Setting Up Multipass on Arch Linux: Complete Guide with Security Considerations
Multipass is a powerful tool for creating and managing Ubuntu virtual machines with minimal overhead. This guide provides complete installation instructions for Arch Linux, including security considerations and best practices.
Table of Contents
Open Table of Contents
Prerequisites
Before starting, ensure you have:
- Sudo privileges on your Arch Linux system
- Base development tools installed
- At least 4GB of available RAM
- 20GB+ of free disk space
# Verify prerequisites
sudo pacman -S base-devel
Installation Steps
1. Install Required Dependencies
Install the necessary packages for virtualization and Multipass:
sudo pacman -S qemu-base libvirt dnsmasq apparmor edk2-ovmf git cmake gcc
2. Set Up System Services
Enable and start the required system services:
# Enable and start libvirt
sudo systemctl enable --now libvirtd.service
# Enable and start AppArmor
sudo systemctl enable --now apparmor.service
# Verify services are running
sudo systemctl status libvirtd
sudo systemctl status apparmor
3. Configure User Permissions
Add your user to the necessary groups for virtualization access:
sudo usermod -a -G libvirt,kvm $USER
# Verify group membership
groups $USER
# Log out and back in for group changes to take effect
4. Configure OVMF for UEFI Support
Set up the OVMF firmware for QEMU UEFI support:
# Create QEMU directory
sudo mkdir -p /usr/share/qemu
# Create symlink for OVMF firmware
sudo ln -s /usr/share/edk2/x64/OVMF.fd /usr/share/qemu/OVMF.fd
# Verify symlink
ls -l /usr/share/qemu/OVMF.fd
5. Install Multipass from AUR
Using your preferred AUR helper (yay shown here):
# Using yay
yay -S canonical-multipass
Or manually build from AUR:
# Manual installation
git clone https://aur.archlinux.org/canonical-multipass.git
cd canonical-multipass
makepkg -si
6. Start Multipass Service
Enable and start the Multipass daemon:
sudo systemctl enable --now multipassd.service
# Verify service status
sudo systemctl status multipassd
7. Verify Installation
Test your Multipass installation:
# Check version
multipass version
# List instances (should be empty initially)
multipass list
# Verify available images
multipass find
Usage Examples
Launch Ubuntu 20.04 Instance
Basic instance creation:
# Launch basic instance
multipass launch 20.04 --name my-instance
# Launch with custom specifications
multipass launch 20.04 --name dev-instance \
--cpus 4 \
--memory 8G \
--disk 50G
Advanced Instance Configuration
# Launch with cloud-init configuration
multipass launch 22.04 --name secure-instance \
--cpus 2 \
--memory 4G \
--disk 20G \
--cloud-init - <<EOF
#cloud-config
users:
- name: devuser
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2E... your-public-key
packages:
- htop
- vim
- git
- curl
runcmd:
- apt update && apt upgrade -y
- ufw enable
EOF
Managing Instances
# List all instances
multipass list
# Get detailed instance information
multipass info instance-name
# Access instance shell
multipass shell instance-name
# Execute commands remotely
multipass exec instance-name -- command
# Transfer files
multipass transfer local-file instance-name:/remote/path
multipass transfer instance-name:/remote/file ./local-path
# Stop instance
multipass stop instance-name
# Start instance
multipass start instance-name
# Restart instance
multipass restart instance-name
# Delete instance
multipass delete instance-name
multipass purge # Remove deleted instances completely
Network Management
# Get instance IP
multipass list
# Mount local directory
multipass mount /local/path instance-name:/mount/point
# Unmount directory
multipass umount instance-name:/mount/point
Security Considerations
AppArmor Profiles
Ensure AppArmor is properly configured for Multipass:
# Check AppArmor status
sudo aa-status | grep multipass
# Verify profiles are loaded
sudo aa-status
# If profiles are missing, reload them
sudo systemctl restart apparmor
Network Security
Multipass uses NAT-based networking for isolation by default:
# Check network configuration
multipass get local.driver
# View network settings
multipass get local.bridged-network
For production environments, consider setting up dedicated network bridges:
# Create custom network bridge
sudo ip link add name br-multipass type bridge
sudo ip link set br-multipass up
# Configure Multipass to use custom bridge
multipass set local.bridged-network=br-multipass
Resource Limits
Set appropriate resource limits to prevent resource exhaustion:
# Set global CPU limit
multipass set local.memory=8G
# Set global memory limit
multipass set local.cpus=4
# Monitor resource usage
multipass info instance-name
Access Control
Implement proper access controls:
# Set restrictive permissions on Multipass data
sudo chmod 700 /var/lib/multipass
# Use SSH keys for authentication
ssh-keygen -t rsa -b 4096 -f ~/.ssh/multipass_key
# Add key to cloud-init configuration
# (as shown in advanced instance configuration above)
Firewall Configuration
Configure host firewall rules:
# Allow only necessary traffic
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH if needed (be specific about source IPs)
sudo ufw allow from 192.168.1.0/24 to any port 22
Troubleshooting
OVMF Firmware Issues
If you encounter OVMF.fd errors:
# Verify OVMF installation
ls -l /usr/share/edk2/x64/OVMF.fd
# Recreate symlink if needed
sudo rm /usr/share/qemu/OVMF.fd
sudo ln -s /usr/share/edk2/x64/OVMF.fd /usr/share/qemu/OVMF.fd
# Check QEMU configuration
qemu-system-x86_64 -version
Service Connection Issues
If multipass fails to connect:
# Check service status
systemctl status multipassd
# Check logs
journalctl -u multipassd -f
# Restart service
sudo systemctl restart multipassd
# Check for socket issues
sudo netstat -tlnp | grep multipass
Permission Issues
If encountering permission errors:
# Verify group membership
groups | grep -E "libvirt|kvm"
# Fix KVM permissions if needed
sudo chmod 666 /dev/kvm
# Check libvirt permissions
sudo usermod -a -G libvirt $USER
# Restart libvirt if needed
sudo systemctl restart libvirtd
Instance Boot Issues
# Check instance logs
multipass logs instance-name
# Try launching with different Ubuntu version
multipass find
multipass launch focal --name test-instance
# Check available disk space
df -h /var/lib/multipass
Maintenance
Updating Multipass
# Update via AUR helper
yay -Syu canonical-multipass
# Or manually update AUR package
cd canonical-multipass
git pull
makepkg -si
Backup Instance Data
# Stop instance before backup
multipass stop instance-name
# Backup instance data
sudo cp -r /var/lib/multipass/data/instance-name /backup/location/
# Create compressed backup
sudo tar -czf backup-$(date +%Y%m%d).tar.gz \
-C /var/lib/multipass/data instance-name
Clean Up
Regular maintenance commands:
# Remove old instances
multipass delete unused-instance
multipass purge
# Clear cache
rm -rf ~/.cache/multipass
# Clean up old images
multipass purge
# Check disk usage
du -sh /var/lib/multipass/*
Performance Monitoring
# Monitor system resources
htop
# Check libvirt statistics
virsh list --all
virsh domstats
# Monitor disk usage
df -h /var/lib/multipass
Log Management
# View Multipass logs
journalctl -u multipassd --since "1 hour ago"
# Set log rotation
sudo systemctl edit multipassd
# Add:
# [Service]
# StandardOutput=journal
# StandardError=journal
Advanced Configuration
Custom Image Management
# Create custom image from instance
multipass stop my-instance
multipass snapshot my-instance --name my-snapshot
# Use snapshots (when supported)
multipass restore my-instance.my-snapshot
Automation Scripts
Create automation scripts for common tasks:
#!/bin/bash
# multipass-create-dev.sh
INSTANCE_NAME="dev-$(date +%Y%m%d)"
UBUNTU_VERSION="22.04"
multipass launch $UBUNTU_VERSION \
--name $INSTANCE_NAME \
--cpus 2 \
--memory 4G \
--disk 20G \
--cloud-init dev-cloud-init.yml
echo "Development instance $INSTANCE_NAME created"
multipass shell $INSTANCE_NAME
Best Practices
-
Resource Management:
- Always set appropriate CPU and memory limits
- Monitor disk usage regularly
- Use snapshots for important states
-
Security:
- Keep AppArmor enabled and configured
- Use SSH keys instead of passwords
- Regularly update both host and guest systems
- Implement network segmentation when needed
-
Maintenance:
- Regular backups of important instances
- Clean up unused instances and images
- Monitor system logs for issues
- Keep Multipass updated
-
Development Workflow:
- Use cloud-init for consistent instance setup
- Implement automation scripts for repetitive tasks
- Use version control for cloud-init configurations
- Document instance configurations
Conclusion
Multipass provides an excellent solution for running Ubuntu virtual machines on Arch Linux with minimal overhead. By following this guide and implementing the security considerations, you’ll have a robust virtualization environment suitable for development, testing, and production use cases.
Remember to:
- Keep your system and Multipass updated
- Monitor resource usage
- Implement proper security measures
- Maintain regular backups
- Document your configurations
For additional support, consult the official Multipass documentation and the Arch Linux community resources.