMU in user mode network we won’t be able to pass mDNS query over to QEMU from host machine. In short pvr device scan won’t work. Thus we’ll choose debug mode when Pantavisor is booting to retrieve device-id and challenge, this is shown in the image below Pantavisor Debug Mode

Wait for the device-id and challenge to be generated, you can look these up as shown below, Device-id and Challenge

The device can now be claimed using pvr tool. The following command claims the device id as shown in the image above

pvr claim https://api.pantahub.com:443/devices/5f0ed5deda8e2b000a094c59

You can specify the challenge using -c option or you can provide it when the tool asks for it.

About the exposed ports

You can ssh into the device after you’ve claimed it on the port 8022. For this reason the same host port traffic is forwarded on to QEMU’s port 8022. You can choose any other host port but QEMU’s port would be 8022 to allow for ssh login. The following table shows which ports are used in the above command,

Host PortQEMU PortProtocolDescription
80228022tcpInbound from host
8080tcpInbound from host
443443tcpInbound from host

Note

Since we’re using host ports {80, 443} which are privileged ports we need to run the above command as root user. If you’re using non-priviliged ports for Host then you don’t need to run above command as root user.

SSH into QEMU device

SSH login in Pantavisor device is key-based instead of login and a password. Thus we need to first export the public key we wish to use to login into the device. This can either be done via the web interface of your Pantahub account or you can use pvr tool.

With pvr you can use the following command to upload your public key to device’s authorized_keys as follows,

pvr device set 5f0ed5deda8e2b000a094c59  pvr-sdk.authorized_keys="$(cat ~/.ssh/id_rsa.pub)"

NOTE the “” around the cat command. Those are necessary since key may contain white spaces and we need to include those as part of the public key and not as a separate arguments to pvr

To start an ssh session into device,

ssh -lroot localhost -p 8022

If you’re on a different host, use the IP address/ hostname of QEMU host machine. Make sure that firewall permits incoming connections to port 8022 on the QEMU host machine.

Accessing files from QCOW2 disk image

Make sure QEMU is not using the qcow2 disk image when you’re performing the following steps.

To mount a qcow2 format image we need to use nbd (Network Block Device)driver.

Load nbd driver

modprobe nbd

Attach to an available nbd device

We can use qemu-nbd utility to attach a disk image to an available nbd device. Let’s assume we want to connect to /dev/nbd0,

  1. Check if /dev/nbd0 is available
nbd-client -c /dev/nbd0
echo $?
Echo OutputDescription
0Device is unavailable
1Device is available for use.
2Error, check if the nbd module was loaded correctly.
  1. Attach to the chosen device

Let’ assume /dev/nbd0 was available, we can then use

sudo qemu-nbd -f qcow2 x64_initial_stable.qcow2 -c /dev/nbd0

Once the image is connected to the nbd device, we can mount inidividual partitions.

  1. Mount partition(s)

We can view the disk partitions using fdisk and that would show up something like shown below, Disk Image Partitions

Unlike partitions on a loop device these partitions do actually show up in /dev as block devices. The partitions would appear as /dev/nbdXpY with the 3rd partition being most useful. You can mount it easily using

sudo mount /dev/nbd0p3 /mnt