[gentoo-user] installing virtual machine under gentoo

[John Covici]

Hi. I am looking for some guidance on installing virtual machines
under gentoo. I have a 5.10.82 kernel and I would like to use kvm if
possible to do this. I have seen lots of instructions for installing
vms using virtualbox but not much else. I have a gentoo system with
enough memory to run a vm or two and would like to use it as the host.

I have downloaded xen to take a look at it as well.

I hope this is not too vague, so please bare with me.

Thanks in advance for any suggestions.

--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?

John Covici wb2una
cov...@ccs.covici.com

[Yixun Lan]

On 07:33 Fri 31 Dec , John Covici wrote:
> Hi. I am looking for some guidance on installing virtual machines
> under gentoo. I have a 5.10.82 kernel and I would like to use kvm if
> possible to do this. I have seen lots of instructions for installing
> vms using virtualbox but not much else. I have a gentoo system with
> enough memory to run a vm or two and would like to use it as the host.
>
> I have downloaded xen to take a look at it as well.
>
> I hope this is not too vague, so please bare with me.
>
> Thanks in advance for any suggestions.

I'd suggest to try qemu kvm + libvirt
--
Yixun Lan (dlan)
Gentoo Linux Developer
GPG Key ID AABEFD55

[Petric Frank]

For a graphical GUI frontend for this you can use app-emulation/virt-manager.

regards

[Rich Freeman]

++

This is just a front-end to libvirt and kvm, so you're building
entirely on solid technologies, and anything you set up with the GUI
can be edited or run or otherwise managed from the command line, and
vice-versa. It ends up resembling something like VirtualBox or the
old VMWare Workstation edition, but it is all FOSS and in-kernel so it
just is more reliable/etc.

That said, I only use VMs situationally and at this point just about
everything I'm doing is in containers if it can be linux-based. Way
lighter all-around, even if I'm running a full OS in the container. I
personally prefer to run my containers with nspawn and virtual
ethernet, so each container gets its own IP via DHCP.

Oh, and for kvm if you want to run your guests on your main LAN you'll
probably need to set up a bridge interface.

--
Rich

[Grant Taylor]

On 12/31/21 8:12 AM, Rich Freeman wrote:
> ++

+++ to KVM / libvirt / VirtManager (GUI)

> This is just a front-end to libvirt and kvm, so you're building
> entirely on solid technologies, and anything you set up with the
> GUI can be edited or run or otherwise managed from the command line,
> and vice-versa.

Close, but not quite.

Yes, anything that can be done in the GUI can be done at the CLI /
config files.

Though I have had some more essoteric things that had to be done at the
CLI / config files that couldn't be done in the GUI. This usually has
to do with more advanced things like iSCSI, Fibre Channel, ZFS pools /
dataset per guest, etc.

The vast majority of the things that someone starting with KVM will want
to do can be done with the Virtual Machine Manager GUI.

> It ends up resembling something like VirtualBox or the old VMWare
> Workstation edition, but it is all FOSS and in-kernel so it just is
> more reliable/etc.

Yep. There are only so many ways that you can present a concept;
inventory of VMs, VM console, VM management. They start to look similar
after a while.

> That said, I only use VMs situationally and at this point just
> about everything I'm doing is in containers if it can be linux-based.
> Way lighter all-around, even if I'm running a full OS in the container.
> I personally prefer to run my containers with nspawn and virtual
> ethernet, so each container gets its own IP via DHCP.

The Virtual Machine Manager GUI can also administer / manage some
aspects of containers.

I would highly suggest giving Virtual Machine Manager GUI for
KVM+libvert+qemu a try. It is probably the quintessential Linux
virtualization method.

> Oh, and for kvm if you want to run your guests on your main LAN you'll
> probably need to set up a bridge interface.

Yes, bridging is very nice and is my preferred way for most VM use
cases. Though it might be a bit more than someone wants to tackle while
getting their feet wet with virtualization. Especially if you're trying
to share a single NIC for other aspects of the hosting system. It can
all be done, but there is a lot of minutia (methods and configurations
therein) that are easy to get lost in. I'd probably recommend a second
NIC, even if it's an inexpensive USB NIC just for the virtualization.
Doing that will avoid complexities that don't need to be dealt with
/now/. -- Reduce the number of variables that you're working with at
one time.



--
Grant. . . .
unix || die

[John Covici]

Thanks everyone. I probably will have more questions, I will continue
this thread later.

[John Covici]

OK, I made some progress -- I emerged qemu/kvm packages including
libvirtd and virt-manager came along. Now, when I start virt-manager,
it complains the qqemu/kvm not connected. I am running virt-manager
as my regular user.

Is it correct that the command line version of this is virt-install ?

[Grant Taylor]

On 1/1/22 12:08 PM, John Covici wrote:
> OK, I made some progress -- I emerged qemu/kvm packages including
> libvirtd and virt-manager came along. Now, when I start virt-manager,
> it complains the qqemu/kvm not connected. I am running virt-manager
> as my regular user.

Make sure that libvirtd is running:

# rc-service libvirtd status

Also:

# rc-update add libvirtd default

You may need to add your user account to -- what I think is -- the "kvm"
group. (Don't forget the usual dance when adding yourself to a new group.)

[Mark Knecht]

On Sat, Jan 1, 2022 at 12:28 PM Grant Taylor
<gta...@gentoo.tnetconsulting.net> wrote:
>
> On 1/1/22 12:08 PM, John Covici wrote:
> > OK, I made some progress -- I emerged qemu/kvm packages including
> > libvirtd and virt-manager came along. Now, when I start virt-manager,
> > it complains the qqemu/kvm not connected. I am running virt-manager
> > as my regular user.

<SNIP>

>
> You may need to add your user account to -- what I think is -- the "kvm"
> group. (Don't forget the usual dance when adding yourself to a new group.)
>

kvm and libvirt

In my experience it often takes either a logout/in or a reboot

HTH,
Mark

[John Covici]

It more seems to have to do something with the uri -- libvertd is
certainly running, and I added myself to the kvm group, but still get
qem/kvm not connected.

[Grant Taylor]

On 1/1/22 6:04 PM, John Covici wrote:
> It more seems to have to do something with the uri -- libvertd is
> certainly running, and I added myself to the kvm group, but still get
> qem/kvm not connected.

Run `id` as your current user and make sure that it's showing the kvm &
libvirt groups.

[Grant Taylor]

On 1/1/22 1:19 PM, Mark Knecht wrote:
> In my experience it often takes either a logout/in or a reboot

Ya....

Depending on what you actually /need/ to use the new group for you can
probably ssh to localhost or possibly use the `newgrp` command go switch
your primary group to the group that you've been added to which hasn't
been loaded (?) instantiated (?) ... in the current session.

[John Covici]

> I did not do the libvertd group, did not know that. When I look at
> /etc/group, I see kvm, but even though I had logged out, when I do
> the id command in a terminal frame under gnome, it does not list
> kvm.

Maybe I have to log out of everything with my user name even though
most of the logins are to virtual consoles?

[Grant Taylor]

On 1/1/22 10:07 PM, John Covici wrote:
> Maybe I have to log out of everything with my user name even though
> most of the logins are to virtual consoles?

You typically need to log out of X11 sessions and log back in for them
to see the new groups.

But you say "virtual consoles", which tells me (Control)-(Alt)-(F#)
which means that any given virtual console should be able to see the new
groups if it logs out and logs back in, even if others stay logged in.

[John Covici]

Well, for a normal tty session, it was OK to log out and back and then
the kvm group was seen, but to get the gnome session to see the kvm
group, I had to log out of all my sessions and then the kvm group was
seen, but the message still says qem/kvm not commected.

[John Covici]

On Sat, 01 Jan 2022 23:55:45 -0500,
Grant Taylor wrote:
>

Well, I foujnd out something. If I go to the file menu, I can add the
connection manually and it works, but I wonder why I have to do that?

Also, before I do anything, it asks me for the root password and says
system policy prevents local management of virtual machines. Do you
know why this is so?

[Grant Taylor]

On 1/1/22 11:05 PM, John Covici wrote:
> Well, I foujnd out something. If I go to the file menu, I can add the
> connection manually and it works,

That sounds familiar.

> but I wonder why I have to do that?

Because the KVM Virtual Manager is designed such that it can administer
KVM / libvirt / qemu on multiple systems. It's really client-server
infrastructure. You're just needing to point the client at your local
server one time.

> Also, before I do anything, it asks me for the root password and
> says system policy prevents local management of virtual machines.
> Do you know why this is so?

This also seems familiar.

Try re-starting the libvirt / kvm daemons. They may not be aware that
your user is now a member of the proper group. -- Aside: This is why
a reboot is ... convenient, but not required.

This /should/ be taken care of proper group administration for your
normal user.

I ran into this a long time ago when I set up KVM on my last Gentoo
system. I don't remember exactly what I had to do to resolve it. I do
know that it was less than five minutes of searching the web to find the
answer, cussing at what needed to be done, and doing it. That system
has been running perfectly fine for many years.

[John Covici]

OK, I fixed it, the group name was wrong when I tried the last time, I
had libvirtd and its only libvirt and that seems to have fixed things.

Thanks.

[John Covici]

On Sun, 02 Jan 2022 01:31:12 -0500,
Grant Taylor wrote:
>

OK, more progress and a few more questions.

In the virt-manager, I could not figure out how to add disk storage to
the vm. I have a partition I can use for the disk storage -- is this
different from the virtual machine image?

Of even more importance, how do I bridge the vm onto my existing
network? I have a nic for internal items named eno1 and another nic
which connects to the outside world, I would like to bridge to the
internal network, that would give the vm a dhcp address, etc.

[Mark Knecht]

On Sun, Jan 2, 2022 at 9:59 AM John Covici <cov...@ccs.covici.com> wrote:
<SNIP>

> OK, more progress and a few more questions.
>
> In the virt-manager, I could not figure out how to add disk storage to
> the vm. I have a partition I can use for the disk storage -- is this
> different from the virtual machine image?
>
> Of even more importance, how do I bridge the vm onto my existing
> network? I have a nic for internal items named eno1 and another nic
> which connects to the outside world, I would like to bridge to the
> internal network, that would give the vm a dhcp address, etc.
>
>
> --
> Your life is like a penny. You're going to lose it. The question is:
> How do
> you spend it?
>
> John Covici wb2una
> cov...@ccs.covici.com
>

There are some good YouTube videos on exactly these subjects.

I haven't been forced to do them myself yet so I don't want to
hazard a guess but

virt-manager bridged network

and...

virt-manager disk passthrough

will likely get you pretty close.

Good luck,
Mark

[Grant Taylor]

On 1/2/22 12:14 AM, John Covici wrote:
> OK, I fixed it, the group name was wrong when I tried the last time, I
> had libvirtd and its only libvirt and that seems to have fixed things.

Thank you for the clarifying follow up. Here's hoping you same someone
else time in the future. :-)

On 1/2/22 9:58 AM, John Covici wrote:
> OK, more progress and a few more questions.

Yay progress!

> In the virt-manager, I could not figure out how to add disk storage
> to the vm. I have a partition I can use for the disk storage --
> is this different from the virtual machine image?

It depends.™

KVM / libvirt / Qemu can use raw partitions, files on a mounted file
system, logical volumes, ZFS vDevs, iSCSI, and other things for storage.
Each one is configured slightly differently. So, which method do you
want to use?

I'd suggest that you /start/ with files on a mounted file system and
then adjust as you need / want to. At least as long as you're getting
your feet wet.

From memory, you need to define a directory as a storage location to
KVM / libvirt. -- I'm not currently using KVM so I'm working from a
mixture of memory and what I can poke without spinning things up.

1) Open VMM (virt-manager).
2) Select the KVM host in the window.
3) Edit -> Connection Details
4) Go to the Storage tab.
5) Click the plus below the left hand pane.
6) Choose and enter a name for the storage pool.
7) Choose "dir: Filesystem Directory" as the type.
8) Choose a target path by typing or browsing to it.
9) Click Finish.

Now the storage pool you created should appear as an option when
creating a VM.

> Of even more importance, how do I bridge the vm onto my existing
> network?

This is also done through host properties on the Virtual Networks tab.

I don't remember the specifics (and can't walk through it the same way
for reasons). I usually did most of the management via the
/etc/conf.d/net file as I do a lot of things with networking that few
things can properly administer (802.3ad LACP, 802.1q VLAN, bridging, l2
filtering, l3 filtering, etc).

What I remember doing was re-configuring the (primary) network interface
so that it came up without an IP address and was added as a member to a
newly created bridge. As part of that I moved the system's IP
address(es) from the underlying Ethernet interface to the newly created
Bridge interface.

With the bridge created and manged outside of VMM (virt-manager) I was
able to add new VMs / containers to the existing Bridge interface. Thus
establishing a layer 2 connection from the VM(s) / LXC(s) to the main
network.

Note: This is somewhat of a simplification as there are VLANs and
multiple physical interfaces with many logical interfaces on the machine
that I'm replying to you from. However, I believe, the concepts hold as
I've written them.

> I have a nic for internal items named eno1 and another nic which
> connects to the outside world, I would like to bridge to the internal
> network, that would give the vm a dhcp address, etc.

If you have a separate physical NIC, as I had suggested starting with,
then you can avoid much of the bridge & IP re-configuration in the
/etc/conf.d/net file and /mostly/ manage an independent bridge on the
additional NIC from within VMM (virt-manager).

The 2nd NIC means that you don't end up with a chicken & egg problem
trying to administer a network interface across the network, which is
how I do much of my work. Re-configuring things through the console
also simplifies things in this regard.

[Rich Freeman]

On Sun, Jan 2, 2022 at 1:01 PM Grant Taylor
<gta...@gentoo.tnetconsulting.net> wrote:
>
> What I remember doing was re-configuring the (primary) network interface
> so that it came up without an IP address and was added as a member to a
> newly created bridge. As part of that I moved the system's IP
> address(es) from the underlying Ethernet interface to the newly created
> Bridge interface.
>

That is basically what I had to do.

With systemd-networkd the relevant stuff in /etc/systemd/network was:
eth-bridge.network:
[Match]
Name=e*

[Network]
Bridge=brkvm

(you'll need a more specific name I'm guessing since you have more
than one interface - the name to match should be the physical
interface name)

brkvm.netdev:
[NetDev]
Name=brkvm
Kind=bridge

(this creates the bridge interface, which the physical interface will
attach to due to the previous file)

brkvm.network:
[Match]
Name=brkvm

[Network]
DNS=...
Address=...
Gateway=...

(this will give the bridge interface an IP/etc - most likely you'll
just set this file up the way you'd otherwise be setting up your
physical network. This can use dhcp.)

Then you'll tell virt-manager to use the brkvm bridge for all your VMs
that you want bridged. Note that you can also use this bridge for
things like containers if they use virtual interfaces. They'll just
see the host network directly, with their own virtual interfaces, so
they can use DHCP to obtain IPs on the host network.

In your case with dual interfaces you'll want to put the bridge on
whichever interface you want shared. The other interface can remain
untouched.

The brkvm interface will otherwise behave the way eth0 or whatever
used to behave before you attached it to the bridge. Note that the
physical interface attached to the bridge will not have an IP. It
just relays traffic from the bridge to the physical network.

You could also just drop the first file if you wanted to have a bridge
not attached to any physical networks. VMs could still attach to it
and talk to each other. Though, I think virt-manager might provide
other ways to do this.

All of the above are systemd-specific. Most network managers provide
some proper way to set up a bridge and you should probably do that.
You can do it all with just a shell script instead I suppose.

--
Rich