Chapter 6. Provisioning Virtual Machines on a KVM Server (libvirt)

Kernel-based Virtual Machines (KVMs) use an open source virtualization daemon and API called libvirt running on Red Hat Enterprise Linux. Red Hat Satellite 6 can connect to the libvirt API on a KVM server, provision hosts on the hypervisor, and control certain virtualization functions.

6.1. Prerequisites for KVM Provisioning

The requirements for KVM provisioning include:

  • Synchronized content repositories for Red Hat Enterprise Linux 7. For more information, see Synchronizing Red Hat Repositories in the Content Management Guide.
  • A Capsule Server managing a network on the KVM server. Ensure no other DHCP services run on this network to avoid conflicts with the Capsule Server. For more information about network service configuration for Capsule Servers, see Chapter 4, Configuring Networking.
  • An activation key for host registration. For more information, see Creating An Activation Key in the Content Management guide.
  • A Red Hat Enterprise Linux server running KVM virtualization tools. For more information, see the Red Hat Enterprise Linux 7 Virtualization Getting Started Guide.
  • An existing virtual machine image if you want to use image-based provisioning. Ensure that this image exists in a storage pool on the KVM host. The default storage pool is usually located in /var/lib/libvirt/images.

User Roles and Permissions to Provision Libvirt Compute Resources

To provision a Libvirt host in Satellite, you must have a user account with the following roles:

  • Edit hosts
  • View hosts

For more information, see Assigning Roles to a User in the Administering Red Hat Satellite guide.

You must also create a custom role with the following permissions:

  • view_compute_resources
  • destroy_compute_resources_vms
  • power_compute_resources_vms
  • create_compute_resources_vms
  • view_compute_resources_vms
  • view_locations
  • view_subnets

For more information about creating roles, see Creating a Role. For more information about adding permissions to a role, see Adding Permissions to a Role in the Administering Red Hat Satellite guide.

6.2. Configuring Satellite Server for KVM Connections

Before adding the KVM connection, Satellite Server requires some configuration to ensure a secure connection. This means creating an SSH key pair for the user that performs the connection, which is the foreman user.

  1. On Satellite Server, switch to the foreman user: 

    # su foreman -s /bin/bash

  2. Generate the key pair: 

    $ ssh-keygen

  3. Copy the public key to the KVM server: 

    $ ssh-copy-id root@kvm.example.com

  4. Install the libvirt-client package: 

    # yum install libvirt-client

  5. Use the following command to test the connection to the KVM server: 

    $ virsh -c qemu+ssh://root@kvm.example.com/system list

    When you add the KVM connection in Satellite Server, use the qemu+ssh protocol and the address to the server. For example, qemu+ssh://root@kvm.example.com/system.

6.3. Adding a KVM Connection to Satellite Server

Use this procedure to add a KVM connection to Satellite Server’s compute resources.

Procedure

To add a KVM connection to Satellite, complete the following steps:

  1. In the Satellite web UI, navigate to Infrastructure > Compute Resources, and in the Compute Resources window, click Create Compute Resource.
  2. In the Name field, enter a name for the new compute resource.
  3. From the Provider list, select Libvirt
  4. In the Description field, enter a description for the compute resource.
  5. In the URL field, enter the connection URL to the KVM server. For example, qemu+ssh://root@kvm.example.com/system.
  6. From the Display type list, select either VNC or Spice.

  7. Optional: To secure console access for new hosts with a randomly generated password, select the Set a randomly generated password on the display connection check box. You can retrieve the password for the VNC console to access guest virtual machine console from the libvirtd host from the output of the following command: 

    # virsh edit your_VM_name
<graphics type=vnc port=-1 autoport=yes listen=0.0.0.0 passwd=your_randomly_generated_password>

    The password is randomly generated every time the console for the virtual machine is opened, for example, with virt-manager.

  8. Click Test Connection to ensure that Satellite Server connects to the KVM server without fault.
  9. Verify that the Locations and Organizations tabs are automatically set to your current context. If you want, add additional contexts to these tabs.
  10. Click Submit to save the KVM connection.

For CLI Users

Create the connection with the hammer compute-resource create command: 

# hammer compute-resource create --name "My_KVM_Server" \
--provider "Libvirt" --description "KVM server at kvm.example.com" \
--url "qemu+ssh://root@kvm.example.com/system" --locations "New York" \
--organizations "My_Organization"

6.4. Adding KVM Images to Satellite Server

If you want to use image-based provisioning to create hosts, you must add information about the image to your Satellite Server. This includes access details and the image location.

Procedure

To add KVM images on Satellite Server, complete the following steps:

  1. In the Satellite web UI, navigate to Infrastructure > Compute Resources, and in the Compute Resources window, click the name of your KVM connection.
  2. Click the Image tab, and then click New Image.
  3. In the Name field, enter a name for the image.
  4. From the Operatingsystem list, select the image’s base operating system.
  5. From the Architecture list, select the operating system architecture.
  6. In the Username field, enter the SSH user name for image access. This is normally the root user.
  7. In the Password field, enter the SSH password for image access.
  8. From the User data list, select if you want images to support user data input, such as cloud-init data.
  9. In the Image path field, enter the full path that points to the image on the KVM server. For example, /var/lib/KVM/images/TestImage.qcow2.
  10. Click Submit to save the image details.

For CLI Users

Create the image with the hammer compute-resource image create command. Use the --uuid field to store the full path of the image location on the KVM server. 

# hammer compute-resource image create --name "Test KVM Image" \
--operatingsystem "RedHat version" --architecture "x86_64" --username root \
--user-data false --uuid "/var/lib/libvirt/images/TestImage.qcow2" \
--compute-resource "My_KVM_Server"

6.5. Adding KVM Details to a Compute Profile

We can predefine certain hardware settings for KVM-based virtual machines by adding these hardware settings to a compute profile.

Procedure

To add Red Hat Virtualization details to a compute profile, complete the following steps:

  1. In the Satellite web UI, navigate to Infrastructure > Compute Profiles and in the Compute Profiles window, click the name of the KVM connection.
  2. In the CPUs field, enter the number of CPUs to allocate to the new host.
  3. In the Memory field, enter the amount of memory to allocate to the new host.
  4. From the Image list, select the image to use if performing image-based provisioning.
  5. From the Network Interfaces list, select the network parameters for the host’s network interface. You can create multiple network interfaces. However, at least one interface must point to a Capsule-managed network.
  6. In the Storage area, enter the storage parameters for the host. You can create multiple volumes for the host.
  7. Click Submit to save the settings to the compute profile.

For CLI Users

The compute profile CLI commands are not yet implemented in Red Hat Satellite 6.4. As an alternative, you can include the same settings directly during the host creation process.

6.6. Creating Hosts on a KVM Server

In Satellite, you can use KVM provisioning to create hosts over a network connection and from an existing image.

If you create a host with an existing image, the new host entry triggers the KVM server to create the virtual machine, using the pre-existing image as a basis for the new volume.

If you want to create a host over a network connection, the new host must have access either to Satellite Server’s integrated Capsule or an external Capsule Server on a KVM virtual network, so that the host has access to PXE provisioning services. This new host entry triggers the KVM server to create and start a virtual machine. If the virtual machine detects the defined Capsule Server through the virtual network, the virtual machine boots to PXE and begins to install the chosen operating system.

DHCP Conflicts

For network-based provisioning, if you use a virtual network on the KVM server for provisioning, select a network that does not provide DHCP assignments. This causes DHCP conflicts with Satellite Server when booting new hosts.

Procedure

To create a KVM host, complete the following steps:

  1. In the Satellite web UI, navigate to Hosts > New Host.
  2. In the Name field, enter the name that you want to become the provisioned system’s host name.
  3. Click the Organization and Location tabs to ensure that the provisioning context is automatically set to the current context.
  4. From the Host Group list, select the host group that you want to use to populate the form.
  5. From the Deploy on list, select the KVM connection.
  6. From the Compute Profile list, select a profile to use to automatically populate virtual machine-based settings.
  7. Click the Interface tab and click Edit on the host’s interface.

  8. Verify that the fields are automatically populated with values. Note in particular:

    • The Name from the Host tab becomes the DNS name.
    • Satellite Server automatically assigns an IP address for the new host.
  9. Ensure that the MAC address field is blank. The KVM server assigns one to the host.
  10. Verify that the Managed, Primary, and Provision options are automatically selected for the first interface on the host. If not, select them.
  11. In the interface window, review the KVM-specific fields that are populated with settings from your compute profile. Modify these settings to suit your needs.
  12. Click the Operating System tab, and confirm that all fields automatically contain values.
  13. For network-based provisioning, ensure that the Provisioning Method is set to Network Based. For image-based provisioning, ensure that the Provisioning Method is set to Image Based
  14. Click Resolve in Provisioning templates to check the new host can identify the right provisioning templates to use.
  15. Click the Virtual Machine tab and confirm that these settings are populated with details from the host group and compute profile. Modify these settings to suit your needs.
  16. Click the Parameters tab and ensure that a parameter exists that provides an activation key. If not, add an activation key.
  17. Click Submit to save the host entry.

For CLI Users

Create the host with the hammer host create command and include --provision-method build to use network-based provisioning. 

# hammer host create --name "kvm-test1" --organization "My_Organization" \
--location "New York" --hostgroup "Base" \
--compute-resource "My_KVM_Server" --provision-method build \
--build true --enabled true --managed true \
--interface "managed=true,primary=true,provision=true,compute_type=network,compute_network=examplenetwork" \
--compute-attributes="cpus=1,memory=1073741824" \
--volume="pool_name=default,capacity=20G,format_type=qcow2"

Create the host with the hammer host create command and include --provision-method image to use image-based provisioning. 

# hammer host create --name "kvm-test2" --organization "My_Organization" \
--location "New York" --hostgroup "Base" \
--compute-resource "My_KVM_Server" --provision-method image \
--image "Test KVM Image" --enabled true --managed true \
--interface "managed=true,primary=true,provision=true,compute_type=network,compute_network=examplenetwork" \
--compute-attributes="cpus=1,memory=1073741824" \
--volume="pool_name=default,capacity=20G,format_type=qcow2"

For more information about additional host creation parameters for this compute resource, see Appendix B, Additional Host Parameters for Hammer CLI.

6.7. Configuring the noVNC Console

Use the following procedure to configure the KVM server and your browser to enable the use of the NoVNC console.

Before you begin

To configure the noVNC console, complete the following steps:

  1. On the KVM host system, configure the firewall to allow VNC service on ports 5900 to 5930:

    • On Red Hat Enterprise Linux 6: 

      # iptables -A INPUT -p tcp --dport 5900:5930 -j ACCEPT
# service iptables save

    • On Red Hat Enterprise Linux 7: 

      # firewall-cmd --add-port=5900-5930/tcp
# firewall-cmd --add-port=5900-5930/tcp --permanent

  2. In a Firefox browser, visit the public downloads page of Satellite Server, for example https://satellite.example.com/pub/, and click the certificate file katello-server-ca.crt.

    1. Click View to open the CA certificate.
    2. In the Issued To list, ensure that the Common Name (CN) is the FQDN of Satellite Server, and click Close.
    3. Select Trust this CA to identify websites, and click OK.

  3. In the Firefox browser, disable HTTP strict transport security (HSTS). For example, in the browser address bar, enter About:Config and set the following boolean to True: 

        network.websocket.allowInsecureFromHTTPS

    For more information about HSTS, see HTTP Strict Transport Security (HSTS).

  4. In the Satellite web UI, navigate to Infrastructure > Compute Resources and select the name of a Libvirt resource.
  5. In the Virtual Machines tab, select the name of a Libvirt guest. Ensure the machine is powered on and then select Console.

The console window appears when the noVNC handshake completes.