[[wiki:experiences/igraltist#kvm_on_rsbac|Back to igraltist's experiences/KVM on RSBAC]]\\
====== Howto setup a kvm user on gentoo ======








===== Software packages =====

The listed software packages are required:
  *iproute2 (getnoo => sys-apps/iproute2,)
  *brctl (gentoo => net-misc/bridge-utils,)
  *tunctl (gentoo => sys-apps/usermode-utilities,)
  *tightvnc (gentoo => net-misc/tightvnc,)

Other packages should be installed on default installation.




















===== Create an user kvm =====
==  Using `RSBAC` User Managmant (UM) ==

  * this is usefull because qemu-kvm has a option runas
  * than not sudo is needed 
  * as security user add a group 
<code bash>
$rsbac_group add kvm
</code>
  * and an user named kvm
<code bash>
$rsbac_user add -g kvm -c 'User to run kvm-guests' -s /bin/sh   kvm
</code>

== Using linux pam ==
  * first create an user kvm for runas
<code bash>
#adduser -U  -m -c "kvm user" kvm
</code>

== Fix for LVM ==
Fixme: Wrapper for kvm-disk-user

Only if you using LVM as guest harddrives.

  * add kvm-user to the disk-group


  * when using UM 
<code bash>
$rsbac_usermod -G disk kvm
</code>


  * when PAM
<code bash>
#gpasswd -a kvm disk
</code>


----

  * do a search:
<code bash>
grep block.*disk.*MODE /etc/udev/rules.d/*
</code>

 * if it empty create a file

<code bash>
touch /etc/udev/rules.d/70-kvm-rules
</code>

 * now change insert the follow  udev rule, because the diskgroup need read and write access on the device
<code bash>
SUBSYSTEM=="block", GROUP="disk", MODE="0660"
</code>















===== Udev  Modification =====


Now modify the udev 70-kvm.rules, that while booting all will be done automatic.


Note: In Udev rules there was a changing.
Now the parameter NAME is not valid anymore.
As example i have this file now under /etc/udev/rules.d

  * insert the follow lines into 70-kvm.rules 
<code bash>
KERNEL=="tun", MODE="0660", GROUP="kvm", OPTIONS+="ignore_remove"
KERNEL=="kvm", MODE="0660", GROUP="kvm"
</code>

















===== Create directories =====

  * create a directory to store the pidfiles and socket for kvm monitor
<code bash>
#mkdir /var/run/kvm
#chown kvm:kvm /var/run/kvm/
#chmod 750 /var/run/kvm
</code>

\\
**When using files as guest harddrives.**

  * when kvm user is starting the process, he must able to enter the directory and must have to write access to the image.


For example:
<code bash>
#mkdir /var/lib/kvm 
#chmod 770 /var/lib/kvm
#chgrp kvm /var/lib/kvm
</code>

  * create a test file
<code bash>
su - kvm -c "qemu-img create /var/lib/kvm/test.img 1MB" 
Formatting '/var/lib/kvm/tester.img', fmt=raw size=1048576 
</code>

  * check it
<code bash>
ls -la /var/lib/kvm/
insgesamt 8
drwxrwx---  2 root kvm     4096 10. Nov 15:27 .
drwxr-xr-x 22 root root    4096 10. Nov 15:25 ..
-rw-r--r--  1 kvm  kvm  1048576 10. Nov 15:27 test.img
</code>






===== Network =====

This site will describe on some example howto setup the [[wiki:experiences/igraltist/kvm-network|Network]].











===== kvm-admin =====

I use my own scripts to manage the kvm guest's.

It can be found here http://hg.kasten-edv.de/kvm-tools/








===== Example configuration =====

All guest configuration files located in '/etc/kvm/domains/'.\\


  * example for a guest which on a headless machine, so vnc is using for installation

<code python>
############################
# sample option for a disk #
############################
drive = file=/dev/mapper/VG-example,if=virtio,index=0,media=disk,boot=off,cache=none
# sample option for a cdrom, can also be a second disk
drive = file=/path/to/my_cd_img.iso,if=virtio,index=1,media=cdrom,boot=on

########################
# settings for network #
########################
net = nic
# use tap device for briding
net = tap,bridge=br0

############################################################################
# use monitor option other the default unix socket or override the default #
############################################################################
# example for overridding the default
# monitor = unix,path_to_your_own_socketfile,server,nowait
# use tcp socket, every guest have to use a different port
monitor = tcp,localhost,4444,server,nowait

</code>









===== Test example config =====

Befor start check the [[wiki:experiences/igraltist/kvm-network|Network]].


<code python>
kvm-admin example show
This string would executed:
/usr/bin/kvm -uuid 0bcd5138-41bf-a5c0-0627-4e0b65d3871f -monitor tcp,localhost,4444,server,nowait -rtc clock=host,base=utc -runas kvm -M pc -drive file=/dev/mapper/VG-example,if=virtio,index=0,media=disk,boot=off,cache=none -drive file=/path/to/my_cd_img.iso,if=virtio,index=1,media=cdrom,boot=on -daemonize -net nic -net tap,ifname=example,script=/etc/kvm/scripts/kvm-ifup,downscript=/etc/kvm/scripts/kvm-ifdown -cpu core2duo -pidfile /var/run/kvm/example.pid -name example,process=example
</code>
[[wiki:experiences/igraltist/kvm#|Top]]