title>KVM on CentOS 5.1

A Quick Guide to Using KVM with CentOS-5.1

(A modified version of this article is on the CentOS wiki.)

Please Note This was written in 2008 and hasn't been updated since. These days, I'm using CentOS 6.x rather than 5.x, so haven't maintained this page. For a very clear guide to KVM on CentOS 6 (which is much more easily done, by the way), I recommend this pdf file from linux.dell.com

At time of writing (April, 2008) KVM was frequently updated and improved. The version numbers that I use may have changed by the time you read this.

For a more up to date article about KVM on CentOS 5.x I would recommend the RedHat documentation.

Preparation and Installation

You have to have a later model processor, with virtualization support, for KVM to work properly. This can be checked by examining /proc/cpuinfo. If you have an Intel processor then do
grep vmx /proc/cpuinfo

If you get results, your Intel processor is KVM ready. If you have an AMD processor then do
grep svm /proc/cpuinfo

If you're not sure which processor you have then do

egrep 'vmx|svm' /proc/cpuinfo

(If you get back results with vmx, it's Intel, if you get back results with svm then it's AMD. If you get nothing back, well, your system doesn't have a CPU that's built for virtualization. You might be better off with VirtualBox.)

The latest KVM for CentOS is in the testing repo. The testing repo can be downloaded from the wiki site. (The easiest way is to right click on the link and save it in /etc/yum.repos.d). Then you can install KVM with
yum -y install --enablerepo=c5-testing kvm kmod-kvm

One might want to also install qemu, since some of its commands can be useful.
yum -y install qemu

However it isn't essential.

The next step is to modprobe the kvm module for your architecture.
modprobe kvm-intel

If it's an AMD processor then
modprobe kvm-amd

Add the user who will be running kvm to the kvm group. If the user's name is john then
usermod -G kvm -a john

If you're doing this as john and using su or sudo to run the commands above, you will have to log out completely and log back in before it takes effect.

After doing the modprobe, it's not a bad idea to reboot to be sure that module gets loaded and that the proper permissions have been given /dev/kvm in /etc/udev/rules.d. There should now be an /etc/sysconfig/modules/kvm.modules script and an entry in /etc/udev/rules.d. Once you've rebooted, see if the modules have been loaded.
/sbin/lsmod |grep kvm

You should see both a kvm and a kvm-intel (or kvm-amd) module.

Creating a virtual machine

If you have qemu installed, you can now use its create command to make your disk image.
qemu-img create -f qcow2 disk.img 5G

In this case, you are creating an image that can grow to 5 gigs. It will only use the amount of space that it needs though. The -f qcow2 is the standard modern qemu image format. (-f as in format.)

If you didn't install qemu, you should still be able to create a disk image with
dd if=/dev/zero of=disk.img bs=1G count=5

The count will be the size in gigs. In this case, the .img file will take up the full 5 gigs of space on your hard drive, regardless of how much the guest O/S actually needs.

One problem I had that might be specific to my machine was that the mouse didn't work with qemu. I have a PS/2 mouse running through a KVM switch. The man page gives options for a USB mouse, PS/2 is the default. A quick google gave me a solution from the Cape Linux User Group's wiki. Before starting kvm do
export SDL_VIDEO_X11_DGAMOUSE=0

This solved the mouse problem for me.

I wanted to install a Windows 2000 virtual machine. The actual command, whether or not you install qemu, is qemu-kvm. For those familiar with qemu, it takes the same options. I copied the iso over to the hard drive and then ran the command
qemu-kvm -hda win2k.img -cdrom win2k.iso -m 512 -boot d

This is explained in the man page for qemu-kvm. In this case, I had named the image I created win2k.img and called the iso, as you've probably guessed, win2k.iso. The -hda is the virtual drive you've created. -cdrom is for the CDROM device. If you were booting the cdrom from the host machine's CDROM drive, you would use -cdrom /dev/cdrom. The -m was the amount of memory in megabytes that I was giving the virtual machine. The -boot d meant that it should boot from the CDROM drive.

If all has gone well, it should now run as if you were installing on an actual hard drive. When done, you will, hopefully, boot into a working Windows 2000 virtual installation. After that, when you want to run it, you can do it the same way. Export the SDL_VIDEO if necessary and just start the virtual machine with
qemu-kvm -hda win2k.img

(If you need to use the host machine's CD drive, then it's probably necessary to add the -cdrom option. That -boot d, however, is only used when booting from a CD.)

Networking

By default kvm (as well as qemu and VirtualBox) use NAT networking, It will get an address of 10.0.2.x. It can access the LAN of the host, regardless of subnet--that is, if the host is on a 192.168.1.x subnet, even though the guest has an IP of 10.0.2.x it can reach the host (or any host on the network) with ssh or samba. It can also browse the Internet. Some VPN clients may not work. In the past, I've been unable to use NAT (also known as SLIRP) with a Nortel VPN client. However, a Checkpoint VPN client works for me.

Bridged Tap Networking

If you want the guest to appear as another host on the LAN, visible to the rest of the network, you will have to use bridged networking. There are many qemu howtos around, but most are out of date, as it has changed since the 2.6.18 kernel.

This is a simple method that works for me. Many howtos talk of making a qemu-ifup script that lives in /etc. Unfortunately, most of the howtos I came across seem to be dated, as none of the suggested scripts I found worked for me. For my particular needs, this isn't a major problem. I have a simplistic script to create the bridge and tap interfaces and I just add the necessary commands to it.

First you will need bridge-utils, available from the base repos. You'll also need tunctl. There's an rpm that works at Fedora's download site. That link takes you to the development directory. From there, you will see the i386 and x86_64 directories. Choose the one for your architecture and go into its os/Packages directory. There is a tunctl rpm there. It's marked fc9, but works on CentOS-5.1. Download it and install it with
rpm -Uvh tunctl-<version.arch>.rpm
You will also want to edit your /etc/udev/rules.d/90-kvm-rules. When you installed the rpm, the created file read
KERNEL=="kvm",          NAME="%k", GROUP="kvm", MODE="0660"

Add the line
KERNEL=="tun",          NAME="%k", GROUP="kvm", MODE="0660"

For the impatient, here is my simple script. I'll explain it afterwards. This is assuming that you're on a 192.168.1.0/24 network with no DHCP server.
#!/bin/sh
PATH=$PATH:/usr/sbin:/sbin
sudo brctl addbr br0
sudo ifconfig eth0 0.0.0.0
sudo brctl addif br0 eth0
sudo ifconfig br0 192.168.1.120 netmask 255.255.255.0 up
sudo route add -net 192.168.1.0 netmask 255.255.255.0 br0
sudo route add default gw 192.168.1.1 br0
sudo tunctl -b -u john
sudo ifconfig tap0 up
sudo brctl addif br0 tap0
export SDL_VIDEO_X11_DGAMOUSE=0
sudo iptables -I RH-Firewall-1-INPUT -i br0 -j ACCEPT
qemu-kvm ~/win2k.img -m 512 -net nic -net tap,ifname=tap0,script=no

Here is what we've done. I'm using sudo, but you could also use su until the line that starts qemu. In CentOS, only root's $PATH has /sbin and /usr/sbin, but most these commands are located in one of those two directories, so we start by adding it to the user's path.

We create a bridge, br0, with the brctl addbr command. As we're going to add eth0 to the bridge, we have to 0 out its address, which we do with the ifconfig eth0 0.0.0.0.

Note that when you change eth0's address to 0.0.0.0 you'll temporarily lose connectivity to your network. So don't try to do this remotely, or at a time when you don't want to briefly lose connectivity.

The next commands add eth0 to the bridge and give the bridge eth0's former address. If your ethernet card gets its address from DHCP, you can replace the ifconfig and route commands with
dhclient br0

The tunctl command adds a tap0 interface and gives user john permissions for it. Then it's brought up with ifconfig. Note that it isn't given an address.

Then add tap0 to br0.

Next I add that DMOUSE line to make my mouse work. (I've only found this to be necessary with Windows guests.)

The iptables rule will allow traffic to the bridge. If I don't insert that rule, the virtual machine is unable to use DNS and DHCP.

Lastly, I bring up qemu-kvm. I've explained most of the flags already, but note the -net nic -net tap,ifname=tap0,script=no part of it. All of this seems to be necessary. As I mentioned, I haven't been able to get qemu-ifup to work. However, kvm-qemu expects to find such a script and if it doesn't, there can be problems. Therefore, I have the script=no option. When all this is done, qemu-kvm should start. If you have a DHCP server on your network, even if your host has a static address, the guest O/S should be able to receive an address from that server, otherwise, you will manually configure the guest's IP address just as you would on any Linux, BSD or Windows system.

Odds and Ends

I've been running KVM on a machine that I use for testing. Therefore, I have two kernels, the regular centos and the centos.plus. The modules went into /lib/modules/2.6.18.53.1.14.el5/extra/kvm. If I booted into the plus kernel, I was unable to load the kvm modules.

To fix this, I copied that extra/kvm directory into /lib/modules/2.6.18.53.1.14.e15.centos.plus/extra directory.

If you already have VirtualBox or VMWare on the machine, it doesn't play nicely with qemu-kvm. In my case, I have VirtualBox and sometimes choose to use it. So, I don't want the kvm modules being loaded on boot. I stop it by renaming /etc/sysconfig/modules/kvm.modules to kvm.modules.bak.

If I am running VirtualBox and decide that I want to run qemu-kvm instead, I have to stop VirtualBox and do
rmmod vboxdrv

before doing the modprobe kvm-intel. Only one can run at a time.

Much thanks goes to toracat and NedSlider of CentOS forums for their encouragement and help.


Creative Commons License This work is licensed under a Creative Commons License