Virtualization With KVM On A CentOS Server

This guide explains how you can install and use KVM for creating and running virtual machines on a CentOS 6.0 server. I will show how to create image-based virtual machines and also virtual machines that use a logical volume (LVM). KVM is short for Kernel-based Virtual Machine and makes use of hardware virtualization, i.e., you need a CPU that supports hardware virtualization, e.g. Intel VT or AMD-V. 

  

1. Selinux  

I had SELinux disabled on my CentOS 6.0 system. I didn't test with SELinux on; it might work, but if not, you better switch off SELinux as well:

vi /etc/selinux/config

Set SELINUX=disabled...

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

... and reboot:

  

 2. Installing KVM

egrep '(vmx|svm)' --color=always /proc/cpuinfo

should display something, e.g. like this:

[root@server1 ~]# egrep '(vmx|svm)' --color=always /proc/cpuinfo

flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall
 nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy misalignsse
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall
 nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy misalignsse
[root@server1 ~]#

If nothing is displayed, then your processor doesn't support hardware virtualization, and you must stop here.

egrep -c '(vmx|svm)' /proc/cpuinfo

When the output is 0, meaning that neither vmx or svm is found in the flags, it probably means that your CPU doesn’t support those extensions and there is little you can do. When the extensions are listed, be sure to check if they are enabled in the systems BIOS since that would problems later on. In case your CPU doesn’t support VM-extensions, you are limited to QEMU-emulation in combination with KVM, which delivers a much worse performance in comparison. For this tutorial, I’ll assume that the VM-extensions are supported and enabled in the BIOS of the host-system.

Now we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

To install KVM and virtinst (a tool to create virtual machines), we run

 sudo yum install kvm virt-manager libvirt virt-install qemu-kvm xauth dejavu-lgc-sans-fonts python-virtinst

# make sure modules are loaded

lsmod | grep kvm

kvm_intel       138567  0
kvm             441119  1 kvm_intel

systemctl start libvirtd
systemctl enable libvirtd

To check if KVM has successfully been installed, run

virsh -c qemu:///system list

It should display something like this:

[root@server1 ~]# virsh -c qemu:///system list
 Id Name                 State
----------------------------------
[root@server1 ~]#

If it displays an error instead, then something went wrong.

Next we need to set up a network bridge on our server so that our virtual machines can be accessed from other hosts as if they were physical systems in the network.

To do this, we install the package bridge-utils... 

Networking

For the networking part, our KVM-host will act as a router for it’s guests and we will need to create a bridge interface to allow the guest to communicate out of the host. Guests will use NAT on the host to connect to the real network. To allow such type of setup it’s needed to allow ip forwarding in the kernel parameters.

echo "net.ipv4.ip_forward = 1"|sudo tee /etc/sysctl.d/99-ipforward.conf

net.ipv4.ip_forward = 1

sudo sysctl -p /etc/sysctl.d/99-ipforward.conf

net.ipv4.ip_forward = 1

After allowing the host to do ip forwarding, we need to change the network configuration. Basically we will keep our original physical interface as it is but will assign it’s IP-address to the brige. In the example host-machine there is one real interface called eno16777736 and the script in /etc/sysconfig/network-scripts/ifcfg-eno16777736 looks like this:

yum install bridge-utils

... and configure a bridge. Create the file /etc/sysconfig/network-scripts/ifcfg-br0 (please use the IPADDR, PREFIX, GATEWAY, DNS1 and DNS2 values from the /etc/sysconfig/network-scripts/ifcfg-eth0 file); make sure you use TYPE=Bridge, not TYPE=Ethernet:

vi /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE="br0" NM_CONTROLLED="yes" ONBOOT=yes TYPE=Bridge BOOTPROTO=none IPADDR=192.168.0.100 PREFIX=24 GATEWAY=192.168.0.1 DNS1=8.8.8.8 DNS2=8.8.4.4 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System br0"

Modify /etc/sysconfig/network-scripts/ifcfg-eth0 as follows (comment out BOOTPROTO, IPADDR, PREFIX, GATEWAY, DNS1, and DNS2 and add BRIDGE=br0):

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0" NM_CONTROLLED="yes" ONBOOT=yes HWADDR=00:1E:90:F3:F0:02 TYPE=Ethernet #BOOTPROTO=none #IPADDR=192.168.0.100 #PREFIX=24 #GATEWAY=192.168.0.1 #DNS1=8.8.8.8 #DNS2=8.8.4.4 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System eth0" UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 BRIDGE=br0

Restart the network...

/etc/init.d/network restart

... and run

ifconfig

It should now show the network bridge (br0):

[root@server1 ~]# ifconfig
br0       Link encap:Ethernet  HWaddr 00:1E:90:F3:F0:02
          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:90ff:fef3:f002/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:103 errors:0 dropped:0 overruns:0 frame:0
          TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7434 (7.2 KiB)  TX bytes:21398 (20.8 KiB)

eth0      Link encap:Ethernet  HWaddr 00:1E:90:F3:F0:02
          inet6 addr: fe80::21e:90ff:fef3:f002/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:19511 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11592 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:25980124 (24.7 MiB)  TX bytes:1104371 (1.0 MiB)
          Interrupt:28 Base address:0x6000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3608 (3.5 KiB)  TX bytes:3608 (3.5 KiB)

virbr0    Link encap:Ethernet  HWaddr 6A:12:69:18:2B:05
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

3. Installing virt-viewer Or virt-manager On Your Fedora 15 Desktop 

We need a means of connecting to the graphical console of our guests - we can use virt-manager for this. I'm assuming that you're using a Fedora 15 desktop.

Become root...

su

... and run...

yum install virt-manager libvirt qemu-system-x86 openssh-askpass

... to install virt-manager.

If you're using an Ubuntu 11.04 desktop, you can install virt-manager as follows:

sudo apt-get install virt-manager

  Creating A Debian Squeeze Guest (Image-Based) From The Command Line