Correct way to move kvm vm

I have a problem to do live migration between two host computers via virt manager. It is a permission issue but I don’t have time to fig it out. It is not a big deal. It is ok to move KVM vms offline.

  1. stop VM from gui or cli or guest console
  2. dump guest configuration as xml
    virsh dumpxml VMNAME > domxml.xml
  3. copy the guest images to another server with same path
  4. define a VM from the dump xml file
    virsh define domxml.xml
  5. Check the configuration and start VM on new host. Usually need to check the network configuration, CPU, and memory.

source: http://serverfault.com/questions/434064/correct-way-to-move-kvm-vm

KVM access guest from outside host on CentOS

For default virbr0, it provides a way to help guest to access host (VM<–>host). But the guest cannot be accessed from outside host. But we can use the following commands to enable it temporally.

# iptables -D  FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
# iptables -D  FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable

The best way is to create another bridge for guest.

  1. create new bridge xml file (routeNetwork.xml)

    <network>
      <name>examplenetwork</name>
      <bridge name="virbr100" />
      <forward mode="route" />
      <ip address="10.10.120.1" netmask="255.255.255.0" />
    </network>
  2. create new bridge
    # virsh net-create routeNetwork.xml
  3. edit the bridge to enable dhcp (I think if we define DHCP at the first step, no need this one. If we don’t do this step, the persistent state is no. Not sure what the impact is.)
    # virsh net-edit routenetwork
    
    <network>
      <name>routenetwork</name>
      <uuid>62b9b9a9-2865-466c-9a3d-ab003441bc8b</uuid>
      <forward mode='route'/>
      <bridge name='virbr100' stp='on' delay='0'/>
      <mac address='52:54:00:cc:3b:aa'/>
      <ip address='10.10.120.1' netmask='255.255.255.0'>
        <dhcp>
          <range start='10.10.120.128' end='10.10.120.254'/>
        </dhcp>
      </ip>
    </network>
  4. Set the bridge autostart
    # virsh net-autostart routenetwork
  5. Check virtual networks
    # virsh net-list
     Name                 State      Autostart     Persistent
    ----------------------------------------------------------
     default              active     yes           yes
     routenetwork         active     yes           yes
    
  6. add masquerade to firewalld
    # firewall-cmd --permanent --add-masquerade
  7. change guest network type
    # virsh --connect qemu:///system
    virsh # edit <VM's name>
    ...
    <interface type='bridge'>
      <mac address='52:54:00:ea:98:1a'/>
      <source bridge='virbr100'/>
      <model type='e1000'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    ...
    
  8. shutdown and start the guest again
  9. add route on your router
    # sudo route -n add 10.10.120.0/24 <host ip>

    Now the guest can access from your network via it ip 10.10.120.x.

    Other virsh commands used in managing virtual networks are:

    • virsh net-list — list virtual networks
    • virsh net-autostart [network name] — Autostart a network specified as [network name]
    • virsh net-create [XML file] — Generates and starts a new network using a preexisting XML file
    • virsh net-define [XML file] — Generates a new network from a preexisting XML file without starting it
    • virsh net-destroy [network name] — Destroy a network specified as [network name]
    • virsh net-name [network UUID] — Convert a specified [network UUID] to a network name
    • virsh net-uuid [network name — Convert a specified [network name] to a network UUID
    • virsh net-start [name of an inactive network] — Starts a previously undefined inactive network
    • virsh net-undefine [name of an inactive network] — Undefine an inactive network
    • virsh net-dumpxml [network name] — Dump network as xml file

How to edit KVM VM profile which is created by virt-manager and add port-forwarding function?

Virt-manager hides some functions such as port-forwarding. We can edit the VM profile form terminal.

# virsh --connect qemu:///system

List all VMs in virsh envrionment

virsh # list --all

Edit VM’s profile

virsh # edit <VM's name>

Add qemu namespace

old:
<domain type='kvm'>
new:
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>

Change network type from network to user

old:
   <interface type='network'>
      <mac address='xx:xx:xx:xx:xx:xx'/>
      <model type='e1000'/>
      <source network='default'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
new:
  <interface type='user'>
    <mac address='xx:xx:xx:xx:xx:xx'/>
    <model type='e1000'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
  </interface>

Add port-forwarding arguments before tag </domain>

 <qemu:commandline>
    <qemu:arg value='-redir'/>
    <qemu:arg value='tcp:2001::3389'/>
    <qemu:arg value='-redir'/>
    <qemu:arg value='tcp:2002::80'/>
</qemu:commandline>

 

 

Using KVM on CentOS7

1. Install CentOS7 with Virtualization Host feature
centos7-virtualization1

The Virtualization Host doesn’t install the virt-install and virt-manager. Run the following command to install them.

$ sudo yum install virt-install virt-manager

Also you can install KVM by following command if you didn’t install Virtualization Host feature.

$ sudo yum install kvm virt-manager libvirt virt-install qemu-kvm xauth dejavu-lgc-sans-fonts

2. check kvm module installation

$ lsmod|grep kvm
kvm_intel             162153  110
kvm                   525409  1 kvm_intel

3. Setup X server and run virt-manager

$ DISPLAY=149.4.68.230:0.0
$ export DISPLAY
$ sudo virt-manager

5. KVM cli examples

// check cpu info
$ egrep -c '(vmx|svm)' /proc/cpuinfo
// list templates
$ osinfo-query os
// list VMs
$ sudo virsh --connect qemu:///system list
$ sudo virsh --connect qemu:///system list --all

// show guest infomration
$ sudo virsh dominfo Fedora24
Id:             -
Name:           Fedora24
UUID:           d1e8dd90-54fb-46ee-92af-dad8ec914b2e
OS Type:        hvm
State:          shut off
CPU(s):         2
Max memory:     4194304 KiB
Used memory:    0 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0

// shutdown
$ sudo virsh --connect qemu:///system shutdown Fedora24
// force stop
$ sudo virsh --connect qemu:///system destroy Fedora24
// start
$ sudo virsh --connect qemu:///system start Fedora24

// delete guest
$ sudo virsh --connect qemu:///system destroy Fedora24
$ sudo virsh --connect qemu:///system undefine Fedora24
$ sudo rm -f /var/lib/libvirt/images/Fedora24.img
$ sudo virsh pool-refresh default

6. Autostart guest

// autostart guest
$ sudo virsh --connect qemu:///system autostart Fedora24
$ sudo virsh --connect qemu:///system dominfo Fedora24|grep Auto

Set auto start from GUI

kvm-autostart

7. Issues

a) Using samba share file failed. Report permission denied. Copy install iso images to local and it works fine

b) After clone a VM from GUI, cannot start and report missing the folder such as Fedora24-template which is the source VM name. Created a tool to check the folder.  If the folder is gone, the tool creates it immediately.

Reference: http://jensd.be/207/linux/install-and-use-centos-7-as-kvm-virtualization-host

KVM clone Fedora network issue

After clone Fedora 24 VM, the is a network issue:

$ sudo systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.

$ journalctl -xe
...
Nov 14 15:59:07 localhost NetworkManager[818]:   [1479157147.5419] audit: op="connection-activate" uuid="123dd488-4e5a-3420-952d-c6e63dff7c21"
Nov 14 15:59:07 localhost network[1389]: Bringing up interface ens3:  Error: Connection activation failed: No suitable device found for this connect
Nov 14 15:59:07 localhost network[1389]: [FAILED]
...

Root cause: The old network device doesn’t exist anymore. During clone, a new network device is added.

Solution:

Delete old network profile. (ex. old interface is ens3)

$ sudo rm /etc/sysconfig/network-scripts/ifcfg-ens3

Using Network Manger tool (nmcli, nmtui) to config network again.