Thursday, January 17, 2013

Enable KVM on BIOS

I recently built a system with 32GB of ram, intel core i7 3770K CPU at 3.5 GHz along 2 TB of disk space. I tried to load the KVM but it failed. I went to BIOS and disable "Trusted Execution”. I enable cpu virtulization and rebooted the machine.  Now, I have finest and greatest available on my finger print...

----------------- detail below ------------------

[root@my32GB Packages]# virt-manager


Error polling connection 'qemu:///system': internal error Cannot find suitable emulator for x86_64

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/engine.py", line 440, in _tick
    conn.tick()
  File "/usr/share/virt-manager/virtManager/connection.py", line 1422, in tick
    newNets, self.nets) = self._update_nets()
  File "/usr/share/virt-manager/virtManager/connection.py", line 1285, in _update_nets
    lookup_func, build_class)
  File "/usr/share/virt-manager/virtManager/connection.py", line 1217, in _poll_helper
    if not check_support():
  File "/usr/share/virt-manager/virtManager/connection.py", line 509, in is_network_capable
    virtinst.support.SUPPORT_CONN_NETWORK)
  File "/usr/lib/python2.6/site-packages/virtinst/support.py", line 574, in check_conn_support
    return _check_support(conn, feature, conn)
  File "/usr/lib/python2.6/site-packages/virtinst/support.py", line 443, in _check_support
    actual_drv_ver = _hv_ver(conn, uri)
  File "/usr/lib/python2.6/site-packages/virtinst/support.py", line 376, in _hv_ver
    ret = cmd(*args)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 3192, in getVersion
    if ret == -1: raise libvirtError ('virConnectGetVersion() failed', conn=self)
libvirtError: internal error Cannot find suitable emulator for x86_64


[root@my32GB Packages]# grep -i kvm /var/log/messages | more
Jan 16 05:49:10 my32GB kernel: kvm: disabled by bios
Jan 16 21:53:28 my32GB kernel: kvm: disabled by bios
Jan 17 18:03:49 my32GB kernel: kvm: disabled by bios
Jan 17 20:17:32 my32GB kernel: kvm: disabled by bios




=====================================


RHEL 6 virtualization
KVM - Kernel-based Virtualization Machine (Hypervisor)
QEMU - Processor emulator
RHEL 6 only supports virtualization via KVM/QEMU, and
only on 64bit systems supporting virtualization extensions

Intel: Intel VT ( flag: vmx ) -Virtual Machine x86 (VT-x)
AMD: AMD-V ( flag: svm - secure virtual machine )

$ grep flags /proc/cpuinfo
PACKAGES
There are four package groups available to install the
necessary and ancillary software to support virtualization.
Virtualization
Virtualization Client
Virtualization Platform
Virtualization Tools


LIBVIRT
libvirt is the management framework used in RHEL 6
virtualization.
The libvirtd daemon will always be running in the
background to handle virtualization needs and management
requests such as starting, stopping, installing, etc.
Interface to libvirt is provided by:
virsh - command line client
virt-manager - GUI client




LAB
1. Create a VM on your machine using the RHEL 6 i386
sources available on server1.
2. Make sure the guest starts on host reboot.




INSTALL RED HAT ENTERPRISE LINUX AUTOMATICALLY USING KICKSTART
Use kernel boot options:
linux ks=ftp/http://host/ks.cfg
linux ks=nfs:host:/ks.cfg
linux ks=cdrom:/dev/dir/ks.cfg
linux ks=hd:/dev/dir/ks.cfg
linux ks=file:/dev/dir/ks.cfg
1. Install, Deploy and maintain the OS
setup virt-manager and install OS
1. Check if virtd is running.
# /etc/init.d/libvirtd status
# /etc/init.d/libvirtd start
# /etc/init.d/libvirtd status
libvirtd (pid  3429) is running...
# chkconfig libvirtd on# chkconfig libvirtd --list
libvirtd        0:off 1:off 2:off 3:on 4:on 5:on 6:off
2. Run the virt-manager
GUI:- Application -->> System Tools -->> Virtual Machine Manager
CLI: virt-manager &
3. You will see a Virtual Machine Manager window with Computer icon on the left.
   a. Click on the icon
   b. On New VM window, enter Virtual Machine details like Name, how you like to install (local, network, pxe or import existing disk image)
   c. Make  your selection, I would pick local media option.
4. Click Forward and specify your CDROM or ISO Image location.
   Also specify the OS type and version (I have ISO)
5. Click forward and specify the Memory and CPU information. (2GB, 2 CPU)
6. Click Forward and Specify disk space.
   a. Check Enable storage for this virtual machine
   b. Specify the disk image size ( I would pick 20GB)
   c. Check allocate entire disk ..
7. Click Forward and Click on Advanced options
   a. select your network type (NAT/Bridge) I select bridge network.
   b. Check Set a fixed Mac Address
   c. Select Virt Type: kvm (There is qemu too)and Architecture: x86_64
8. Now Click finish. Installation begins.
-------------------------------------------------
Virtual Machine Text Console
With libguestfs-tools installed and the VM in question shut-down, from the host:
# virt-edit {VMname} /boot/grub/menu.lst
append to following entry below at the kernel line:
console=tty0 console=ttyS0
After saving, the following commands should allow a console based view
of the boot process and a console login:
# virsh start {VMname} ; virsh console {VMname} : ^] to disconnect from console.
Start and stop virtual machines.
# virsh start <vm name>
# virsh shutdown <vm name> : Graceful shutdown
# virsh destroy <vm name> : Power off virtual machine.
# virsh autostart <vm name> : Start vm at boot.
------------------------------------------------------
Virtual Machines using KVM
To install with prompt
#virt-install --prompt
List virtual machine
#virsh list
Stop virtual machine
#virsh destroy <vm name>
Configure VM autostart
#virsh autostart <vm name>
Unconfigure VM autostart
#virsh autostart --disable <vm name>
To install
#virt-install --name=ramsing.expanor.local -r 768 --disk path=/var/lib/libvirt/images/ramsing.expanor.local.img,size=8 -l http://192.168.10.110/pub/inst -x "ks=http://192.168.10.110/pub/ks/rhel03.cfg"

============================================
KVM - Command Line Administration
1. Install a virtual machine using virt-install command.
# virt-install \
--name TESTSERV1 \
--ram 500 \
--vcpus=2 \
--network network=default \
--os-variant RHEL6
2. Clone a virtual guest use virt-clone command
# virt-clone --original TESTEERV1 --name TESTSERV2 --file /var/lib/libvirt/images/TESTSERV2.img --mac 00:50:56:98:70:0B
Note: You may get networ error or interface is not available , google to fix it.
3. List the currently installed KVM guests virsh list --all command (or Type # virsh and type list -all)
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 18    TESTSERV2                        running
 19    TESTSERV1                        running
 -     TESTSERV2                        shut off
Note: virt-inspector will show the OS version, kernel version, mount point and installed drivers.
# virt-inspector DOMAIN
4. Check the CPU/Memory Utilization
# virt-top
virt-top 14:49:49 - x86_64 2/2CPU 3400MHz 1751MB
3 domains, 2 active, 2 running, 0 sleeping, 0 paused, 1 inactive D:0 O:0 X:0
CPU: 1.5%  Mem: 1536 MB (1536 MB by guests)
   ID S RDRQ WRRQ RXBY TXBY %CPU %MEM    TIME   NAME
   19 R    0    0  12K    0  1.1 29.0   7:14.45 TESTSERV1
   18 R    0    0  184    0  0.3 58.0   2:39.18 TESTSERV3
    -                                           (TESTSERV2)
5. Check the directory contents of a guest machine
# virt-ls -l -a /Virtual/TESTSERV1.img /root
total 80
dr-xr-x---.  3 root root  4096 Jun 28 05:21 .
dr-xr-xr-x. 25 root root  4096 Jun 28 07:19 ..
-rw-------   1 root root   420 Jun 28 09:17 .bash_history
-rw-r--r--.  1 root root    18 May 20  2009 .bash_logout
-rw-r--r--.  1 root root   176 May 20  2009 .bash_profile
-rw-r--r--.  1 root root   176 Sep 23  2004 .bashrc
-rw-r--r--.  1 root root   100 Sep 23  2004 .cshrc
drwx------   2 root root  4096 Jun 24 05:22 .ssh
-rw-r--r--.  1 root root   129 Dec  4  2004 .tcshrc
-rw-------.  1 root root  1364 Jun 24 04:40 anaconda-ks.cfg
-rw-r--r--.  1 root root 26876 Jun 24 04:39 install.log
-rw-r--r--.  1 root root  7572 Jun 24 04:38 install.log.syslog
6. List the content of a file of a Guest machine.
# virt-cat -d TESTSERV1 /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=TESTSER1
7. Check mount point and FS utilization.
# virt-df -h -d TESTSERV1
Filesystem                                Size       Used  Available  Use%
TESTSERV1:/dev/sda1                         193M        28M       155M   15%
TESTSERV1:/dev/OSVG/lvroot                  7.7G       1.7G       5.6G   23%
8. List the partition, FS, LVM info of a guest OS. (#virt-filesystems -d DOMAIN)
# virt-filesystems -d TEST-LINUX1 --long --all
Name                  Type       VFS  Label MBR Size        Parent
/dev/sda1             filesystem ext4 -     -   524288000   -
/dev/VolGroup/lv_root filesystem ext4 -     -   10242490368 -
/dev/VolGroup/lv_swap filesystem swap -     -   2113929216  -
/dev/VolGroup/lv_root lv         -    -     -   10242490368 /dev/VolGroup
/dev/VolGroup/lv_swap lv         -    -     -   2113929216  /dev/VolGroup
/dev/VolGroup         vg         -    -     -   12356419584 -
/dev/sda2             pv         -    -     -   12356419584 -
/dev/sda1             partition  -    -     83  524288000   /dev/sda
/dev/sda2             partition  -    -     8e  12359565312 /dev/sda
/dev/sda              device     -    -     -   12884901888 -
9. Copy the guest file/directory content. (# virt-copy-out -d DOMAIN /file|dir localdir)
# virt-copy-out -d TESTSERV1 /root/testfile.txt /root
10 Copy file/directory from host server to guest OS (# virt-copy-in -d domain file|dir /destination)
# virt-copy-in -d TESTSERV1 /root/testerfile1.txt /root/
Note: Using "virt-copy-in" on live virtual machines can be dangerous, potentially causing disk corruption.  The virtual machine must be shutdown before you use this command.
11. To edit file of KVM guest OS. (# virt-edit -d DOMAIN filename)
# virt-edit -b .orig -d TEST-LINUX1 /root/testfile.txt
Use -b option to make a backup of original file.
Note: Using "virt-edit" on live virtual machines can be dangerous, potentially causing disk corruption.  The virtual machine must be shutdown before you use this command.
There are lots of other command line tools to administer KVM virtual machines on RHEL6.
=================================================
ACCESS A VIRTUAL MACHINE'S CONSOLE
virt-manager
OR virt-viewer
OR:
1. virsh vncdisplay domain
2. vncviewer localhost:display

START AND STOP VIRTUAL MACHINES
virt-manager
OR:
1. virsh start domain
2. virsh shutdown domain




======================================
List and identify SELinux file and process context.
View SELinux contexts of processes:
# ps -eZ, ps -axZ, ps -Zc <process name>, etc.
View SELinux contexts of files and directories:
# ls -Zd /path/to/dir/, ls -Z /path/to/file, etc.
View SELinux contexts of users:
id -Z
Policy context rules are stored in
/etc/selinux/targeted/context/files/file_contexts and
/etc/selinux/targeted/context/files/file_contexts.local
# semanage fcontext -[a|d|m] -f <ftype> -t <context> ‘<regex>’
e.g.: semanage fcontext -a -t virt_image_t “/virtstorage(/.*)?”
Restore default file contexts.
# restorecon -R -v /dir/ : note the last slash. -R = recursive (all child files and directories) -v = verbose.

Use boolean settings to modify system SELinux settings.
 - Booleans are plain text files located in /selinux/booleans
 - semanage boolean -l : List booleans with basic descriptions (very useful with grep)
 - setsebool [-P] <boolean_name> : set SE boolean, -P to make permanent (survive reboot)
 - Use the graphical tool: system-config-selinux
 - Diagnose and address routine SELinux policy violations.
Many targeted services have specialised man pages dealing with SELinux configuration.
Display these pages with:
# man -k ‘_selinux’
Installing setroubleshoot-server sends SELinux error messages to /var/log/messages. These can be further parsed with sealert.
audit2why and audit2allow can be used to parse the messages in /var/log/audit/audit.log and explain why access was denied, and how to modify your configuration to allow it.
# semanage port -l : list SELinux port settings.
SELinux Packages and utilities
coreutils : Always installed. Provides some default elements of SELinux.
policycoreutils : Provides restorecon, secon, setfiles, et al.
libselinux-utils : Provides getenforce, setenforce, getsebool, setsebool, et al.
policycoreutils-gui : Provides system-config-selinux and sepolgen, et al.
policycoreutils-python : Provides semanage, audit2allow, audit2why, et al.
setroubleshoot : Provides seapplet
setroubleshoot-server : Provides sealert, sedispatch, setroubleshootd, et al.

==========================
SET ENFORCING AND PERMISSIVE MODES FOR SELINUX
Persistent change:
/etc/selinux/config:
SELINUX=enforcing|permissiveCurrent session:
Non persistent change:
setenforce 1|0|enforcing|permissive

VIEW SELINUX STATUS:
Sestatus

LIST AND IDENTIFY SELINUX FILE AND PROCESS CONTEXT
ls -lZ
ps -efZ

RESTORE DEFAULT FILE CONTEXTS
restorecon -R*file

USE BOOLEAN SETTINGS TO MODIFY SYSTEM SELINUX SETTINGS
View booleans:
getsebool -a | grep keyword
OR*semanage boolean -l | grep keyword
Change booleans:
setsebool -P boolean on|off

DIAGNOSE AND ADDRESS ROUTINE SELINUX POLICY VIOLATIONS
Diagnose:
/var/log/audit/audit.log
/var/log/messages
view service logs
sealert
Fix:
audit2allow
setsebool -P boolean on|off


========================



No comments:

Post a Comment