Right after setting up Ubuntu Focal Fossa instance on bare metal run following commands to setup bridge br1 linked to physical interface enp2s0 which was used as normal connection to office LAN during install
$ nmcli con show
$ sudo nmcli con add type bridge ifname br1
$ sudo nmcli con add type bridge-slave ifname \
enp2s0 master br1
$ sudo reboot
At this point make sure that bridge br1 has been setup as expected
Now install KVM on Ubuntu 20.04 as usual
$ sudo apt -y install qemu-kvm \
libvirt-daemon bridge-utils \
virtinst libvirt-daemon-system
$ sudo apt -y install virt-top libguestfs-tools \
libosinfo-bin qemu-system virt-manager
===================================
Load "virt-host" and update /etc/modules.
===================================
$ sudo modprobe vhost_net
$ lsmod | grep vhost
vhost_net 32768 1
vhost 49152 1 vhost_net
tap 24576 1 vhost_net
$ echo vhost_net | sudo tee -a /etc/modules
$ sudo reboot
Deploy for instance KVM Guest Debian Buster 10.3 utilizing bridge br1 , in this case Guest is supposed to be launched to office LAN and to be available for yours teammates via ssh
Guest run-time snapshot
Remote connection verfication ( sshd daemon is running on remote VM )
Web Admin console (cockpit) connected to CentOS 8 VM
You might want to compare this post with
https://computingforgeeks.com/install-kvm-hypervisor-on-ubuntu-focal-fossa/
in relation with providing access to guests from LAN it wouldn't help either on Focal Fossa or on Debian 10.3
=======================================
Setup connection to Virthost from vitrt-manager running on remote Ubuntu 20.04 box
=======================================
Install on Virthost and start sshd service :-
$ sudo apt install policykit-1-gnome
$ sudo apt install openssh-server -y
$ sudo systemctl start sshd
$ sudo systemctl status sshd
$ nmcli con show
$ sudo nmcli con add type bridge ifname br1
$ sudo nmcli con add type bridge-slave ifname \
enp2s0 master br1
$ sudo reboot
At this point make sure that bridge br1 has been setup as expected
Now install KVM on Ubuntu 20.04 as usual
$ sudo apt -y install qemu-kvm \
libvirt-daemon bridge-utils \
virtinst libvirt-daemon-system
$ sudo apt -y install virt-top libguestfs-tools \
libosinfo-bin qemu-system virt-manager
===================================
Load "virt-host" and update /etc/modules.
===================================
$ sudo modprobe vhost_net
$ lsmod | grep vhost
vhost_net 32768 1
vhost 49152 1 vhost_net
tap 24576 1 vhost_net
$ echo vhost_net | sudo tee -a /etc/modules
$ sudo reboot
Deploy for instance KVM Guest Debian Buster 10.3 utilizing bridge br1 , in this case Guest is supposed to be launched to office LAN and to be available for yours teammates via ssh
Web Admin console (cockpit) connected to CentOS 8 VM
You might want to compare this post with
https://computingforgeeks.com/install-kvm-hypervisor-on-ubuntu-focal-fossa/
in relation with providing access to guests from LAN it wouldn't help either on Focal Fossa or on Debian 10.3
=======================================
Setup connection to Virthost from vitrt-manager running on remote Ubuntu 20.04 box
=======================================
Install on Virthost and start sshd service :-
$ sudo apt install policykit-1-gnome
$ sudo apt install openssh-server -y
$ sudo systemctl start sshd
$ sudo systemctl status sshd
Install on remote Ubuntu 20.04 workstation
$ sudo apt-get install -y ssh-askpass
Create new connection to libvirtd daemon running on Virthost via virt-manager running remotely earlier this schema presumed VNC console on guests@Virthost , however in meantime it works for Spice console as well. Video and sound are delivered on workstation connected via ssh to Spice console of guest running on Virthost.
It's important to understand that virt-manager as a client of Libvirtd service might work remotely as well as locally , it is so called vnc&&ssh connection. See RH's original setup here
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/virtualization/chap-virtualization-remote_management_of_virtualized_guests
To avoid annoying prompts of ssh-askpass just establish ssh trust between client 192.168.0.23 and KVM VirtServer 192.168.0.19 as follows utilizing admin account "boris" ( root is not needed in fact). On client side
boris@boris-System-Product-HSW:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/boris/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/boris/.ssh/id_rsa
Your public key has been saved in /home/boris/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:zCXSpc9btGuSExhcCkjq03NQtbdmtUAkQhMp4bQX2is
boris@boris-System-Product-HSW
The key's randomart image is:
+---[RSA 3072]----+
| .++O+o.= |
| +o=.B O |
| . =.+ O + o |
| . . o = O = o |
| o E o S B + |
| . + o = . |
| = o |
| + |
| |
+----[SHA256]-----+
boris@boris-System-Product-HSW:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub boris@192.168.0.19
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/boris/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed --
if you are prompted now it is to install the new keys
boris@192.168.0.19's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'boris@192.168.0.19'" and check to make sure that only the key(s) you wanted were added.
Regarding ssh-askpass see for instance
https://fabianlee.org/2019/02/16/kvm-virt-manager-to-connect-to-a-remote-console-using-qemussh/
It's important to understand that virt-manager as a client of Libvirtd service might work remotely as well as locally , it is so called vnc&&ssh connection. See RH's original setup here
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/virtualization/chap-virtualization-remote_management_of_virtualized_guests
To avoid annoying prompts of ssh-askpass just establish ssh trust between client 192.168.0.23 and KVM VirtServer 192.168.0.19 as follows utilizing admin account "boris" ( root is not needed in fact). On client side
boris@boris-System-Product-HSW:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/boris/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/boris/.ssh/id_rsa
Your public key has been saved in /home/boris/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:zCXSpc9btGuSExhcCkjq03NQtbdmtUAkQhMp4bQX2is
boris@boris-System-Product-HSW
The key's randomart image is:
+---[RSA 3072]----+
| .++O+o.= |
| +o=.B O |
| . =.+ O + o |
| . . o = O = o |
| o E o S B + |
| . + o = . |
| = o |
| + |
| |
+----[SHA256]-----+
boris@boris-System-Product-HSW:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub boris@192.168.0.19
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/boris/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed --
if you are prompted now it is to install the new keys
boris@192.168.0.19's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'boris@192.168.0.19'" and check to make sure that only the key(s) you wanted were added.
Regarding ssh-askpass see for instance
https://fabianlee.org/2019/02/16/kvm-virt-manager-to-connect-to-a-remote-console-using-qemussh/
No comments:
Post a Comment