Howto setup a kvm user on gentoo

The listed software packages are required:

• iproute2 (getnoo ⇒ sys-apps/iproute2,)
• brctl (gentoo ⇒ net-misc/bridge-utils,)
• tunctl (gentoo ⇒ sys-apps/usermode-utilities,)
• tightvnc (gentoo ⇒ net-misc/tightvnc,)

Other packages should be installed on default installation.

• this is usefull because qemu-kvm has a option runas
• than not sudo is needed
• as security user add a group

$rsbac_group add kvm

• and an user named kvm

$rsbac_user add -g kvm -c 'User to run kvm-guests' -s /bin/sh   kvm

• first create an user kvm for runas

#adduser -U  -m -c "kvm user" kvm

Fixme: Wrapper for kvm-disk-user

Only if you using LVM as guest harddrives.

• add kvm-user to the disk-group

• when using UM

$rsbac_usermod -G disk kvm

• when PAM

#gpasswd -a kvm disk

• do a search:

grep block.*disk.*MODE /etc/udev/rules.d/*

* if it empty create a file

touch /etc/udev/rules.d/70-kvm-rules

* now change insert the follow udev rule, because the diskgroup need read and write access on the device

SUBSYSTEM=="block", GROUP="disk", MODE="0660"

Now modify the udev 70-kvm.rules, that while booting all will be done automatic.

Note: In Udev rules there was a changing. Now the parameter NAME is not valid anymore. As example i have this file now under /etc/udev/rules.d

• insert the follow lines into 70-kvm.rules

KERNEL=="tun", MODE="0660", GROUP="kvm", OPTIONS+="ignore_remove"
KERNEL=="kvm", MODE="0660", GROUP="kvm"

• create a directory to store the pidfiles and socket for kvm monitor

#mkdir /var/run/kvm
#chown kvm:kvm /var/run/kvm/
#chmod 750 /var/run/kvm

When using files as guest harddrives.

• when kvm user is starting the process, he must able to enter the directory and must have to write access to the image.

For example:

#mkdir /var/lib/kvm 
#chmod 770 /var/lib/kvm
#chgrp kvm /var/lib/kvm

• create a test file.

su - kvm -c "qemu-img create /var/lib/kvm/tester.img 1MB" 
Formatting '/var/lib/kvm/tester.img', fmt=raw size=1048576 

• check it

ls -la /var/lib/kvm/
insgesamt 8
drwxrwx---  2 root kvm     4096 10. Nov 15:27 .
drwxr-xr-x 22 root root    4096 10. Nov 15:25 ..
-rw-r--r--  1 kvm  kvm  1048576 10. Nov 15:27 tester.img

This site will describe on some example howto setup the Network.

All preparation is done.
I have wrote a script to easy managing kvm-guests.
This script is in beta stage.
!offline change to mercurial #It can be find here http://svn.kasten-edv.de/viewvc/kvm-admin/trunk/.
For using it, iam doing this:

• create a dir for storing and check it out via svn

$mkdir ~/kvm
$cd ~/kvm

!offline change to mercurial
svn checkout http://svn.kasten-edv.de/svn/kvm-admin/trunk/ .

• copy it to '/etc' - Directory

$cd ..
$su
#cp -a kvm /etc
#chmod 750 /etc/kvm
#chgrp kvm /etc/kvm

If all done then add or if it already there in '/etc/kvm/guestconfig/' a file example.
Open it and add this:

#################################################################################
#   the config/default.cfg and path_config.cfg has the predefined variables	#
#################################################################################
#verbose = enabled		# give an output what is set, not work in moment
test-only = enabled		# does not execute it but show it
name = example			# the name for ifname when used the tap option and ifname is not set
 
#hda = /vmserver/qemu.img
cdrom = /usr/src/ISOS/debian-40r3-i386-netinst.iso
 
 
## if use the virtio drive the if = virtio must set
#file = file:/dev/sda1, if:virtio, boot:on
file = file:/vmserver/qemu.img, if:scsi, boot:on
#file = file:/vmserver/qemu_1.img, if:ide, index:0, media:disk
#file = file:/vmserver/cd.iso, if:ide, index:1, media:cdrom
 
script = kvm-dmz-ifup   	# default qemu-ifup
mem = 265                	# default 128 MB => size in MB
vnc = 4                 	# would be on to connect to your vnc host:4 than for use
				# vnc-max-client is set to 998
#vlan = 1                 	# default 0, vlan-max is set to 254
#mac = 00:00:00:00:00:01 	#
#nic-model = virtio       	# ne2k_pci is default, with wrong driver wich qemu not supported 
                         	# the kvm-manager will show wich avaible
net-tap = enabled           	# use net option -tap
net-user = disabled	 	# if tun-tap setup fail it will user -net user as defaul
	                 	# -user is not actived in the moment
boot = d                 	# default is c first drive "file" oder "hda"
usb = enabled               	# turn on usb support
usbdevice = tablet       	# is good if you used vnc with dektop on guest
nographic = disabled		# 
pid = enabled		     	# 
ifname = iface_test      	# it is the name for the tap,ifname ;
				# is not set the name will be used
			 	# and if name not set the filename
				# from the guest-config will be used 
language = en-us         	# default is de
smp = 2                  	# default is no smp enabled
localtime = enabled         	# default is False
daemonize = enabled         	# default is enabled
no-fd-bootchk = enabled     	# default is disabled
keymaps = enabled          	# default is disabled, it need the path set in 
				# config/path_config.cfg for keymaps
no-acpi = disabled           	# default is disabled
std-vga = enabled	 	# default is enabled

Now is time to test it.

• #cd /etc/kvm
• #ln -s kvm-admin.py /bin/kvm-admin

#kvm-admin start example
uid=1003(kvm) gid=1003(kvm) Gruppen=1003(kvm),6(disk),85(usb)
[Errno 2] No such file or directory: '/vmserver/qemu.img'
Setting up tun-tap-device, done ....
The follow command would be executing: 
['/usr/local/kvm/72/bin/qemu-system-x86_64', '-cdrom', '/usr/src/ISOS/debian-40r3-i386-netinst.iso', '-net', 'nic,vlan=0,macaddr=A9:B9:C9:D9:E9:F0,model=rtl8139', '-net', 'tap,vlan=0,ifname=iface_test,script=/etc/kvm/scripts/kvm-dmz-ifup', '-vnc', ':4', '-m', '265', '-boot', 'd', '-k', 'en-us', '-pidfile', '/var/run/kvm/example.pid', '-smp', '2', '-L', '/usr/local/kvm/72/share/qemu', '-usb', '-usbdevice', 'tablet', '-name', 'example', '-no-fd-bootchk', '-daemonize', '-std-vga', '-localtime']

Top