On the Node (server where we’ll install VMs):
egrep -c '(vmx|svm)' --color=always /proc/cpuinfo
4
apt-get install kvm qemu-kvm libvirt-bin virtinst emacs adduser `id -un` libvirt adduser `id -un` kvm
Testing:
virsh -c qemu:///system list Id Name State ---------------------------------------------------
–
apt-get install bridge-utils
Optional: Save network config to prevent getting lockedout due to misconfiguration:
emacs savenet.py chmod +x savenet.py
savenet.py contains:
#!/usr/bin/python
import datetime
import shutil
import os
mymin=str(datetime.datetime.now().minute)
myhour=str(datetime.datetime.now().hour+1)
rest=' * * * /bin/cp /root/interfaces.bak /etc/network/interfaces'
whole=mymin+" "+myhour+rest
print (whole)
shutil.copyfile('/etc/network/interfaces', '/root/interfaces.bak')
os.system("crontab -l > cronbox")
with open("cronbox", "a") as myfile:
myfile.write(whole+"\n")
myhour=str(datetime.datetime.now().hour)
mymin=str(datetime.datetime.now().minute+5)
whole=mymin+" "+myhour+rest
with open("cronbox", "a") as myfile:
myfile.write(whole+"\n")
os.system("crontab cronbox")
print "Cron set up to reverse network changes after 1 hour and five min.."
os.system("crontab -l")
emacs /etc/network/interfaces
Change /etc/network/interfaces
From:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth2
iface eth2 inet static
address 214.32.195.10
netmask 255.255.255.248
network 214.32.195.8
broadcast 214.32.195.15
gateway 214.32.195.9
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 199.255.156.3
To:
# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 214.32.195.10
netmask 255.255.255.248
network 214.32.195.8
broadcast 214.32.195.15
gateway 214.32.195.9
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
Restart networking. At this point, there is a potential that you will be locked out of the server if you’re doing this remotely. That’s why the python script saves network config, and reverts it after 5 minutes.
/etc/init.d/networking restart
ifconfig
br0 Link encap:Ethernet HWaddr 00:25:90:14:f0:12
inet addr:214.32.195.10 Bcast:214.32.195.15 Mask:255.255.255.248
inet6 addr: fe80::225:90ff:fe14:f012/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:197 errors:0 dropped:0 overruns:0 frame:0
TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11896 (11.6 KiB) TX bytes:13534 (13.2 KiB)
eth0 Link encap:Ethernet HWaddr 00:25:90:14:f0:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:111334 errors:0 dropped:0 overruns:0 frame:0
TX packets:10148 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:160232323 (152.8 MiB) TX bytes:1266350 (1.2 MiB)
Interrupt:43 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:350 errors:0 dropped:0 overruns:0 frame:0
TX packets:350 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:34375 (33.5 KiB) TX bytes:34375 (33.5 KiB)
Now, on the server which will run the web panel (controller server):
apt-get install git python-pip python-libvirt python-libxml2 novnc supervisor nginx git clone git://github.com/retspen/webvirtmgr.git cd webvirtmgr pip install -r requirements.txt ./manage.py syncdb ./manage.py collectstatic cd .. mv webvirtmgr /var/www/ nano /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M; # Set higher depending on your needs
}
}
Now edit /etc/nginx/sites-available/default
nano /etc/nginx/sites-available/default
and Comment everything here.
service nginx restart chown -R www-data:www-data /var/www/webvirtmgr nano /etc/supervisor/conf.d/webvirtmgr.conf
[program:webvirtmgr] command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py directory=/var/www/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr.log redirect_stderr=true user=www-data [program:webvirtmgr-console] command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console directory=/var/www/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr-console.log redirect_stderr=true user=www-data
service supervisor restart
The installation is over.
At this point I realized that there were errors:
The following is my attempt to fix them (ineffectively):
On node to be monitored:
Uncomment the foll in /etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
tcp_port = “16509”
service libvirt-bin restart
On the server which monitors:
Edit: /etc/init/libvirt-bin.conf
Change on line 11:
env libvirtd_opts=”-d”
To:
env libvirtd_opts=”-d -l”
To fix error:
Trial1:
“# /usr/sbin/libvirtd -l
2015-06-20 15:08:33.484+0000: 6248: info : libvirt version: 1.2.2
2015-06-20 15:08:33.484+0000: 6248: error : virNetTLSContextCheckCertFile:117 : Cannot read CA certificate ‘/etc/pki/CA/cacert.pem’: No such file or directory
”
mkdir -p /etc/pki/CA
openssl genrsa 1024 > cakey.pem
openssl req -new -x509 -key cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
New error:
# /usr/sbin/libvirtd -l
2015-06-20 15:09:30.843+0000: 6267: info : libvirt version: 1.2.2
2015-06-20 15:09:30.843+0000: 6267: error : virNetTLSContextCheckCertFile:117 : Cannot read certificate ‘/etc/pki/libvirt/servercert.pem’: No such file or director
Trial2:
Following:
apt-get install gnutls-bin
(umask 277 && certtool –generate-privkey > host1_server_key.pem)
Joel G Mathew, known in tech circles by the pseudonym Droidzone, is an opensource and programming enthusiast.
He is a full stack developer, whose favorite languages are currently Python and Vue.js. He is also fluent in Javascript, Flutter/Dart, Perl, PHP, SQL, C and bash shell scripting. He loves Linux, and can often be found tinkering with linux kernel code, and source code for GNU applications. He used to be an active developer on XDA forums, and his tinkered ROMS used to be very popular in the early 2000s.
His favorite pastime is grappling with GNU compilers, discovering newer Linux secrets, writing scripts, hacking roms, and programs (nothing illegal), reading, blogging. and testing out the latest gadgets.
When away from the tech world, Dr Joel G. Mathew is a practising ENT Surgeon, busy with surgeries and clinical practise.