KvmWithBridge

Revision 5 as of 2008-01-22 11:48:40

Clear message

In the following, I will describe how to set up kvm in an environment where you want the guest virtual machines to appear as independent servers, indistinguishable from the ordinary metal boxes sitting on the floor of the office.

The server, called octopus, is a powerful HP 380 G5 machine, with an Intel dual quadcore CPU. This is a processor that has hardware virtualization enabled, which you can see by doing:

egrep ‘(vmx|svm)’ /proc/cpuinfo 

If you get output from this command, your processor has either vmx (Intel) or svm (AMD) capability. If not, you can give up running qemu right here. It will be s.l.o.w. In our case, the server is pretty damn fast. It has the equivalent of 8 CPU's and is equipped with 12Gb RAM. We intend to run 8 guest servers on it, all for a particular task, e.g. web server, name server, etc.

I started out with a fresh installed Ubuntu Server, version 7.10, "Gutsy Gibbon".

Installing kvm and qemu

First, install kvm and qemu:

octopus# install kvm qemu
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  bochsbios bridge-utils vgabios
Suggested packages:
  kvm-source debto debootstrap etherboot
Recommended packages:
  vde2 sharutils proll openhackware
The following NEW packages will be installed:
  bochsbios bridge-utils kvm qemu vgabios
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 4788kB of archives.
After unpacking 13.1MB of additional disk space will be used.
Do you want to continue [Y/n]? y

As you see from the above, kvm pulls in a number of other packages that are needed. In particular, the bridge-util package is important. The very first thing to do is to make the host octopus function as a network bridge, that accepts network traffic that arrives on the guest's IP address, and relays it to the guest's virtual network interface.

Load kernel module

Next, we need to load a kvm kernel module:

modprobe kvm-intel

or "kvm-amd" if that is your hardware platform. (In 8.04 (Hardy) you can skip this step, since the kvm module is loaded automatically.)

That command inserts the module in the currently running kernel. However, to have it loaded at each boot, insert the module name (kvm-intel/kvm-amd) in the file /etc/modules.

Define the bridge interface

Edit the file /etc/network/interface, which on an Ubuntu or Debian system contains information for configuration of the network interface. This is what the file looked like before editing:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.101
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.0.4
        dns-search mydomain.net

We edit the file, so it gets the following content:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto br0
iface br0 inet static
        address 192.168.0.101
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        bridge_ports eth0
        bridge_stp off
        bridge_maxwait 5
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.0.4
        dns-search mydomain.net

We see that the internet address of octopus is now assigned to the br0 interface, and the original eth0 is defined tied to the bridge via the bridge_prots keyword. If your primary network interface is eth1, for example, you need to use that name.

Reboot

That's it. Reboot the server, cross your fingers and wait until it comes up.

Check the host

Once the server comes back up, you should test that it still has proper network connections, on both sides of the gateway, f.ex. using ping.

Now, check the network interfaces using the ifconfig command. Notice in the following listing, that eth0 no longer has an associated IP address, while the new bridge device br0 has taken over the IP address. In addition, we have a new device called tap0.

octopus# ifconfig
br0       Link encap:Ethernet  HWaddr 00:1C:C4:5E:18:5E  
          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::21c:c4ff:fe5e:185e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:387713 errors:0 dropped:0 overruns:0 frame:0
          TX packets:403942 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:66609282 (63.5 MB)  TX bytes:564356015 (538.2 MB)

eth0      Link encap:Ethernet  HWaddr 00:1C:C4:5E:18:5E  
          inet6 addr: fe80::21c:c4ff:fe5e:185e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:400079 errors:0 dropped:0 overruns:0 frame:0
          TX packets:405273 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:78014869 (74.4 MB)  TX bytes:566118174 (539.8 MB)
          Interrupt:16 Memory:f8000000-f8012100 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:278 (278.0 b)  TX bytes:278 (278.0 b)

tap0      Link encap:Ethernet  HWaddr 00:FF:F9:C5:39:4A  
          inet6 addr: fe80::2ff:f9ff:fec5:394a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2492 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88109 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:279707 (273.1 KB)  TX bytes:11379233 (10.8 MB)

Start the virtual machine

At this point, I assume that you already have access to a virtual server machine. How to create it is described elsewhere. On octopus, the virtual server octo1 is a 5G file stored on the /home partition, and based on the Ubuntu JeOS server.

We now start the virtual machine:

octopus# kvm -m 512 -net nic -net tap  /home/octopus-jeos.img

kvm will now boot the virtual machine in an X window. You will se the normal boot sequence inside the window. Eventually, the virtual machine comes up, and you should be able to log on. Beware that kvm's window takes control of your mouse, so the system seems completely unresponsive! You need to press <alt> and <ctrl> simultaneously for kvm to release the mouse.

Configure the guest machine

Now is the time to configure the guest machine, in this case octo1. Notice that you should configure the guest machine exactly like you would configure a normal box sitting under your desk. In our case, the network on octo1 is set up, again in the file /etc/network/interface, which on octo1 looks like this:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
        address 192.168.0.102
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-nameservers 192.168.0.4
        dns-search mydomain.net

That's it! The guest machine (you may have to reboot it) should now have access to the internet, and you should be able to reach it from the outside. You can now configure it further.

When you are done with the configuration, you will likely want to start up the virtual machine as a standalone process without a graphics console. That can be achieved using the -daemonize and -nographic options:

kvm -m 512 -net nic -net tap -daemonize -nographic /home/octopus-jeos.img

Enjoy!

MortenKjeldgaard


CategoryDocumentation