1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
KVM-Manager
===========
*Authors:*
* Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* Jamie McClelland <jm@mayfirst.org>
* Greg Lyle <greg@stealthisemail.com>
*Copyright:* © 2009-2011
*License:* GPL-3+
This is a small set of scripts to make it relatively easy to manage a
stable of kvm instances in a fairly secure and isolated fashion.
The basic model is to use runit to supervise each KVM instance, with a
single, non-privileged user account for each instance. You can login
via ssh as the non-privileged user and, via screen, access the
instance's console.
Dependencies
------------
* `runit` : for system supervision
* `kvm` : for the virtual machine emulator
* `socat` : For communications with the monitor and console of guests
* `screen` : for the detached, logged serial console
* `bridge-utils` : for configuring a bridge device
* `lvm2` : for creating the relevant block devices
* `udev` : for configuring the block devices with proper permissions
* `fakeroot` : for rebuilding the initramfs as a regular user in di-maker
* `xorriso` : for grub2 to make an iso in di-maker
* `genisoimage` : for di-maker to work with an existing iso
* `sgabios` : for early pre-bootloader (like ipxe) output
Recommendations
+++++++++++++++
* `openssh-server` : i've been using ssh to access the vm's serial console
* `debian-installer-netboot` : having one of the d-i netboot packages installed makes guest installation easier
INSTALLATION
------------
* Install dependencies:
apt-get install runit kvm screen bridge-utils lvm2 udev socat sgabios
If you want to be able to use di-maker, you'll also need:
apt-get install fakeroot xorriso grub2
* Link programs into /usr/local/sbin:
ln -s $(pwd)/{di-maker,kvm-manager,kvm-creator} /usr/local/sbin/
* Link screen configuration file into /etc
ln -s $(pwd)/screenrc.kvm-manager /etc/
* Configure your host network to use a bridge. If your network adaptor
is eth0, you can use the following in /etc/network/interfaces
auto br0
iface br0 inet static
[Put your normal IP config for eth0 here...]
hwaddress ether xx:yy:zz:aa:bb:cc
bridge_ports eth0
Note: explicitly setting the hwaddress of your bridge to the same
MAC address as your existing NIC ("ip link show eth0 | grep
ether") is a good idea -- it seems to avoid periods of network
connectivity outages for the host when new interfaces get added to
or removed from the bridge.
* Alternately, you can create an internal-only bridge, and tell your
host to pass traffic to it:
auto br0
iface br0 inet static
[ internal IP address information ]
post-up echo 1 > /proc/sys/net/ipv4/conf/br0/forwarding
INSTALLING DEBIAN ONTO YOUR VIRTUAL SERVER
------------------------------------------
To create a KVM instance, run:
kvm-creator create $GUESTNAME [ $VG [$DISKSIZE [$RAM] ] ]
You can replace "create" with "demo" to see the default values for non-
specified options.
The creator scripts creates a username and home directory, logical volume, and
the required directory in `/etc/sv/kvm/GUESTNAME` from which the kvm-manager
script is run. After creating your virtual server, you can modify the files in
`/etc/sv/kvm/GUESTNAME/env` to change initial settings.
You may also add ssh key's to `/home/GUESTNAME/.ssh/authorized_keys` to provide
additional access to other users.
At this point, your virtual server is created, however, it has no
operating system and it has not been started.
There are three options for installing debian onto the virtual server:
* debian-installer
* netboot
* iso (like a CD install)
"debian-installer" is the simplest, but it requires that you have one
of the debian-installer-netboot packages installed
(e.g. `debian-installer-9-netboot-amd64`):
touch /home/$GUESTNAME/vms/$GUESTNAME/debian-installer
Once the guest starts with the installer, you can remove this file to
avoid booting back into the installer.
To use the "netboot" method, make sure you have a working DHCP server
running on your host server and offering addresses over your bridge
interface.
Then, indicate that the server should boot via the network with:
touch /home/$GUESTNAME/vms/$GUESTNAME/netboot
Finally, you can make a debian boot ISO image:
* Make the directory /usr/local/share/ISOs
* Create a serial console enabled debian installer.
* cd /usr/local/share/ISOs
* di-maker d-i.iso
Indicate that the server should boot via the CDROM (the equivelant of putting
the installer CD in the drive) with:
ln -s /usr/local/share/ISOs/d-i.iso /home/$GUESTNAME/vms/$GUESTNAME/cd.iso
STARTING YOUR VIRTUAL SERVER
----------------------------
update-service --add /etc/sv/kvm/$GUESTNAME
This process adds your virtual server to the runit service directory.
If `/home/$GUESTNAME/vms/$GUESTNAME/cd.iso` exists, the server will
behave as if you set the CDROM as the boot device in the bios.
If `/home/$GUESTNAME/vms/$GUESTNAME/netboot` exists, the server will
behave as if you set the network device as the boot device in the
bios.
After you have installed your server, be sure to delete these files if
they exist or your server won't boot properly.
ACCESSING YOUR VIRTUAL SERVER
-----------------------------
To access the guest's serial console, do:
ssh -t $GUESTNAME@host.machine screen -x $GUESTNAME
To access the guest's KVM monitor, do:
ssh -t $GUESTNAME@host.machine socat vms/$GUESTNAME/monitor.socket STDIO
HACKING
-------
All patches, fixes, suggestions welcome!
|
