230 lines
6.6 KiB
Markdown
230 lines
6.6 KiB
Markdown
Author: Jesús E.
|
|
Category: Tutorial
|
|
Date: 2020-05-03 03:12
|
|
Modified: 2022-03-22 05:57
|
|
Diaspora: https://diasp.org/u/heckyel
|
|
Image: 2020/05/virt-manager.jpg
|
|
Lang: en
|
|
Mastodom: https://masto.nobigtech.es/@heckyel
|
|
Save_as: install-a-virtual-machine-manager-on-hyperbola-gnulinux-libre/index.html
|
|
Slug: instalar-un-gestor-de-maquinas-virtuales-en-hyperbola-gnulinux-libre
|
|
Tags: virtual machine, tutorial
|
|
Title: Install a virtual machine manager in Hyperbola GNU/Linux-libre
|
|
URL: install-a-virtual-machine-manager-on-hyperbola-gnulinux-libre/
|
|
|
|
Your host may be Hyperbola GNU/Linux-libre x86_64 architecture, for example,
|
|
but with enough memory and processing power you could run
|
|
[Trisquel][trisquel]{:target="_blank" rel="noopener noreferrer"} and
|
|
[Dragora][dragora]{:target="_blank" rel="noopener noreferrer"}
|
|
at the same time, on the same machine.
|
|
|
|
## What is a virtual machine?
|
|
|
|
A virtual machine is software that simulates a computer system and can
|
|
execute programs as if it were a real computer. This software was
|
|
originally defined as "an efficient and isolated duplicate of a
|
|
physical machine".
|
|
|
|
## What programs allow me to run a virtual machine?
|
|
|
|
In totally free operating systems there is a program
|
|
called `qemu` that allows us to virtualize.
|
|
|
|
[Qemu][qemu]{:target="_blank" rel="noopener noreferrer"}
|
|
works through the command line.
|
|
|
|
## Enable virtualization
|
|
|
|
### Check if your PC supports virtualization
|
|
|
|
:::console
|
|
$ LC_ALL=C lscpu | grep Virtualization
|
|
|
|
or run the command:
|
|
|
|
:::console
|
|
$ lsmod | grep kvm
|
|
|
|
If your computer supports virtualization, you should see the
|
|
output as `Virtualization: VT-x` or `Virtualization: AMD-V`,
|
|
otherwise your computer is not capable of virtualizing.
|
|
|
|
### Qemu Installing
|
|
|
|
:::console
|
|
# pacman -Sy
|
|
|
|
# pacman -S qemu vde2 dnsmasq bridge-utils
|
|
|
|
# gpasswd -a <your-user> kvm
|
|
|
|
### Enable kernel modules for virtualization
|
|
|
|
- kvm_intel module (Intel processors)
|
|
|
|
:::console
|
|
# modprobe kvm_intel
|
|
|
|
- kvm_amd module (AMD processors)
|
|
|
|
:::console
|
|
# modprobe kvm_amd
|
|
|
|
### Enable nested virtualization in KVM
|
|
|
|
Nested virtualization allows you to run a virtual machine (VM)
|
|
within another VM while still using host hardware acceleration.
|
|
|
|
#### Checking if nested virtualization is supported
|
|
|
|
For Intel processors, check the
|
|
`/sys/module/kvm_intel/parameters/nested` file.
|
|
For AMD processors, check the
|
|
`/sys/module/kvm_amd/parameters/nested`.
|
|
If you see `1` or `Y`, nested virtualization is supported;
|
|
if you see `0` or `N`, nested virtualization is not supported.
|
|
|
|
For example:
|
|
|
|
:::console
|
|
$ cat /sys/module/kvm_intel/parameters/nested
|
|
Y
|
|
|
|
#### Enable nested virtualization for Intel processors:
|
|
|
|
1. Turn off all running virtual machines and reload `kvm_intel` module:
|
|
|
|
:::console
|
|
# modprobe -r kvm_intel
|
|
|
|
2. Activate the nesting function
|
|
|
|
:::console
|
|
# modprobe kvm_intel nested=1
|
|
|
|
3. Nested virtualization is enabled until the host is restarted.
|
|
To enable it permanently, add the following line to
|
|
`/etc/modprobe.d/kvm.conf` file:
|
|
|
|
:::console
|
|
# nano -w /etc/modprobe.d/kvm.conf
|
|
----------------------------------
|
|
options kvm_intel nested=1
|
|
|
|
#### Enable nested virtualization for AMD processors:
|
|
|
|
1. Turn off all running virtual machines and reload `kvm_amd` module:
|
|
|
|
:::console
|
|
# modprobe -r kvm_amd
|
|
|
|
2. Activate the nesting function
|
|
|
|
:::console
|
|
# modprobe kvm_amd nested=1
|
|
|
|
3. Nested virtualization is enabled until the host is restarted.
|
|
To enable it permanently, add the following line to
|
|
`/etc/modprobe.d/kvm.conf` file:
|
|
|
|
:::console
|
|
# nano -w /etc/modprobe.d/kvm.conf
|
|
----------------------------------
|
|
options kvm_intel nested=1
|
|
|
|
## Qemu usage
|
|
|
|
Make virtual disk to use Virtual Machine.
|
|
|
|
:::console
|
|
$ qemu-img create -f qcow2 hyper.qcow2 10G
|
|
|
|
### Simple usage
|
|
|
|
:::bash
|
|
#!/bin/bash
|
|
qemu-system-x86_64 \
|
|
-monitor stdio \
|
|
--enable-kvm -m 512 \
|
|
-cpu host -smp 4 \
|
|
-cdrom /path/to/hyperbola-milky-way-v0.4-dual.iso \
|
|
-drive file=/path/to/hyper.qcow2,if=virtio \
|
|
-boot c -rtc base=localtime \
|
|
-device virtio-keyboard-pci \
|
|
-net nic -net user \
|
|
-vga virtio
|
|
|
|
`-cpu host -smp 4` to use 4 cpus with original CPU-host name
|
|
|
|
`-net user` is important to have internet access within your new system.
|
|
`-m 512` is the set virtual RAM size (megabytes), default is 128 MB,
|
|
I chose 512
|
|
|
|
You can set `-vga virtio -display sdl,gl=on` for 3D emulation support
|
|
|
|
Also you can set `-device intel-hda -device hda-duplex` for audio support
|
|
on intel audio-card.
|
|
|
|
>For audio support check <https://wiki.archlinux.org/title/QEMU#Audio>
|
|
|
|
### Qemu + VNC as server
|
|
|
|
:::bash
|
|
#!/bin/bash
|
|
qemu-system-x86_64 \
|
|
-monitor stdio \
|
|
--enable-kvm -m 512 \
|
|
-cpu host -smp 4 \
|
|
-cdrom /path/to/hyperbola-milky-way-v0.4-dual.iso \
|
|
-drive file=/path/to/hyper.qcow2,if=virtio \
|
|
-boot c -rtc base=localtime \
|
|
-device virtio-keyboard-pci \
|
|
-net nic -net user \
|
|
-vga virtio -display none \
|
|
-vnc :0
|
|
|
|
One can add the `-vnc :X` option to have QEMU redirect the VGA display to
|
|
the VNC session. Substitute X for the number of the display (0 will
|
|
then listen on 5900, 1 on 5901, 2 on 5902, etc).
|
|
|
|
>Remember: Ctrl + Alt + G to exit capture, Ctrl + Alt + F to fullscreen!
|
|
<!--- -->
|
|
>Warning: The default VNC server setup does not use any form of
|
|
>authentication. Any user can connect from any host.
|
|
> Maybe check: <https://wiki.archlinux.org/title/QEMU#Basic_password_authentication>
|
|
|
|
### Qemu screenshots
|
|
|
|
<figure>
|
|
<a href="{filename}/wp-content/uploads/article/images/2020/05/vm-hyperbola.png">
|
|
<img src="{filename}/wp-content/uploads/article/images/2020/05/vm-hyperbola.png" alt="Hyperbola in Qemu">
|
|
</a>
|
|
<figcaption>Screenshot of Hyperbola GNU/Linux-libre in Qemu</figcaption>
|
|
</figure>
|
|
|
|
<figure>
|
|
<a href="{filename}/wp-content/uploads/article/images/2020/05/vm-trisquel.png">
|
|
<img src="{filename}/wp-content/uploads/article/images/2020/05/vm-trisquel.png" alt="Trisquel in Qemu">
|
|
</a>
|
|
<figcaption>Screenshot of Trisquel GNU/Linux in Qemu</figcaption>
|
|
</figure>
|
|
|
|
### Modules with security issues
|
|
|
|
The `vhost_net` module has
|
|
[CVE-2018-3646][spectre]{:target="_blank" rel="noopener noreferrer"}
|
|
security issues which is L1TF and SMT CPU error
|
|
with possible data leak.
|
|
It's recommended to disable it as follows:
|
|
|
|
:::console
|
|
# modprobe -r vhost_net
|
|
|
|
If you are in Hyperbola GNU/Linux-libre
|
|
this module comes disabled.
|
|
|
|
[dragora]: https://dragora.org
|
|
[trisquel]: https://trisquel.info
|
|
[qemu]: https://wiki.qemu.org/Main_Page
|
|
[spectre]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html
|