This howto covers a base install only of CentOS with no gui to administer. All administration is done remotely using virt-manager through SSH for security reasons. DO NOT USE X11 FORWARDING!!! I was running X11 forwarding over SSH to pull up virt-manager on each machine and found serious vulnerabilities available to hackers on compromised systems (basically they can configure X11 forwarding to open tunnels and take their hacking scripts along for a ride with the X11 forwarding session).
CentOS 5.3 media has a buggy kernel on the installer that will result in a kernel panic after initial install. Download and either burn to DVD or mount through the Liquid KVM solution a CentOS 5.2 installation media.
Boot to CentOS 5.2 media
Hit Enter at the linux # prompt
Tab to the "Skip" button and press Enter at the Media Check box
Select your language and click "Next" (English used in this howto)
Select your keyboard and click "Next"
Click "Advanced storage configuration"
Click "Add Drive"
Select "eth4 - Intel Corporation 82571EB Gigabit Ethernet Controller"
Uncheck "Use dynamic IP configuration (DHCP)"
In "IPv4 Address:"
Fill in target information
Check "Review and modify partitioning layout"
Click "Yes" on the Warning box that pops up
Select "VolGroup00" in the device list and click "Edit"
In "Volume Group Name" rename to vg_ls# (where # is logical server number)
Select LogVol1 in "Logical Volumes" and click "Edit"
In "Logical Volume Name" rename to lv_swap
Select LogVol0 in "Logical Volumes" and click "Edit"
In "Logical Volume Name" rename to lv_root
These renaming conventions are useful for recovering guest instances within the host. If volume groups and logical volumes are named the same as the instance you are trying to recover them from there is confusion in LVM.
Final outcome should look like the below image (I'm installing ls4 in this instance)
Click "Yes" to the Partitioning Warnings box that pops up.
In the Network Devices list uncheck eth0
Check eth2 and click "Edit"
Configure IPv4 settings for your Management network
Uncheck "Enable IPv6 support"
Check eth4 and click "Edit"
Configure IPv4 settings for your Boot network
Uncheck "Enable IPv6 support"
Manually assign the hostname if desired
Fill in Gateway and DNS Name Servers
Select Time Zone and click "Next"
Fill in the Root Password and Confirm
Uncheck all packages and repositories
Select "Customize now"
Scroll through all items in the left list box and clear all check marks from the list on the right for each item.
At the time of this writing the items are:
- Text-based Internet
- Dialup Networking Support
Pull up slacker.com in your browser and find a good station to listen to.
When the "Reboot" screen appears remove all media and click "Reboot"
Log in as root
Select Disabled under SELinuxsystem-config-securitylevel-tui
From a client computer on the Management network (In this howto it's Fedora 11 workstation setup):exit
Adjust your slacker radio station if the music isn't goodssh root@<management ip address>
scp ~/.ssh/id_rsa.pub root@
ssh root@<management ip address>
cat ~/.ssh/ws > .ssh/authorized_keys
rm -f ~/.ssh/ws
:s/PasswordAuthentication\ yes/PasswordAuthentication\ no/g
service sshd restart
yum -y update yum
yum -y update
This reboot is done to initiate the kvm kernel modificationssh root@<management ip address>
yum -y install vconfig kmod-kvm kvm libvirt.x86_64 python-virtinst
Remove all IPADDR/NETMASK/NETWORK/BROADCAST lines.ssh root@<management ip address>
add the line at the bottom: "BRIDGE=br2"
Now we have a physically bridged network connection that we can use to get our first VM on the management vlan. The last step turns off filtering for our guests to allow all traffic over bridged devices.:wq
<first 3 octets of management ip range>.255
IPADDR=<management ip address>
NETMASK=<management subnet mask>
cat >> /etc/sysctl.conf <<EOF <first 3 octets of management ip range>.0
service network restart
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
Now we just need a VM
This will get you back to your local machine.qemu-img -f qcow2 /path/to/images/myfirstvm.img 10G
virt-install -n myfirstvm -r 1024 --vcpus=1 --os-type=linux --os-variant=rhel5 -c /path/to/isos/CentOS-5.3.iso --disk path=/path/to/images/myfirstvm.img --network=bridge:br2 --vnc --noacpi
Run virt-manager and create a new connection to the newly built KVM node using SSH.yum install libvirt virt-manager
This is the most secure way I have found to manage my KVM hosts.