KVM Setup on Debian Jessie

From Wiki

Jump to: navigation, search

Contents

Setup Base OS

I used hetzner's "installimage" to create RAID + LVM.

installimage
-> Debian
-> Debian-86-jessie-64-minimal
-> Hostname enterservername
-> PART /boot  ext3     512M
-> PART lvm    vg0       all
-> LV vg0   root   /        ext4         10G
-> LV vg0   swap   swap     swap          4G

reboot

Sanity checks

free
lvscan
cat /proc/mdstat
cat /etc/apt/sources.list
apt-get update
apt-get upgrade
mdadm --examine --scan
df -h
cat /proc/cpuinfo

Some strange reason apt didn't work with ipv6 after the initial update. So to force apt to use ipv4

vi /etc/apt/apt.conf.d/99hetzner
#add in the line
Acquire::ForceIPv4 "true";

Install KVM

aptitude install qemu-kvm libvirt-bin
#source: https://wiki.debian.org/KVM
apt-get install virtinst

virsh list

Network Config

vi /etc/network/interfaces
auto br1
iface br1 inet static
       address 192.168.1.1
       netmask 255.255.255.0
       bridge_stp off
       bridge_fd 0
       pre-up brctl addbr br1
       pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
       post-down brctl delbr br1

if up br1
#or reboot

Firewall Config

vi /etc/firewall.sh
IPTABLES=/sbin/iptables

EXTBR=br0
INTBR=br1

PRIVATE=192.168.1.0/24

$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -F PREROUTING -t nat

####################
# FORWARDS
###################
$IPTABLES -A FORWARD -d $PRIVATE -o $INTBR -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -s $PRIVATE -i $INTBR -j ACCEPT
$IPTABLES -A FORWARD -i $INTBR -o $INTBR -j ACCEPT
$IPTABLES -A FORWARD -i $EXTBR -o $EXTBR -j ACCEPT

###################
# NATTING
###################
$IPTABLES -t nat -A POSTROUTING ! -d $PRIVATE -s $PRIVATE -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING ! -s $PRIVATE -d $PRIVATE -j MASQUERADE

###################
# PORT FORWARDING (Remote Desktop)
###################
$IPTABLES -t nat -A PREROUTING -p tcp --dport 9123 -j DNAT --to 192.168.1.2:3389
 
###################
# BLOCKING
###################
#$IPTABLES -A FORWARD -j REJECT --reject-with icmp-port-unreachable

Call Firewall Script on boot

Reference -> https://wiki.debian.org/DebianFirewall

vi /etc/network/interfaces
# device: eth0
auto  eth0
iface eth0 inet static
#under this section, add ->
pre-up /bin/sh /etc/firewall.sh


Setup VM

lvcreate -n lin01-boot --size 250m vg0
lvcreate -n lin01-swap --size 1g vg0
lvcreate -n lin01-root --size 5g vg0

mkfs.ext4 /dev/vg0/lin01-root
mkswap /dev/vg0/lin01-swap 

wget -4 http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/mini.iso
virt-install -d --name=lin01 --ram 512 --disk path=/dev/vg0/lin01-boot,bus=virtio,cache=none --disk path=/dev/vg0/lin01-root,bus=virtio,cache=none --disk path=/dev/vg0/lin01-swap,bus=virtio,cache=none --network bridge=br1,model=virtio --vnc --accelerate --cdrom /srv/os-images/debian-jessie-netinst.iso

Other Notes

apt-get install smartmontools
smartctl -a /dev/sda | less
smartctl -a /dev/sdb | less
apt-get install munin-node
apt-get install munin-libvirt-plugins
munin-libvirt-plugins-detect
apt-get install fail2ban
ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sda
ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sdb

If you copy an xml file from libvirt from another PC and drop it in, you need to go:

virsh define win01-win7.xml

DD Virtual Disk from one Server to new Server

#On new server:
nc -l -p 7000 | dd of=/dev/vg0/win01-win7 bs=2M

#The on old server:
dd if=/dev/vg0/win02-win7 bs=2M | nc 88.xx.xx.x 7000 -q 10
Personal tools