Instituto Superior de Engenharia do Porto Mestrado em Engenharia Eletrotécnica e de Computadores Arquitetura de Computadores
Virtualization with KVM and libvirt
Introduction
The KVM mechanism is best described in its own main web page1:
KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.
Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
Exercises
1) KVM can be used by simply passing the --enable-kvm command line parameter to QEMU. In this first exercise, we will compare the performance between the execution of a program in an emulated machine and its execution on a fully virtualized machine.
1.1) Download the arcom_vm.img and launch the distribution using QEMU in emulation mode: $ qemu-system-x86_64 arcom_vm.img
1.2) In the emulated machine, run /root/stress 100, where 100 is the number of iterations executed by the program, and measure its execution time using a clock (host application, smartphone, etc.). Note that this is the advisable procedure since time measurements in emulators and virtual machines (VMs) may be very inaccurate in several situations. Execution time:______1.3) Shut down the virtual machine and relaunch QEMU with --enable-kvm parameter: $ qemu-system-x86_64 –enable-kvm arcom_vm.img
Determine, by trial and error, the number of iterations to obtain an execution time approximately equal to the one obtained before
Number of iterations with KVM:______
1 https://www.linux-kvm.org/page/Main_Page Virtualization with KVM and libvirt 1/14 ARCOM – MEEC – ISEP – 2018/2019
Working with multiple virtual machines
In what follows, we will create an isolated network with two virtual machines connected to it. The network will be created using the Linux ethernet bridge mechanism. The virtual storage devices will be created using the QEMU qcow2 format. This format will be used because it provides the mechanism of backing file, i.e., the same image can be used as a base for several virtual machines.
Table 1 – Raw and qcow2 QEMU disk image types Raw Qcow2
Raw is default format if no specific format is Qcow2 is an open-source format developed specified while creating disk images. Raw as an alternative to the VMWare vmdk and disk images do not have special features like Oracle Virtualbox vdi formats. Qcow2 compression, snapshot, etc. On the other provides features like compression, snapshot hand, raw disk images are faster than other and backing file. disk image types.
2) Create a directory named after your student number under /opt and grant full access permission to it for all system users: # mkdir /opt/student number # chmod 777 /opt/student_number
Move all files to that directory and, from now on, keep working on that directory: # mv * /opt/student_number # cd /opt/student_number
3) Create the arcom-vm1.qcow2 and arcom-vm2.qcow2 volumes (both backed by the arcom-vm.qcow2 volume) to be used by the virtual machines: # qemu-img convert -O qcow2 arcom-vm.img arcom-vm.qcow2 # qemu-img create -f qcow2 -o backing_file=arcom-vm.qcow2 arcom-vm1.qcow2 # qemu-img create -f qcow2 -o backing_file=arcom-vm.qcow2 arcom-vm2.qcow2 # qemu-img info arcom-vm1.qcow2
The following script will be used to create a bridge with two virtual interfaces (vnet1 and vnet2) connected to it: #!/bin/sh set -x ip tuntap add vnet1 mode tap ip tuntap add vnet2 mode tap
# Bring up the tap devices ip link set vnet1 up ip link set vnet2 up
# Create the bridge to link the tap devices ip link add kbr0 type bridge
Virtualization with KVM and libvirt 2/14 ARCOM – MEEC – ISEP – 2018/2019 # Adding the interface into the bridge is # done by setting its master to bridge_name ip link set vnet1 master kbr0 ip link set vnet2 master kbr0
# Bring up the bridge ip link set kbr0 up
# Show existing bridges ip link show
Save the above script as ifup and enable execution permission for its owner (chmod u+x ifup).
The following script will be used to delete all interfaces created by the ifup script: #!/bin/sh set -x
# Bring down the bridge ip link set kbr0 down
# Delete the bridge ip link del kbr0
# Delete the tap devices ip tuntap del vnet1 mode tap ip tuntap del vnet2 mode tap
Save the above script as ifdown and enable execution permission for its owner (chmod u+x ifdown).
Create the isolated network by running ifup as root: # ./ifup
Launch the first virtual machine, using vnet1 as ethernet adapter: # qemu-kvm arcom-vm1.qcow2 -name arcom-kvm1 -m 64 \ -netdev tap,id=hostnet0,script=no,downscript=no,ifname=vnet1 \ -device virtio-net-pci,netdev=hostnet0,mac=00:50:56:00:00:01
Note that, to enable connectivity between virtual machines, it is necessary to specify a different MAC address for each interface on the same ethernet network. Open a new terminal to launch the second virtual machine. In this case, the virtual machine will be launched as a daemon (in background and detached from the terminal, -daemonize parameter), and it will use the Virtual Network Computing (VNC) system for video output (- display vnc:0). # qemu-kvm arcom-vm2.qcow2 -name arcom-kvm2 -m 64 \ -netdev tap,id=hostnet0,script=no,downscript=no,ifname=vnet2 \ -device virtio-net-pci,netdev=hostnet0,mac=00:50:56:00:00:02 \ -daemonize -display vnc=:0
VNC is a graphical desktop sharing system where the system sharing its display acts as a server, providing the access through ports 5900 (for display :0), 5901 (for display :1) and so on. To access the remote display, a VNC client is required, such vinagre or reminna:
Virtualization with KVM and libvirt 3/14 ARCOM – MEEC – ISEP – 2018/2019
Perform the static configuration of the ethernet card on each virtual machine using private IP addresses, and test the connectivity using the ping command. For instance: # ip a add 192.168.0.2/24 dev eth0 # ip link set eth0 up # ping 192.168.0.1
After the connectivity test, shutdown both virtual machines an run ./ifdown.
Libvirt
KVM can be more easily used via the libvirt API and tools. Libvirt provides an API to create, modify, and control virtual machines. Some examples of libvirt tools are virt-install (command line based, used only to create a virtual machine), virsh (command line based), and virt-manager (graphical interface). In this context, a virtual machine is called a “guest domain”. Each VM has an associated XML file with all its settings.
In this exercise, similarly to the previous exercise, we will configure and test two virtual machines connected through an isolated virtual network. However, this time the tasks will be carried out using the libvirt tools.
Create the following XML file: # cat mynet1.xml
Create an isolated virtual network, named mynet1, using virsh: # virsh net-define mynet1.xml # virsh net-dumpxml mynet1 # virsh net-start mynet1
Virtualization with KVM and libvirt 4/14 ARCOM – MEEC – ISEP – 2018/2019
Create the first virtual machine using the command line tool virt-install2: virt-install --name arcom-kvm1 --ram 64 --graphics vnc --disk path=arcom-vm1.qcow2 --import --network network=mynet1,model=virtio
The virtual machine is started and the virt-install command blocks until the machine is powered off. In order to power off the machine, you must connect to it (using the VNC client) and execute the poweroff command (still in the virtual machine).
Afterward, the machine can be restarted, stopped and powered off using the virsh tool. To list all virtual machines managed through libvirt: # virsh list --all
To start the virtual machine: # virsh start arcom-kvm1 # virsh list --all
To suspend a running a virtual machine: # virsh suspend arcom-kvm1 # virsh list --all
The VM is kept in memory but it won't be scheduled for execution. If you try to use the VM’s terminal, you will get no response from it. To resume execution of the virtual machine: # virsh resume arcom-kvm1 # virsh list --all
The VM should become responsive again. To power off your virtual machine (i.e., the equivalent to pressing the power off button on a real machine): # virsh destroy arcom-kvm1 # virsh list --all
If the guest operating system supports the Advanced Configuration and Power Interface (ACPI), a software shutdown can be requested: # virsh shutdown arcom-kvm1
To display the machine configuration in XML format: # virsh dumpxml arcom-kvm1
The same information can be obtained directly from the corresponding XML file: cat /etc/libvirt/qemu/arcom-kvm1.xml
The virsh and virt-install utilities are particularly useful for scripting and for quick checks. On the other hand, the virt-manager utility provides a more user-friendly environment. Create the second VM using the virt-manager utility:
2 The –import parameter is used to build a guest around an existing disk image (the default is to install from a given installation source). The device used for booting is the first device specified via "--disk" or "--filesystem". Virtualization with KVM and libvirt 5/14 ARCOM – MEEC – ISEP – 2018/2019 # virt-manager
You should be presented with a graphical window, with a list of virtual machines. You should be able to find the previously created VM:
Virtualization with KVM and libvirt 6/14 ARCOM – MEEC – ISEP – 2018/2019
Virtualization with KVM and libvirt 7/14 ARCOM – MEEC – ISEP – 2018/2019
Virtualization with KVM and libvirt 8/14 ARCOM – MEEC – ISEP – 2018/2019
Complete the VM creation by pressing “Begin Installation”. The arcom-kvm2 VM will be started. Go to the Virtual Manager main window and start the arcom-kvm1 VM.
Follow the same procedure of the first exercise to manually configure the network interface cards of both VMs, and to test the connectivity between them.
To finish the exercise, power off and delete your virtual machines: # virsh list --all # virsh destroy arcom-kvm1 # virsh destroy arcom-kvm2 # virsh list --all # virsh undefine arcom-kvm1 # virsh undefine arcom-kvm2 # virsh list --all
Virtualization with KVM and libvirt 9/14 ARCOM – MEEC – ISEP – 2018/2019 Appendix – Virtualization packages for fedora (from https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-virtualization/)
Run the following command to install the mandatory and default packages in the virtualization group:
# dnf install @virtualization
After the packages install, start the libvirtd service:
# systemctl start libvirtd
To start the service on boot, run:
# systemctl enable libvirtd
To verify that the KVM kernel modules are properly loaded:
$ lsmod | grep kvm kvm_amd 55563 0 kvm 419458 1 kvm_amd
If this command lists kvm_intel or kvm_amd, KVM is properly configured.
$ dnf group info "Virtualization"
Virtualization with KVM and libvirt 10/14 ARCOM – MEEC – ISEP – 2018/2019 Appendix - Creation of the system image
Obtain the kernel and root file system archive files:
$ wget http://www.dee.isep.ipp.pt/~jes/arcom/Lab8-KVM/bzImage $ wget http://www.dee.isep.ipp.pt/~jes/arcom/Lab8-KVM/rootfs.tar.xz
The provided bzImage and rootfs.tar.xz were built with Buildroot, using the configurations in qemu_x86_64_defconfig.
$ mkdir rootfs $ tar xvf rootfs.tar.xz -C rootfs $ dd if=/dev/zero of=arcom-vm.img bs=1M count=16 # modprobe nbd # qemu-nbd --format=raw --connect=/dev/nbd0 arcom-vm.img
Use fdisk to create a single partition on /dev/ndb0, marked as bootable (‘a’ command), using all disk space. After that operation, the output of ls -l /dev/ndb0* should present a new device, /dev/nbd0p1.
Create an ext4 file system on/dev/nbd0p1, containing the files in rootfs/ 3:
# mkfs.ext4 /dev/nbd0p1 -d rootfs/ -O \^64bit
Copy the Linux kernel to the /boot directory in the first partition: # mkdir m # mount /dev/nbd0p1 m # mkdir -p m/boot/extlinux # cp bzImage m/boot
Create the m/boot/extlinux.conf file with the following contents:
DEFAULT linux SAY Now booting the kernel from SYSLINUX... LABEL linux KERNEL ../bzImage APPEND root=/dev/sda1
The file above will be used by the Extlinux bootloader. The bootloader is installed by the following command: # extlinux --install m/boot/extlinux # dd if=/usr/share/syslinux/mbr.bin of=/dev/nbd0
3 As of Syslinux 6.03, "pure 64-bits", compression and/or encryption are not supported (https://www.syslinux.org/wiki/index.php?title=Filesystem#ext) Virtualization with KVM and libvirt 11/14 ARCOM – MEEC – ISEP – 2018/2019
Finally, unmount the file system and detach the network block device: # umount m # qemu-nbd -d /dev/nbd0
Virtualization with KVM and libvirt 12/14 ARCOM – MEEC – ISEP – 2018/2019 Appendix –Additional virt-install examples
Creation of a VM based on a external kernel image (kernel=…), specification of kernel parameters (kernel_args=…), and with no graphical output (--graphics none). virt-install --name vm1 --disk path=rootfs.ext4 --import --boot kernel=bzImage,kernel_args="root=/dev/sda" --graphics none
The --boot parameter can also be used to create a virtual machine that is started each time the host starts.
Virtualization with KVM and libvirt 13/14 ARCOM – MEEC – ISEP – 2018/2019 Bibliography • Chirammal, Humble Devassy, Mastering KVM Virtualization, Packt Publishing, 2016 • USE LLC, Virtualization Guide, openSUSE Leap 15.0, 2018
Document history • 2018-11-19 – created by Jorge Estrela da Silva ([email protected])
Virtualization with KVM and libvirt 14/14 ARCOM – MEEC – ISEP – 2018/2019