Ubuntu 13.10 under KVM with Spice 5
Installed Ubuntu 13.10 x86 under an ubuntu 12.04 KVM server.
Installation
VM Settings:
- 1G of RAM
- 500MB swap
- 10G of ext4 for /
- Cirrus video – 9MB
Install started at : 08:43:54 EDT 2013
Install ended at : 08:58:07 EDT 2013
Reboot.
forgot to remove the installation ISO file – remove and reboot again. ;)
Login.
About 15 minutes to install a full desktop OS? What is not to like?
Configuration and Setup
Purge nano
Install openssh-server
Purge unity-lens-* unity-scope-* geoclue-ubuntu-geoip compiz – remove tracking and prevent “GUI cheese” from getting in the way of VM performance.
visudo – for my settings.
Haven’t updated anything yet – get the current IP, decide on a static one and tell ansible to do the rest in a few minutes.
Current DHCP IP – 192.168.1.249
Future static IP – 192.168.1.61
Running a remote desktop using VNC/KVM/virt-manager … er … sucks. This has been an issue with virt-manager and VNC since the beginning. It still is.
Push my ssh keys to the machine, login … feels good. Setup a quick ansible set of tasks for a desktop …. and let her go.
Ansible got stuck …. installing some server packages.
Quickly modify the /etc/network/interfaces file manually with the static IP and
- Reboot.
- Login – after trying to contact the VM over the network with ssh, ping, … arp … can’t find it. Hummmm
- Back to the console then login and now I’m staring at a black screen.
Ask the VM to shutdown nicely. Nadda.
Destroy the VM. Done. Restart it.
Login window is displayed and it is time to search for the box on the subnet. - nmap -sT 192.168.1.100/24
didn’t find anything … on the login screen – before logging in, there is a Connection Information option which returned “No valid active connections found!” – nice. Can’t do anything remotely OR locally.
So I give up and login … Error: window-stack-bridge
From there, I switch to a different console – alt-2, login and get to work. First, check on the network connection. My interfaces file changes are there, but the interface was not brought up – ah – user error. I had left off the “auto eth0” part inside the interfaces file. Restart networking – working perfectly now.
Restart the ansible script … step away for a few minutes.
When that completed, I had a desktop with my preferred stuff on it, configured to be part of my network – using my DNS, my NTP, and other infrastructure.
Of Spice and Men
I even got a wild hair somewhere and decided to re-try spice on this VM. After a few false starts, downloaded a new spice client and remembered to reset the localhost-only listener … to listen on public interfaces and was able to connect. I think that last part was the issue with all prior attempts, see, I never actually run a desktop on the same hardware where the VMs run. It didnt work though virt-manager, but always through remote-viewer.com from a Windows client. Also worked from a Linux client a few minutes later – spicec. Went back to a few older VMs and made connections with those too – 12.04, 13.10 all worked, with video streaming much better than expected AND audio worked. The connections are not encrypted and only happen over the LAN, so I dont know if this can replace my FreeNX setup. … yet. A few more weeks of testing from home will be needed too.
Some keys are ignored on the keyboard through spice, so it definitely need tweaking. No quotes – single or double so far. Also, the keyboard input is grabbed and held in a way that is not clear to me yet, so switching between the host windows and remote-viewing desktop is not 100% seamless. It is good, but not seamless.
The tricks to getting spice working are in the virt-manager settings:
- select the VM
- Add new hardware – graphics
- Display/Video – default is VNC – change that to spice- be certain to check the all interfaces checkbox.
- It should prompt to add spice channels – yes
- remove the prior VNC video
- change the video card model from cirrus to qxl – this only works for spice on Linux client VMs. Under Windows, there is a device driver that must be loaded first, I understand.
- Restart the VM.
- Lookup the port used for the VM you wish to connect with – something in the 590x range. I checked the process table for the VM-Name and it was in the KVM-spice command arguments. This is un-encrypted, so do not use it over the internet without a VPN.
That is it for the server-side.
On the client – remote-viewing – side, we just need the spice client. That is either spicec on Linux/UNIX systems – the other dependencies should be pulled in. On Windows, there is an installed available from the main spice project website. Be certain to get the x32 or x64 package as needed. Install it … though it is not really an installer.
On the client, I created a script/batch file to make starting the connection easier.
start c:\Users\{my-username}\AppData\Local\virt-viewer\bin\remote-viewer.com spice://qbe:5903
Again, change the port to match what you discovered above. When it connected, a full desktop was displayed with slightly odd resolution. Use xrandr or lxrandr or arandr or whatever tool you like to change the resolution from inside the display.
Almost everything behaves fairly snappy. When switching into the display from another local window, sometimes there is a 1-2 second lag as the channels get going again, but after that, it is FAST.
I hope this helps someone.
So, that is the extent of my testing on that new VM. Seems like every other Ubuntu release, except at the GUI … which I replace.
Anyone else have Spice working well?
Have you tried Ubuntu 13.10 yet?
So, spice is working well enough on desktop VMs running on 12.04.3 and later host-servers. It doesn’t work so well on 10.04 servers. Sadly, that is where a Windows media center install sits and all attempts to migrate it do a newer VM server have failed. It refuses to boot. Inside 10.04 KVM, the spice drivers are not supported. Sniff, sniff.
Also, wifi-G doesn’t appear to have the bandwidth for spice to be entirely happy. I won’t be giving up on FreeNX any time soon, since bandwidth over the internet will never be as good as wifi-G in my home.
Perhaps there are some spice protocol optimizations that will help with bandwidth – I dunno.
Also, the TLS support is not intuitively obvious. Seems that using OpenVPN would be easier AND more secure.
Hi, I’ve been reading your blog for some time, and it was due to it that I’ve taken a more serious plunge into the Linux side of things :) Just wanted to ask if you could give me some pointers on how to configure a Ubuntu or Mint OS in order to be more secure, and also on how to build a KVM server. Thanks!
Hi Miguel!
Thanks for dropping a note.
For security, see the links on the right-hand-side of this page. I don’t really deal with much security on any desktop OS and much of my security is actually performed in the network layer.
Finding prior articles here on security. I try to tag carefully.
Prior Linux articles.
Prior Virtualization articles.
Prior KVM articles. – don’t always tag this, sorry.
Sorry that the tag links on the side-panel aren’t working. Blog error and my attempts to migrate to a newer version have failed terribly. Life gets in the way.
How to build a KVM server … there are 1000+ ways depending on your end goal. The way I build a KVM server probably does NOT match to the way that 99% of the world needs it built. The build decisions revolve around network adapter use for any VM, subnetting, storage layout and flexible access. I often fail, but don’t realize it for about 2 yrs. ;) At the time, the choices are completely brilliant, only time shows the warts.
Thanks for the tips! Can you tell me more about the security measures that you perform on the network layer?
Don’t have time to answer that. See the already provided links above.
I am available for paid consulting at highly competitive rates compared to the competition’s $300/hr rates.
My LUG is having a Sever Security Meeting next week. Everyone is invited. We have not recorded these meetings previously, but if someone volunteers to do it, we would host the videos.