Front cover
Virtualization Cookbook for IBM Z Volume 5 KVM
Bill White Sergio Chang Mariselli David Borges de Sousa Eduardo Simoes Franco Pablo Paniagua Richard Ruppel Richard Young
Redbooks
IBM Redbooks
Virtualization Cookbook for IBM Z Volume 5: KVM
April 2020
SG24-8463-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii.
First Edition (April 2020)
This edition applies to Red Hat REL 8.1, SUSE SELS 15 SP1, and Ubuntu 18.04 LTS.
© Copyright International Business Machines Corporation 2020. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents
Notices ...... vii Trademarks ...... viii
Preface ...... ix Authors...... ix Now you can become a published author, too! ...... x Comments welcome...... xi Stay connected to IBM Redbooks ...... xi
Chapter 1. Understanding the kernel-based virtual machine on IBM Z ...... 1 1.1 Kernel-based virtual machine on IBM Z ...... 2 1.1.1 Why on IBM Z ...... 2 1.1.2 KVM as a hypervisor on IBM Z ...... 3 1.2 KVM working on IBM Z ...... 6 1.3 Managing and monitoring KVM on IBM Z ...... 7 1.3.1 Libvirt ...... 8 1.3.2 OpenStack ...... 8 1.3.3 Virt-install ...... 8 1.3.4 Virsh ...... 9 1.3.5 Cockpit ...... 9 1.3.6 Platform management...... 10 1.3.7 Managing the KVM guest lifecycle ...... 10 1.3.8 KVM host and guest monitoring ...... 10 1.4 Securing KVM on IBM Z ...... 11 1.4.1 Access control...... 11 1.4.2 Authentication solutions ...... 11 1.4.3 Multi-Factor authentication ...... 11 1.4.4 Audit ...... 12 1.5 Availability with KVM on IBM Z ...... 12 1.6 KVM on IBM Z backup and recovery ...... 13
Chapter 2. Planning for the kernel-based virtual machine host and guest ...... 15 2.1 Basic requirements for KVM hosts and guests ...... 16 2.1.1 Hardware requirements...... 16 2.1.2 Software requirements ...... 17 2.1.3 Availability requirements ...... 17 2.1.4 Deployment architecture ...... 19 2.2 Planning resources for KVM guests ...... 20 2.2.1 Compute considerations ...... 20 2.2.2 Storage considerations ...... 21 2.2.3 Network considerations...... 25 2.2.4 Encryption considerations...... 26 2.2.5 KVM guest domain considerations ...... 27 2.2.6 Methods for installing Linux into a guest domain ...... 28 2.2.7 Linux virtual machine live migration ...... 29 2.3 Planning for management and monitoring ...... 30 2.3.1 KVM host management ...... 30 2.3.2 KVM host monitoring...... 31 2.3.3 KVM guest management ...... 31
© Copyright IBM Corp. 2020. All rights reserved. iii 2.3.4 KVM guest monitoring...... 32 2.4 Planning for security ...... 33 2.4.1 Access controls...... 33 2.4.2 Authentication solutions ...... 33 2.4.3 Audit ...... 34 2.4.4 Firewalls ...... 34 2.4.5 Cryptography ...... 35 2.4.6 Multifactor authentication ...... 36 2.5 Planning for backup and recovery...... 36 2.5.1 KVM host backups and recovery ...... 36 2.5.2 KVM guest backup and recovery ...... 38
Chapter 3. Preparing the Red Hat KVM environment for VM usage...... 39 3.1 Defining the target configuration ...... 40 3.1.1 Logical View ...... 40 3.1.2 Physical resources ...... 41 3.1.3 Software resources ...... 42 3.2 Preparing the infrastructure...... 42 3.2.1 Configuring the resources in Z platform ...... 42 3.2.2 Configure the storage resources...... 42 3.3 Collecting information ...... 44 3.3.1 Required information for RHEL on an LPAR installation...... 45 3.3.2 Required information for virtual machine installations...... 46 3.4 Installing RHEL on an LPAR as KVM host ...... 48 3.4.1 Preparing the installation ...... 48 3.4.2 Install RHEL on an LPAR ...... 49 3.4.3 Preparing the host for virtualization...... 50 3.5 Configuring the KVM host ...... 52 3.5.1 Defining NICs ...... 52 3.5.2 Defining the bond interface ...... 53 3.5.3 Define HiperSocket interfaces...... 55 3.5.4 Define SMC interfaces ...... 57 3.5.5 Defining the MacVTap network...... 61 3.5.6 Defining crypto adapters and domains ...... 62 3.6 Deploying virtual machines on KVM ...... 64 3.6.1 Creating QCOW2 disk image file ...... 64 3.6.2 Installing a new guest by using virt-install...... 64 3.6.3 Cloning a guest by using Virsh ...... 65 3.6.4 Adding HiperSockets to the VM guest ...... 67 3.6.5 Adding LUNs...... 68 3.6.6 Adding cryptography support to the VM guest ...... 69
Chapter 4. Preparing the SLES KVM environment for VM use ...... 71 4.1 Defining the target configuration ...... 72 4.1.1 Logical View ...... 72 4.1.2 Physical resources ...... 72 4.1.3 Software resources ...... 73 4.2 Preparing the infrastructure...... 74 4.3 Collecting information ...... 76 4.3.1 Required information for SLES on an LPAR installation...... 77 4.3.2 Required information for virtual machine installations...... 78 4.4 Installing SUSE on an LPAR as a KVM host ...... 80 4.4.1 Preparing the installation ...... 80
iv Virtualization Cookbook for IBM Z Volume 5: KVM 4.4.2 Installing SLES on an LPAR ...... 81 4.5 Preparing the host for virtualization...... 82 4.6 Configuring the KVM host ...... 85 4.6.1 Defining NICs ...... 85 4.6.2 Defining the bond interface ...... 86 4.6.3 Defining HiperSockets interfaces ...... 88 4.6.4 Defining SMC interfaces ...... 89 4.6.5 Defining the MacVTap network...... 92 4.6.6 Defining crypto adapters and domain ...... 93 4.7 Deploying virtual machines on KVM ...... 95 4.7.1 Creating QCOW2 disk image file ...... 95 4.7.2 Installing a new guest by using virt-install...... 96 4.7.3 Cloning a guest by using Virsh ...... 98 4.7.4 Adding HiperSockets to the virtual machine guest ...... 99 4.7.5 Adding LUNs...... 100 4.7.6 Adding cryptography support to the VM guest ...... 101
Chapter 5. Preparing the Ubuntu KVM environment for VM usage ...... 105 5.1 Defining the target configuration ...... 106 5.1.1 Logical View ...... 106 5.1.2 Physical resources ...... 106 5.1.3 Software resources ...... 107 5.2 Preparing the infrastructure...... 108 5.2.1 Configuring resources...... 108 5.2.2 Configuring storage resources ...... 108 5.2.3 Setting up the FTP server for the installation ...... 109 5.3 Collecting information ...... 110 5.3.1 Required information for Ubuntu on an LPAR installation...... 111 5.3.2 Required information for virtual machine installations...... 112 5.4 Installing Ubuntu on an LPAR as a KVM host...... 113 5.4.1 Preparing the installation ...... 113 5.4.2 Installing Ubuntu on an LPAR...... 114 5.5 Preparing the host for virtualization...... 114 5.6 Configuring the KVM host ...... 116 5.6.1 Defining NICs ...... 116 5.6.2 Defining the bond interface ...... 117 5.6.3 Defining HiperSockets interfaces ...... 119 5.6.4 Defining SMC interfaces ...... 120 5.6.5 Defining the MacVTap network...... 124 5.6.6 Defining crypto adapters and domain ...... 126 5.7 Deploying virtual machines on KVM ...... 128 5.7.1 Creating QCOW2 disk image file ...... 128 5.7.2 Installing a new guest by using virt-install...... 128 5.7.3 Cloning a guest by using Virsh ...... 130 5.7.4 Adding HiperSockets to the VM guest ...... 131 5.7.5 Adding LUNs...... 132 5.7.6 Adding cryptography support to the VM guest ...... 134
Chapter 6. Monitoring the environment ...... 137 6.1 Availability monitoring and real-time event analytics...... 138 6.1.1 Grafana ...... 138 6.1.2 Cockpit ...... 141 6.1.3 Nagios monitoring and alerting ...... 144
Contents v 6.1.4 virt-manager ...... 148 6.1.5 virsh cli ...... 151 6.2 Performance monitoring ...... 152 6.2.1 Sysstat, Sar, and kSar ...... 152 6.2.2 perf kvm ...... 154 6.2.3 vmstat ...... 155 6.2.4 virt-top and kvm_stat...... 156
Chapter 7. Managing the environment ...... 159 7.1 Managing resources ...... 160 7.1.1 Virsh ...... 160 7.1.2 Virtual Machine Manager ...... 162 7.1.3 Cockpit ...... 164 7.1.4 OpenStack ...... 165 7.1.5 Choosing the correct tool ...... 167 7.2 Recovery management ...... 168 7.2.1 Snapshot...... 169 7.2.2 FlashCopy...... 169 7.3 Security management ...... 171 7.3.1 FreeIPA...... 171 7.3.2 sVirt...... 175 7.3.3 AppArmor ...... 176 7.3.4 Linux Audit ...... 177
Chapter 8. Optimizing Oracle Database for developing and testing on a SLES KVM guest ...... 181 8.1 Introduction ...... 183 8.2 LPAR prerequisites ...... 184 8.3 Installing SLES 15 SP1 on the LPAR ...... 185 8.4 Preparing the environment for the SLES KVM guest installation ...... 185 8.5 Installing and configuring the SLES 12 SP5 KVM guest for Oracle Database installation 186 8.6 Installing the Oracle Database in the SLES 12 SP5 KVM guest...... 188 8.7 Switching the KVM virtual server to run natively in an LPAR ...... 189 8.7.1 Preparing the SLES 12 SP5 virtual machine ...... 189 8.7.2 Preparing the SLES 15 SP1 hypervisor ...... 190 8.7.3 Generating a GRUB configuration file...... 191
Appendix A. KVM live migration ...... 193
Appendix B. Scripts for SLES guest installation ...... 197 Preparation and setup for AutoYAST installation...... 198 AutoYAST configuration file for KVM guest ...... 199
vi Virtualization Cookbook for IBM Z Volume 5: KVM Notices
This information was developed for products and services offered in the US. This material might be available from IBM in other languages. However, you may be required to own a copy of the product or product version in that language in order to access it.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user’s responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, MD-NC119, Armonk, NY 10504-1785, US
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you provide in any way it believes appropriate without incurring any obligation to you.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Statements regarding IBM’s future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to actual people or business enterprises is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided “AS IS”, without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs.
© Copyright IBM Corp. 2020. All rights reserved. vii Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at http://www.ibm.com/legal/copytrade.shtml
The following terms are trademarks or registered trademarks of International Business Machines Corporation, and might also be trademarks or registered trademarks in other countries.
Db2® IBM Z® Tivoli® DS8000® IBM z15™ WebSphere® FICON® Parallel Sysplex® z/Architecture® FlashCopy® QRadar® z/OS® GDPS® Redbooks® z/VM® IBM® Redbooks (logo) ® z15™ IBM Spectrum® Storwize®
The following terms are trademarks of other companies:
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a worldwide basis.
Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Java, and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Ansible, Red Hat, are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other company, product, or service names may be trademarks or service marks of others.
viii Virtualization Cookbook for IBM Z Volume 5: KVM Preface
This IBM® Redbooks® publication provides a broad explanation of the kernel-based virtual machine (KVM) on IBM Z® and how it can use the z/Architecture®. It focuses on the planning of the environment and provides installation and configuration definitions that are necessary to build, manage, and monitor a KVM on Z environment. This publication applies to the supported Linux on Z distributions (Red Hat, SUSE, and Ubuntu).
This IBM Redbooks publication is useful to IT architects, system administrators, and those users who plan for and install KVM on IBM Z. The reader is expected to have an understanding of IBM Z hardware, KVM, Linux on Z, and virtualization concepts.
Authors
This book was produced by a team of specialists from around the world working at IBM Redbooks, Poughkeepsie Center:
Bill White is an IBM Redbooks Project Leader and Senior IT Infrastructure Specialist at IBM Redbooks, Poughkeepsie Center.
Sergio Chang Mariselli is an IT Specialist at IBM. He has more than 10 years of experience with IT infrastructure projects. He has been working in IBM for 8 years, leading IBM Z related projects. In last 4 years, Sergio has also been working with IBM z/VM® and Linux on Z. Currently, he leads projects, manages platforms, advises clients, and supports Peruvian clients on IBM Z.
David Borges de Sousa is an IT Specialist at IBM. He has more than 15 years of experience with IT solutions, projects, and infrastructure support. David has held technical positions in server support, IT coordinator, and consultant in the private and public sectors. Currently, he supports various technical teams within IBM internal accounts as a consultant and an enabler.
Eduardo Simoes Franco is an IT Specialist and Technology Consultant at IBM. He has more than 20 years of experience with IT Solutions, projects, and infrastructure support. He has held technical and management positions at several large corporations where he held a various positions in servers support as a network analyst, security officer, IT coordinator, and consultant. Currently, he supports large IBM clients worldwide on Docker, virtualization, and Linux on IBM Z platform.
Pablo Paniagua is a Client Technical Professional at IBM. He has been with IBM for a year, working on Openshift and KVM on Linux on Z. Before IBM, Pablo worked as an IT consultant on distributed systems. During his time at IBM, he has helped many clients with their Linux on Z environments and Hybrid Cloud Strategies.
Richard Ruppel is a Client Technical Specialist supporting IBM Z Business Partners. He has worked with IBM Z for over 30 years, including 24 years as a customer at large banks, manufacturers, and retailers. Richard joined IBM as a subject mater expert on SAP workloads running on IBM Z, including Parallel Sysplex®, z/OS®, Db2® for z/OS, and Linux on Z. He now provides technical support to business partners for IBM Z and LinuxONE hardware and software solutions and works to bring new workloads to the LinuxONE platform.
© Copyright IBM Corp. 2020. All rights reserved. ix Richard Young is a Senior Certified Executive IT Specialist. He is the senior lead within the IBM Systems Lab Services organization. He has been with IBM for 23 years. His areas of expertise include Cloud, Linux, and Virtualization on IBM Z platforms. Richard and his team provide technical support and guidance for IBM Z and LinuxONE enthusiasts worldwide on new and strategic technologies.
Thanks to the following people for their contributions to this project:
Robert Haimowitz Lydia Parziale Makenzie Manna IBM Redbooks, Poughkeepsie Center
Tom Ambrosio Melissa Carlson Bill Lamastro Dorothea Matthaeus Viktor Mihajlovski Stefan Raspl IBM
A special thanks to the team that contributed Chapter 8, “Optimizing Oracle Database for developing and testing on a SLES KVM guest” on page 181:
Marcos Antonio S Figueiredo Junior Pierre Morel Tony Gargya IBM
Mike Friesenegger SUSE
Now you can become a published author, too!
Here’s an opportunity to spotlight your skills, grow your career, and become a published author—all at the same time! Join an IBM Redbooks residency project and help write a book in your area of expertise, while honing your experience using leading-edge technologies. Your efforts will help to increase product acceptance and customer satisfaction, as you expand your network of technical contacts and relationships. Residencies run from two to six weeks in length, and you can participate either in person or as a remote resident working from your home base.
Find out more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.html
x Virtualization Cookbook for IBM Z Volume 5: KVM Comments welcome
Your comments are important to us!
We want our books to be as helpful as possible. Send us your comments about this book or other IBM Redbooks publications in one of the following ways: Use the online Contact us review Redbooks form found at: ibm.com/redbooks Send your comments in an email to: [email protected] Mail your comments to: IBM Corporation, IBM Redbooks Dept. HYTD Mail Station P099 2455 South Road Poughkeepsie, NY 12601-5400
Stay connected to IBM Redbooks