Gestione diretta di KVM
Siccome il resto di questa documentazione è focalizzato sull'uso di KVM attraverso libvirt, ricordiamo che è possibile anche la gestione diretta di KVMW. Non è un metodo raccomandabile, ma in alcuni casi può tornare utile.
KVM è molto simile a qemu e rende possibile l'esecuzione di macchine da riga di comando. La sintassi di base è:
kvm -m 512 -hda disk.img -cdrom ubuntu.iso -boot d -smp 2
- -m = memoria (in MB)
- -hda = primo disco rigido
- Si possono usare vari tipi di file immagine inclusi .img, .cow
È possibile avviare un disco rigido. Prestare attenzione nell'uso di questa opzione se non si vuole avviare la partizione di root del host
- Sintassi -hda /dev/sda
- Questo richiama il menu di grub dal MBR quando viene lanciato KVM.
- -cdrom può essere sia un'immagine iso che un lettore CD/DVD.
- -boot [a|c|d|n] avvio da floppy (a), disco rigido (c), CD-ROM (d), oppure rete (n)
- -smp = numbero delle CPU
- -alt-grab change Ctrl-Alt mouse grab combination for Ctrl-Alt-Shift (very practical if you often use some control key combinations like Ctrl-Alt-Del or Windows-E)
There are a number of additional options and additional help is available with :
kvm --help
Bridged Networking
In order to run KVM using bridged networking as a user we need to perform some configuration.
1. First bridge your network card as above KVM/Networking#Creating a network bridge on the host
2. Install uml-utilities
sudo apt-get install uml-utilities
3. Set permissions on your tun device. Using any editor, edit /etc/udev/rules.d/40-permissions.rules, add this line at the bottom of the file :
KERNEL=="tun", GROUP="kvm", MODE="0660"
4. Reboot (to bring up your bridge and tun device).
5. Edit /etc/kvm/kvm-ifup adding sudo in front of the ifconfig and brctl commands
#!/bin/sh switch=$(ip route ls | awk '/^default / { for(i=0;i<NF;i++) { if ($(i) == "dev") print $(i+1) }}') '''sudo''' /sbin/ifconfig $1 0.0.0.0 up '''sudo''' /usr/sbin/brctl addif ${switch} $1 exit 0
6. We need a wrapper script for launching kvm. I put this script in ~/bin and call it kvm-bridge. If ~/bin is on your path you can call the command directly with kvm-bridge. This script was modified from a number of sources
#!/usr/bin/env bash # script to manage tap interface allocation # for linux kernels >= 2.6.18 # modified by bodhi.zazen from : # http://calamari.reverse-dns.net:980/cgi-bin/moin.cgi/FrequentlyAskedQuestions#head-2511814cb92c14dbe1480089c04f83c281117a86 # http://ubuntuforums.org/showthread.php?t=528046 # http://www.howtoforge.com/using-kvm-on-ubuntu-gutsy-gibbon # set up a tap interface for qemu # USERID - uid qemu is being run under. USERID=`whoami` # generate a random mac address for the qemu nic # shell script borrowed from user pheldens @ qemu forum ranmac=$(echo -n DE:AD:BE:EF ; for i in `seq 1 2` ; \ do echo -n `echo ":$RANDOM$RANDOM" | cut -n -c -3` ;done) # specify which NIC to use - see qemu.org for others # model=r8169 # Set model based on this how-to # http://www.howtoforge.com/using-kvm-on-ubuntu-gutsy-gibbon model=rtl8139 iface=`sudo tunctl -b -u $USERID` # start kvm with our parameters # echo "Bringing up interface $iface with mac address $ranmac" # nohup added to allow kvm to run independent of the terminal nohup kvm -net nic,vlan=0,macaddr=$ranmac -net tap,vlan=0,ifname=$iface $@ # kvm has stopped - no longer using tap interface sudo tunctl -d $iface &> /dev/null
7. Set the executable bit on the new script you just created:
chmod 0755 ~/bin/kvm-bridge
8. Modify sudoers to allow members of the kvm group to run the wrapper kvm-bridge and create a bridged network interface without running KVM as root.
visudo
Add these line at the end of the file :
# Allow members of the kvm group to configure a bridged virtual network interface %kvm ALL=(ALL) NOPASSWD: /sbin/ifconfig, /usr/sbin/brctl, /usr/sbin/tunctl
9. Now start kvm from the command line. You do not need to declare a network interface
kvm-bridge -m 512 -hda disk.img -cdrom ubuntu.iso -boot -d -smp 2
iptables
Add these rules to iptables :
# allow incoming packets for kvm guest IPTABLES -A FORWARD -d $IPADDR_FROM_GUEST_OS -j ACCEPT # allow outgoing packets from kvm IPTABLES -A FORWARD -s $IPADDR_FROM_GUEST_OS -j ACCEPT
Change "$IPADDR_FROM_GUEST_OS" to the actual ip address of the kvm guest (I advise you configure your guests to have a static IP address).
If you use ufw, add these rules to /etc/ufw/before.rules
