Friday, August 13, 2010
Setting Up a Simple KVM/Libvirt Virtual Server
Process to make a simple KVM virtual server running KVM and libvirt.
1. Install libvirt-bin and kvm (apt-get install libvirt-bin kvm virt-manager).
2. Remove Network Manager (apt-get remove network-manager network-manager-gnome).
3. Modify /etc/network/interfaces to create a bridge. Here's an example:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 192.168.1.20
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
Make sure /proc/sys/net/ipv4/ip_forward contains 1. You can modify /etc/sysctl.conf to make it permanent. For RedHat, you'll need to modify ifcfg-eth0 and create an ifcfg-br0 file to create the bridge.
4. Append vnc_listen = "0.0.0.0" to the /etc/libvirt/libvirtd.conf file.
5. Modify your KVM domain's XML file. Change
graphics type='vnc' port='-1' autoport='yes'
to
graphics type='vnc' port='5900' autoport='yes' listen='0.0.0.0' keymap='en-us' passwd='11111'
6. Restart networking, /etc/init.d/networking restart or service network restart.
7. Restart libvirt-bin, /etc/init.d/libvirt-bin restart or service libvirt-bin restart.
You should now be able to login remotely to your virtual machine using a vnc client like vinagre provided the ufw or iptables is disabled. How to configure iptables properly is beyond the scope of this post. Section 17.4 in the RedHat Virtualization Guide details which ports to open in iptables. This is not the most secure setup since it relies on passwords to secure libvirt's implementation of vncserver, so keep it behind a firewall for safety. I could not find one set of instructions on how to make the default configuration into a server at all.
1. Install libvirt-bin and kvm (apt-get install libvirt-bin kvm virt-manager).
2. Remove Network Manager (apt-get remove network-manager network-manager-gnome).
3. Modify /etc/network/interfaces to create a bridge. Here's an example:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 192.168.1.20
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
Make sure /proc/sys/net/ipv4/ip_forward contains 1. You can modify /etc/sysctl.conf to make it permanent. For RedHat, you'll need to modify ifcfg-eth0 and create an ifcfg-br0 file to create the bridge.
4. Append vnc_listen = "0.0.0.0" to the /etc/libvirt/libvirtd.conf file.
5. Modify your KVM domain's XML file. Change
graphics type='vnc' port='-1' autoport='yes'
to
graphics type='vnc' port='5900' autoport='yes' listen='0.0.0.0' keymap='en-us' passwd='11111'
6. Restart networking, /etc/init.d/networking restart or service network restart.
7. Restart libvirt-bin, /etc/init.d/libvirt-bin restart or service libvirt-bin restart.
You should now be able to login remotely to your virtual machine using a vnc client like vinagre provided the ufw or iptables is disabled. How to configure iptables properly is beyond the scope of this post. Section 17.4 in the RedHat Virtualization Guide details which ports to open in iptables. This is not the most secure setup since it relies on passwords to secure libvirt's implementation of vncserver, so keep it behind a firewall for safety. I could not find one set of instructions on how to make the default configuration into a server at all.
Labels: remote access KVM virtual server Ubuntu Debian RedHat