Installing and Working With CentOS 7 x64 and KVM

Section A: Installing KVM on Centos 7 x64 MinimalChecking for Virtualization Support

Just to be clear, we’ll need to check for virtualization support; that it is enabled in the BIOS and also enabled on kernel. To check if the kernel has virtualization support, run this command:

egrep '(vmx|svm)' --color=always /proc/cpuinfo

If the device supports virtualization, you will see either ‘vmx‘ or ‘svm‘ highlighted. VMX is the Intel flag, and SVM is the AMD flag.

Install Dependencies

Next, well want to get some dependencies going. Since You’ve already updated your OS to the latest patched version, we can install the software. I’ll spare you all the drama in the pre, as dependencies put mine at 147 total installed items, but just know that this is the command you’ll run to get KVM and associated tools installed:

yum -y install kvm virt-manager libvirt virt-install qemu-kvm xauth dejavu-lgc-sans-fonts virt-viewer

What are you installing? Here are some explanations.KVM: A full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V).Virt-Manager: A desktop user interface for managing virtual machines through libvirt.Libvirt: A toolkit to interact with the virtualization capabilities of recent versions of Linux.Virt-Install: A command line tool for creating new KVM container guests using the "libvirt"hypervisor

management library.Qemu-kvm: A Linux kernel module that allows a user space program to utilize the hardware virtualization features of various processors.Dejavu-lgc-sans-fonts: A font family based on the Vera Fonts.virt-viewer: A minimal tool for displaying the graphical console of a virtual machine.

Create Networking

The KVM host acts as a router to route traffic in and out of it’s interfaces. It uses NAT to translate the packets across the interfaces. We’ll have to set up our interfaces to act as usable devices for KVM. First step is to allow the kernel to do forwarding:

echo "net.ipv4.ip_forward = 1"|sudo tee /etc/sysctl.d/99-ipforward.conf

sudo sysctl -p /etc/sysctl.d/99-ipforward.conf

Next, we’ll want to turn the external interface into a bridge. This allows traffic to be routed across the interface. Start by looking at /etc/sysconfig/network-scripts/ and see whats listed:

ls /etc/sysconfig/network-scripts/

ifcfg-em1 ifdown-bnep ifdown-ipv6 ifdown-ppp ifdown-Team ifup ifup-eth ifup-isdn ifup-post ifup-sit ifup-tunnel network-functions ifcfg-lo ifdown-eth ifdown-isdn ifdown-routes ifdown-TeamPort ifup-aliases ifup-ippp ifup-plip ifup-ppp ifup-Team ifup-wireless network-functions-ipv6 ifdown ifdown-ippp ifdown-post ifdown-sit ifdown-tunnel ifup-bnep ifup-ipv6 ifup-plusb ifup-routes ifup-TeamPort init.ipv6-global

This lets me know that I’ve got an interface on/etc/sysconfig/network-scripts/ifcfg-em1, sounds good. I’ve only got one physical interface on the device I am working with.We’ll edit this file and make some changes (if you don’t know how to use VI, read this):

vi /etc/sysconfig/network-scripts/ifcfg-em1

My initial file looks like this:

HWADDR="xx:xx:xx:xx:xx:xx"TYPE="Ethernet"BOOTPROTO="dhcp"DEFROUTE="yes"PEERDNS="yes"PEERROUTES="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_PEERDNS="yes"IPV6_PEERROUTES="yes"IPV6_FAILURE_FATAL="no"NAME="em1"UUID="297f77a2-b6ec-4b79-b5db-59590f902d81"ONBOOT="yes"

We’re going to remove/comment out the IP information. We’re also going to add the BRIDGE variable, pointing to a file we’re going to make next. Change your interface to look somewhat like this:

#BOOTPROTO="dhcp"#DEFROUTE="yes"#PEERDNS="yes"#PEERROUTES="yes"#IPV4_FAILURE_FATAL="no"#IPV6INIT="yes"#IPV6_AUTOCONF="yes"#IPV6_DEFROUTE="yes"#IPV6_PEERDNS="yes"#IPV6_PEERROUTES="yes"#IPV6_FAILURE_FATAL="no"DEVICE=em1BOOTPROTO=staticONBOOT=yesBRIDGE=br0TYPE=Ethernet

Now, lets edit the “br0″ device before the computer finds out what we’ve done! We’lll edit the /etc/sysconfig/network-scripts/ifcfg-br0 and make it nice looking and simple like this:

DEVICE=br0TYPE=BridgeBOOTPROTO=staticONBOOT=yes

IPADDR=xx.xx.xx.xxNETMASK=xx.xx.xx.xxGATEWAY=xx.xx.xx.xxDNS1=xx.xx.xx.xx

Go ahead and save that file so that the system can read it.

Services Up

Next up, let’s start the libvirtd service:

systemctl start libvirtdsystemctl enable libvirtd

Next, lets reboot the machine.

reboot

That will reboot the system. If you are logged in via a SSH session, you’ll get booted.

KVM Up

Now that we are back up, let’s make sure that KVM is happy and added itself properly to our modules:

lsmod|grep kvm

You should get an output like this:

kvm_intel 138567 0 kvm 441119 1 kvm_intel

Next we can just double check that our bridge is up by running:

ip a show br0 | grep UP

This will let you know if the br0 interface is up. I don’t know about you, but I am SSH’d into this box, so I KNOW it’s up.

Lastly, we can query qemu and see if we can hit KVM:

sudo virsh -c qemu:///system list

Id Name State

—————————————————

This looks good on my end! Let’s get on with it!

Section B: Configuring and Using KVMOur First Virtual Machine

Templates

Before we make a VM, let’s query KVM to see what kind of templates that we have. You can query KVM like this:

virt-install --os-variant=list

win7 : Microsoft Windows 7vista : Microsoft Windows Vistawinxp64 : Microsoft Windows XP (x86_64)winxp : Microsoft Windows XPwin2k : Microsoft Windows 2000

win2k8 : Microsoft Windows Server 2008win2k3 : Microsoft Windows Server 2003openbsd4 : OpenBSD 4.xfreebsd8 : FreeBSD 8.xfreebsd7 : FreeBSD 7.xfreebsd6 : FreeBSD 6.xsolaris9 : Sun Solaris 9solaris10 : Sun Solaris 10opensolaris : Sun OpenSolarisnetware6 : Novell Netware 6netware5 : Novell Netware 5netware4 : Novell Netware 4msdos : MS-DOSgeneric : Genericdebianwheezy : Debian Wheezydebiansqueeze : Debian Squeezedebianlenny : Debian Lennydebianetch : Debian Etchfedora19 : Fedora 19fedora18 : Fedora 18fedora17 : Fedora 17fedora16 : Fedora 16fedora15 : Fedora 15fedora14 : Fedora 14fedora13 : Fedora 13fedora12 : Fedora 12fedora11 : Fedora 11fedora10 : Fedora 10fedora9 : Fedora 9fedora8 : Fedora 8fedora7 : Fedora 7fedora6 : Fedora Core 6fedora5 : Fedora Core 5mageia1 : Mageia 1 and latermes5.1 : Mandriva Enterprise Server 5.1 and latermes5 : Mandriva Enterprise Server 5.0mandriva2010 : Mandriva Linux 2010 and latermandriva2009 : Mandriva Linux 2009 and earlierrhel7 : Red Hat Enterprise Linux 7rhel6 : Red Hat Enterprise Linux 6rhel5.4 : Red Hat Enterprise Linux 5.4 or laterrhel5 : Red Hat Enterprise Linux 5rhel4 : Red Hat Enterprise Linux 4rhel3 : Red Hat Enterprise Linux 3rhel2.1 : Red Hat Enterprise Linux 2.1sles11 : Suse Linux Enterprise Server 11sles10 : Suse Linux Enterprise Serveropensuse12 : openSuse 12opensuse11 : openSuse 11ubuntusaucy : Ubuntu 13.10 (Saucy Salamander)ubunturaring : Ubuntu 13.04 (Raring Ringtail)ubuntuquantal : Ubuntu 12.10 (Quantal Quetzal)ubuntuprecise : Ubuntu 12.04 LTS (Precise Pangolin)ubuntuoneiric : Ubuntu 11.10 (Oneiric Ocelot)ubuntunatty : Ubuntu 11.04 (Natty Narwhal)ubuntumaverick : Ubuntu 10.10 (Maverick Meerkat)ubuntulucid : Ubuntu 10.04 LTS (Lucid Lynx)ubuntukarmic : Ubuntu 9.10 (Karmic Koala)ubuntujaunty : Ubuntu 9.04 (Jaunty Jackalope)ubuntuintrepid : Ubuntu 8.10 (Intrepid Ibex)ubuntuhardy : Ubuntu 8.04 LTS (Hardy Heron)virtio26 : Generic 2.6.25 or later kernel with virtiogeneric26 : Generic 2.6.x kernelgeneric24 : Generic 2.4.x kernel

Well, that’s a good start!

SELinux

One thing we’ll need to work with is SELinux. We don’t want to disable SElinux, because that is what the ‘feint of heart’ do; we embrace it.

First, install policycoreutils-python:

yum -y install policycoreutils-python

After that gets installed, we can run the semanage utility. If you intend on putting the virtual machines anywhere other than /var/lib/libvirt, you’ll want to run the semanage utility on the directory where we want the VM images stored. In my case, I have a directory at /opt/, so I’ll run it on /opt/3TB/VirtualMachines. First, create the directory:

mkdir -p /opt/3TB/VirtualMachines

Then, set SELinux:

semanage fcontext -a -t virt_image_t "/opt/VirtualMachines(/.*)?"restorecon -R /opt/VirtualMachines

That will open up my /opt/VirtualMachines for SELinux.

Firewall-CMD (optional, not needed if tunneling the traffic)

The new IPTables. You’ll want to open up the port for VNC connections to console on the virtual machines. You can do that with this command:

firewall-cmd --zone=public --add-port=5900/tcp --permanentfirewall-cmd --reload

Thats going to open port 5900 TCP up to VNC to console.

Create the Virtual Machine

We’ll use the ‘virt-install’ command to create the virtual machine. Here are some of the options to use with virt-install:

–connect # Keyto connect to a server, well use the value{qemu:///system} for this command. –n # The name of the Virtual Machine guest. –r # The amount, in megabytes, of RAM you want to add to the system. –vcpus=x # The number of CPUs to assign to the Virtual Machine, replace x with the number of

CPUs. –disk # The location of the virtual machine disk file. Pass {path=/path/to/file.img,size=x} as the

argument for this key. Where x in the argument, pass an integer, it will be the size in gigabytes. –graphics # How to display the console of the virtual machine. Pass {vnc,listen=0.0.0.0} to allow a

VNC connection to pass through to any ip address. –noautoconsole # Do not automatically connect to the console of the virtual machine. –os-type # General flavor of the operating system. Can pass {windows} to use a Microsoft variant. –os-variant # The specific operating system, pass {win2k8} as the argument. –accelerate # To use the hardware-assisted acceleration. –network= # Pass the {bridge=br0} to specify the bridge we created earlier. –hvm # To use full virtualization on the virtual machine. –cdrom # Pass the {/path/to/file.iso} to link up a virtual CDROM onto the machine.

You can always pass the “-h”. You can also gather your favorite options from the virt-install website.

I took a gander at the website and came up with this for a Server 2008 R2 machine (note I pre-staged the ISO file in /opt/ISO/:

virt-install --connect qemu:///system --graphics vnc,listen=0.0.0.0 --name=NPGENERALS01 --ram=4096 --vcpus=2 --cdrom=/opt/ISO/Server2008R2.iso --os-variant=win2k8 --disk /opt/VirtualMachines/NPGNERALS01.img,size=60 --network=bridge:br0 --autostart

This gave me some nice ‘getting it done’ output:

Starting install...Creating storage file NPGNERALS01.imgCreating domain... Connected to domain NPGENERALS01Escape character is ^]Domain installation still in progress. Waiting for installation to complete.

At this point, you are going to need to connect to the server via VNC on port 5900. I’m using OSX Yosemite. I could not use the built-in VNC, nor could I use realVNC. Fortunately Chicken VNC worked just fine. Here’s a screenshot connecting into this Server 2008R2 machine:

From there, you can run your install routine.

Considerations and Management Commands

Notes about VNC/Firewall-CMD/SSH

From this point, you can get fancy with the virt-install man page and install a linux host or what have you.There is something to be said about the firewall, VNC, and new machines. Each machine you create increments a port up from 5900. The first VM will be 5900, the second will be 5901, and so on. Your firewall will have to be either opened on those ports as I demonstrated earlier, or you need to tunnel the traffic via SSH. You can always find the VNC port of the guest machine by this command:

virsh vncdisplay {servername}

Management Commands

The virsh command will get you through all the things that you needed to do. Namely you can

1. Get a list of the guests with {virsh —connect qemu:///system list} 2. Get more info on a guest with {virsh dominfo {servername}} 3. Shutdown a guest with {virsh —connect qemu:///system shutdown {servername}} 4. Force reboot a guest with {virsh —connect qemu:///system destroy {servername}} 5. Power on a guest with {virsh —connect qemu:///system start {servername}} 6. Delete a guest 1. {virsh —connect qemu:///system destroy {servername}} 2. {virsh —connect qemu:///system undefine {servername}} 3. {rm -Rf /path/to/servername.iso}

Conclusion

This has been a simple rundown on installing KVM on CentOS 7 x64. I hope I have taken into consideration everything I needed. Feel free to drop me an email if something is awry. Happy admining.