A Quick Guide to Using KVM with CentOS-5
Contents
1. Preparation and Installation
You have to have a later model processor, with virtualization support, for KVM to work properly. This can be checked by examining /proc/cpuinfo. If you have an Intel processor then do:
grep vmx /proc/cpuinfo
If you get results, your Intel processor is KVM ready. If you have an AMD processor then do:
grep svm /proc/cpuinfo
If you're not sure which processor you have then do:
egrep 'vmx|svm' /proc/cpuinfo
(If you get back results with vmx, it's Intel, if you get back results with svm then it's AMD. If you get nothing back, well, your system doesn't have a CPU that's built for virtualization. You might be better off with other virtualization such as VirtualBox.)
The KVM package for CentOS is available in the extras repository. You can install KVM with:
yum install kvm kmod-kvm
As of this writing (April 2008), the current stable version is kvm-36. The kernel module package kmod-kvm is kernel version/type-specific. It is available for the latest kernel 2.6.18-53.1.14 and for both the standard and -PAE type. Also, if you are running the centosplus kernel and yum is set up appropriately, kmod-kvm for the cplus kernel will be installed automatically.
The CentOS-Testing repository contains a newer version of KVM (currently kvm-66) which is under ..er.. testing. If you wish to try this out, you need to set up the testing repo by referring to Repositories, then install KVM with:
yum install --disablerepo=\* --enablerepo=c5-testing kvm kmod-kvm
Unlike the KVM in the extras repository, only the current (2.6.18-53.1.14), standard kernel version of kmod-kvm is available in the testing repository at the moment. There is no version for the -PAE kernel. If you have centosplus kernel, you may need to manually install kmod-kvm (see below for details).
You probably want to also install QEMU, since some of its commands can be useful.
yum install qemu
However it isn't essential.
The next step is to modprobe the kvm module for your architecture. If it's an Intel processor:
modprobe kvm-intel
If it's an AMD processor:
modprobe kvm-amd
If all goes well, you should have the kvm module loaded on your system by now. You can check this by running:
/sbin/lsmod | grep kvm
Add the user who will be running kvm to the kvm group. If the user's name is john then
usermod -G kvm -a john
If you're doing this as john and using su or sudo to run the commands above, you will have to log out completely and log back in before it takes effect.
After doing the modprobe, it's not a bad idea to reboot to be sure that module gets loaded, and the /dev/kvm device is given proper permissions by udev. There should now be an /etc/sysconfig/modules/kvm.modules script. Once you've rebooted, see if the modules have been loaded using the /sbin/lsmod command as above. You should see both a kvm and a kvm-intel (or kvm-amd) module.
If you choose to avoid a reboot, you can set the proper permissions on the /dev/kvm device with the following two commands:
chown root:kvm /dev/kvm chmod 0660 /dev/kvm
On subsequent reboots udev will give this device proper permissions.
2. Creating a virtual machine
If you have qemu installed, you can now use its create command to make your disk image:
qemu-img create -f qcow2 disk.img 5G
In this case, you are creating an image that can grow to 5 gigs. It will only use the amount of space that it needs though. The -f qcow2 is the standard modern qemu image format. (-f as in format.)
If you didn't install qemu, you should still be able to create a disk image with
dd if=/dev/zero of=disk.img bs=1G count=5
The count will be the size in gigs. In this case, the .img file will take up the full 5 gigs of space on your hard drive, regardless of how much the guest OS actually needs.
If the mouse does not work with qemu (for example, a PS/2 mouse connected through a KVM switch), follow these procedures. The man page gives options for a USB mouse, PS/2 being the default. A quick google gives you a solution from the Cape Linux User Group's wiki. Before starting kvm do:
export SDL_VIDEO_X11_DGAMOUSE=0
This should solve the mouse problem.
If you want to install a Windows 2000 virtual machine, the actual command, whether or not you install qemu, is qemu-kvm. For those familiar with qemu, it takes the same options. Copy the iso over to the hard drive and then run the command:
qemu-kvm -hda win2k.img -cdrom win2k.iso -m 512 -boot d
This is explained in the man page for qemu-kvm. In this case, the image created was named win2k.img and the iso was called, as you've probably guessed, win2k.iso. The -hda is the virtual drive you've created. -cdrom is for the CDROM device. If you were booting the cdrom from the host machine's CDROM drive, you would use -cdrom /dev/cdrom. The -m was the amount of memory in megabytes that I was giving the virtual machine. The -boot d meant that it should boot from the CDROM drive.
If all has gone well, it should now run as if you were installing on an actual hard drive. When done, you will, hopefully, boot into a working Windows 2000 virtual installation. After that, when you want to run it, you can do it the same way. Export the SDL_VIDEO if necessary and just start the virtual machine with
qemu-kvm -hda win2k.img
(If you need to use the host machine's CD drive, then it's probably necessary to add the -cdrom option. That -boot d, however, is only used when booting from a CD.)
3. Networking
3.1. NAT networking
By default kvm (as well as QEMU and VirtualBox) use NAT networking, It will get an address of 10.0.2.x. It can access the LAN of the host, regardless of subnet--that is, if the host is on a 192.168.1.x subnet, even though the guest has an IP of 10.0.2.x it can reach the host (or any host on the network) with ssh or samba. It can also browse the Internet. Some VPN clients may not work. In the past, it did not seem possible to use NAT (also known as slirp) with a Nortel VPN client. However, a Checkpoint VPN client will work.
3.2. Bridged Tap Networking
If you want the guest to appear as another host on the LAN, visible to the rest of the network, you will have to use bridged networking. There are many QEMU howtos around, but most are out of date, as it has changed since the 2.6.18 kernel.
Here we describe a simple method that works. Many howtos talk of making a qemu-ifup script that lives in /etc. Unfortunately, most of the howtos seem to be outdated, as none of the suggested scripts found in there worked. Below we will present a script that creates the bridge and tap interfaces with appropriate commands.
First you will need bridge-utils, available from the base repo:
yum install bridge-utils
You'll also need tunctl. There's an rpm that works at Fedora's download site. That link takes you to the development directory. From there, you will see the i386 and x86_64 directories. Choose the one for your architecture and go into its os/Packages directory. Locate a tunctl rpm there. It's marked fc9, but works on CentOS-5.1. Download it and install it with:
rpm -Uvh tunctl-<version.arch>.rpm
You will also want to edit your /etc/udev/rules.d/90-kvm-rules. When you installed the rpm, the created file reads:
KERNEL=="kvm", NAME="%k", GROUP="kvm", MODE="0660"
Add the line:
KERNEL=="tun", NAME="%k", GROUP="kvm", MODE="0660"
For the impatient, here is our simple script. We'll explain it afterwards. This is assuming that you're on a 192.168.1.0/24 network with no DHCP server.
#!/bin/sh PATH=$PATH:/usr/sbin:/sbin sudo brctl addbr br0 sudo ifconfig eth0 0.0.0.0 sudo brctl addif br0 eth0 sudo ifconfig br0 192.168.1.120 netmask 255.255.255.0 up sudo route add -net 192.168.1.0 netmask 255.255.255.0 br0 sudo route add default gw 192.168.1.1 br0 sudo tunctl -b -u john sudo ifconfig tap0 up sudo brctl addif br0 tap0 export SDL_VIDEO_X11_DGAMOUSE=0 sudo iptables -I RH-Firewall-1-INPUT -i br0 -j ACCEPT qemu-kvm ~/win2k.img -m 512 -net nic -net tap,ifname=tap0,script=no
Here is what we've done. We are using sudo, but you could also use su until the line that starts qemu. In CentOS, only root's $PATH has /sbin and /usr/sbin, but most these commands are located in one of those two directories, so we start by adding it to the user's path.
We create a bridge, br0, with the brctl addbr command. As we're going to add eth0 to the bridge, we have to 0 out its address, which we do with the ifconfig eth0 0.0.0.0.
Note that when you change eth0's address to 0.0.0.0 you'll temporarily lose connectivity to your network. So don't try to do this remotely, or at a time when you don't want to briefly lose connectivity.
The next commands add eth0 to the bridge and give the bridge eth0's former address. If your ethernet card gets its address from DHCP, you can replace the ifconfig and route commands with
dhclient br0
The tunctl command adds a tap0 interface and gives user john permissions for it. Then it's brought up with ifconfig. Note that it isn't given an address.
Now add tap0 to br0.
The next DMOUSE line may need to be added if you have Windows guests.
The iptables rule will allow traffic to the bridge. If we don't insert that rule, the virtual machine is unable to use DNS and DHCP.
Lastly, we bring up qemu-kvm. we've explained most of the flags already, but note the -net nic -net tap,if=tap0,script=no part of it. All of this seems to be necessary. As mentioned, we haven't been able to get qemu-ifup to work. However, kvm-qemu expects to find such a script and if it doesn't, there can be problems. Therefore, we have the script=no option. When all this is done, qemu-kvm should start. If you have a DHCP server on your network, even if your host has a static address, the guest O/S should be able to receive an address from that server, otherwise, you will manually configure the guest's IP address just as you would on any Linux, BSD or Windows system.
4. Odds and Ends
[1] If you are running a centosplus kernel and wish to try kvm in the testing repo, you need to do the following. First, install the distro kernel 2.6.18.53.1.14 (but no need to boot this kernel). This is because kmod-kvm Requires the distro kernel. kmod-kvm installs the modules into /lib/modules/2.6.18.53.1.14.el5/extra/kvm. Copy those modules over to /lib/modules/2.6.18.53.1.14.el5.centos.plus/extra/kvm
[2] If you already have VirtualBox or VMWare on the machine, it doesn't play nicely with qemu-kvm. For example, if you regularly use VirtualBox and do not want the kvm modules being loaded on boot, rename /etc/sysconfig/modules/kvm.modules to kvm.modules.bak.
Then when you decide that you want to run qemu-kvm instead, stop VirtualBox and do
rmmod vboxdrv
before doing the modprobe kvm-intel. Only one can run at a time.
---
Thanks goes to ScottRobbins who contributed this guide. The original article is found at http://home.nyc.rr.com/computertaijutsu/centoskvm.html
