Installing KVM on Debian [Failed]

On the Node (server where we’ll install VMs):

egrep -c '(vmx|svm)' --color=always /proc/cpuinfo

4

apt-get install kvm qemu-kvm libvirt-bin virtinst emacs 
adduser `id -un` libvirt
adduser `id -un` kvm

Testing:

virsh -c qemu:///system list
 Id    Name                           State
---------------------------------------------------

apt-get install bridge-utils

Optional: Save network config to prevent getting lockedout due to misconfiguration:

emacs savenet.py
chmod +x savenet.py

savenet.py contains:

#!/usr/bin/python
import datetime
import shutil
import os
mymin=str(datetime.datetime.now().minute)
myhour=str(datetime.datetime.now().hour+1)
rest=' * * * /bin/cp /root/interfaces.bak /etc/network/interfaces'
whole=mymin+" "+myhour+rest
print (whole)
shutil.copyfile('/etc/network/interfaces', '/root/interfaces.bak')
os.system("crontab -l > cronbox")
with open("cronbox", "a") as myfile:
    myfile.write(whole+"\n")
myhour=str(datetime.datetime.now().hour)
mymin=str(datetime.datetime.now().minute+5)
whole=mymin+" "+myhour+rest
with open("cronbox", "a") as myfile:
    myfile.write(whole+"\n")
os.system("crontab cronbox")
print "Cron set up to reverse network changes after 1 hour and five min.."
os.system("crontab -l")
emacs /etc/network/interfaces

Change /etc/network/interfaces
From:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth2
iface eth2 inet static
        address 214.32.195.10
        netmask 255.255.255.248
        network 214.32.195.8
        broadcast 214.32.195.15
        gateway 214.32.195.9
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 199.255.156.3

To:

# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
        address 214.32.195.10
        netmask 255.255.255.248
        network 214.32.195.8
        broadcast 214.32.195.15
        gateway 214.32.195.9
        bridge_ports eth0
        bridge_fd 9
        bridge_hello 2
        bridge_maxage 12
        bridge_stp off

Restart networking. At this point, there is a potential that you will be locked out of the server if you’re doing this remotely. That’s why the python script saves network config, and reverts it after 5 minutes.

/etc/init.d/networking restart
ifconfig
br0       Link encap:Ethernet  HWaddr 00:25:90:14:f0:12
          inet addr:214.32.195.10  Bcast:214.32.195.15  Mask:255.255.255.248
          inet6 addr: fe80::225:90ff:fe14:f012/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:197 errors:0 dropped:0 overruns:0 frame:0
          TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11896 (11.6 KiB)  TX bytes:13534 (13.2 KiB)

eth0      Link encap:Ethernet  HWaddr 00:25:90:14:f0:12
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:111334 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10148 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:160232323 (152.8 MiB)  TX bytes:1266350 (1.2 MiB)
          Interrupt:43 Base address:0x8000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:350 errors:0 dropped:0 overruns:0 frame:0
          TX packets:350 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:34375 (33.5 KiB)  TX bytes:34375 (33.5 KiB)

Now, on the server which will run the web panel (controller server):

apt-get install git python-pip python-libvirt python-libxml2 novnc supervisor nginx
git clone git://github.com/retspen/webvirtmgr.git
cd webvirtmgr
pip install -r requirements.txt
./manage.py syncdb
./manage.py collectstatic
cd ..
mv webvirtmgr /var/www/
nano /etc/nginx/conf.d/webvirtmgr.conf
server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M; # Set higher depending on your needs
    }
}

Now edit /etc/nginx/sites-available/default

nano /etc/nginx/sites-available/default

and Comment everything here.

service nginx restart
chown -R www-data:www-data /var/www/webvirtmgr
nano /etc/supervisor/conf.d/webvirtmgr.conf
[program:webvirtmgr]
command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr.log
redirect_stderr=true
user=www-data

[program:webvirtmgr-console]
command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=www-data
service supervisor restart

The installation is over.
At this point I realized that there were errors:
The following is my attempt to fix them (ineffectively):

On node to be monitored:
Uncomment the foll in /etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
tcp_port = “16509”

service libvirt-bin restart

On the server which monitors:

Edit: /etc/init/libvirt-bin.conf

Change on line 11:
env libvirtd_opts=”-d”

To:
env libvirtd_opts=”-d -l”

To fix error:
Trial1:
“# /usr/sbin/libvirtd -l
2015-06-20 15:08:33.484+0000: 6248: info : libvirt version: 1.2.2
2015-06-20 15:08:33.484+0000: 6248: error : virNetTLSContextCheckCertFile:117 : Cannot read CA certificate ‘/etc/pki/CA/cacert.pem’: No such file or directory

mkdir -p /etc/pki/CA
openssl genrsa 1024 > cakey.pem
openssl req -new -x509 -key cakey.pem -out /etc/pki/CA/cacert.pem -days 3655

New error:
# /usr/sbin/libvirtd -l
2015-06-20 15:09:30.843+0000: 6267: info : libvirt version: 1.2.2
2015-06-20 15:09:30.843+0000: 6267: error : virNetTLSContextCheckCertFile:117 : Cannot read certificate ‘/etc/pki/libvirt/servercert.pem’: No such file or director

Trial2:
Following:
apt-get install gnutls-bin
(umask 277 && certtool –generate-privkey > host1_server_key.pem)


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.