RHCSA: KVM networking

All VMs will only have network access to host and other VMs on same physical server via private network. You need to crate a network bridge so that the VMs can access your LAN and possible the Internet/WAN from outside. Type the following yum command to install bridge-utils package:
# yum install bridge-utils

Setup a default gateway

Edit /etc/sysconfig/network as follows
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=kvm-42.cyberciti.biz
## I am routing internet traffic via br1 ##
GATEWAYDEV=br1

Configure bridging

Update /etc/sysconfig/network-scripts/ifcfg-eth0 (private) as follows:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
HWADDR=00:30:48:C6:0A:D8
BRIDGE=br0
Update /etc/sysconfig/network-scripts/ifcfg-eth1 (public) as follows:
# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
HWADDR=00:30:48:C6:0A:D9
BRIDGE=br1
Create/edit the /etc/sysconfig/network-scripts/ifcfg-br0 file to setup private/lan ip address for br0:
# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
## setup LAN/VLAN ips as per your needs ##
IPADDR=10.10.29.66
NETMASK=255.255.255.192
DELAY=0
Create/edit the /etc/sysconfig/network-scripts/ifcfg-br1 file to setup public/wan/internet ip address for br1:
# cat /etc/sysconfig/network-scripts/ifcfg-br1
DEVICE=br1
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
## setup INTERNET ips as per your needs ##
IPADDR=74.ww.xx.yy
NETMASK=255.255.255.248
GATEWAY=74.ww.xx.yy
DELAY=0
I need to route all lan traffic (subnet 10.0.0.0/8) via 10.10.29.65 gateway. Create/edit file /etc/sysconfig/network-scripts/route-br0 as follows:
# cat /etc/sysconfig/network-scripts/route-br0
10.0.0.0/8 via 10.10.29.65

Warning: Restarting network service over the ssh session may result into total loss of the connectivity to the server. So make sure br0 and br1 configuration including routing set correctly.

A note about SELinux

I have not disabled SELinux on CentOS / RHEL. I do not recommend disabling SELinux. So make sure the config file has correct SELinux permissions:
# ls -Z /etc/sysconfig/network-scripts/{route-br0,ifcfg-eth?,ifcfg-br?}
Sample outputs:

-rw-r--r--. root root system_u:object_r:net_conf_t:s0  /etc/sysconfig/network-scripts/ifcfg-br0
-rw-r--r--. root root system_u:object_r:net_conf_t:s0  /etc/sysconfig/network-scripts/ifcfg-br1
-rw-r--r--. root root system_u:object_r:net_conf_t:s0  /etc/sysconfig/network-scripts/ifcfg-eth0
-rw-r--r--. root root system_u:object_r:net_conf_t:s0  /etc/sysconfig/network-scripts/ifcfg-eth1
-rw-r--r--. root root system_u:object_r:net_conf_t:s0  /etc/sysconfig/network-scripts/route-br0

Use restorecon command to set or restore file(s) default SELinux security contexts:
# restorecon -Rv /etc/sysconfig/
If you are going to reboot the SELinux enabled server, make sure you type the following command:
# touch /.autorelabel
# reboot

Restart the networking service

Type the following command to restart networking on RHEL/CentOS/SL:
# service network restart

Verify br0/br1 settings

Type the following commands:
# brctl show
# ip addr show br0
# ip addr show br1
# ip route
# ping cyberciti.biz

Creating VMs

You need to use virt-install command.

Example: Create OpenBSD VM

Grab, installation media:
# cd /var/lib/libvirt/boot/
# wget http://ftp.openbsd.org/pub/OpenBSD/5.4/amd64/install54.iso
In this example, I am using virt-install to create a OpenBSD 5.4_amd64 VM named obsd-vm1 with one virtual CPU, 1 GB memory and 10 GB of disk space:
# virt-install \
-n obsd-vm1 \
--description "cyberciti.biz OpenBSD 5.4 64 bit VM1" \
--ram=1024 \
--vcpus=1 \
--cpu host \
--os-variant=openbsd4 \
--accelerate \
--hvm \
--cdrom /var/lib/libvirt/boot/install54.iso \
--network bridge:br0,model=virtio --network bridge:br1,model=virtio \
--graphics vnc \
--disk path=/var/lib/libvirt/images/openbsd-vm1-cyberciti.biz.img,bus=virtio,size=10

virt-install options

  1. -n obsd-vm1 : The name of the VM.
  2. --description "cyberciti.biz OpenBSD 5.4 64 bit VM1" : The long description of the VM.
  3. --ram=1024 : 1024MB is the amount of memory allocated to the VM.
  4. --vcpus=1 : The number of virtual CPU(s) for the VM.
  5. --cpu host : Optimize CPU properties for the VM.
  6. --os-variant=openbsd4 : This is the VM OS type.
  7. --accelerate : Prefer KVM or KQEMU (in that order) if installing a QEMU guest. This option is no longer required.
  8. --hvm : Request the use of full virtualization.
  9. --cdrom /var/lib/libvirt/boot/install54.iso : Install OpeBSD v5.4 from an iso the location parameter.
  10. --network bridge:br0,model=virtio --network bridge:br1,model=virtio : Create a network bridge using br0 and br1 i.e. the VM will have two network interface for LAN and Internet.
  11. --graphics vnc : Use VNC to access installation using vnc server/viewer from your local Linux/OSX/Unix/Windows desktop.
  12. --disk path=/var/lib/libvirt/images/openbsd-vm1-cyberciti.biz.img,bus=virtio,size=10 : This is is the image file for the VM, the size is specified in GBs and I am forcing vio driver. The virtio driver provides support service for paravirtualized devices using the VirtIO protocol.

How do I connect to OpenBSD installer from my local desktop?

Type the following command on your local desktop:
# ssh -L 5900:127.0.0.1:5900 root@KVM-Server-IP-Here
OR
# ssh -L 5900:127.0.0.1:5900 -N -f -l root kvm-42.cyberciti.biz
Use VNC client to connect to 127.0.0.1:5900. Now, just follow on-screen instructions:

Fig.01: OpenBSD installation started over the VNC session
Fig.01: OpenBSD installation started over the VNC session

 

Before rebooting the installer make sure you setup com0 console for the VM. For example, for a OpenBSD VM, append the following parameters to the file /etc/boot.conf and then reboot the VM:
stty com0 115200
set tty com0

See how to stup SSH to tunnel VNC traffic though the Internets for more information.

How do I start my VM after OpenBSD install is finished?

The virt-install will create a config file for VM at /etc/libvirt/qemu/obsd-vm1.xml. To start VM called obsd-vm1, enter:
# virsh start obsd-vm1

How do I access a VMs console?

Login to KVM host and type the following command:
# virsh console obsd-vm1
Sample outputs:

Fig.02: Getting access to a OpenBSD VM console when networking is down
Fig.02: Getting access to a OpenBSD VM console when networking is down

 

Final example: Create RHEL VM using DVD

Type the following command:

# virt-install \
--name RHEL-vm1 \
--description "cyberciti.biz RHEL 6.4 64 bit VM1" \
--ram=2048 \
--vcpus=2 \
--disk path=/var/lib/libvirt/images/rhel-vm1-cyberciti.biz.img,size=20 \
--cdrom /var/lib/libvirt/boot/RHEL.6.4.Server-DVD1.iso \
--network bridge:br0 --network bridge:br1 \
--graphics vnc

Before rebooting the installer make sure you setup com0 console for the VM. For example, for a RHEL/CentOS VM, append the following parameters to the kernel boot line in /boot/grub.conf file and then reboot the VM:
console=tty0 console=ttyS1,19200n8

Stay tuned for the following advanced topics in "RHEL/CentOS v6.x KVM" (rss) series:

Configuring Kernel Based Virtual Machine (KVM) on RHEL or CentOS 7 - YouTube