User Tools

Site Tools


linux:rhcsa:chap2

Chapter 2: Virtual Machines and Automated Installations

qemu-kvm

This part deals with the basic tools for managing Virtual Machines.

Preparation

Required Packages

Package Description
qemu-kvm The main KVM package
python-virtinst CLI tools for managin VMs
virt-manager GUI tools for managing VMs
virt-top CLI statistics tool
virt-viewer GUI connection to configured VMs. Required to run VMs with VNC access!
libvirt C library for libvirtd
libvirt-client C library for VM clients

Kernel Modules

The KVM Modules are necessary to host VMs with qemu-kvm. Check if the modules are installed:

# lsmod | grep kvm

It should produce an output like this (depending on your CPU)

kvm_amd                41551  0
kvm                   312245  1 kvm_amd

Configuration Files

Path Description
/var/lib/libvirt Images and .xls config files from all the VMs created with virt-inst.
/etc/libvirt Configurationfiles for libvirtd. They usually don't need changes!

This is only true if you manage your VMs as root. If you use virt-install as a normal user it creates a directory:

~/.libvirt/

Watch out!!! The images for all the VMs are also created in /var/lib/libvirt !!
You either need a big /var partition, or you have to symlink the directory to your actual directory. Here's how you do said symlinking:

#Not to be used as root. sudo must be installed.
#Create dir as vm user:
mkdir /data/vms
 
#SELINUX Settings
chcon -R --reference /var/lib/libvirt/images /data/vms
 
#remove old images directory and set symlink
rm /var/libvirt/images
ln -s /data/vms /var/lib/libvirt/images

Management tools (CLI only)

virt-install

virt-install is used to install VMs on the CLI. To create a new vm simply type:

virt-install --prompt

The –prompt switch results in virt-install asking you all the necessary parameters to create the new machine. This works if you want to setup a single machine. But to deploy a whole series of VMs in a corporate environment it is best practice to use kickstart files.
To install a new VM from an existing kickstart file the command would be for example:

virt-install -n name.network.org -r 1024 --disk \
path=/var/lib/libvirt/images/name.network.org.img \
-l ftp://192.168.122.1/pub/inst \
-x "ks=ftp://192.168.122.1/pub/ks1.cfg"

If you are about to create a new image with the VM you have to size the image. The actual command for my first virt-install installation was:

virt-install -n master.lan.darktemple.ch -r 1024 --disk path=/var/lib/libvirt/images/master.lan.darktemple.ch.img,size=10 \ 
-l ftp://dc.lan.darktemple.ch/pub/inst --graphics vnc &
Explanation
Switch Description
-n (–name) Sets the name for the VM
-r (–ram) Amount of ram in MB
–disk opt1=value,opt2=value Disk information. Look up the man page for all the disk options!
–graphics TYPE,opt1=arg1,opt2=arg2 Information about where the graphic is piped.
-l (–location) Specifies the directory or URL with the installation files.
-x (–extra-args=) Includes extra data, such as the URL of a Kickstart file

virsh

The virsh command starts a front end to existing KVM VMs. When run alone, it moves from a reggular command line to the following prompt:

virsh #

Run help to list all commands.
The common ones are:

virsh Command Description
autostart <domain> Start a domain (VM) during the host system boot process
capabilities Lists abilities of the local hypervisor
edit <domain> Edits the XML conffiguration file for the domain
list –all List all domains
start <domain> Boot the given domain
shutdown <domain> Gracefully shut down the given domain

All commands are also accessible from bash. Just use virsh <command>:

virsh list --all
virsh autostart client.network.org
virsh autostart --disable client.network.org

virt-clone

To simply clone one VM use virt-clone –prompt. It will prompt all the necessary options.
virt-clone then generates the necessary XML files, copys the image etc.
When you first start the cloned VM you should boot in runlevel 1 and configure the necessary settings on the machine (network, etc.).

Kickstart

What is kickstart?

This text requires that you have ftpd and htttpd running as described in Chapter 1!

After you installed your first VM you will find a file called /root/anaconda-ks.cfg which contains
all the options you selected during the installation. We can use that file to configure a fully automated
installation of our next VM!

Availability

To use the kickstart file we make it accessible in our network. so make sure the file is stored in /var/ftp/pub/ as something like ks.hostname.cfg. You also have to make sure that the permissions for the file are correct.

cp /root/anaconda-ks.cfg /var/ftp/pub/ks.tester1.cfg
cd /var/ftp/pub/
chmod u+x ks.tester1.cfg
chmod go=rx ks.tester1.cfg
 
# SELinux
# Verify that the SELinux permissions are the same as /var/ftp/pub
ls -Zd /var/ftp/pub
ls -Z /var/ftp/pub

Usage

virt-manager

To use the kickstart file in virt-manager you just have to enter the URL in the desired field.

virt-install

To use the kickstart file in virt-install use the -x (–extra-args=) switch mentioned above.

Differences between virt-manager and virt-install

virt-manager uses a different kind of virtual harddisk. It's using virtio by default. That results in a virtual device called /dev/vda.
virt-install uses 'ide' as default. That results in a virtual device called /dev/sda.

THIS IS IMPORTANT TO KNOW WHEN CREATING THE DISK OPTIONS IN THE KICKSTART FILE!!

Options

Here is a working example of a kickstart file that runs through without asking the administrator for parameters.

# Kickstart file automatically generated by anaconda.
# Modified by M. Mader @ 03.02.2013
 
#version=DEVEL
install
 
#source url
url --url=ftp://192.168.2.253/pub/centos/
 
#language and keyboard options
lang en_US.UTF-8
keyboard sg-latin1
 
# network options
# to use dhcp simply use 
# network --device eth0 --bootproto dhcp
network --device eth0 --bootproto static --ip 192.168.122.150 --netmask 255.255.255.0 --gateway 192.168.122.1 --nameserver 192.168.122.1 --hostname tester1.rhcsa.darktemple.ch
 
# root pw, encrypted.
rootpw  --iscrypted $6$cxCcCE1CnOIVuL4i$qrjXDAXZmO3fUdU4YnJYO.xyddYAxkkLSOTgAzWFXbzrpPlnxBAbH/6uCF/oN7M78Ax97.Sc2CdKVtudKiyHU1
 
# enabled services
firewall --service=ssh
 
authconfig --enableshadow --passalgo=sha512
selinux --disabled
 
timezone --utc Europe/Zurich
 
bootloader --location=mbr --driveorder=vda --append="crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --all --drives=vda --all --initlabel
ignoredisk --only-use=vda
 
part /boot --fstype=ext4 --size=500
part pv.008002 --grow --size=1
volgroup vg_server --pesize=4096 pv.008002
logvol / --fstype=ext4 --name=lv_root --vgname=vg_server --grow --size=1024 --maxsize=51200
logvol swap --name=lv_swap --vgname=vg_server --grow --size=2016 --maxsize=2016
 
repo --name="CentOS"  --baseurl=ftp://192.168.122.1/pub/centos/ --cost=100
 
shutdown
firstboot --disabled
 
 
%packages
@base
@console-internet
@core
@debugging
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@server-platform
@server-policy
pax
oddjob
sgpio
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
%end

A full list of available options for the kickstart file is available in the RHEL Documentation.

Personal Notes:

sysctl.conf

If the virtual network doesn't forward properly to your eth0 you have to change a setting in your /etc/sysctl.conf

#/etc/sysctl.conf
net.ipv4.ip_forward = 1

After that restart network and libvirtd

(~) root@dc:$ service network restart
(~) root@dc:$ service libvirtd restart

The proper configuration for iptables and how you reload the sysctl.conf is not listed in the RHEL 6 Documentation (Source 1). So here's to do that aswell in case the Firewall is up and running (taken from the RHEL 5 Documentation. NOT WRITTEN BY ME!)

Everything here is taken from the RHEL 5 Documentation, owned by RedHat Inc.!
Configure iptables to allow all traffic to be forwarded across the bridge.

# iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save
# service iptables restart

Disable iptables on bridges

Alternatively, prevent bridged traffic from being processed by iptables rules. In /etc/sysctl.conf append the following lines:

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

Reload the kernel parameters configured with sysctl.

# sysctl -p /etc/sysctl.conf

Source 1: RHEL Documentation
Source 2: RHEL 5 Documentation (Danger!)

Management from runlevel 3 (VNC)

In order to be able to manage your VM's with virt-manager on a server with runlevel 3 you have to ensure that X Forwarding with SSH works properly!
If you don't have a Workstation to work as local X server you might want to administer everything with virsh and vnc.
To be able to connect via vlc from a different host than the localhost you have to edit /etc/libvirt/qemu.conf

vnc_listen = "0.0.0.0"

Restart libvirtd and then connect to your vmhostsystem.lan.domain.ch:5900 with your favourite VNC Client.

linux/rhcsa/chap2.txt · Last modified: 2013/02/12 13:14 by skull@darktemple.ch