[[wiki:experiences/igraltist|Back to igraltist's experiences]]\\
====== Howto setup a kvm user on gentoo ======
===== software packages =====
The follow softwarepackages is required:
*iproute2
*brctl
*tunctl
*tightvnc (for example this vncserver)
*subversion ( optinal can be on the workstation )
Other packages should be on default installation.
===== create user kvm =====
first create an user whom start the kvm-guests
#useradd kvm
add the user to the group kvm
#gpasswd -a kvm kvm
Now i had done some stupid.
Fixme: Wrapper for kvm-disk-user
add kvm-user to the disk-group
#gpasswd -a kvm disk
===== udev =====
Now modify the udev-rules so that while booting all will be done comfortable.
For this i go to directory /etc/udev/rules.d.
There i look for tun, kvm and disk.
cd /etc/udev/rules.d
grep tun *
50-udev-default.rules:KERNEL=="tun", NAME="net/%k", MODE="0666", OPTIONS+="ignore_remove"
grep kvm *
grep block.*disk.*MODE *
50-udev-default.rules:SUBSYSTEM=="block", GROUP="disk", MODE="0640"
\\
**F**ind the line under the option: '# network devices' and add GROUP="kvm" and set MODE="660".
KERNEL=="tun", NAME="net/%k", MODE="0660", GROUP="kvm", OPTIONS+="ignore_remove"
**A**dd a new option: '# kvm device' and add this line, this is required for /dev/kvm.
KERNEL=="kvm", NAME="%k", MODE="0660", Group="kvm"
==== LVM ====
//**Only If you used LVM for guest drives then change this rule, because the diskgroup need read and write access on the device.**//
SUBSYSTEM=="block", GROUP="disk", MODE="0660"
==== Keep in your mind, that from time to time the udev will upgraded and so you can lost your settings! ====
===== sudo =====
The next step is, to tell the system that the unprivileged kvm-user can create a tap-device and add this to the a bridge.
I use the sudo command and edit therefore the file '/etc/sudoers'.
\\
* add a new line
kvm All=(All) NOPASSWD: /sbin/brctl, /sbin/ifconfig, /sbin/start-stop-deamon, /usr/bin/tunctl
Fixme: maybe more restrict
\\
\\
===== network =====
My setup include two bridges. One for the local guests and one for a dmz.
The dmz-bridge i do add in the system-configuration to build on startup.
For local-bridge i use a script, and this do rename the local networkdevice eth1 -> reth1
and create a bridge with name eth1 and add the interface reth1 to bridge eth1.
\\
* add to the file '/etc/conf.d/net' this lines (for dmz(bridge))
config_dmz=( "10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255" )
brctl_dmz=( "setfd 0" "sethello 0" "stp off" )
Change the IP to your ip-address. Than the kvm-guests in the dmz have in this example a ip in this range: 10.0.0.(1-254)
\\
Then i have a small script, this idea i find on a website but i dont rember from where, so thanks to unkown :).\\
All kvm stuff i have placed in the directory /etc/kvm.\\
So the next script for create the local-connectet bridge i have in '/etc/kvm/scirpts/bridge_starter'.
\\
For do this on bootup:
* add this line in '/etc/conf.d/local.start'
/etc/kvm/scripts/bridge_starter
This is the script bridge_starter.
#!/bin/bash
### bridge_starter
ip=$(which ip)
ifconfig=$(which ifconfig)
brctl=$(which brctl)
dev=eth1
dev_old=reth1
ip_dev='ip_address_from_the_local_net_device' # eg.192.168.0.1
$ip addr flush $dev
$ip link set $dev down
$ip link set $dev name $dev_old
$ip link set $dev_old up
$brctl addbr $dev
$brctl addif $dev $dev_old
$ip link set $dev up
$ifconfig $dev $ip_dev up
\\
**For firewall i use the [[http://shorewall.net|shorewall]] and i have do a nat for both bridges.**
===== guest harddrive =====
So as next is to prepare the directory to store the 'guest.img'.
When now the kvm-user is starting the process than he must able to enter the directory and must have to write access to the image.
\\
For example:
#chmod 770 /vmserver
#chgrp kvm /vmserver/guest.img
Also for storing the pidfile do
* add directory and change group and set permission
#mkdir /var/run/kvm
#chgrp kvm /var/run/kvm
#chmod 770 /var/run/kvm
\\
===== kvm-admin =====
All preparation is done.
\\
I have wrote a script to easy managing kvm-guests.
\\
This script is in beta stage.
\\
It can be find here http://svn.kasten-edv.de/svn/kvm-admin/trunk/.
\\
For using it, iam doing this:
* create a dir for storing and check it out via svn
$mkdir ~/kvm
$cd ~/kvm
svn checkout http://svn.kasten-edv.de/svn/kvm-admin/trunk/ .
* copy it to '/etc' - Directory
$cd ..
$su
#cp -a kvm /etc
#chmod 750 /etc/kvm
#chgrp kvm /etc/kvm
===== example kvm-guest-config =====
If all done then add or if it already there in '/etc/kvm/guestconfig/' a file example.\\
Open it and add this:
#################################################################################
# the config/default.cfg and path_config.cfg has the predefined variables #
#################################################################################
#verbose = enabled # give an output what is set, not work in moment
test-only = enabled # does not execute it but show it
name = example # the name for ifname when used the tap option and ifname is not set
#hda = /vmserver/qemu.img
cdrom = /usr/src/ISOS/debian-40r3-i386-netinst.iso
## if use the virtio drive the if = virtio must set
#file = file:/dev/sda1, if:virtio, boot:on
file = file:/vmserver/qemu.img, if:scsi, boot:on
#file = file:/vmserver/qemu_1.img, if:ide, index:0, media:disk
#file = file:/vmserver/cd.iso, if:ide, index:1, media:cdrom
script = kvm-dmz-ifup # default qemu-ifup
mem = 265 # default 128 MB => size in MB
vnc = 4 # would be on to connect to your vnc host:4 than for use
# vnc-max-client is set to 998
#vlan = 1 # default 0, vlan-max is set to 254
#mac = 00:00:00:00:00:01 #
#nic-model = virtio # ne2k_pci is default, with wrong driver wich qemu not supported
# the kvm-manager will show wich avaible
net-tap = enabled # use net option -tap
net-user = disabled # if tun-tap setup fail it will user -net user as defaul
# -user is not actived in the moment
boot = d # default is c first drive "file" oder "hda"
usb = enabled # turn on usb support
usbdevice = tablet # is good if you used vnc with dektop on guest
nographic = disabled #
pid = enabled #
ifname = iface_test # it is the name for the tap,ifname ;
# is not set the name will be used
# and if name not set the filename
# from the guest-config will be used
language = en-us # default is de
smp = 2 # default is no smp enabled
localtime = enabled # default is False
daemonize = enabled # default is enabled
no-fd-bootchk = enabled # default is disabled
keymaps = enabled # default is disabled, it need the path set in
# config/path_config.cfg for keymaps
no-acpi = disabled # default is disabled
std-vga = enabled # default is enabled
===== test example config =====
Now is time to test it.
* #cd /etc/kvm
* #ln -s kvm-admin.py /bin/kvm-admin
#kvm-admin start example
uid=1003(kvm) gid=1003(kvm) Gruppen=1003(kvm),6(disk),85(usb)
[Errno 2] No such file or directory: '/vmserver/qemu.img'
Setting up tun-tap-device, done ....
The follow command would be executing:
['/usr/local/kvm/72/bin/qemu-system-x86_64', '-cdrom', '/usr/src/ISOS/debian-40r3-i386-netinst.iso', '-net', 'nic,vlan=0,macaddr=A9:B9:C9:D9:E9:F0,model=rtl8139', '-net', 'tap,vlan=0,ifname=iface_test,script=/etc/kvm/scripts/kvm-dmz-ifup', '-vnc', ':4', '-m', '265', '-boot', 'd', '-k', 'en-us', '-pidfile', '/var/run/kvm/example.pid', '-smp', '2', '-L', '/usr/local/kvm/72/share/qemu', '-usb', '-usbdevice', 'tablet', '-name', 'example', '-no-fd-bootchk', '-daemonize', '-std-vga', '-localtime']
[[wiki:experiences/igraltist/kvm#Howto setup a kvm user on gentoo|Top]]