Outils pour utilisateurs

Outils du site


Panneau latéral

Tips

Divers

Projets

Ham Radio

Machines

Research

Privé

Études

projets:debiankvm

KVMs on Debian

Prerequisites

$ sudo apt-get  install qemu-kvm libvirt-bin
...
$ adduser shtrom libvirt
...

Networking

A TAP interface will be used for the VM, and bridged with the normal ethernet interface. The new br0 interface is the one which then get, configured, rather than eth0.

/etc/network/interfaces
...
iface eth0 inet manual
 
auto br0
iface br0 inet dhcp
   pre-up ip tuntap add dev tap0 mode tap user pumpio
   pre-up ip link set tap0 up
   bridge_ports all tap0
   bridge_stp off
   bridge_maxwait 0
   bridge_fd      0
   post-down ip link set tap0 down
   post-down ip tuntap del dev tap0 mode tap

With a reasonnably configured firewall (DROP policy, and whitelist), this will not work directly. The guest will not be able to get its packets across through the bridge. This is due to the DROP policy of the FORWARD chain. To allow traffic from the guest to the rest of the network, a rule has to be added. For simplicity, everything coming from the guest, on tap0, will be allowed. This should probably be refined later.

$ sudo iptables -p icmp -j ACCEPT
$ sudo iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -m physdev --physdev-in tap0 -j ACCEPT
$ sudo iptables -A FORWARD -p udp --sport 67:68 --dport 67:68 -j ACCEPT

Very similarly to normal firewalling, we allow

  • cimp traffic,
  • established connections,
  • new connections from the guest,
  • DHCP traffic.

A similary setup is probably needed for IPv6.

We let iptables-persistent take care of restoring these rules automatically in the future

$ sudo service iptables-persistent save

Image Creation and Installation

$ sudo qemu-img create -f qcow2 vdisk.img 10G
$ sudo qemu-system-x86_64  -hda vdisk.img -cdrom debian-6.0.7-amd64-netinst.iso -boot d -m 512 -net nic -net tap,ifname=tap0,script=no,downscript=no --enable-kvm --vnc :0

We can now connect to the instance with VNC, in order to proceed with a rather classic Debian install.

PXE Booting a VM

GRUB comes with a PXE-enabled boot image. Note the difference in the qemu parameters: -tftp / -bootp /usr/lib/grub/i386-pc/pxeboot.img.

$ qemu-img create -f qcow2 openbsd53.img 2G
Formatting 'openbsd53.img', fmt=qcow2 size=2147483648 encryption=off cluster_size=65536
$ sudo qemu-system-x86_64  -hda openbsd53.img -tftp / -bootp /usr/lib/grub/i386-pc/pxeboot.img  -boot n  -m 512 -net nic -net tap,ifname=tap0,script=no,downscript=no --enable-kvm --vnc :0

References

  1. KVM. Debian Wiki.
  2. QEMU. Debian Wiki.
  3. Johnson D . Bundling Debian image for OpenStack. CSS Corp Open Source Services. 28 Nov. 2011. (s/kvm/quemu/)
  4. OpenStack on Debian GNU/Linux Wheezy. Debian Wiki. 08 May 2013.
  5. QEmu, PXE Boot. TUDOS-Wiki. 15 July 2011.

.

projets/debiankvm.txt · Dernière modification: 2013-11-15 05:06 (modification externe)