Difference between revisions of "KVM"

From Blue-IT.org Wiki

(Accessing services on KVM guests behind a NAT)
(Control NAT rules)
Line 57: Line 57:
 
=== Control NAT rules ===
 
=== Control NAT rules ===
 
  iptables -nvL -t nat
 
  iptables -nvL -t nat
 +
 +
Then you should see something like the following. There, the first PREROUTING rules open up the ports 1222, 1223 and 1444 (fantasy services!) for the NAT'ed virtual machine with the IP 192.168.122.2.
 +
The first line is the
 +
 +
rot@myPC:# iptables -nvL -t nat
 +
Chain PREROUTING (policy ACCEPT 216 packets, 14658 bytes)
 +
pkts bytes target    prot opt in    out    source              destination       
 +
    6  312 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0            tcp dpt:1222 to:192.168.122.2:1222
 +
    2  120 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0            tcp dpt:1223 to:192.168.122.2:1223
 +
    0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0            tcp dpt:1444 to:192.168.122.2:1444
 +
 
 +
Chain INPUT (policy ACCEPT 14 packets, 2628 bytes)
 +
pkts bytes target    prot opt in    out    source              destination       
 +
 
 +
Chain OUTPUT (policy ACCEPT 12 packets, 818 bytes)
 +
pkts bytes target    prot opt in    out    source              destination       
 +
 
 +
Chain POSTROUTING (policy ACCEPT 17 packets, 1048 bytes)
 +
pkts bytes target    prot opt in    out    source              destination       
 +
    0    0 MASQUERADE  tcp  --  *      *      192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
 +
    6  406 MASQUERADE  udp  --  *      *      192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
 +
    0    0 MASQUERADE  all  --  *      *      192.168.122.0/24    !192.168.122.0/24
  
 
=== Delete NAT rules ===
 
=== Delete NAT rules ===

Revision as of 14:42, 30 October 2013

Using VirtualBox and KVM together

Using VirtualBox and KVM together at the same server at the same time is NOT possible!!!

Use VirtualBox

sudo service qemu-kvm stop
sudo service vboxdrv start

OR use KVM

sudo service vboxdrv stop
sudo service qemu-kvm start

Decide!

Migration from VirtualBox to KVM

This boils down to

  1. having a lot of time
  2. having a lot of free harddisk space
  3. creating a clone of the vbox-machine with VBoxManage clonehd (this can take a looooong time!). Kloning is the easiest way of getting rid of snapshots of an existing virtual machine.
  4. converting the images from vdi to qcow-format with qemu-img convert
  5. creating and configuring a new kvm-guest
  6. adding some fou to NAT with a qemu-hook (see next section)

To clone an image - on the same machine - you have to STOP kvm and start vboxdr (see above). Also be aware, that the raw-images take up a lot of space!

# The conversion can take some time. Other virtual machines are not accessible in this time
VBoxManage clonehd -format RAW myOldVM.vdi /home/vm-exports/myNewVM.raw
0%...
cd /home/vm-exports/
qemu-img convert -f raw myNewVM.raw -O qcow2 myNewVM.qcow

Cloning a Snapshot:

# for a snapshot do (not tested)
cd /to/the/SnapShot/dir
VBoxManage clonehd -format RAW "SNAPSHOT_UUID" /home/vm-exports/myNewVM.raw

Accessing services on KVM guests behind a NAT

This is done by editing a hook-script for quemu:

/etc/libvirt/hooks/qemu

I am referring to this article:

which ist mentioned in the libvirt wiki:

I installed the qemu-python script of the first article under ubuntu 12.04 LTS, which worked like expected.

So I can access a port in the virtualmachine-guest with the IP/Port of the host (!). From within the host, it is possible to reach the guest via it's real ip. I am using the virtio-Interface (performance).

Control NAT rules

iptables -nvL -t nat

Then you should see something like the following. There, the first PREROUTING rules open up the ports 1222, 1223 and 1444 (fantasy services!) for the NAT'ed virtual machine with the IP 192.168.122.2. The first line is the

rot@myPC:# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 216 packets, 14658 bytes)

pkts bytes target     prot opt in     out     source               destination         
   6   312 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1222 to:192.168.122.2:1222
   2   120 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1223 to:192.168.122.2:1223
   0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1444 to:192.168.122.2:1444
 

Chain INPUT (policy ACCEPT 14 packets, 2628 bytes)

pkts bytes target     prot opt in     out     source               destination         
 

Chain OUTPUT (policy ACCEPT 12 packets, 818 bytes)

pkts bytes target     prot opt in     out     source               destination         
 

Chain POSTROUTING (policy ACCEPT 17 packets, 1048 bytes)

pkts bytes target     prot opt in     out     source               destination         
   0     0 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
   6   406 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
   0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24

Delete NAT rules

iptables -t nat -D PREROUTING 1

Backup KVM

Via LVM

LiveBackup