Running VMs w/ KVM + virt-manager
Beginning Linux Virtualization
JD P
JDPfu Systems
Abstract
Hands-On Setup, Installation and Deployment of KVM and virt-manager
Run egrep '^flags.*(vmx|svm)' /proc/cpuinfo
to validate CPU + BIOS capability
Do NOT have either VMware or VirtualBox installed. Having multiple hypervisors on the same machine is problematic. It is fine to have them in a different OS install on a dual-boot machine.
About Me
- Virtualization user / designer
- 20+ Years ProEx
- Enterprise Tech Arch / System Admin
- Real-time Space Shuttle GN&C CMMI-5; Rocket Scientist
- Cross-Platform C/C++ Developer (12+)
- Perl WebApp Developer
- World Traveler (5 continents, 24 countries)
JDPfu Systems
- We do architecture designs for
- infrastructure,
- applications,
- security,
- complex systems (especially virtualization)
We can help ensure a great design that can be implemented and lead the deployment team through to user acceptance success.
(marketing dept should be happy now.)
About You
What is your background?
Which VM tools do you use?
Why?
Using KVM and/or libvirt?
100 Ways
There must be 100 different ways to accomplish the same goal. We will see 1-way tonight based on years of experience.
I make no claim that this is the single, best, only, way to setup KVM on a system.
YMMV!
KVM
Kernel-based Virtual Machine
- an enterprise class VM tool suitable for servers and remote desktops
- part of the Linux kernel - GPL
- extremely stable - has NEVER crashed on me, unlike OTHER hypervisors
- the underlying technology behind OpenStack, Proxmox and many other "VM Suites"
- Backed by IBM, Redhat, Oracle, NASA, Rackspace ...
Libvirt
- Management of virtual machines, virtual networks and storage
- Stable API - strive to never remove APIs
- VM Management
- Storage: SCSI, USB, IDE, iSCSI, NFS, LVM, FibreChannel
- Network management
- CLI - virsh
- GUI - virt-manager, virt-viewer, others ...
- Web - Ovirt, AbiCloud, VMmanager
- Remote management thru ssh is built-in, TLS, x.509 supported
Goals for Tonight
Tonight, we will
- start with a basic Ubuntu Server + LXDE (assumed) - 14.04 beta
- add Linux bridging
- add kvm
- add virt-manager (and libvirt)
- setup a VM - discussing performance options
- connect to the VM
This will be live - expect surprises.
Virtualization Overview
Common to have 10 VMs or more per physical system.
The Setup
- Just 1 physical machine
- 1TB physical RAM supported by x64 kernel
- Opt items for remote desktops over a secure tunnel
- lvm2 is optional too, but highly recommended
- MS-Windows clients exist
Requirements
- VT-x or AMD-v are supported in the CPU and BIOS
- start with a basic Ubuntu Server + LXDE (assumed)
- No other hypervisor is installed
Before we install ...
Performance Considerations
- Preallocate vHDD storage - no sparse, unless SSDs (raw or qcow2)
- virtio for vHDD and Network devices (default Linux) ref
- disable disk caching - let lvm or the hostOS handle this
- SATA / E1000 NIC virtio NOT available (or MS)
- 1 vCPUs , unless MORE is proven required.
- Minimal storage allocation - 4-8G is usually fine srvs
- Min RAM allocation (512MB is huge for many servers)
- Do NOT overcommit resources (RAM, CPU, Disk, Net)
Install a few packages
$ sudo aptitude install \
openssh-server virt-manager \
kvm qemu-system \
bridge-utils \ fail2ban
or
sudo yum install bridge-utils \
fail2ban kvm virt-manager \
openssh-server
Verify
$ lsmod |grep kvm
kvm_intel 137928 0
kvm 452238 1 kvm_intel
- openssh-server, fail2ban
- bridge-utils
- kvm
- virt-manager
That's it!
reboot or newgrp might be needed
Linux Bridging Prep
Can dynamically create a bridge using brctl or with static files.
- Redhat : /etc/sysconfig/network-scripts/
- Debian : /etc/network/interfaces
NetworkManager must be disabled prior to enabling bridges (Desktops)
- nm-connection-editor (debian)
Linux Bridging
# #######################
# /etc/network/interfaces file
auto br0
iface br0 inet static
address 192.168.0.90
gateway 192.168.0.200
netmask 255.255.255.0
dns-nameservers 8.8.8.8
metric 1
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
- eth0 make stanza manual,
- remove IP/DHCP.
- l0 leave stanza alone.
Redhat: bridge creation in rpm-land can be dynamic with brctl or static with files. The files go in /etc/sysconfig/network-scripts and are called ifcfg-br0 ifcfg-br1, etc.
Built-in bridging might work, but if problems, this method is always stable.
No Guest Additions!
Integrations should use nominal methods supported by the OS.
- NFS/Samba/sshfs for file sharing
- X/Windows, VNC, NX, RDP for remote desktops
- USB pass-thru is supported
- PCIe/x pass-thru is supported (PCIe has fewer restrictions)
- Video card pass-thru is supported with extremely specific HW (95% native perf for gaming) - highly experimental
Live Demo / VM Setup
Going Live.
Launch virt-manager from any Linux machine running X/Windows
Remember the assumptions - VT-x enabled, install few progs, verify grp membership, kvm module loaded, ssh-server if remote control/access is desired.
Private Cloud for You
- KVM used by OpenStack (Rackspace, Redhat, AT&T, NASA, others)
- Very large scale deployments - 2,000+ physical machines
- Run DevStack 1 machine to learn
- OpenStack Conf May 12-16 in ATL!
- OpenStack Meetup Group in MetroATL - google it.
- Great career choice, IMHO
Requirements for a Cloud
- Shared Storage - iSCSI, NFS, AoE - NOT SAMBA!
- 2-50K physical servers
- Above average network skills - gets complicated
- Time to learn - clouds are complex
- Large Scale Autobuild knowledge (Cobbler, virt-install, others)
- Large Scale Automation knowledge (Chef, Puppet, Ansible, Salt)
Next Month ALE-NW
Surprise Meeting Topic
Questions from the floor, work on a project
Help with installs, setups, etc.
Why Virtualize?
- HW Agnostic - remove OS dependency on specific HW
- Proprietary software where 100% compatibility is required (MS-Office, Visio, etc)
- Proprietary VPN for work (Cisco VPN)
- Development Teams
- Master Build/Devel/Debug Env Setup; 1 setup, multiple deployments
- Freeze Dry Build/Debug Env - support old customer setups
More Reasons for Virtualization
- Testing Teams - build a VM library for different test OSes and setups
- Freeze Dry customer-like Envs
- Snapshot specific OSes, scenarios, initial data, etc.
- Run Old Software / Games (16-bit, DOS, Win95, etc)
- Complete VM backup that is 100% everything - apps, settings, patches
- Disaster Recovery
More Reasons for Virtualization
- Try new OSes w/o risk or more HW
- Desktop Setups / Easy Migration to new/faster physical HW
- Reduce application env setup time (not on prod equip)
- Live System Migration w/ just a few seconds of service interruption
More Reasons for Virtualization
- Security - LiveCDs don't save anything to disk
- Specialized Distros, especially for security professionals and vendors
- Many, many, many others