17.06.2020: CernVM 4.4

CernVM 4.4 is a minor update to CernVM 4. It upgrades the base system to EL 7.8 and it updates the certificate chain to fix contextualization with CernVM Online.

Note: if your bootloader is older than version 2020.04-1, you need to run

    sudo cp /etc/cvmfs/keys/cern.ch/cern-it4.cern.ch.pub /mnt/.rw/aux/keys/cernvm-prod.cern.ch
    sudo cernvm-update -k

before being able to update with sudo cernvm-update -a.

27.01.2020: CernVM 4.3

CernVM 4.3 is a minor update to CernVM 4. It upgrades the base system to EL 7.7 and provides new versions of the docker and eos packages. Note that in the course of the EOS update, that eosd daemon disappeared. Instead, eos mounts are now autofs managed, in the same way they are on CERN lxplus.

04.02.2019: CernVM 4.2

CernVM 4.2 is a minor update to CernVM 4.1, upgrading the base system to EL 7.6.

12.06.2018: CernVM 4.1


CernVM 4 is a virtual machine image based on Scientific Linux 7 combined with a custom, virtualization-friendly Linux kernel.

CernVM 4 is based on the µCernVM bootloader. Its outstanding feature is that it does not require a hard disk image to be distributed (hence “micro”). Instead it is distributed as a read-only image of ~20MB containing a Linux kernel and the CernVM-FS client. The rest of the operating system is downloaded and cached on demand by CernVM-FS. The virtual machine still requires a hard disk as a persistent cache, but this hard disk is initially empty and can be created instantaneously, instead of being pre-created and distributed.

CernVM 4 comes with a number of extra packages from EPEL and other sources. If you believe an important package is missing, please let us know!

Enforce booting a previous version of CernVM

Booting a previous version of CernVM can be enforced using the following contextualization snippet:


The VERSION corresponds to the version of the cernvm-system RPM. For an interactive virtual machine, hit <TAB> in the early boot menu and then e to edit the entry. You can change the cvmfs_repository_tag boot parameter from HEAD4 to VERSION.

Note that previous versions do not contain the latest security fixes.


Download the latest images from our download page. The image is generic and available in different file formats for different hypervisors. The image needs to be contextualized to become either a graphical development VM or a batch virtual machine for the cloud.

Detailed instructions are available for VirtualBox, VMware, Vagrant, KVM, Docker, CERN OpenStack, Amazon EC2, Google Compute Engine, and Microsoft Azure.


In most cases, a CernVM needs to be contextualized on first boot. The process of contextualization assigns a profile to the particular CernVM 4 instance. For instance, a CernVM can have the profile of a graphical VM used for development on a laptop; applying another context let the CernVM become a worker node in the cloud.

The CernVM Online portal lets you define and store VM profiles in one place. Once defined, the VM profiles can quickly be applied to any newly booted CernVM instance using a pairing mechanism on the login prompt. Please visit the following pages for more information about how to create new context templates and pair an instance with given template.

The CernVM Launcher

allows for instantiating CernVMs from text-based contexts, such as our public demo contexts.

Please find details on the various contextualiztion options on the contextualization page.

Updates and Version Numbers

When booted, CernVM will load the latest available CernVM 4 version and pin itself on this version. This ensures that your environment stays the same unless you explicitly take action. Both the µCernVM bootloader and the CernVM-FS provided operating system can be updated using the cernvm-update script. CernVM machines show an update notification in /etc/motd and in the GUI. The support list will be notified when updates are ready and will post specific instructions for each update.

The CernVM 4 strong version number consists of 4 parts: 4.X.Y.Z. Major version 4 indicates an Scientific Linux 7 based CernVM. Minor version X will be changed when there is a significant change in the set of supported features. “Y” is the bugfix version. “Z” is the security hotfix version; changes in “Z” don’t change the set of packages but provide security fixes for selected packages.

Next steps

Once booted and contextualized, you can use ssh to connect to your virtual machine. SSHFS and shared folders provide you an easy means to exchange files between the host and CernVM. If you use the vagrant image on a Linux or OS X host, shared folders are provided by NFS, which enables support for hard links.

For storing data and analysis results, we recommend not to use the root partition. Instead, attach a second hard drive to the virtual machine or use shared folders. This way, you can move data between virtual machines and the data remains intact even in case the virtual machine ends up in an unsuable state.


In order to start a stand-alone ROOT, click on the ROOT logo in the middle of the application launcher bar. In non-graphical mode, use module load ROOT to set up the ROOT environemnt. Afterwards you can just use root. If you want to clean the environment from that particular version of ROOT, use module unload ROOT.


CernVM can run docker containers. In order to enable docker support, run sudo systemctl start docker. In order to enable docker on boot, run sudo systemctl enable docker.


By default, CernVM comes with a Java 8 environment. Java 7 is available if necessary. In order to change the default Java version, use update-alternatives --config java.

Single Sign On

You can get a Kerberos token with kinit. With the token, you can login to lxplus and work with subversion repositories without the need to provide a password. Note that due to DNS issues, this feature is not available in VirtualBox.

Swap Space

By default, CernVM has no swap space enabled. The following commands creates a 2G swap file

sudo fallocate -l 2G /mnt/.rw/swapfile
sudo chmod 0600 /mnt/.rw/swapfile
sudo mkswap /mnt/.rw/swapfile
sudo swapon /mnt/.rw/swapfile

If a file /mnt/.rw/swapfile exists, it will picked up automatically on boot as a swap space. In order to activate a swap space through contextualization, add to your amiconfig user data


where <SIZE> can be anything understood by fallocate -l or it can be auto, in which case CernVM uses 2G/core.

Resizing the Root Partition

If you increase your virtual hard drive, you can have CernVM increase your root partition accordingly. To do so, run

sudo touch /mnt/.rw/aux/resize

and reboot. Resizing the root partition is a delicate operation, please make a VM snapshot before you proceed.

Known Issues

  • Unity feature in latest VMware Fusion does not work


In case you cannot login (any more) to your virtual machine, even though the machine was properly contextualized, you can boot CernVM in “debug mode”. In the early boot menu, select the “Debug” entry. This enables kernel debug messages and pauses the boot process just before the µCernVM bootloader hands over to the operating system. Here, type reset_root_password followed by ENTER and Ctrl+D. Once booted, you can then login as root with password “password”.

You are here