KVM host build configuration

Kernels & Hardware, configuring network, installing services

KVM host build configuration

Postby Me, Sir » 2020-06-12 19:28

All,

I have fairly basic knowledge of linux - I need to build a virtual host and KVM seems to be the best option

I have decided to build a kvm host. This host will be sitting under my desk with a gui as my main computer (i7 3770 32GB ram)
I will only be logging locally (or remotely from laptop) to VMs, i won't be doing anything with the host.

I have a question regarding partitioning
I have 2 SSDs: 120GB and 500 GB
I am hoping to build a system where the host can be rebuilt without having to reconfigure anything apart from installing the software
So it would be:

    Restore sda (i would use clonezilla)
    Install kvm binaries and related (i might even image that) in which case this step is not required
    start
    update
    job done

So i am thinking..
    sda
      Linux OS (that will be debian) + kvm binaries and related
    sdb:
      kvm config
      /home
      vms + ISO's

My questions:

1 - Would my plan work? i had in mind manually mounting during build these 2 directories /etc/libvirt and /var/lib/libvirt/...? to sdb
My previous research would seem to suggest that's where it all lives in terms of kvm config and vms, iso... Is that correct?
2 - Where do i put the pagefile? sda or sdb, the vm's will live on sdb but run from sda (os?)
3 - I am hoping to disable networking on the host to the outside world - just to protect it really (the host, not the outside world)- I have 2 nics if that is relevant
4 - and finally, is there such a thing as portable kvm (say i have an external drive with VMs i could plug into any linux box and go)?
5 - and finally again is kvm type 1 or type 2?


Thanks.
Me Sir...
Me, Sir
 
Posts: 2
Joined: 2020-06-12 19:15

Re: KVM host build configuration

Postby CwF » 2020-06-13 11:56

My advice, don't get fancy! KISS Keep the entire OS disc unhindered from needless dependencies. Don't mention auxiliary disk to the OS until it's up.. Don't touch fstab, just my personal rule. qemu-utils will eventually be familiar, not clonezilla.

1. Sure, don't do that, use links.
2 Where it be belongs, sda. The vm runtime layer on the OS disk, the -ro backing file can be on sdx.
3. Eth cables are removable.
4. The program, the backend, no. The VM, yes.
5. type 2

I think we just glossed over a million details, take your time, welcome to the club.
CwF
 
Posts: 691
Joined: 2018-06-20 15:16

Re: KVM host build configuration

Postby Me, Sir » 2020-06-15 19:15

Hi CwF,

Thanks for your reply.
1 - So, if i put everything in sda, apart from vm's and vm config what do i need to backup in case of restore required
2 - not sure what you mean by -ro backing files
3 - yes, i can pull out the cable, but i still want full networking for the vm's (internet and local), i just want the host to have access to some vm's but no internet


Thanks.
Me Sir...
Me, Sir
 
Posts: 2
Joined: 2020-06-12 19:15

Re: KVM host build configuration

Postby CwF » 2020-06-15 20:45

1. I image the OS disk using qemu-img by booting a second OS. This OS should boot up alone without any supporting storage, also on alternate hardware, lots of details here...
Ignore the vm's xml, leave it where it is, make a copy if desired, it's not that special unless it's a registered windows vm, even then only a few elements matter.
Link in extra storage, back that up however, simply copy the vm disk image as a file to backup.
http://forums.debian.net/viewtopic.php?f=10&t=146363#p721597
Auxiliary storage can be dynamically revamped at will, specifics are temporary and should be treated as such.

2. Learn about the qcow2 image format and layering. You can have a hundred 100GB VM's on your 120GB OS disk. They would need extra disk. Using a read-only 'backing store' or 'base image' that resides on any extra storage and linked in as described. The 'runtime' layer, maybe a second or third layer, should reside on the OS disk and it will only be GB's in size after use. You need to understand what needs to be written to this top layer and if your vm will use much of it's space then you need to accommodate that. Many scenarios...Take a pig like a huge game that takes all 100GB's, can it live in the RO layer and only save games get written to the OS disk, or does it write gigs of junk to the top layer so not a good candidate. You would need to merge layers before an upgrade for example to get the upgrade writes to the auxiliary disk and not the OS disk, then relink and recreate the top write layer. If the VM controls a database or something huge, pass an entire disk to the vm. Multiple vm's can be based on a common backing file with unique top layers. There's a lot to learn here, sorry if I blur through it...

Note, the top read layers should be the only layers with sensitive data and reside on the OS disk, which is encrypted, which is captured in the OS backup image. The ReadOnly base layers are then generic in nature.

3. Another big subject. How often does the Host need the internet? Does the host need to network to the vms?

The host does not need a common physical interface with the vms for spice control. The host can drop a file onto a vm desktop, pass kvm (keyboard, video, mouse) without any physical nic.

Nics could be vfio passed to the guest vm and hidden from the host, but only one vm at a time. With trickery the possession of the nic can be dynamic, and throw away networkmanager if doing so.

For common file access to files on the host, suffer the current crap solutions, or wait. I'm not done tinkering with virtiofs yet, this should be a good answer and is not available until Bullseye with kernel 5.4+ in both host and guest and only for linux. You can vm-ify a samba server, qemu's smb, 9p, scp, nfs, etc. Generally try to live without guest access to the host, the host always has access to the guest.

Enjoy.
CwF
 
Posts: 691
Joined: 2018-06-20 15:16


Return to System configuration

Who is online

Users browsing this forum: No registered users and 10 guests

fashionable