wiki:experiences:igraltist:kvm
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code on Gitgub, can be unstable sometimes

=>  Events

No events planned

This is an old revision of the document!

Table of Contents

Back to igraltist's experiences

Howto setup a kvm user on gentoo

Software packages

The listed software packages are required:

  • iproute2 (getnoo ⇒ sys-apps/iproute2,)
  • brctl (gentoo ⇒ net-misc/bridge-utils,)
  • tunctl (gentoo ⇒ sys-apps/usermode-utilities,)
  • tightvnc (gentoo ⇒ net-misc/tightvnc,)

Other packages should be installed on default installation.

Create an user kvm

Using `RSBAC` User Managmant (UM)
  • this is usefull because qemu-kvm has a option runas
  • than not sudo is needed
  • as security user add a group 
$rsbac_group add kvm
  • and an user named kvm
$rsbac_user add -g kvm -c 'User to run kvm-guests' -s /bin/sh   kvm
Using linux pam
  • first create an user kvm for runas
#adduser -U  -m -c "kvm user" kvm
Fix for LVM

Fixme: Wrapper for kvm-disk-user

Only if you using LVM as guest harddrives.

  • add kvm-user to the disk-group
  • when using UM 
$rsbac_usermod -G disk kvm
  • when PAM
#gpasswd -a kvm disk
  • do a search:
grep block.*disk.*MODE /etc/udev/rules.d/*

* if it empty create a file 

touch /etc/udev/rules.d/70-kvm-rules

* now change insert the follow udev rule, because the diskgroup need read and write access on the device 

SUBSYSTEM=="block", GROUP="disk", MODE="0660"

Udev Modification

Now modify the udev 70-kvm.rules, that while booting all will be done automatic.

Note: In Udev rules there was a changing. Now the parameter NAME is not valid anymore. As example i have this file now under /etc/udev/rules.d

  • insert the follow lines into 70-kvm.rules 
KERNEL=="tun", MODE="0660", GROUP="kvm", OPTIONS+="ignore_remove"
KERNEL=="kvm", MODE="0660", GROUP="kvm"

Create directories

  • create a directory to store the pidfiles and socket for kvm monitor
#mkdir /var/run/kvm
#chown kvm:kvm /var/run/kvm/
#chmod 750 /var/run/kvm


When using files as guest harddrives.

  • when kvm user is starting the process, he must able to enter the directory and must have to write access to the image.

For example: 

#mkdir /var/lib/kvm 
#chmod 770 /var/lib/kvm
#chgrp kvm /var/lib/kvm
  • create a test file
su - kvm -c "qemu-img create /var/lib/kvm/tester.img 1MB" 
Formatting '/var/lib/kvm/tester.img', fmt=raw size=1048576
  • check it
ls -la /var/lib/kvm/
insgesamt 8
drwxrwx---  2 root kvm     4096 10. Nov 15:27 .
drwxr-xr-x 22 root root    4096 10. Nov 15:25 ..
-rw-r--r--  1 kvm  kvm  1048576 10. Nov 15:27 tester.img

Network

This site will describe on some example howto setup the Network.

kvm-admin

I use my own scripts to manage the kvm guest's.

Its for free use.

It can be found here http://hg.kasten-edv.de/kvm-tools/

To use it, simple copy it to /etc/kvm.

Example configuration

All guest configuration files located in '/etc/kvm/domains/'.

  • example for a guest which on a headless machine, so vnc is using for installation
test-only = enabled		# does not execute it but show it fully cmd-line string
name = example			# the name for ifname when used the tap option and ifname is not set
 
hda = /var/lib/kvm/test.img
cdrom = debian-netinst.iso
boot = d
 
## if use the virtio driver or scsi use the file syntax
#file = file=/var/lib/kvm/test.img,if=virtio,media=disk,boot=off
#file = file=debian-netinst.iso,if=virtio,media=cdrom,boot=on
 
m = 265                	        # default 128 MB => size in MB
vnc = 4                 	# would be on to connect to your vnc host:4 than for use
 
net = nic,macaddr=00:50:00:00:00:10,model=virtio
net = tap,ifname=example,script=/etc/kvm/scripts/kvm-ifup
 
usb = enabled               	# turn on usb support
usbdevice = tablet       	# is good if you used vnc with dektop on guest
 
nographic = enabled		# for headless machine
language = de            	
smp = 2                  	# default is no smp enabled
k = de
localtime = enabled         	# default is False
daemonize = enabled         	# default is enabled
no-fd-bootchk = enabled     	# default is disabled
parallel = /dev/parport0        # enable parallel support 
vnc = :1                        # vncviewr hostip:5901

test example config

Now is time to test it.

  • #cd /etc/kvm
  • #ln -s kvm-admin.py /bin/kvm-admin
#kvm-admin start example
uid=1003(kvm) gid=1003(kvm) Gruppen=1003(kvm),6(disk),85(usb)
[Errno 2] No such file or directory: '/vmserver/qemu.img'
Setting up tun-tap-device, done ....
The follow command would be executing: 
['/usr/local/kvm/72/bin/qemu-system-x86_64', '-cdrom', '/usr/src/ISOS/debian-40r3-i386-netinst.iso', '-net', 'nic,vlan=0,macaddr=A9:B9:C9:D9:E9:F0,model=rtl8139', '-net', 'tap,vlan=0,ifname=iface_test,script=/etc/kvm/scripts/kvm-dmz-ifup', '-vnc', ':4', '-m', '265', '-boot', 'd', '-k', 'en-us', '-pidfile', '/var/run/kvm/example.pid', '-smp', '2', '-L', '/usr/local/kvm/72/share/qemu', '-usb', '-usbdevice', 'tablet', '-name', 'example', '-no-fd-bootchk', '-daemonize', '-std-vga', '-localtime']

Top

//
wiki/experiences/igraltist/kvm.1289400883.txt.gz · Last modified: 2010/11/10 14:54 by 127.0.0.1

wiki/experiences/igraltist/kvm.1289400883.txt.gz · Last modified: 2010/11/10 14:54 by 127.0.0.1
This website is kindly hosted by m-privacy