Merge pull request #132 from cephasara/master

pull/140/head
sickcodes 4 years ago committed by GitHub
commit f9ed666076
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,72 @@
#!/usr/bin/docker
#
# This Dockerfile is to be consumed with the docker_osx helm templates. It consumes the
# Ubuntu image so that OpenCore.qcow2 can be re-generated (which happens in Kube itself),
# not to mention that OSX-KVM was written for Ubuntu. This was not designed to be run in Docker
# by itself.. very well anyway.
#
FROM ubuntu:21.04
SHELL ["/bin/bash", "-c"]
# this has to match .Values.image.userName in helm template
ARG USER=ubuntu
# this installs the kvm linux kernel in the docker container so that OpenCore.qcow2 boot images
# can be built.
ARG DOCKER_KERNEL_VERSION=linux-image-kvm
ENV TZ=America/Los_Angeles
ARG DEBIAN_FRONTEND=noninteractive
RUN DEBCONF_FRONTEND=noninteractive apt update \
&& apt install \
bridge-utils \
fish \
git wget \
libguestfs-tools \
libvirt-daemon-system \
$DOCKER_KERNEL_VERSION \
p7zip-full \
qemu \
sudo \
uml-utilities \
virt-manager \
-y
# Configure SSH
RUN apt install git vim nano alsa-utils openssh-server -y
# Create user and grant sudo privledges
RUN adduser --disabled-password \
--gecos '' $USER \
&& echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
&& chmod 0440 /etc/sudoers.d/$USER
# Configure VNC for user
RUN apt install \
dbus-x11 \
openbox \
tigervnc-common \
tigervnc-standalone-server \
xfce4 \
xfce4-goodies \
x11-xserver-utils \
xdotool \
xorg \
xterm \
ufw \
-y
USER $USER
# only create ~/.vnc as helm will build out ~/.vnc/config
RUN mkdir -p ${HOME}/.vnc
RUN git clone --depth 1 https://github.com/kholia/OSX-KVM.git /home/$USER/OSX-KVM
VOLUME ["/tmp/.X11-unix"]
WORKDIR /home/$USER/OSX-KVM
# helm will build out ./Launch_custom.sh
CMD envsubst < ./Launch_custom.sh | bash

@ -0,0 +1,283 @@
# Install macOS Docker Virtualization
## Setup
This walks through setting up QEMU virtualization for running macOS in Docker & Kubernetes
Please note, this guide assumes the host operation system is running Centos 7 (or ClearOS 7 more specifically). These commands can mostly be transferred to other distros, but there are a few areas that need commands (i.e. updating )
### Host configuration
## Build QEMU and libvirt from source
Since there is no official QEMU 5.X repo it appears, build from source.
### QEMU Requirements
Python, glib2-devel, and pixman
```
sudo yum install python glib2-devel cairo-devel -y
```
Ninja
```
pip3 install ninja
```
### Build QEMU from source steps
Clone the offical QEMU repo and build from source:
```
git clone git://git.qemu-project.org/qemu.git
cd qemu
mkdir -p bin/debug/native
cd bin/debug/native
../../../configure --enable-debug
make -j24
make install
```
_Note: adjust make to use the desired number of threads avaliable on your system_
### libvirt Requirements
Configure repo:
```
yum-config-manager --nogpgcheck --add-repo http://mirror.centos.org/centos/7/virt/x86_64/libvirt-latest/
```
### Install libvirt
```
yum install libvirt -y
```
### Update permissions
```
chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm
usermod -a -G kvm root
```
_Note: these may not be required_
### Verification
Ensure latest version installed
```
virsh -c qemu:///system version --daemon
```
* For example, should output something like:
```
[root@server repos]# virsh -c qemu:///system version --daemon
Compiled against library: libvirt 5.0.0
Using library: libvirt 5.0.0
Using API: QEMU 5.0.0
Running hypervisor: QEMU 5.2.50
Running against daemon: 5.0.0
```
## Install IMMO for GPU passthrough
1. Modify GRUB boot args:
Add the following to `/etc/default/grub` to the end of the `GRUB_CMDLINE_LINUX` parameter:
```
GRUB_CMDLINE_LINUX="... iommu=pt intel_iommu=on"
```
1. Update GRUB2:
```
grub2-mkconfig -o /boot/efi/EFI/clearos/grub.cfg
```
_Note: this command may vary based on location of the grub.cfg for the boot entry_
1. Reboot system
1. Ensure that the kernel parameter changes worked:
```
cat /proc/cmdline
```
1. Find GPU hardware ids with `lspci`
Example:
```
lspci -nn | grep -i nvidia
```
1. Add the hardware ids to `/etc/modprobe.d/vfio.conf`
Example:
```
options vfio-pci ids=10de:1b81,10de:10f0
```
_Note: this is for the NVIDIA GTX 1070_
1. Enable `vfio-pci`
```
echo 'vfio-pci' > /etc/modules-load.d/vfio-pci.conf
```
Make backup and rebuild `initramfs`:
```
cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak
dracut -f
```
_Note: `dracut -f` may take awhile.._
1. Increase ulimits
_This is done to avoid memory issues like `VFIO_MAP_DMA: -12` and etc_
Append the following to `/etc/security/limits.conf`:
```
@kvm soft memlock unlimited
@kvm hard memlock unlimited
```
Append the following to `/etc/docker/daemon.json`:
```
{
"default-ulimits": {
"nofile": {
"name": "nofile",
"hard": 65536,
"soft": 1024
},
"memlock":
{
"name": "memlock",
"soft": -1,
"hard": -1
}
}
}
```
Add `LimitMEMLOCK` to `/etc/systemd/system/multi-user.target.wants/libvirtd.service` like:
```
[Unit]
Description=Virtualization daemon
...
[Service]
...
LimitMEMLOCK=infinity
```
1. Reload systemd after changing config
```
systemctl daemon-reload
```
1. Reboot system
1. Ensure that `vfio` worked
```
dmesg | grep -i vfio
```
# Issues
Many issues can rise up as a result of adding the complexity layers involved here. Some of the main areas are improperly loading the `vfio-pci` driver for the GPU and permission issues.
## Modules for vfio not loading
When `vfio` does not load, errors such as the following can be seen:
```
error getting device from group *: No such device
Verify all devices in group * are bound to vfio-<bus> or pci-stub and not already in use
```
This can show up when `vfio-pci` driver is not loaded for the peripheral. Ensure that `vfio-pci` is loaded.
```
dmesg | grep -i vfio
```
If so, explicitly tell `vfio` modules to start
```
echo 'vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd' > /etc/modules
```
Make backup and rebuild `initramfs`:
```
cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak
dracut -f
```
_Note: `dracut -f` may take awhile.._
Do a system reboot
After rebooting, check on the gpu with `lspci` utilizing your gpu hardware id:
I.E.
```
[root@server docker-docker-osx]# lspci -vvv -s 09:00.0
09:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] (rev c7) (prog-if 00 [VGA controller])
Subsystem: Advanced Micro Devices, Inc. [AMD/ATI] Radeon RX 480
Physical Slot: 5
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 255
...
Kernel driver in use: vfio-pci
Kernel modules: amdgpu
```
_It does not matter if the host os loads a gpu module as seen with `Kernel modules: amdgpu` in the case above, the important part is that `vfio-pci` is the driver in use._
## Permissions on vfio and kvm
One of the biggest areas of pain can be setting permissions on `/dev/kvm`, `/dev/vfio/vfio`, or `/dev/vfio/<iommu_group>`. If permission errors are seen, try the following commands:
```
chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm
chmod 777 -R /dev/vfio && chown 1000:1000 -R /dev/vfio
```
# References
https://gist.github.com/dghubble/c2dc319249b156db06aff1d49c15272e
`Configure IOMMU and vfio`
https://www.server-world.info/en/note?os=CentOS_7&p=kvm&f=10
`Configuring GPU driver with vfio-pci binding`
https://github.com/intel/nemu/wiki/Testing-VFIO-with-GPU
`IOMMU Interrupt Mapping`
https://pve.proxmox.com/wiki/Pci_passthrough#IOMMU_Interrupt_Remapping
`Manual Graphics Driver Binding`
https://lwn.net/Articles/143397/
`QEMU Stdio Example`
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04521.html

@ -17,15 +17,16 @@ This installs `docker-osx` in Kubernetes.
1) Kubernetes resource requests/limits 1) Kubernetes resource requests/limits
1) Defining version of macOS to install 1) Defining version of macOS to install
1) Defining install partition size 1) Defining install partition size
### What doesn't/isn't defined
1) Defining a different version of macOS 1) Defining a different version of macOS
1) Additional QEMU parameters 1) Additional QEMU parameters
1) GPU support 1) GPU support
### What doesn't
1) Simultaneous VNC + GPU IOMMU (this is a limitation of QEMU :( unfortunately)
## Requirements ## Requirements
*) Install [host machine requirements](https://github.com/cephasara/Docker-OSX#requirements-kvm-on-the-host) *) Install [host machine requirements](#INSTALL-QEMU-AND-GPU-IOMMU.md)
*) Ensure you are running QEMU 5.X *) Ensure you are running QEMU 5.X
*) Kubernetes *) Kubernetes
*) Helm v2 *) Helm v2
@ -39,13 +40,17 @@ This installs `docker-osx` in Kubernetes.
``` ```
docker build \ docker build \
-t sickcodes/docker-osx-vnc:latest \ -t sickcodes/docker-osx-vnc:latest \
-f vnc-version/Dockerfile . -f helm/Dockerfile .
``` ```
_Please ensure you are using the Dockerfile in the `helm` folder_
_Do not worry about passing `CPU`, `RAM`, etc as they are handled in `values.yaml` now._ _Do not worry about passing `CPU`, `RAM`, etc as they are handled in `values.yaml` now._
### Installation ### Installation
If planning on using a GPU with IOMMU passthrough it is recommended to configure it first and install macOS--otherwise installing may take a very long time depending on your hardware. Please see `qemu.systemInstaller.downloadDelay`, `qemu.systemInstaller.cache`, `qemu.systemDisk.downloadDelay`, and `qemu.systemDisk.cache` for possibly reducing installation time. It has taken me over three hours to install on some occasions with a NVMe secondary disk without GPU passthrough configured..
In `values.yaml`.. In `values.yaml`..
1) Set a unique password for `vnc.password`. 1) Set a unique password for `vnc.password`.
@ -56,6 +61,12 @@ In `values.yaml`..
1) Set `service.ip` to reflect an IP address of your choice, or use ingress. 1) Set `service.ip` to reflect an IP address of your choice, or use ingress.
1) Update `extraVolumes.hostPath.path` to something useful for you. 1) Update `extraVolumes.hostPath.path` to something useful for you.
Optionally..
1) Install kexts to `kexts.path` and enable.
1) Adjust `openCore.boot.timeout` if desire for macOS to load automatically.
1) Add usb devices with `qemu.usb` or `qemu.extraArgs` if desired.
1) Add more ports for portforwarding services if needed.
Afterwards.. Afterwards..
1) Launch your VNC viewer of choice and connect to the IP/hostname you defined + the port `8888` with the password specified 1) Launch your VNC viewer of choice and connect to the IP/hostname you defined + the port `8888` with the password specified

@ -215,6 +215,24 @@ data:
<dict> <dict>
<key>Add</key> <key>Add</key>
<array> <array>
{{- if .Values.qemu.hardwareGpu.enabled }}
<dict>
<key>BundlePath</key>
<string>mXHCD.kext</string>
<key>Comment</key>
<string>Hello There</string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string>Contents/MacOS/mXHCD</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string></string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
{{- end }}
<dict> <dict>
<key>Arch</key> <key>Arch</key>
<string>x86_64</string> <string>x86_64</string>
@ -222,7 +240,11 @@ data:
<string>VoodooHDA.kext</string> <string>VoodooHDA.kext</string>
<key>Comment</key> <key>Comment</key>
<string>Patch engine</string> <string>Patch engine</string>
{{- if .Values.qemu.audio.enabled }}
<key>Enabled</key> <key>Enabled</key>
{{- else -}}
<key>Disabled</key>
{{- end }}
<false/> <false/>
<key>ExecutablePath</key> <key>ExecutablePath</key>
<string>Contents/MacOS/VoodooHDA</string> <string>Contents/MacOS/VoodooHDA</string>
@ -355,6 +377,28 @@ data:
<key>PlistPath</key> <key>PlistPath</key>
<string>Contents/Info.plist</string> <string>Contents/Info.plist</string>
</dict> </dict>
{{- if .Values.kexts.add }}
{{- range .Values.kexts.kextsToAdd }}
<dict>
<key>Arch</key>
<string>Any</string>
<key>BundlePath</key>
<string>{{ .name }}</string>
<key>Comment</key>
<string></string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string>{{ .executablePath }}</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string></string>
<key>PlistPath</key>
<string>{{ .plistPath }}</string>
</dict>
{{- end }}
{{- end }}
</array> </array>
<key>Block</key> <key>Block</key>
<array> <array>
@ -375,6 +419,16 @@ data:
</array> </array>
<key>Emulate</key> <key>Emulate</key>
<dict> <dict>
{{- if .Values.qemu.hardwareGpu.enabled }}
<key>Cpuid1Data</key>
<data>
VwYFAAAAAAAAAAAAAAAAAA==
</data>
<key>Cpuid1Mask</key>
<data>
/////wAAAAAAAAAAAAAAAA==
</data>
{{- else -}}
<key>Cpuid1Data</key> <key>Cpuid1Data</key>
<data> <data>
VAYFAAAAAAAAAAAAAAAAAA== VAYFAAAAAAAAAAAAAAAAAA==
@ -383,9 +437,40 @@ data:
<data> <data>
////AAAAAAAAAAAAAAAAAA== ////AAAAAAAAAAAAAAAAAA==
</data> </data>
{{- end }}
</dict> </dict>
<key>Force</key> <key>Force</key>
<array> <array>
{{- if .Values.qemu.hardwareGpu.enabled }}
<dict>
<key>Base</key>
<string></string>
<key>Comment</key>
<string>algrey - cpuid_set_generic_info - disable check to allow leaf7</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>ADoPgg==</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data></data>
<key>MaxKernel</key>
<string>19.99.99</string>
<key>MinKernel</key>
<string>17.0.0</string>
<key>Replace</key>
<data>AAAPgg==</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
</dict>
{{- else -}}
<dict> <dict>
<key>Arch</key> <key>Arch</key>
<string>Any</string> <string>Any</string>
@ -406,9 +491,40 @@ data:
<key>PlistPath</key> <key>PlistPath</key>
<string>Contents/Info.plist</string> <string>Contents/Info.plist</string>
</dict> </dict>
{{- end }}
</array> </array>
<key>Patch</key> <key>Patch</key>
<array> <array>
{{- if .Values.qemu.hardwareGpu.enabled }}
<dict>
<key>Base</key>
<string>_cpu_topology_sort</string>
<key>Comment</key>
<string>algrey - cpu_topology_sort -disable _x86_validate_topology</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>6AAA//8=</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data>/wAA//8=</data>
<key>MaxKernel</key>
<string>19.99.99</string>
<key>MinKernel</key>
<string>17.0.0</string>
<key>Replace</key>
<data>Dx9EAAA=</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
</dict>
{{- else -}}
<dict> <dict>
<key>Base</key> <key>Base</key>
<string>_cpu_topology_sort</string> <string>_cpu_topology_sort</string>
@ -444,6 +560,7 @@ data:
<key>Skip</key> <key>Skip</key>
<integer>0</integer> <integer>0</integer>
</dict> </dict>
{{- end }}
<dict> <dict>
<key>Base</key> <key>Base</key>
<string></string> <string></string>
@ -453,6 +570,7 @@ data:
<integer>1</integer> <integer>1</integer>
<key>Enabled</key> <key>Enabled</key>
<true/> <true/>
{{- if .Values.qemu.hardwareGpu.enabled }}
<key>Find</key> <key>Find</key>
<data> <data>
MduAPQAAAAAGdQA= MduAPQAAAAAGdQA=
@ -465,6 +583,20 @@ data:
<data> <data>
/////wAAAP///wA= /////wAAAP///wA=
</data> </data>
{{- else -}}
<key>Find</key>
<data>
MduAPQAAAAAGdQA=
</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data>
/////wAAAP///wA=
</data>
{{- end }}
<key>MaxKernel</key> <key>MaxKernel</key>
<string>20.99.99</string> <string>20.99.99</string>
<key>MinKernel</key> <key>MinKernel</key>
@ -479,6 +611,64 @@ data:
<key>Skip</key> <key>Skip</key>
<integer>0</integer> <integer>0</integer>
</dict> </dict>
{{- if .Values.qemu.hardwareGpu.enabled }}
<dict>
<key>Base</key>
<string></string>
<key>Comment</key>
<string>algrey - - skip cpuid_cores_per_package test -10.15</string>
<key>Count</key>
<integer>0</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>gz0AAAAAAA8AAAAAAItdvA==</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data>//8AAAD///8AAAAA/////w==</data>
<key>MaxKernel</key>
<string>19.99.99</string>
<key>MinKernel</key>
<string>19.0.0</string>
<key>Replace</key>
<data>AAAAAAAAAQAAAAAAAAAAAA==</data>
<key>ReplaceMask</key>
<data>AAAAAAAADwAAAAAAAAAAAA==</data>
<key>Skip</key>
<integer>0</integer>
</dict>
<dict>
<key>Base</key>
<string></string>
<key>Comment</key>
<string>algrey - - skip cpuid_cores_per_package test</string>
<key>Count</key>
<integer>0</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>gz0AAAAAAHQAi128</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data>//8AAAD///8A////</data>
<key>MaxKernel</key>
<string>18.99.99</string>
<key>MinKernel</key>
<string>17.0.0</string>
<key>Replace</key>
<data>AAAAAAAAAQAAAAAA</data>
<key>ReplaceMask</key>
<data>AAAAAAAADwAAAAAA</data>
<key>Skip</key>
<integer>0</integer>
</dict>
{{- end }}
</array> </array>
<key>Quirks</key> <key>Quirks</key>
<dict> <dict>
@ -516,6 +706,7 @@ data:
<false/> <false/>
</dict> </dict>
<key>Scheme</key> <key>Scheme</key>
{{- if not .Values.qemu.hardwareGpu.enabled }}
<dict> <dict>
<key>FuzzyMatch</key> <key>FuzzyMatch</key>
<true/> <true/>
@ -524,6 +715,7 @@ data:
<key>KernelCache</key> <key>KernelCache</key>
<string>Auto</string> <string>Auto</string>
</dict> </dict>
{{- end }}
</dict> </dict>
<key>Misc</key> <key>Misc</key>
<dict> <dict>
@ -539,6 +731,8 @@ data:
<false/> <false/>
<key>PickerAttributes</key> <key>PickerAttributes</key>
<integer>1</integer> <integer>1</integer>
<key>PickerVariant</key>
<string>Modern</string>
<key>PickerAudioAssist</key> <key>PickerAudioAssist</key>
<false/> <false/>
<key>PickerMode</key> <key>PickerMode</key>
@ -550,7 +744,7 @@ data:
<key>TakeoffDelay</key> <key>TakeoffDelay</key>
<integer>0</integer> <integer>0</integer>
<key>Timeout</key> <key>Timeout</key>
<integer>0</integer> <integer>{{ .Values.openCore.boot.timeout }}</integer>
</dict> </dict>
<key>Debug</key> <key>Debug</key>
<dict> <dict>
@ -657,7 +851,7 @@ data:
<key>SystemAudioVolume</key> <key>SystemAudioVolume</key>
<data>Rg==</data> <data>Rg==</data>
<key>boot-args</key> <key>boot-args</key>
<string>-v keepsyms=1 tlbto_us=0 vti=9</string> <string>{{ .Values.configPlist.bootArgs }}</string>
<key>run-efi-updater</key> <key>run-efi-updater</key>
<string>No</string> <string>No</string>
<key>csr-active-config</key> <key>csr-active-config</key>
@ -838,7 +1032,7 @@ data:
<key>ReplaceTabWithSpace</key> <key>ReplaceTabWithSpace</key>
<false/> <false/>
<key>Resolution</key> <key>Resolution</key>
<string>1920x1080@32</string> <string>{{ .Values.vnc.resolution }}</string>
<key>SanitiseClearScreen</key> <key>SanitiseClearScreen</key>
<false/> <false/>
<key>TextRenderer</key> <key>TextRenderer</key>
@ -905,232 +1099,37 @@ data:
</dict> </dict>
</dict> </dict>
</plist> </plist>
macOS-libvirt-Catalina.xml: |-
<?xml version='1.0' encoding='UTF-8'?>
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
<!--
macOS libvirt XML configuration.
Run "virt-xml-validate macOS-libvirt-Catalina.xml" to validate this file.
To install this file, you may place it at ~/.config/libvirt/qemu/
and run: virsh define macOS-libvirt.xml.
This configuration has been tested in Ubuntu 20.04 with stock QEMU-KVM.
Move/rename images and loader/nvmram files and paths as you wish.
!!! Don't forget to replace CHANGEME with your values !!!
Adjust memory and currentMemory to 3145728 if you want only 3 GiB.
Consider removing some cpu features if your hardware lacks support.
Replace spice with vnc if you prefer it.
Current network configuration is a local bridge (192.157.12x.x).
Change it to if you prefer a public bridge instead:
Change interface to <interface type='user'>
and remove the <source bridge='virbr0'/>
Or use virt-manager to edit this line instead of virsh edit.
Note: Default configuration caused severe clock problems
under Fedora 27 w/ i7-5820K. This is because Darwin uses
tsc (time since last tick) for time, and for me did not
fall back to rtc in the event of a clock mismatch with
libvirt's default time source. Therefore we must explicitly
give the clock a tsc timer for kvm to pass to the guest.
See comments on the <kvm> and <clock> attributes.
-->
<name>macOS</name>
<uuid>2aca0dd6-cec9-4717-9ab2-0b7b13d111c3</uuid>
<title>macOS</title>
<memory unit='MB'>{{ .Values.resources.requests.memory | trimSuffix "Mi" }}</memory>
<currentMemory unit='MB'>{{ .Values.resources.requests.memory | trimSuffix "Mi" }}</currentMemory>
<vcpu placement='static'>{{ .Values.resources.requests.cpu }}</vcpu>
<os>
<type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
<!-- We don't need patched OVMF anymore when using latest OpenCore, stock one is okay -->
<loader readonly='yes' type='pflash'>/home/CHANGEME/OSX-KVM/OVMF_CODE.fd</loader>
<nvram>/home/CHANGEME/OSX-KVM/OVMF_VARS-1024x768.fd</nvram>
</os>
<features>
<acpi/>
<apic/>
</features>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='writeback' io='threads'/>
<source file='/home/CHANGEME/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2'/>
<target dev='sda' bus='sata'/>
<boot order='2'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='writeback' io='threads'/>
<source file="/system_image/{{ .Values.serverName }}/mac_hdd_ng.img"/>
<target dev='sdb' bus='sata'/>
<boot order='1'/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x8'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x9'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0xa'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0xb'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0xc'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x4'/>
</controller>
<controller type='pci' index='6' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='6' port='0xd'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x5'/>
</controller>
<controller type='pci' index='7' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='7' port='0xe'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x6'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='usb' index='0' model='ich9-ehci1'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci1'>
<master startport='0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci2'>
<master startport='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci3'>
<master startport='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/>
</controller>
<!-- Make sure you put your nic in bus 0x0 and slot 0x0y(y is numeric), this will make nic built-in and apple-store work-->
<interface type='bridge'>
<mac address='52:54:00:8e:e2:66'/>
<source bridge='virbr0'/>
<target dev='tap0'/>
<model type='vmxnet3'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='unix'>
<target type='virtio' name='org.qemu.guest_agent.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<alias name='input0'/>
<address type='usb' bus='0' port='1'/>
</input>
<!-- Mouse sets to usb will make unexpected behaviors when using VNC, so we use ps2 here.-->
<input type='mouse' bus='ps2'>
<alias name='input1'/>
</input>
<!-- This is required to make Keyboard work during installation when using VNC -->
<input type='keyboard' bus='usb'>
<alias name='input2'/>
<address type='usb' bus='0' port='3'/>
</input>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
</graphics>
<input type='keyboard' bus='ps2'>
<alias name='input3'/>
</input>
<!-- We use video model none here, so we can later set video device to vmware-svga for better graphics -->
<video>
<model type='none'/>
</video>
<!-- If you wanna passthrough GPU, make sure the gfx and audio are in the same bus (like 0x01) but different function (0x00 and 0x01)-->
<!-- <hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x2d' slot='0x00' function='0x0'/>
</source>
<rom file='/mnt/disks/backups/BIOS/RX580/Ellesmere.rom'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0' multifunction='on'/>
</hostdev>
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x2d' slot='0x00' function='0x1'/>
</source>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x1'/>
</hostdev> -->
<!-- If you wanna passthrough onboard audio(like 30:00.4), make sure you put it in bus 0x00 and slot 0x0y(y is numeric), otherwise AppleALC won't recognized it -->
<!-- <hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x30' slot='0x00' function='0x4'/>
</source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</hostdev> -->
<memballoon model='none'/>
</devices>
<!-- Note: Enable the next line when SELinux is enabled -->
<!-- seclabel type='dynamic' model='selinux' relabel='yes'/> -->
<qemu:commandline>
<qemu:arg value='-device'/>
<qemu:arg value='isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc'/>
<qemu:arg value='-smbios'/>
<qemu:arg value='type=2'/>
<qemu:arg value='-device'/>
<qemu:arg value='{{ .Values.qemu.softwareGpu }}'/>
<qemu:arg value='-cpu'/>
<qemu:arg value='{{ .Values.qemu.cpu }}'/>
<!-- <qemu:arg value='Penryn,vendor=GenuineIntel,+hypervisor,+invtsc,kvm=on,+fma,+avx,+avx2,+aes,+ssse3,+sse4_2,+popcnt,+sse4a,+bmi1,+bmi2'/> -->
<!-- <qemu:arg value='Haswell,kvm=off,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+xsave,+xsaveopt,check'/> -->
<!-- If you wanna use cpu host-passthrough mode, uncomments below-->
<!-- <qemu:arg value='host,kvm=on,+fma,+avx,+avx2,+aes,+ssse3,+sse4_2,+popcnt,+sse4a,+bmi1,+bmi2'/> -->
<!-- If you wanna use cpu emulating mode like Skylake-Server, uncomments below-->
<!-- <qemu:arg value='Skylake-Server,vendor=GenuineIntel,+hypervisor,+invtsc,kvm=off,+fma,+avx,+avx2,+aes,+ssse3,+sse4_2,+popcnt,+sse4a,+bmi1,+bmi2'/> -->
</qemu:commandline>
</domain>
Launch_custom.sh: |- Launch_custom.sh: |-
#/bin/sh #/bin/sh
if ! [ -d "/system_image/installers" ]; then # Add extra kexts to EFI/OC/kexts
mkdir -p /system_image/installers {{- if .Values.kexts.add }}
{{- range .Values.kexts.kextsToAdd }}
{{- $rangeItem := . -}}
{{- with $ }}
echo 'Installing kext {{ $rangeItem.name }}..'
cp -r "{{ .Values.kexts.path }}/{{ $rangeItem.name }}" /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/
sudo chmod 755 /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/{{ $rangeItem.name }}
{{- end }}
{{- end }}
{{- end }}
# Rebuild Opencore.qcow2 after making changes to config.plist and etc..
{{- if .Values.openCore.rebuild }}
echo 'Building new Opencore.qcow2..'
sudo apt install {{ .Values.openCore.kernel }} -y
pushd OpenCore-Catalina/
mkdir -p EFI/OC/Resources
rm -f OpenCore.qcow2
sudo ./opencore-image-ng.sh \
--cfg config.plist \
--img OpenCore.qcow2
sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} OpenCore.qcow2
popd
{{- end }}
if ! [ -d "{{ .Values.qemu.systemInstaller.path }}" ]; then
mkdir -p {{ .Values.qemu.systemInstaller.path }}
fi fi
if ! [ -d "/system_image/{{ .Values.serverName }}" ]; then if ! [ -d "/system_image/{{ .Values.serverName }}" ]; then
@ -1138,70 +1137,102 @@ data:
fi fi
# Download and build installer image if no system drive found.. # Download and build installer image if no system drive found..
if ! [ -f "/system_image/installers/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img" ]; then if ! [ -f "{{ .Values.qemu.systemInstaller.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img" ]; then
echo "Downloading {{ .Values.qemu.systemInstaller.version }} base image.." echo "Downloading {{ .Values.qemu.systemInstaller.version }} base image.."
python fetch-macOS.py --version {{ .Values.qemu.systemInstaller.version }} python fetch-macOS.py --version {{ .Values.qemu.systemInstaller.version }}
echo 'Converting downloaded BaseSystem.dmg into BaseSystem.img' echo 'Converting downloaded BaseSystem.dmg into BaseSystem{{ .Values.qemu.systemInstaller.version }}.img and saving in {{ .Values.qemu.systemInstaller.path }}'
qemu-img convert BaseSystem.dmg -O qcow2 -p -c /system_image/installers/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img qemu-img convert BaseSystem.dmg -O qcow2 -p -c {{ .Values.qemu.systemInstaller.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img
rm -f BaseSystem.dmg rm -f BaseSystem.dmg
else else
echo 'Base Image downloaded and converted into img already..' echo 'Base Image downloaded and converted into img already..'
fi fi
if ! [ -f "/system_image/{{ .Values.serverName }}/mac_hdd_ng.img" ]; then if ! [ -f "/system_image/{{ .Values.serverName }}/mac_hdd_ng.img" ]; then
echo "Creating a {{ .Values.qemu.diskSize }} /system_image/{{ .Values.serverName }}/mac_hdd_ng.img for system partition.." echo "Creating a {{ .Values.qemu.systemDisk.size }} /system_image/{{ .Values.serverName }}/mac_hdd_ng.img for system partition.."
qemu-img create -f qcow2 /system_image/{{ .Values.serverName }}/mac_hdd_ng.img "{{ .Values.qemu.diskSize }}" qemu-img create -f qcow2 /system_image/{{ .Values.serverName }}/mac_hdd_ng.img "{{ .Values.qemu.systemDisk.size }}"
echo 'Finished creating system partition!' echo 'Finished creating system partition!'
else else
echo 'Image already created. Skipping creation..' echo 'Image already created. Skipping creation..'
fi fi
# # Fix permissions on usb devices..
# {{- if .Values.qemu.usb }}
# {{- range .Values.qemu.usb }}
# echo "Updating permissions to r/w for /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4).."
# sudo chmod 666 /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4)
# {{- end }}
# {{- end }}
# Start VNC.. # Start VNC..
{{- if .Values.vnc.enabled }}
echo 'geometry={{ .Values.vnc.resolution }}
localhost
alwaysshared' > ~/.vnc/config
sudo rm -f /tmp/.X99-lock sudo rm -f /tmp/.X99-lock
export DISPLAY=:99 export DISPLAY=:99
vncpasswd -f < vncpasswd_file > ${HOME}/.vnc/passwd vncpasswd -f < vncpasswd_file > ${HOME}/.vnc/passwd
/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &\ /usr/bin/Xvnc -geometry {{ .Values.vnc.resolution }} -rfbauth "${HOME}/.vnc/passwd" :99 &\
sudo chmod 600 ~/.vnc/passwd
{{- end }}
{{- if .Values.qemu.gpu.enabled }} sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} /dev/kvm
ulimit -l $(( 8*1048576+100000 )) {{- if .Values.qemu.hardwareGpu.enabled }}
user hard memlock $(( 8*1048576+100000 )) sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} -R /dev/vfio
user soft memlock $(( 8*1048576+100000 ))
{{- end }} {{- end }}
# Start QEMU.. # Start QEMU..
echo 'Starting QEMU..'
set -eu set -eu
sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true
sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true
exec qemu-system-x86_64 -m {{ .Values.resources.requests.memory | trimSuffix "i" }} \ exec qemu-system-x86_64 -m {{ .Values.resources.requests.memory | trimSuffix "i" }} \
-cpu {{ .Values.qemu.cpu }} \ -cpu {{ .Values.qemu.cpu }} \
-machine q35,accel=kvm:tcg \ -machine q35,accel=kvm:tcg \
{{- if .Values.qemu.gpu.enabled }} {{- if .Values.qemu.hardwareGpu.enabled }}
-vga none \
-device pcie-root-port,bus=pcie.0,multifunction=on,port=1,chassis=1,id=port.1 \ -device pcie-root-port,bus=pcie.0,multifunction=on,port=1,chassis=1,id=port.1 \
-device vfio-pci,host={{ .Values.qemu.gpu.hardwareId }}.0,multifunction=on,x-vga=on,rombar=1 \ {{- if .Values.qemu.hardwareGpu.romfile }}
-device vfio-pci,host={{ .Values.qemu.gpu.hardwareId }}.1,bus=port.1 \ -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,bus=port.1,multifunction=on,romfile={{ .Values.qemu.hardwareGpu.romfile}} \
-display none \ {{- else -}}
-device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,multifunction=on \
{{- end }}
-device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.1,bus=port.1 \
{{- else -}} {{- else -}}
-vga {{ .Values.qemu.softwareGpu }} \ -vga {{ .Values.qemu.softwareGpu }} \
{{- end }} {{- end }}
-smp {{ .Values.resources.requests.cpu }},cores={{ .Values.resources.requests.cpu }} \ -smp {{ .Values.resources.requests.cpu }},cores={{ .Values.resources.requests.cpu }} \
{{- if .Values.vnc.enabled }}
-usb -device usb-kbd -device usb-tablet \ -usb -device usb-kbd -device usb-tablet \
{{- else -}}
-vga none \
-display none \
{{- end }}
-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \ -device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \
-drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd \ -drive if=pflash,format=raw,readonly,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_CODE.fd \
-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \ -drive if=pflash,format=raw,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_VARS-1024x768.fd \
-smbios type=2 \ -smbios type=2 \
{{- if .Values.qemu.audio.enabled }} {{- if .Values.qemu.audio.enabled }}
-audiodev {{ .Values.qemu.audo.driver }},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \ \ -audiodev {{ .Values.qemu.audio.driver }},id=hda \
-device ich9-intel-hda \
-device hda-duplex,audiodev=hda \
{{- end }} {{- end }}
-device ich9-ahci,id=sata \ -device ich9-ahci,id=sata \
-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
-device ide-hd,bus=sata.2,drive=OpenCoreBoot \ -device ide-hd,bus=sata.2,drive=OpenCoreBoot \
{{- if .Values.qemu.systemInstaller.enabled }}
-device ide-hd,bus=sata.3,drive=InstallMedia \ -device ide-hd,bus=sata.3,drive=InstallMedia \
-drive id=InstallMedia,if=none,file=/system_image/installers/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img,format=qcow2 \ -drive id=InstallMedia,if=none,file={{ .Values.qemu.systemInstaller.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img,format=qcow2 \
{{- end }}
-drive id=MacHDD,if=none,file=/system_image/{{ .Values.serverName }}/mac_hdd_ng.img,format=qcow2 \ -drive id=MacHDD,if=none,file=/system_image/{{ .Values.serverName }}/mac_hdd_ng.img,format=qcow2 \
-device ide-hd,bus=sata.4,drive=MacHDD \ -device ide-hd,bus=sata.4,drive=MacHDD \
-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,{{ .Values.qemu.netdev.extraArgs }} -device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:09:49:17 \ -netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,{{ .Values.qemu.netdev.extraPortForwarding }} \
-monitor stdio \ -device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:09:49:17 \
{{- range .Values.qemu.usb }}
-usb -device usb-host,productid=0x{{ .productId }},vendorid=0x{{ .vendorId }} \
{{- end }}
{{- range .Values.qemu.extraArgs }}
{{ . }} \
{{- end }}
${EXTRA:-} ${EXTRA:-}
vncpasswd_file: |- vncpasswd_file: |-
{{ .Values.vnc.password }} {{ .Values.vnc.password }}
@ -1263,7 +1294,7 @@ data:
#@faculty hard nproc 50 #@faculty hard nproc 50
#ftp hard nproc 0 #ftp hard nproc 0
#@student - maxlogins 4 #@student - maxlogins 4
@arch soft memlock unlimited @{{ .Values.image.userName }} soft memlock unlimited
@arch hard memlock unlimited @{{ .Values.image.userName }} hard memlock unlimited
# End of file # End of file

@ -56,30 +56,35 @@ spec:
value: "{{ .Values.resources.requests.memory | trimSuffix "Mi" }}" value: "{{ .Values.resources.requests.memory | trimSuffix "Mi" }}"
- name: TZ - name: TZ
value: "{{ .Values.tz }}" value: "{{ .Values.tz }}"
- name: DISPLAY
value: ':0.0'
resources: resources:
{{ toYaml .Values.resources | indent 10 }} {{ toYaml .Values.resources | indent 10 }}
volumeMounts: volumeMounts:
- mountPath: /home/arch/OSX-KVM/config.plist - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/config.plist
subPath: config.plist subPath: config.plist
name: boot-components name: boot-components
- mountPath: /home/arch/OSX-KVM/macOS-libvirt-Catalina.xml - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/Launch_custom.sh
subPath: macOS-libvirt-Catalina.xml
name: boot-components
- mountPath: /home/arch/OSX-KVM/Launch_custom.sh
subPath: Launch_custom.sh subPath: Launch_custom.sh
name: boot-components name: boot-components
- mountPath: /home/arch/OSX-KVM/vncpasswd_file - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/vncpasswd_file
subPath: vncpasswd_file subPath: vncpasswd_file
name: boot-components name: boot-components
- mountPath: /etc/security/limits.conf
subPath: limits.conf
name: boot-components
- mountPath: /dev/kvm - mountPath: /dev/kvm
name: kvm name: kvm
- mountPath: /dev/net/tun - mountPath: /dev/net/tun
name: tun name: tun
- mountPath: /dev/vfio {{- if .Values.qemu.hardwareGpu.enabled }}
- mountPath: /etc/security/limits.conf
subPath: limits.conf
name: boot-components
- mountPath: /dev/vfio/vfio
name: vfio name: vfio
- mountPath: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }}
name: vfio-group
- mountPath: /lib/modules
name: lib-modules
{{- end }}
- mountPath: /dev/snd - mountPath: /dev/snd
name: snd name: snd
- mountPath: /tmp/.X11-unix - mountPath: /tmp/.X11-unix
@ -98,23 +103,31 @@ spec:
items: items:
- key: config.plist - key: config.plist
path: config.plist path: config.plist
- key: macOS-libvirt-Catalina.xml
path: macOS-libvirt-Catalina.xml
- key: Launch_custom.sh - key: Launch_custom.sh
path: Launch_custom.sh path: Launch_custom.sh
- key: vncpasswd_file - key: vncpasswd_file
path: vncpasswd_file path: vncpasswd_file
{{- if .Values.qemu.hardwareGpu.enabled }}
- key: limits.conf - key: limits.conf
path: limits.conf path: limits.conf
- name: kvm {{- end }}
hostPath:
path: /dev/kvm
- name: tun - name: tun
hostPath: hostPath:
path: /dev/net/tun path: /dev/net/tun
- name: kvm
hostPath:
path: /dev/kvm
{{- if .Values.qemu.hardwareGpu.enabled }}
- name: vfio - name: vfio
hostPath: hostPath:
path: /dev/vfio path: /dev/vfio/vfio
- name: vfio-group
hostPath:
path: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }}
- name: lib-modules
hostPath:
path: /lib/modules
{{- end }}
- name: snd - name: snd
hostPath: hostPath:
path: /dev/snd path: /dev/snd

@ -18,10 +18,12 @@ spec:
targetPort: 5999 targetPort: 5999
protocol: TCP protocol: TCP
name: vnc name: vnc
- port: 1359 {{- range .Values.service.extraPorts }}
targetPort: 1359 - port: {{ .port }}
protocol: TCP targetPort: {{ .targetPort }}
name: airmessage protocol: {{ .protocol }}
name: {{ .name }}
{{- end }}
selector: selector:
app.kubernetes.io/name: {{ include "docker-osx.name" . }} app.kubernetes.io/name: {{ include "docker-osx.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}

@ -7,46 +7,118 @@ image:
repository: sickcodes/docker-osx-vnc repository: sickcodes/docker-osx-vnc
tag: latest tag: latest
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
userName: ubuntu
# Please note, this must be a directory name within `/system_image` mounted at the bottom in extraVolumeMounts # Please note, this must be a directory name within `/system_image` mounted at the bottom in extraVolumeMounts
serverName: server serverName: server
# add kexts to EFI/OC/kexts and update config.plist
# make sure your kexts are in kexts.path
kexts:
add: false
path: /system_image/kexts
kextsToAdd: {}
# - name: BrcmBluetoothInjector.kext
# executablePath: Contents/MacOS/BrcmBluetoothInjector
# plistPath: Contents/Info.plist
# - name: BrcmFirmwareData.kext
# executablePath: Contents/MacOS/BrcmFirmwareData
# plistPath: Contents/Info.plist
# - name: BrcmPatchRAM3.kext
# executablePath: Contents/MacOS/BrcmPatchRAM3
# plistPath: Contents/Info.plist
# SMBIOS settings # SMBIOS settings
configPlist: configPlist:
SystemProductName: iMacPro1,1 SystemProductName: iMacPro1,1
MLB: D25338500GUF8YLJA MLB: D25338500GUF8YLJA
SystemSerialNumber: D25LF7ZEF8JC SystemSerialNumber: D25LF7ZEF8JC
SystemUUID: 139C94D6-A533-47D2-874F-D365BFD8B047 SystemUUID: 139C94D6-A533-47D2-874F-D365BFD8B047
bootArgs: '-v keepsyms=1 tlbto_us=0 vti=9 -wegoff agdpmod=pikera'
openCore:
# Rebuild OpenCore.qcow2: this can be disabled if none of the above parameters in kexts, configPlist changes, and changing the
# resolution are not desired, utilizing gpu passthrough and a few other things. Disabling is not recommended
rebuild: true
boot:
# set to zero to have OpenCore stay at boot menu
timeout: 0
# This defines QEMU and virtlo parameters # This section defines QEMU and virtlo parameters
# #
# Note: # Note:
# *) Increase downloadDelay if the pod gets killed for readiness/liveliness check. The first time the pod is started, # *) Increase downloadDelay if the pod gets killed for readiness/liveliness check. The first time the pod is started,
# it will download the BaseSystem image and create a data partition to install the OS. If this value is really long, # it will download the BaseSystem image and create a data partition to install the OS. If this value is really long,
# the pod will take very long to allow VNC connections if it is rebooted/killed. # the pod will take very long to allow VNC connections if it is rebooted/killed.
# *) Big Sur (11.X) is currently broken, as it seems to need the BaseSystem extracted from the InstallAssistant.pkg file it downloads # *) Big Sur (11.X) is currently broken, as it seems Apple reworked the packaging so that will have to be something fixed in
# *) GPU support is considered broken still, but WIP # https://github.com/kholia/OSX-KVM/blob/master/fetch-macOS-v2.py
# *) VNC and IOMMU GPU passthrough do not play together well. Disable one if using the other. This is a limitation of QEMU
# unfortunately, so this means VNC from macOS will have to be used to view the VM when not using a physical GPU.
# *) If using GPU passthrough, it is recommended to configure it first, as the installer will take way longer (several hours)
# to install macOS with a software GPU configured.
# #
qemu: qemu:
cpu: Penryn,vendor=GenuineIntel,+hypervisor,+invtsc,kvm=on,+fma,+avx,+avx2,+aes,+ssse3,+sse4_2,+popcnt,+sse4a,+bmi1,+bmi2 cpu: Penryn,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+xsave,+xsaveopt,check
softwareGpu: vmware softwareGpu: vmware
gpu: hardwareGpu:
# if disabled, will rely on softwareGpu instead # when enabled, qemu.softwareGpu will be disabled automatically. disabling this will rely on softwareGpu instead
enabled: false enabled: false
hardwareId: '03:00' hardwareId: 09:00
# slot can be found with `lspci -v -s <hardware-id>`
slot: 05
# vfioGroup can be found with lsgroup.sh:
# https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh
vfioGroup: 50
# leave romfile blank if not using one to disable
romfile: /system_image/vbios/Sapphire.RX480.8192.160603.rom
systemInstaller: systemInstaller:
# if using more than one deployment, a write lock will be put on the system installer dmg, so this will need to be disabled
# for other pods
enabled: false
version: 10.15.7 version: 10.15.7
downloadDelay: 300 path: /system_image/installers
diskSize: 128G downloadDelay: 15
# can be `writethrough`, `writeback`, or `none`
cache: none
# can be `native` or `threads`
io: threads
systemDisk:
size: 128G
# can be `writethrough`, `writeback`, or `none`
cache: writeback
# can be `native` or `threads`
io: threads
audio: audio:
enabled: true # this enables onboard audio, hdmi audio is handled with qemu.hardwareGpu
enabled: false
driver: alsa driver: alsa
netdev: netdev:
extraArgs: extraPortForwarding: hostfwd=tcp::5901-:5900
# for usb, pass host adapters like such:
# usb:
# - vendorId: 0a5c
# productId: 21e8
#
# please use lsgroup.sh to find your host ids:
# https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh
#
# for usb, may need to fix permissions:
# sudo chmod 666 /dev/bus/usb/<bus>/<device>
#
# if need to add a usb controller via vfio-pci, use qemu.extraArgs
#
usb: {}
# use the following formatting
# extraArgs:
# - -parallel none
# - -boot order=dc
extraArgs: {}
# Password for accessing vm over vnc # Password for accessing vm over vnc
vnc: vnc:
password: updateme enabled: true
resolution: 1920x1080
password: a5aeQbaPd4$jR80Q43
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@ -56,6 +128,11 @@ service:
ip: 192.168.1.10 ip: 192.168.1.10
targetPort: 50922 targetPort: 50922
port: 10022 port: 10022
extraPorts:
- port: 5901
targetPort: 5901
protocol: TCP
name: os-level-vnc
ingress: ingress:
enabled: false enabled: false
@ -71,19 +148,21 @@ ingress:
# hosts: # hosts:
# - chart-example.local # - chart-example.local
# Note: seems that host needs around x5 the cpu and x9 memory limits allocated to MacOS # Note: Resources can vary dramatically depending on disk caching and software GPU rendering. With disk
# when under load. This may be due to my personal hardware or inefficencies such as # caching and software rendering up to x5 the cpu and x9 memory can be consumed. With disk cache off
# software GPU rendering. Otherwise the pod will be killed due to OOMing. # and GPU passthrough enabled up to x3 the cpu and x1.5 memory can be consumed. Therefore, these settings
# really depend on hardware and configuration choices. Note, these values used a 1080p video resolution
# as well.
# #
# Warning: do not perform unit conversion on cpu and memory requests, as these units # Warning: do not perform unit conversion on cpu and memory requests, as these units
# are tied qemu and virtio settings. Also, only use intergers for cpu requests. # are tied qemu and virtio settings. Also, only use intergers for cpu requests.
resources: resources:
limits: limits:
cpu: 10 cpu: 15
memory: 36864Mi memory: 32768Mi
requests: requests:
cpu: 2 cpu: 4
memory: 4096Mi memory: 16384Mi
nodeSelector: {} nodeSelector: {}

Loading…
Cancel
Save