Install and use CentOS 7 or RHEL 7 as KVM virtualization host

When thinking about virtualization, everybody immediately thinks about VMWare. And it must be said, the product they offer is very decent but also comes with a “decent” price. As an alternative, it’s worth looking into KVM for your virtualization. As with the
VMWare product range, KVM offers full virtualization and it can compete with VMWare regarding stability and performance.

Virtualization-terminology

To prevent things getting confused I would first like to clear out some terminology used for virtualization. For somebody working on a daily basis in virtual environments, these might be clear but can be rather confusing for others.

Host: the machine that hosts other system, KVM will be installed on this machine

Guest: the system running on the host, also referred to as VM, Virtual Machine or domain.

Hypervisor: the piece of software that enables virtualization on the host. For example: KVM, ESXi, Xen, …

Part1: KVM installation and preparation

KVM hypervisor and VM-extensions

As mentioned earlier, KVM offers, as VMWare, full virtualization. This means that a full system, which looks like a real physical system to the guest-OS, will be offered. Besides full virtualization, there is also such a thing as paravirtualization, as Xen
can offer. Paravirtualization gives you higher performance but needs a modified guest-OS and is basically limited to *nix-systems. Full virtualization enables you to run unmodified guest-systems and thus also most proprietary systems as Windows . In order
to be able to use full virtualization, you either need some virtualization-extensions on your CPU or use emulation.

First thing to do is to check if the host-machine supports VM-extensions. On the x86 platofrom, those are either AMD-V or Intel’s VT-X. In order to check if the installed CPU’s support those extensions, we need to check if the vmx (for VT-X) or svm (for AMD-V)
flag exists in the cpuinfo-output:

1 2	[jensd@kvmhost~]$egrep -c'(vmx|svm)'/proc/cpuinfo 2

When the output is 0, meaning that neither vmx or svm is found in the flags, it probably means that your CPU doesn’t support those extensions and there is little you can do. When the extensions are listed, be sure to check if they are enabled in the systems
BIOS since that would cause problems later on. In case your CPU doesn’t support VM-extensions, you are limited to QEMU-emulation in combination with KVM, which delivers a much worse performance in comparison. For this tutorial, I’ll assume that the VM-extensions
are supported and enabled in the BIOS of the host-system.

KVM installation

The first step in the KVM installation is installing the necessary packages. Package virt-manager, xauth and dejavu-lgc-sans-fonts are also needed if you want to manage KVM with the graphical interface in combination with X11 forwarding. (for more information,
check this
previous post about X11 forwarding)

To install the required packages

1 2 3

[jensd@kvmhost~]$ sudoyuminstallkvmvirt-managerlibvirtvirt-installqemu-kvmxauthdejavu-lgc-sans-fonts ... Complete!

Networking

For the networking part, our KVM-host will act as a router for its guests and we will need to create a bridge interface to allow the guest to communicate out of the host. Guests will use NAT on the host to connect to the real network. To allow such type of
setup it’s needed to allow ip forwarding in the kernel parameters.

1 2 3 4

[jensd@kvmhost~]$echo "net.ipv4.ip_forward = 1"|sudo tee /etc/sysctl.d/99-ipforward.conf net.ipv4.ip_forward=1 [jensd@kvmhost~]$sudosysctl -p/etc/sysctl.d/99-ipforward.conf net.ipv4.ip_forward=1

After allowing the host to do ip forwarding, we need to change the network configuration. Basically we will keep our original physical interface as it is but will assign its IP-address to the brige. In the example host-machine there is one real interface called
eno16777736 and the script in /etc/sysconfig/network-scripts/ifcfg-eno16777736 looks like this:

1 2 3 4 5 6 7

DEVICE="eno16777736" ONBOOT=yes IPADDR="192.168.202.111" NETMASK="255.255.255.0" GATEWAY="192.168.202.2" HWADDR="00:0c:29:32:d0:4c" DNS1="192.168.202.2"

The first thing to change here, is to comment out everything that is IP-related and tell the interface which interface will be the bridge. Resulting in /etc/sysconfig/network-scripts/ifcfg-eno16777736 to look like this:

1 2 3 4 5 6 7 8

DEVICE="eno16777736" ONBOOT=yes #IPADDR="192.168.202.111" #NETMASK="255.255.255.0" #GATEWAY="192.168.202.2" HWADDR="00:0c:29:32:d0:4c" #DNS1="192.168.202.2" BRIDGE=virbr0

Next, we can create the config-script for the bridge interface virbr0 in /etc/sysconfig/network-scripts/ifcfg-virbr0. Most details can be copied from the original script for eno16777736:

1 2 3 4 5 6 7 8

DEVICE="virbr0" TYPE=BRIDGE ONBOOT=yes BOOTPROTO=static IPADDR="192.168.202.111" NETMASK="255.255.255.0" GATEWAY="192.168.202.2" DNS1="192.168.202.2"

Finish and check the KVM installation

Basically all components are now ok but before KVM can be used it’s a good idea to perform a reboot in order to load the kvm-modules and to relaod the new network settings.

After the reboot, we should check if the necessary kernel modules are loaded, which means that KVM successfully can handle the VM-extensions of our CPU:

1 2 3

[jensd@kvmhost~]$lsmod|grepkvm kvm_intel1385670 kvm4411191kvm_intel

Check if the bridge is installed and in an up-state:

1 2 3 4 5 6 7

[jensd@kvmhost~]$ipashowvirbr0 3:virbr0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUP link/ether00:0c:29:32:d0:4cbrdff:ff:ff:ff:ff:ff inet192.168.202.111/24brd192.168.202.255scopeglobalvirbr0 valid_lftforeverpreferred_lftforever inet6fe80::20c:29ff:fe32:d04c/64scopelink valid_lftforeverpreferred_lftforever

Last thing to check is if we can connect to KVM by asking for a simple list of systems:

1 2 3

[jensd@kvmhost~]$sudovirsh -cqemu:///systemlist IdNameState ----------------------------------------------------

If it returns something else, then you should go trough the earlier steps to check where something went wrong.

Part 2: Using KVM with the CLI

After completing the KVM installation, it’s time to start using the host. First thing we need to do is to create a new domain or VM.

Adding a new VM

To create a new virtual machine using the CLI, we need to know which template we will use to install the system. To get a list of templates that are known in our KVM installation, you can do the following:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70

[jensd@kvmhost~]$virt-install--os-variant=list win7:MicrosoftWindows7 vista:MicrosoftWindowsVista winxp64:MicrosoftWindowsXP(x86_64) winxp:MicrosoftWindowsXP win2k:MicrosoftWindows2000 win2k8:MicrosoftWindowsServer2008 win2k3:MicrosoftWindowsServer2003 openbsd4:OpenBSD4.x freebsd8:FreeBSD8.x freebsd7:FreeBSD7.x freebsd6:FreeBSD6.x solaris9:SunSolaris9 solaris10:SunSolaris10 opensolaris:SunOpenSolaris netware6:NovellNetware6 netware5:NovellNetware5 netware4:NovellNetware4 msdos:MS-DOS generic:Generic debianwheezy:DebianWheezy debiansqueeze:DebianSqueeze debianlenny:DebianLenny debianetch:DebianEtch fedora19:Fedora19 fedora18:Fedora18 fedora17:Fedora17 fedora16:Fedora16 fedora15:Fedora15 fedora14:Fedora14 fedora13:Fedora13 fedora12:Fedora12 fedora11:Fedora11 fedora10:Fedora10 fedora9:Fedora9 fedora8:Fedora8 fedora7:Fedora7 fedora6:FedoraCore6 fedora5:FedoraCore5 mageia1:Mageia1andlater mes5.1:MandrivaEnterpriseServer5.1andlater mes5:MandrivaEnterpriseServer5.0 mandriva2010:MandrivaLinux2010andlater mandriva2009:MandrivaLinux2009andearlier rhel7:RedHatEnterpriseLinux7 rhel6:RedHatEnterpriseLinux6 rhel5.4:RedHatEnterpriseLinux5.4orlater rhel5:RedHatEnterpriseLinux5 rhel4:RedHatEnterpriseLinux4 rhel3:RedHatEnterpriseLinux3 rhel2.1:RedHatEnterpriseLinux2.1 sles11:SuseLinuxEnterpriseServer11 sles10:SuseLinuxEnterpriseServer opensuse12:openSuse12 opensuse11:openSuse11 ubuntusaucy:Ubuntu13.10(SaucySalamander) ubunturaring:Ubuntu13.04(RaringRingtail) ubuntuquantal:Ubuntu12.10(QuantalQuetzal) ubuntuprecise:Ubuntu12.04LTS(PrecisePangolin) ubuntuoneiric:Ubuntu11.10(OneiricOcelot) ubuntunatty:Ubuntu11.04(NattyNarwhal) ubuntumaverick:Ubuntu10.10(MaverickMeerkat) ubuntulucid:Ubuntu10.04LTS(LucidLynx) ubuntukarmic:Ubuntu9.10(KarmicKoala) ubuntujaunty:Ubuntu9.04(JauntyJackalope) ubuntuintrepid:Ubuntu8.10(IntrepidIbex) ubuntuhardy:Ubuntu8.04LTS(HardyHeron) virtio26:Generic2.6.25orlaterkernelwithvirtio generic26:Generic2.6.xkernel generic24:Generic2.4.xkernel

Virtual disk images for the KVM-guests can be placed in /var/lib/libvirt by default. In case you prefer to use another location to store the disk images, SELinux will, by default, prevent access and the security context of that location needs to be changed
in order to use it for KVM. To change the SELinux context when storing the images in another location (/vm for example):

1 2	[jensd@kvmhost~]$sudosemanagefcontext -a -tvirt_image_t"/vm(/.*)?" [jensd@kvmhost~]$sudorestorecon -R/vm

Now, to add a new VM, we can use virt-install.

Example to add a windows-guest:

1 2 3 4 5

[jensd@kvmhost~]$sudovirt-install--connectqemu:///system -nvmwin7 -r1024--vcpus=2--diskpath=/var/lib/libvirt/images/vmwin7.img,size=10--graphicsvnc,listen=0.0.0.0--noautoconsole--os-typewindows--os-variantwin7--accelerate--network=bridge:virbr0--hvm--cdrom/var/X17-59186.iso Startinginstall... Allocating'vmwin7.img'|10GB00:00:00 Creatingdomain...|0B00:00:00 Domaininstallationstillinprogress.Waitingforinstallationtocomplete.

Explanation of the arguments that were given to virt-install:

–connect qemu:///system : connect to KVM on the local system, we could also connect to another KVM-host and define our new VM there

-n vmwin7 : name of the new VM: vmwin7

-r 1024 : amount of memory for the VM: 1GB

–vcpus=2 : amount of virtual CPU’s for the VM: 2

–disk path=/var/lib/libvirt/images/vmwin7.img,size=10 : where to store the virtual disk image of the VM and the size: 10GB

–graphics vnc,listen=0.0.0.0 : how to display the VM’s console: via VNC accessible from outside

–noautoconsole : do not automatically connect to the console

–os-type windows –os-variant win7 : type of guest OS (from the list given above)

–accelerate : use KVM HW-acceleration

–network=bridge:virbr0 : network bridge to use

–hvm : full virtualisation

–cdrom /var/X17-59186.iso : location of the installation ISO

After launching the above command, you should be able to connect with VNC to the host and get on the console-display of the VM. The console displays what would normally, on a physical machine, appear on the attached monitor.

By default, VNC will use the first available screen on port 5900. To be sure which screen is used, we can use virsh to show the attached console-screens for VNC:

1 2	[jensd@kvmhost~]$sudovirshvncdisplayvmwin7 :0

:0 means the first screen and real port 5900 as you can also see when checking with netstat which ports are currently listening:

1 2	[jensd@kvmhost~]$netstat -tln|grep:59 tcp000.0.0.0:59000.0.0.0:*LISTEN

Now, connect to the KVM-host with a VNC viewer. I’m using TightVNC but every VNC viewer should do:



From this point, we can complete the windows installation as if it would be a normal physical system:



After completing the installation with VNC, we end up with a Windows-VM that is running on our KVM-host:



As for the networking part, we use the earlier created bridge (virbr0) to do NAT. This means that the KVM-host NAT’s all our connections to the real network connected to the KVM-host. If DHCP is active on that network, it can be used in the VM. Otherwise you
will have to configure a static IP in the same subnet.

Example to add a Linux-guest:

To add a Linux guest, next to the already added Windows-guest is quite similar:

1 2 3 4 5

[jensd@kvmhost~]$sudovirt-install--connectqemu:///system -nvmdeb7 -r512--vcpus=1--diskpath=/var/lib/libvirt/images/vmdeb7.img,size=2--graphicsvnc,listen=0.0.0.0--noautoconsole--os-typelinux--os-variantdebianwheezy--accelerate--network=bridge:virbr0--hvm--cdrom/tmp/debian-7.5.0-amd64-netinst.iso Startinginstall... Allocating'vmdeb7.img'|2.0GB00:00:00 Creatingdomain...|0B00:00:02 Domaininstallationstillinprogress.Youcanreconnecttotheconsoletocompletetheinstallationprocess.

As with the Windows-VM, after launching this command, you should be able to connect with VNC to the host and get on the console of the VM to complete the Debian installation.

To know which VNC-display number (and port) is used for a certain VM, the same command as used earlier should do:

1 2	[jensd@kvmhost~]$sudovirshvncdisplayvmdeb7 :1

Above command gives :1 as result, meaning that the guest vmdeb7 can be contacted with VNC on port 5901:



After finishing the installation, we end up with a Linux guest running on top of our KVM-host. Which Linux distro we are using doesn’t matter since we’re doing full virtualization.

1 2 3 4 5

root@deb:~#uname -a Linuxdeb3.2.0-4-amd64#1SMPDebian3.2.60-1+deb7u3x86_64GNU/Linux root@deb:~#cat/proc/cpuinfo|grepmodel model:13 modelname:QEMUVirtualCPUversion1.5.3

Considering network, the same as with the Windows VM applies here. Our connections are NATted trough the KVM-host and we can use the DHCP-server of our real network.

1 2 3 4 5 6 7 8 9 10 11 12

root@deb:~#ping -c18.8.8.8 PING8.8.8.8(8.8.8.8)56(84)bytesofdata. 64bytesfrom8.8.8.8:icmp_req=1ttl=128time=23.8ms ---8.8.8.8pingstatistics--- 1packetstransmitted,1received,0%packetloss,time0ms rttmin/avg/max/mdev=23.855/23.855/23.855/0.000ms root@deb:~#ipashoweth0 2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000 link/ether52:54:00:33:65:75brdff:ff:ff:ff:ff:ff inet192.168.202.140/24brd192.168.202.255scopeglobaleth0 inet6fe80::5054:ff:fe33:6575/64scopelink valid_lftforeverpreferred_lftforever

More KVM actions

Besides creating VM’s, it’s a good thing to know some basic operations regarding VM-managent.

List the active virtual machines:

1 2 3 4 5

[jensd@kvmhost~]$sudovirsh--connectqemu:///systemlist IdNameState ---------------------------------------------------- 7vmwin7running 8vmdeb7running

Get more information about a guest:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

[jensd@kvmhost~]$sudovirshdominfovmwin7 Id:7 Name:vmwin7 UUID:f913c6fa-b597-437d-b6f5-797314e34847 OSType:hvm State:running CPU(s):2 CPUtime:20955.1s Maxmemory:1048576KiB Usedmemory:1048576KiB Persistent:yes Autostart:disable Managedsave:no Securitymodel:selinux SecurityDOI:0 Securitylabel:system_u:system_r:svirt_t:s0:c638,c926(enforcing)

Stop a running guest:

To stop a running VM in a clean way (as you would press the power button to start the shutdown sequence):

1 2	[jensd@kvmhost~]$sudovirsh--connectqemu:///systemshutdownvmdeb7 Domainvmdeb7isbeingshutdown

This triggers a normal, clean, shutdown on the guest:

1 2 3 4

root@deb:~# Broadcastmessagefromroot@deb(WedAug2709:09:162014): Powerbuttonpressed ThesystemisgoingdownforsystemhaltNOW!

To force stop a running VM that doesn’t want to shutdown in a clean way:

1 2	[jensd@kvmhost~]$sudovirsh--connectqemu:///systemdestroyvmdeb7 Domainvmdeb7destroyed

Start a guest:

1 2	[jensd@kvmhost~]$sudovirsh--connectqemu:///systemstartvmdeb7 Domainvmdeb7started

Delete a guest:

First we need to make sure that the guest is stopped before it can be deleted. In case you don’t want the virtual disk image anymore either, you’ll have to delete it manually after undefining the guest.

1 2 3 4 5

[jensd@kvmhost~]$sudovirsh--connectqemu:///systemdestroyvmcen6 Domainvmcen6destroyed [jensd@kvmhost~]$sudovirsh--connectqemu:///systemundefinevmcen6 Domainvmcen6hasbeenundefined [jensd@kvmhost~]$sudorm -f/var/lib/libvirt/images/vmcen6.img

After removing a disk-image, it’s a good thing to refresh the storage pool of KVM:

1 2	[jensd@kvmhost~]$sudovirshpool-refreshdefault Pooldefaultrefreshed

Automatically let a guest start when the host starts

When rebooting your host, you probably want some or all the guests that are defined on that host to start at the same time. By default, the guest are not automatically started.

1 2 3 4

[jensd@kvmhost~]$sudovirsh--connectqemu:///systemautostartvmdeb7 Domainvmdeb7markedasautostarted [jensd@kvmhost~]$sudovirsh--connectqemu:///systemdominfovmdeb7|grepAuto Autostart:enable

Part 3: Using KVM with the virt-manager GUI

Starting the GUI

Managing KVM with the CLI is not so difficult and it can be very handy to script certain day-to-day tasks. Sometimes, you just need to keep an overview and require a little more user-friendliness. For that, you can use virt-manager, which is a graphical interface
for libvirt and is mainly built for KVM. When you want to manage your guest with virt-manager, you can either do it on the host itself, by starting an X-server locally or use X11 forwarding on a headless server (more information here).

Make sure that you have enough permissions to use virt-manager and simply execute virt-manager from the command line:

1	[root@kvmhost~]#virt-manager

If all goes well, you should be presented with the virt-manager GUI:

Basic actions

From the initial start-up screen, you can immediately see a list of configured guests on this host and take actions on them like: Run, Pause, Shutdown, Reboot, Force off,…

When selecting a guest, you can also click on Open to display the console as we did earlier using VNC:

Advanced actions

Other possibilities using the virt-manager interface:

Connect to another host-system to manage the VM’s running there, using File -> Add connection (like using the –connect on the CLI)

Migrate a VM to another KVM-host: right click on the VM and choose Migrate…

Clone a VM to the same or another KVM-host: right click on the VM and choose Clone…



As you can see, the virt-manager interface is not very complicated and most of the basic tasks don’t need any explanation.

After completing all of the above steps, basic installation and using KVM shouldn’t have any secrets anymore for you. The next thing to do is experiment and test a little more with KVM and hopefully start to use it in your production environment.

url---http://jensd.be/207/linux/install-and-use-centos-7-as-kvm-virtualization-host