Virtualization With KVM On A Fedora 17 Server

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2012-10-09 16:17. :: Fedora | KVM | Virtualization

Virtualization With KVM On A Fedora 17 Server

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 10/05/2012

This guide explains how you can install and use KVM for creating and running virtual machines on a Fedora 17 server. I will show how to create image-based virtual machines and also virtual machines that use a logical volume (LVM). KVM is short for Kernel-based Virtual Machine and makes use of hardware virtualization, i.e., you need a CPU that supports hardware virtualization, e.g. Intel VT or AMD-V.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using a Fedora 17 server with the hostname server1.example.com and the IP address 192.168.0.100 here as my KVM host.

I had SELinux disabled on my Fedora 17 system. I didn't test with SELinux on; it might work, but if not, you better switch off SELinux as well:

vi /etc/selinux/config

Set SELINUX=disabled...

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

... and reboot:

reboot

We also need a desktop system where we install virt-manager so that we can connect to the graphical console of the virtual machines that we install. I'm using a Fedora 17 desktop here.

 

2 Installing KVM

Fedora 17 KVM Host:

First check if your CPU supports hardware virtualization - if this is the case, the command

egrep '(vmx|svm)' --color=always /proc/cpuinfo

should display something, e.g. like this:

[root@server1 ~]# egrep '(vmx|svm)' --color=always /proc/cpuinfo
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall
 nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy misalignsse
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall
 nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy misalignsse
[root@server1 ~]#

If nothing is displayed, then your processor doesn't support hardware virtualization, and you must stop here.

Now we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

To install KVM and virtinst (a tool to create virtual machines), we run

yum install kvm libvirt python-virtinst qemu-kvm

Create the system startup links for the libvirt daemon and start it:

systemctl enable libvirtd.service
systemctl start libvirtd.service

To check if KVM has successfully been installed, run

virsh -c qemu:///system list

It should display something like this:

[root@server1 ~]# virsh -c qemu:///system list
 Id Name                 State
----------------------------------

[root@server1 ~]#

If it displays an error instead, then something went wrong.

Next we need to set up a network bridge on our server so that our virtual machines can be accessed from other hosts as if they were physical systems in the network.

To do this, we install the package bridge-utils...

yum install bridge-utils

... and configure a bridge.

I disable Fedora's NetworkManager and enable "normal" networking. NetworkManager is good for desktops where network connections can change (e.g. LAN vs. WLAN), but on a server you usually don't change network connections:

systemctl disable NetworkManager.service
systemctl enable network.service
systemctl restart network.service
systemctl stop NetworkManager.service

Check your /etc/resolv.conf if it lists all nameservers that you've previously configured:

cat /etc/resolv.conf

If nameservers are missing, run

system-config-network

and add the missing nameservers again.

Next find out your primary network interface by running

ifconfig

In my case, it is named em1 - this is important to make sure you edit the correct network configuration file - in my case /etc/sysconfig/network-scripts/ifcfg-em1.

To configure the bridge, create the file /etc/sysconfig/network-scripts/ifcfg-br0 (please use the DNS1 (plus any other DNS settings, if any), GATEWAY, IPADDR, NETMASK and SEARCH values from the /etc/sysconfig/network-scripts/ifcfg-em1 file):

vi /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
DNS1=8.8.8.8
GATEWAY=192.168.0.1
IPADDR=192.168.0.100
NETMASK=255.255.255.0
ONBOOT=yes
DNS2=8.8.4.4
SEARCH="example.com"

Modify /etc/sysconfig/network-scripts/ifcfg-em1 as follows (comment out BOOTPROTO, DNS1 (and all other DNS servers, if any), GATEWAY, IPADDR, NETMASK, and SEARCH, set NM_CONTROLLED to no, and add BRIDGE=br0):

vi /etc/sysconfig/network-scripts/ifcfg-em1

UUID="e8a818cc-0e23-47b8-88f3-013567828572"
NM_CONTROLLED=no
#BOOTPROTO=none
HWADDR=00:1e:90:f3:f0:02
ONBOOT=yes
#IPADDR=192.168.0.100
#NETMASK=255.255.255.0
#DNS2=8.8.4.4
TYPE=Ethernet
#GATEWAY=192.168.0.1
#DNS1=8.8.8.8
IPV6INIT=no
USERCTL=no
PREFIX=24
BRIDGE=br0

Then reboot the system:

reboot

After the reboot, run

ifconfig

It should now show the network bridge (br0):

[root@server1 ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.100  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::21e:90ff:fef3:f002  prefixlen 64  scopeid 0x20<link>
        ether 00:1e:90:f3:f0:02  txqueuelen 0  (Ethernet)
        RX packets 70  bytes 7511 (7.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 76  bytes 10847 (10.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:1e:90:f3:f0:02  txqueuelen 1000  (Ethernet)
        RX packets 117  bytes 15163 (14.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 92  bytes 12899 (12.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether ce:18:6f:2a:7f:0b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@server1 ~]#

 

3 Installing virt-viewer Or virt-manager On Your Fedora 17 Desktop

Fedora 17 Desktop:

We need a means of connecting to the graphical console of our guests - we can use virt-manager for this. I'm assuming that you're using a Fedora 17 desktop.

Become root...

su

... and run...

yum install virt-manager libvirt qemu-system-x86 openssh-askpass

... to install virt-manager.

(If you're using an Ubuntu 12.04 desktop, you can install virt-manager as follows:

sudo apt-get install virt-manager

)

 

4 Creating A Debian Squeeze Guest (Image-Based) From The Command Line

Fedora 17 KVM Host:

Now let's go back to our Fedora 17 KVM host.

Take a look at

man virt-install

to learn how to use virt-install.

We will create our image-based virtual machines in the directory /var/lib/libvirt/images/ which was created automatically when we installed KVM in chapter two.

To create a Debian Squeeze guest (in bridging mode) with the name vm10, 512MB of RAM, two virtual CPUs, and the disk image /var/lib/libvirt/images/vm10.img (with a size of 12GB), insert the Debian Squeeze Netinstall CD into the CD drive and run

virt-install --connect qemu:///system -n vm10 -r 512 --vcpus=2 --disk path=/var/lib/libvirt/images/vm10.img,size=12 -c /dev/cdrom --vnc --noautoconsole --os-type linux --os-variant debiansqueeze --accelerate --network=bridge:br0 --hvm

Of course, you can also create an ISO image of the Debian Squeeze Netinstall CD (please create it in the /var/lib/libvirt/images/ directory because later on I will show how to create virtual machines through virt-manager from your Fedora desktop, and virt-manager will look for ISO images in the /var/lib/libvirt/images/ directory)...

dd if=/dev/cdrom of=/var/lib/libvirt/images/debian-6.0.5-amd64-netinst.iso

... and use the ISO image in the virt-install command:

virt-install --connect qemu:///system -n vm10 -r 512 --vcpus=2 --disk path=/var/lib/libvirt/images/vm10.img,size=12 -c /var/lib/libvirt/images/debian-6.0.5-amd64-netinst.iso --vnc --noautoconsole --os-type linux --os-variant debiansqueeze --accelerate --network=bridge:br0 --hvm

The output is as follows:

[root@server1 ~]# virt-install --connect qemu:///system -n vm10 -r 512 --vcpus=2 --disk path=/var/lib/libvirt/images/vm10.img,size=12 -c /var/lib/libvirt/images/debian-6.0.5-amd64-netinst.iso --vnc --noautoconsole --os-type linux --os-variant debiansqueeze --accelerate --network=bridge:br0 --hvm


Starting install...
Allocating 'vm10.img'              |  12 GB     00:00
Creating domain...                 |    0 B     00:00
Domain installation still in progress. You can reconnect to
the console to complete the installation process.
[root@server1 ~]#


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Fri, 2013-05-17 14:37.

[root@localhost Downloads] sudo gedit /etc/modprobe.d/blacklist.conf
 

Add these below lines

blacklist kvm-amd
blacklist kvm-intel
blacklist kvm

 Save and Quit

[root@localhost Downloads]# rmmod kvm_amd
[root@localhost Downloads]# rmmod kvm

Submitted by jfalco (not registered) on Thu, 2013-01-10 13:50.
For step one setting SELINUX=permissive would be a better solution, so you can log denials. If you were ever required to set it to enforcing (for an audit, etc.) you would have data that you could use to change context, policies, booleans, etc. in order to allow KVM to function with SELINUX. Note: Going from =disabled to =permissive or enforcing requires a relabel on the next reboot and this will take some time.