KVM on Debian Squeeze – My Notes

This post is my collection of notes on installing and configuring Kernel-based Virtual Machine virtualization on a Debian Squeeze (6) host. I control these VMs from my Ubuntu 12.04 desktop.

This post is not for a beginner to Linux servers. You must have some experience with Linux servers to follow these notes.

Partitioning

KVM guests work best on LVM paritions. I use a server from OVH (Excellent provider, I must say), and my partitioning scheme is as follows:

30 GB Ext3 for /
2 GB Swap
Remainder for LVM.

To use LVM-based guests, you need a volume group that has some free space that is not allocated to any logical volume.

Here is how my LVM volume looks:

root@xxxx:~# vgdisplay
--- Volume group ---
VG Name vg
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 10
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 1
Max PV 0
Cur PV 1
Act PV 1
VG Size 1.78 TiB
PE Size 4.00 MiB
Total PE 467306
Alloc PE / Size 25600 / 100.00 GiB
Free PE / Size 441706 / 1.68 TiB
VG UUID ibbfBH-uOIt-CU6U-cuvQ-NCrd-aD9l-KL3I4B

Check for KVM Virtualization Support

To check if your CPU supports KVM Virtualization, run:

egrep '(vmx|svm)' --color=always /proc/cpuinfo

If the output looks like the following:


flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid

then you are good to continue. Else, your CPU does not support KVM virtualization, and you must stop right here.

Network Bridge

Set up a network bridge on the host to enable the virtual machines to be accessed from other hosts, as if they are physical systems on the network.

Install bridge-utils. Run:

aptitude install bridge-utils

Edit /etc/network/interfaces and ensure that it looks as follows: (Here is mine for reference):

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
iface eth0 inet6 manual

auto br0
iface br0 inet static
address Your-IP-Address
netmask Your-Netmask-Address
network Your-Network-Address
broadcast Your-Broadcast-Address
gateway Your-Gateway-Address
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

iface br0 inet6 static
address Your-IPV6-Address
netmask ffff:ffff:0000:0000:0000:0000:0000:0000
gateway Your-IPV6-Gateway-Address

Instaling KVM

Next, install kvm and virtinst (a tool to create virtual machines). Run:

aptitude install kvm libvirt-bin virtinst

Add the currently logged in user (root) to the libvrt group. Run:

adduser `id -un` libvirt

Logout and log back in for the user to be added successfully.

Now, check if kvm has been installed correctly. Run:

virsh -c qemu:///system list

The output should look similar to the following:

root@xxxx:~# virsh -c qemu:///system list
Id Name State
----------------------------------

Reboot for all the changes to take effect.

Then login, and run lsmod | grep kvm to check whether the kvm module is loaded successfully.

If it displays either kvm-amd or kvm-intel, depending on your CPU, everything is fine.

Firewall the Host System

Here is my firewall script that I use on the host. This firewalls just the host. VMs can set their own firewall as desired.


#!/bin/sh

IPT=/sbin/iptables
IPT6=/sbin/ip6tables

case "$1" in
start)
$IPT -F
$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i eth0 -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
$IPT -A INPUT -i eth0 -j DROP

$IPT6 -F
$IPT6 -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT6 -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
$IPT6 -A INPUT -i eth0 -p icmpv6 -m limit --limit 1/s --limit-burst 1 -j ACCEPT
$IPT6 -A INPUT -i eth0 -j DROP

exit 0
;;

stop)
$IPT -F
$IPT6 -F
exit 0
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

Install virt-manager on your Ubuntu 12.04 desktop to manage VMs

Run: sudo aptitude install virt-manager

Create your VM

First, create a directory to store the ISO files. I use /var/iso

Run: mkdir /var/iso

Download the desired ISO of your choice from your favourite mirror.


cd /var/iso/
wget http://link-to-iso

I downloaded Debian Squeeze i386 for my VM.

root@xxxx:/var/iso# ls
debian-6.0.4-i386-CD-1.iso

Create the disk space on LVM for the VM. I create a VM called vm11 with 100 GB disk space. Run:

lvcreate -L100G -n vm11 vg

where vg is the volume group name. See Partitioning above to know the volume name.

Next, create the VM. Run:

virt-install --connect qemu:///system -n vm11 -r 1024 --vcpus=2 --disk path=/dev/vg/vm11 -c /var/iso/debian-6.0.4-i386-CD-1.iso --vnc --noautoconsole --os-type linux --os-variant debianSqueeze --accelerate --network=bridge:br0 --hvm

Here -r 1024 indicates 1024 MB of RAM for the VM. vcpus=2 assigns 2 CPUs to the VM.

This will start the ISO install.

Connect to the VM

Now, start the Virtual Machine Manager from your Ubuntu 12.04 desktop and enter the SSH details of your host. You should see your VM running. Right click the VM and select Open.
Enter your host SSH password again and you should be connected to the VM and can perform the ISO install, just like on a normal system.

Also, remember to enable “Automatic start of the VM when the host is started”, from the Virtual Machine Manager’s interface.

Performance Tuning

Edit /etc/libvirt/qemu/vm11.xml on the host. Attached is my file for reference.

Basically, ensure that the VM’s disk, network and memory are all set to virtio, the disk cache type is set to none and the IO is set to native.

Additionally, I recompiled the kernel on both the host and the guest and enabled the following:

Transparent Hugepages, VHostNet and Kernel Samepage Merging.

Edit /etc/default/grub on both the host as well as guest (both Debian) and ensure that the GRUB_CMDLINE_LINUX_DEFAULT line is as follows:

GRUB_CMDLINE_LINUX_DEFAULT="quiet transparent_hugepage=always elevator=noop"

Run update-grub2 to write the changes to the kernel command line.

This will enable tansparent_hugepages and set the disk I/O model to noop, which is best for KVM guests.

Note: You can also set transparent_hugepage=madvise. This will enable Transparent Hugepages only for applications that specifically request them, and not always.

Edit /etc/modules on both the host as well as the guest, and add vhost_net to the list of modules to be loaded at startup. Libvirt will automatically use it, resulting in awesome network performance:-)

Edit /etc/rc.local on both the host and the guest, and add:

echo 1 > /sys/kernel/mm/ksm/run
echo 300 > /sys/kernel/mm/ksm/sleep_millisecs

Ths enables KSM and sets the time interval between memory scans to 300 milliseconds.

Remember to firewall your guest, as desired.

Reboot the host one last time. You are done:-)

Appendix

Here are the kernel configurations for the host (x86_64) and the guest (i386) that I use.

Enjoy.

Written by Michael R.M. David

VN:F [1.9.22_1171]
Rating: 9.7/10 (10 votes cast)
KVM on Debian Squeeze - My Notes, 9.7 out of 10 based on 10 ratings

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

12 visitors online now
2 guests, 10 bots, 0 members
Max visitors today: 16 at 07:28 am UTC
This month: 20 at 07-04-2014 12:13 pm UTC
This year: 44 at 02-10-2014 11:09 am UTC
All time: 269 at 12-05-2012 07:53 am UTC