EL7 kvm/virtualization:

Title:EL7 kvm/virutalization
Author:Douglas O’Leary <dkoleary@olearycomputers.com>
Description:el7 kvm lessons learned, notes, etc.
Date created:12/14/17
Date updated:
Disclaimer:Standard: Use the information that follows at your own risk. If you screw up a system, don’t blame it on me...

Overview:

KVM under el6 and el7 are pretty close; but, there are enough differences that I keep running face first into issues.

Kickstarts:

vsftpd:

Loaded up virtualization host group and virt-viewer, started libvirtd and libvirt-guests and was able to install a new host via local iso image.

Had to install vsftpd on the vm host in order to supply ftp. Next issue, ftp port isn’t visible to the guests when they were booting up so they weren’t able to see the /var/ftp/pub/inst[67] directories. The fix is a lot simpler although I still like iptables:

firewall-cmd --add-service=ftp --permanent

NFS:

For the time being, assume nfsv4.

nfs server:

  • Firewall: According to the nice ‘Learning RHEL Networking`_ book, for nfsv4, only have to open port 2049 on the nfs server. True for mounting, but if we want showmount and autofs /net functionality to work, we need a few more ports:

    firewall-cmd --add-service=nfs --permanent
    firewall-cmd --add-port=111/udp --permanent
    firewall-cmd --add-port=20048/tcp --permanent
    firewall-cmd --add-port=20048/udp --permanent
    firewall-cmd --reload
    
  • Services: Start the following services:

    • nfs-server
    • nfs-lock
    • nfs-idmap
    • rpcbind
for s in rpcbind nfs-server nfs-lock nfs-idmap
do
  echo ${s}
  systemctl enable ${s}
  systemctl start ${s}
done
  • Update /etc/exports:

    # cat /etc/exports
    /var/ftp/pub/xfer *(ro)
    

nfs client:

  • Load nfs-utils and autofs

  • Enable/start autofs:

    # systemctl enable autofs
    Created symlink from /etc/systemd/system/multi-user.target.wants/autofs.service to /usr/lib/systemd/system/autofs.service.
    # systemctl start autofs
    
  • ls -al /net/192.168.100.1/var/ftp/pub/xfer

Networking:

Multiple virtual network segments:

On the plus side, kvm seems to have figured out the virtual networking as I can create multiple network segments, create multiple vms on those multiple segments, and they can actually talk to each other. Under el6, I had to mnaually set up forwarding rules and clean up the routing between multiple virtual subnets using iptables. It was a bitch to figure out, but once done, reasonably straight forward.

Redhat figuring out virtual networking is very good because, for the life of me, I have not been able to find out where this informaiton is actually stored nor how to manipulate it. I can see the entries if I run iptables -L -n; however, nothing in any firewall-cmd command shows it.

So, good on redhat for figuring that out. Bad on them for hiding the damned details.

Some data points:

  • The default virtual network is NAT. Using this one means that accessing one vm from another will look like it’s coming from the vm host. Not bad in and of itself if that’s what you need and/or are expecting.
  • Create new vm networks using ‘routed mode’ to enable one vm to see from where traffic from another vm is coming. Useful for firewall exercises, etc.

Oh, and as I just found out, routed routes only between the routed networks - not off of it. Completely isolated network. I like it; but, I’d like to be able to do both...

You can have multiple virtual networks on the same network (one nat, one routed, for instance) but obviously only one can be active at the same time. The other issue is that you have to update the Network Source under the Virtual Network Interface. There should be a way to do that from the command line; but, haven’t figured that one out yet. Probably need to edit the xml.

Renaming a virtual:

  • Shut the virtual down.

  • dump the domain’s xml:

    virsh dumpxml generic > charlie.xml
    
  • Edit the xml, updating as follows:

    • <name> on/about line 2
    • <source file> in the <devices> section on/about line 34?
  • rename disk device

    # cd /var/lib/libvirt/images # ls alpha.qcow2 beta.qcow2 generic.qcow2 # mv generic.qcow2 charlie.qcow2 # ls alpha.qcow2 beta.qcow2 charlie.qcow2 # cd -

  • Undefine old name, redefine new name:

    # virsh undefine generic
    Domain generic has been undefined
    # virsh define charlie.xml
    Domain charlie defined from charlie.xml
    
  • Start up newly defined domain.

kvm standard package additions:

lftp elinks xauth nfs-utils tcpdump bind-utils