Virtual Machines | Virtual Machines: QEMU | Virtual Machines: Linux-VServer | Virtual Machines: Use Cases

---

Setup of QEMU/KVM virtual machines

This page details the setup of standard base OpenSysAdmin.com QEMU / kQEMU / Kernel Virtual Machine (KVM) system images for various operating system distributions. For premade images see Virtual Machines.

Install of QEMU/KVM

Many distributions come with the kvm utilities (on debian, apt-get install kvm) and kvm built into their kernels. If you build custom kernels, you should also install the latest kvm utilities from http://kvm.qumranet.com/kvmwiki/Downloads .

Image File Creation

For all base images, the naming convention OS-DIST-RELEASE-ARCH.qcow is used. We use qcow1 instead of qcow2 for greatest compatibility. Here is a table of valid values:

OS

gnulinux

DIST

debian, fedora

RELEASE

Dependant on DIST. Use whatever is the most common way of referring to the OS within the OS community (e.g. code names for Debian, version numbers for Fedora). Should be all lower case.

ARCH

amd64, i386

To create the image, do:

qemu-img create -f qcow OS-DIST-RELEASE-ARCH.qcow 40G

OS Install

Download the appropriate CD images (.iso files). If there is a choice of "server" or "minimal" versions, choose those. Make sure you have KVM (if your system supports hardware virtualization) or kQEMU (if not) installed.

The command you use to start the install is dependent on your architecture and whether or not your CPU supports hardware-based virtualization.

• amd64 with hardware virtualization

• Guest OS: amd64

     kvm -cdrom cd.iso -hda os-dist-rel-arch.qcow -boot d -m 256
  

• Guest OS: i386

     qemu -cdrom cd.iso -hda os-dist-rel-arch.qcow -boot d -m 256
  

• amd64 without hardware virtualization and i386

• Guest OS: amd64

     qemu-system-x86_64 -cdrom cd.iso -hda os-dist-rel-arch.qcow -boot d -m 256
  

• Guest OS: i386

     qemu -cdrom cd.iso -hda os-dist-rel-arch.qcow -boot d -m 256
  

You want to do the minimal possible install that still has networking. In general this means deselecting all package clusters, and if there is a "custom" packages selection option going to those screens as well and deselecting everything there as well.

The host name should be the same as the image name, except without the ".qcow" extension.

The "root" password should be set to "SysAdmin".

On amd64 with Debian, you will need to use LILO instead of GRUB if GRUB install fails.

Packages

After the install is done, quit of of QEMU/KVM, and then restart the virtual machine without the "-cdrom cd.iso" and "-boot d" flags. We are now going to remove some packages we don't need, upgrade packages to the latest levels (which may include security fixes), and install some additional packages. Specifically:

• Remove NTP (Network Time Protocol) from the GNU/Linux distributions. With physical machines, it is almost always the case that the real time clock (rtc) that is running only when the machine is booted up is much more accurate than the hardware clock (CMOS) that is based on really cheap electronics, and used only to maintain time when the power is off. However with a virtual machine, this is reversed; the hardware clock is equal to the time on the host machine, whereas the real time clock is emulated in software, and often really inaccurate (this is a problem across VM technologies, including commercial offerings such as VMware). So NTP gets confused, and it seems to make more sense just to set the time based on the hardware clock on a frequent basis.

• Upgrade the operating system with most recent bug fixes / security patches.

• Add some basic utilities: screen ssh

• Add download utilities: aria2 lftp lynx subversion wget

• Add VPN software: ipsec-tools openssl openvpn racoon

Debian Etch

Edit the "/etc/apt/sources.list" file to not include the CD you installed from.

apt-get remove --purge ntp ntpdate

aptitude update
aptitude dist-upgrade
aptitude install screen ssh aria2 lftp lynx subversion wget ipsec-tools openssl openvpn racoon
aptitude clean

Fedora 7

rpm -e ntp
yum upgrade
yum install screen ssh aria2 lftp lynx subversion wget ipsec-tools openssl openvpn racoon
yum clean all

Configuration

Here each virtual machine is configured so the network is sane, serial console booting is possible ("-nographic" option to kvm/qemu), and the time is kept as sane as possible.

Debian Etch

Administravia

• /etc/cron.daily/find &

Serial Console

• /etc/inittab: uncomment the T0 line and change 23 to 123 ; comment out ^!2-6*

• Make sure ttyS0 is in /etc/securetty

• Add these lines to /etc/crontab:

   * * * * * root (rm /etc/adjtime 2>/dev/null; sleep 15; hwclock -s --utc)
   * * * * * root (rm /etc/adjtime 2>/dev/null; sleep 45; hwclock -s --utc)
  

GRUB /boot/grub/menu.lst

• Near the top of the file, insert

     serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
     terminal --timeout=10 --dumb serial console
  

• Comment out the line starting with "splashimage" if it exists.

     #splashimage=(hd0,0)/grub/splash.xpm.gz
  

• vi /boot/grub/menu.lst

• append "nosmp noapic nolapic console=tty0 console=ttyS0,9600n8" to end of "# kopt=" line

• update-grub

LILO /etc/lilo.conf

• Uncomment or insert this line:

     serial=0,9600n8
  

• Uncomment and add "nosmp noapic nolapic console=tty0 console=ttyS0,9600n8" to the "append=" line.

• Changes for serial console on COM1: in global section

• Comment out any lines starting with "message="

• lilo

Networking

On the host (bare metal) machine, do:

• aptitude install bridge-utils

• Edit /etc/network/interfaces as in the following example.

   ## The primary network interface
   # auto eth0
   # iface eth0 inet static
   #       address 18.85.22.58
   #       netmask 255.255.255.0
   #       broadcast 18.85.22.255
   #       gateway 18.85.22.1
   #       dns-nameservers 18.85.2.138 18.85.2.171
   #       dns-search laptop.org media.mit.edu mit.edu
  

## Bridge interface (also serves as primary network interface) auto br0 iface br0 inet static address 18.85.22.58 netmask 255.255.255.0 broadcast 18.85.22.255 gateway 18.85.22.1 dns-nameservers 18.85.2.138 18.85.2.171 dns-search laptop.org media.mit.edu mit.edu bridge_ports eth0 bridge_stp off bridge_maxwait 5

• /etc/init.d/networking restart

And from now on start up the virtual machine with these additional flags:

-net nic,vlan=0,model=rtl8139 -net tap,vlan=0

So for example a complete invocation would look like:

qemu-system-x86_64 \
 -hda pedal.qcow \
 -nographic \
 -m 2000 \
 -net nic,vlan=0,model=rtl8139 \
 -net tap,vlan=0

You should now see an "eth0" device inside your virtual machine that can be used like a normal eth0 interface.

Fedora 7

Administravia

• vi /etc/sysconfig/network

• Set HOSTNAME (no domain); disable NETWORKING_IPV6

• rm /etc/sysconfig/firstboot

• shutdown -r now

• /etc/cron.daily/mlocate.cron &

Serial Console

• Make sure ttyS0 is in /etc/securetty

/etc/inittab - Add this line

s0:12345:respawn:/sbin/agetty -L 9600 ttyS0 vt100

Also comment out ^!2-6*

/etc/crontab - Add these lines

* * * * * root (rm /etc/adjtime 2>/dev/null; sleep 15; hwclock -s --utc)
* * * * * root (rm /etc/adjtime 2>/dev/null; sleep 45; hwclock -s --utc)

GRUB /boot/grub/menu.lst

• Comment out the line starting with "splashimage"

   #splashimage=(hd0,0)/grub/splash.xpm.gz
  

• Right after that line, insert

   serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
   terminal --timeout=10 --dumb serial console
  

• At the end of each "kernel" line, add "nosmp noapic nolapic console=tty0 console=ttyS0,9600n8 vga=normal". Example:

   title CentOS (2.6.18-8.1.1.el5)
          root (hd0,0)
  -       kernel /vmlinuz-2.6.18-8.1.1.el5 ro root=/dev/VolGroup00/LogVol00
  +       kernel /vmlinuz-2.6.18-8.1.1.el5 ro root=/dev/VolGroup00/LogVol00 nosmp noapic nolapic console=tty0 console=ttyS0,9600n8 vga=normal
          initrd /initrd-2.6.18-8.1.1.el5.img
  

Networking

todo

Last Steps

• shutdown -h now

• Start up image with "-nographic" option to make sure that all of the kernel messages are directed to the virtual serial console, and that you can login.

• Make sure the clock is sane by running this for a few hours:

   while true; do date; sleep 1; done
  

• If you followed this process for an OS that isn't currently available from the Virtual Machines page, optionally:

• Use qemu-img and bzip2 to make the image as small as possible:

     qemu-img convert -f qcow OS-DIST-RELEASE-ARCH.qcow -O qcow OS-DIST-RELEASE-ARCH.qcow.tmp
     mv OS-DIST-RELEASE-ARCH.qcow.tmp OS-DIST-RELEASE-ARCH.qcow
     bzip2 -k9 OS-DIST-RELEASE-ARCH.qcow
  

• Send email to dclark@pobox.com for inclusion in the OpenSysAdmin.com archive (you will be given a temporary FTP account you can use to upload the image).

Discussion

If you have questions or comments on this document, please post them to the Setup of QEMU/KVM virtual machines doc/images thread in the "General Help" section of the QEMU Forums.

---

Daniel Joseph Barnhart Clark is a supporter of Free Software Activism and the evolution of System Administration as a profession. As a hobby he maintains OpenSysAdmin.com and works on interesting Sys Admin problems; by day he is the System Administrator for One Laptop per Child. He encourages everyone to obtain low-cost (think monthly) warm fuzzies by becoming a member of the Free Software Foundation.