wiki:experiences:igraltist:kvm
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

This is an old revision of the document!

Table of Contents

Back to igraltist's experiences/KVM on RSBAC

Howto setup a kvm user on gentoo

Software packages

The listed software packages are required:

  • iproute2 (getnoo ⇒ sys-apps/iproute2,)
  • brctl (gentoo ⇒ net-misc/bridge-utils,)
  • tunctl (gentoo ⇒ sys-apps/usermode-utilities,)
  • tightvnc (gentoo ⇒ net-misc/tightvnc,)

Other packages should be installed on default installation.

Create an user kvm

Using `RSBAC` User Managmant (UM)
  • this is usefull because qemu-kvm has a option runas
  • than not sudo is needed
  • as security user add a group 
$rsbac_group add kvm
  • and an user named kvm
$rsbac_user add -g kvm -c 'User to run kvm-guests' -s /bin/sh   kvm
Using linux pam
  • first create an user kvm for runas
#adduser -U  -m -c "kvm user" kvm
Fix for LVM

Fixme: Wrapper for kvm-disk-user

Only if you using LVM as guest harddrives.

  • add kvm-user to the disk-group
  • when using UM 
$rsbac_usermod -G disk kvm
  • when PAM
#gpasswd -a kvm disk
  • do a search:
grep block.*disk.*MODE /etc/udev/rules.d/*

* if it empty create a file 

touch /etc/udev/rules.d/70-kvm-rules

* now change insert the follow udev rule, because the diskgroup need read and write access on the device 

SUBSYSTEM=="block", GROUP="disk", MODE="0660"

Udev Modification

Now modify the udev 70-kvm.rules, that while booting all will be done automatic.

Note: In Udev rules there was a changing. Now the parameter NAME is not valid anymore. As example i have this file now under /etc/udev/rules.d

  • insert the follow lines into 70-kvm.rules 
KERNEL=="tun", MODE="0660", GROUP="kvm", OPTIONS+="ignore_remove"
KERNEL=="kvm", MODE="0660", GROUP="kvm"

Create directories

  • create a directory to store the pidfiles and socket for kvm monitor
#mkdir /var/run/kvm
#chown kvm:kvm /var/run/kvm/
#chmod 750 /var/run/kvm


When using files as guest harddrives.

  • when kvm user is starting the process, he must able to enter the directory and must have to write access to the image.

For example: 

#mkdir /var/lib/kvm 
#chmod 770 /var/lib/kvm
#chgrp kvm /var/lib/kvm
  • create a test file
su - kvm -c "qemu-img create /var/lib/kvm/test.img 1MB" 
Formatting '/var/lib/kvm/tester.img', fmt=raw size=1048576
  • check it
ls -la /var/lib/kvm/
insgesamt 8
drwxrwx---  2 root kvm     4096 10. Nov 15:27 .
drwxr-xr-x 22 root root    4096 10. Nov 15:25 ..
-rw-r--r--  1 kvm  kvm  1048576 10. Nov 15:27 test.img

Network

This site will describe on some example howto setup the Network.

kvm-admin

I use my own scripts to manage the kvm guest's.

It can be found here http://hg.kasten-edv.de/kvm-tools/

Example configuration

All guest configuration files located in '/etc/kvm/domains/'.

  • example for a guest which on a headless machine, so vnc is using for installation
name = example			# the name [optional, if not set, its take from filename]
 
hda = /var/lib/kvm/test.img
cdrom = debian-netinst.iso
boot = c,d
 
## if use the virtio driver or scsi use the file syntax
#file = file=/var/lib/kvm/test.img,if=virtio,media=disk,boot=off
#file = file=debian-netinst.iso,if=virtio,media=cdrom,boot=on
 
m = 265                	        # default 128 MB => size in MB
 
net = nic,macaddr=00:50:00:00:00:10,model=virtio
net = tap,ifname=example,bridge=br0,script=/etc/kvm/scripts/kvm-ifup,downscript/etc/kvm/scripts/kvm-ifdown
 
usb = enabled               	# turn on usb support
usbdevice = tablet       	# is good if you used vnc with dektop on guest
 
language = de            	
smp = 2                  	# default is no smp enabled
k = de
localtime = enabled         	# default is False
daemonize = enabled         	# default is enabled
parallel = /dev/parport0        # enable parallel support 
vnc = :1                        # vncviewr hostip:5901

Test example config

Befor start check the Network. 

kvm-admin.py example show
/usr/bin/kvm -vnc :1 -monitor unix:/var/run/kvm/example.socket,server,nowait
-boot d -smp 2 -net nic,macaddr=00:50:00:00:00:10,model=virtio
-net tap,ifname=example,script=/etc/kvm/scripts/kvm-ifup,downscript=/etc/kvm/scripts/kvm-ifdown
-pidfile /var/run/kvm/example.pid 
-nographic 
-cdrom debian-netinst.iso
-parallel /dev/parport0 
-usb 
-name example 
-usbdevice tablet
-k de -m 265 -daemonize
-hda /var/lib/kvm/test.img

Top

//
wiki/experiences/igraltist/kvm.1297686117.txt.gz · Last modified: 2011/02/14 13:21 by 127.0.0.1

wiki/experiences/igraltist/kvm.1297686117.txt.gz · Last modified: 2011/02/14 13:21 by 127.0.0.1
This website is kindly hosted by m-privacy