One of the big reasons I moved to the new Ubuntu LTS for my main server was to get the new packages for KVM. To my disappointment, the versions that ship with 10.04 are slightly antiquated, especially with the amount of changes that are happening in the KVM development society. I found this PPA maintained by Daniel Baumann had everything that I needed. He keep is quite up to date and resolves build problems quickly. I don’t recommend you to use this PPA for production systems, I use it for my personal system and try to give any support to Daniel that I can because it really helps me out that he is packaging/maintaining this for the bleeding edge KVM packages.
KVM is a really great piece of virtualization software that is up and coming in the linux world, in the last several months the graphical (newbie) tools have become very simple to use. These tools still lag behind other solutions for virtualization such as VirtualBox or Vmware products, however KVMs performance and developmental activity make it a likely candidate for people setting up virtualization servers for personal and enterprise use.
Before we begin let me explain my set-up. I have a server that will be running the qemu-kvm software with libvirt that I will administer from my laptop running virt-manager. You can use KVM and Virt-Manager all while on the same machine without issue, but this guide is written for my particular configuration. I assume before beginning that you are running a pretty vanilla machine and will not have any strange configurations that would conflict with a standard Ubuntu 10.04 install.
Install Dnjl’s Virtualization PPA
I personally still use the oldstyle /etc/apt/sources.list because it makes me feel more comfortable. Here we go:
sudo nano /etc/apt/sources.list
Now lets add the PPA lines:
# Daniel Baumann’s Virtualization repository
deb http://ppa.launchpad.net/dnjl/virtualization/ubuntu lucid main
deb-src http://ppa.launchpad.net/dnjl/virtualization/ubuntu lucid main
Now save the file and grab the PPA’s key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F6E6BED2
Do an update and install the server software:
sudo apt-get update
sudo apt-get install kvm libvirt-bin
There will be quite a bit of dependencies, once this is all installed we should be ready to go. To test you should fire up virt-manager and connect to your machine. I use ssh for this connection but there are many other options.
Setting up a bridge for the Virtual Machines to use
I am using two network interfaces on this machine, If you only have or need one interface then make sure to un-comment the gateway field for the bridge. I will be setting up UFW later on this machine, because of this configuration we will have to set up some rules in advance to make sure that UFW/Netfilter does not block activity on the bro/eth1 interface. Here is an example of my /etc/networking/interfaces file:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).# The loopback network interface
auto lo
iface lo inet loopback# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.2
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1# The secondary network interface, used by br0
auto eth1
iface eth1 inet manual# The bridge network interface, used by kvm
auto br0
iface br0 inet manual
bridge_ports eth1
bridge_stp yes
bridge_fd 0
bridge_maxwait 0
It is very important to do a ‘manual’ on the bridged interface as that will prevent br0 from going out and trying to get an IP of its own from your DHCP. If it did go get an IP you are going to have to deal with route issues on the server, this I can assure you is very frustrating. Also make sure you have STP enabled (yes) as it can cause major issues for your network.
Now we need to set up some rules. This is related to the bug #573461 in launchpad. First one is going in the /etc/ufw/before.rules you will need to add this line before the COMMIT portion of the file, I have included the trailing COMMIT for reference:
# allow the bridged interface
-I FORWARD -m physdev –physdev-is-bridged -j ACCEPT# don’t delete the ‘COMMIT’ line or these rules won’t be processed
COMMIT
The next configuration change occurs in the /etc/sysctl.conf file, I added these lines to the end of file.
###################################################################
# Disable netfilter on the bridge interface for KVM
# Solution is associated with launchpad bug number 573461net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
Using KVM with the Bridged interface
Now that you have KVM installed and a viable bridge to use there are no more barriers to creating a VM that can utilize the bridged interface. With Virt-Manager greater than 8.2 you can specify the ‘shared interface’ (During Stage 5 of the VM install) for the VM to use. Simply type in the name of your bridge, in our case it is br0. If you do not have Virt-Manager greater than 8.2 you will find that specifying a shared interface is not an option and you are going to be limited to using virsh to modify a VM. This will require that you create a VM with the default network interface, then after created you can use virsh to modify the xml describing the particular interface that VM uses.
Please feel free to leave questions in the comments. This article is a little more brief than many of my others and I have made many assumptions with my guide along with limited descriptions for someone who is not familiar with using KVM for the first time.
Good Luck!
A very useful guide.
But in https://help.ubuntu.com/community/KVM/Networking they use bridge_stp = no
What should I use, and what does bridge_stp do ?
I made sure mine was enabled. stp (spanning tree protocol) is a setting that attempts to mitigate network loopbacks, you can find more about it here: (http://en.wikipedia.org/wiki/Spanning_tree_protocol)
Hello, I know it may be trivial to some but are/how do you reload the config files after modification? I know that ‘sudo /etc/init.d/networking restart’ resets the networking so it recognizes the new bridge… but do the others require any service restarts?
It’s not trivial, and I am sorry to say I didn’t understand well enough how to reload the networking interfaces…. so I restarted quite a bit of times during my testing or tried to get /etc/init.d/networking restart to force a change… Bad solution I know but eventually I got it finished and never circled back to try and understand how to force the interfaces to reload. You may try the ifdow/ifup commands.
Garrett: Any service which depends on networking >>should<< get automaticaö restarted if you restart /etc/init.d/networking. But's its not guaranteed, there are still some buggy init-scripts arround, but the usual ones should do it.