Monday, March 30, 2020

NetworkManager CLI and deployment KVM guests on Ubuntu 20.04

Right after setting up Ubuntu Focal Fossa instance on bare metal run following commands to setup bridge br1 linked to physical interface enp2s0 which was used as normal connection to office LAN during install 
$ nmcli con show 
$ sudo nmcli con add type bridge ifname br1

$ sudo nmcli con add type bridge-slave ifname \        
     enp2s0 master br1 
$ sudo reboot
At this point make sure that bridge br1 has been setup as expected

Now install KVM on Ubuntu 20.04 as usual
  $ sudo apt -y install qemu-kvm \
       libvirt-daemon bridge-utils \
      virtinst libvirt-daemon-system
  $ sudo apt -y install virt-top libguestfs-tools \
     libosinfo-bin  qemu-system virt-manager
===================================
Load "virt-host" and update /etc/modules. 
===================================
$ sudo modprobe vhost_net 
$ lsmod | grep vhost
vhost_net              32768  1
vhost                      49152  1 vhost_net
tap                         24576  1 vhost_net

$ echo vhost_net | sudo tee -a /etc/modules
$ sudo reboot
Deploy for instance KVM Guest Debian Buster 10.3 utilizing bridge br1 , in this case Guest is supposed to be launched to office LAN and to be available for yours teammates via ssh
   Guest run-time snapshot
   Remote connection verfication ( sshd daemon is running on remote VM )

  Web Admin console (cockpit) connected to CentOS 8 VM

 You might want to compare this post with
   https://computingforgeeks.com/install-kvm-hypervisor-on-ubuntu-focal-fossa/
in relation with providing access to guests from LAN it wouldn't  help either on Focal Fossa or on Debian 10.3
=======================================
Setup connection to Virthost from vitrt-manager running on remote Ubuntu 20.04 box
=======================================
Install on Virthost and start sshd service :-
sudo apt install policykit-1-gnome
$  sudo apt install openssh-server -y
$  sudo systemctl start sshd
$  sudo systemctl status  sshd



Install on remote Ubuntu 20.04 workstation
$ sudo apt-get install -y ssh-askpass
Create new connection to libvirtd daemon running on Virthost via virt-manager running remotely earlier this schema presumed VNC console on guests@Virthost , however in meantime it works for Spice console as well. Video and sound are delivered on workstation connected via ssh to Spice console of guest running on Virthost.


It's important to understand that virt-manager as a client of Libvirtd service might work remotely as well as locally , it is so called vnc&&ssh connection. See RH's original setup here
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/virtualization/chap-virtualization-remote_management_of_virtualized_guests

To avoid annoying prompts of ssh-askpass just establish ssh trust between client 192.168.0.23 and KVM VirtServer  192.168.0.19 as follows utilizing admin account "boris" ( root is not needed in fact). On client side
 boris@boris-System-Product-HSW:~$  ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/boris/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/boris/.ssh/id_rsa
Your public key has been saved in /home/boris/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:zCXSpc9btGuSExhcCkjq03NQtbdmtUAkQhMp4bQX2is
  boris@boris-System-Product-HSW
The key's randomart image is:
+---[RSA 3072]----+
|   .++O+o.=           |
|   +o=.B O             |
|  . =.+ O + o          |
| . . o = O = o          |
|  o E o S B +          |
|   . +   o = .             |
|          = o                |
|           +                  | 
|                               |
+----[SHA256]-----+
boris@boris-System-Product-HSW:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub boris@192.168.0.19
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/boris/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed --
if you are prompted now it is to install the new keys
boris@192.168.0.19's password:
    Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'boris@192.168.0.19'" and check to make sure that only the key(s) you wanted were added.


Regarding ssh-askpass see for instance 
https://fabianlee.org/2019/02/16/kvm-virt-manager-to-connect-to-a-remote-console-using-qemussh/



No comments:

Post a Comment