Openstack RDO && KVM Hypervisor: October 2023

Tuesday, October 31, 2023

Setup Cockpit Web Console on openSUSE 15.5 Leap

Setup Cockpit Web Console on openSUSE 15.5 Leap requires activation an additional repo mentioned first in the post, which by some reasons wasn't activated during standard installation by default . Now proceed as follows :-

boris@localhost:~> sudo zypper addrepo https://download.opensuse.org/repositories/systemsmanagement:cockpit/15.5/systemsmanagement:cockpit.repo

[sudo] password for root:

Adding repository 'cockpit-project.org (15.5)' ....................................................[done]

Repository 'cockpit-project.org (15.5)' successfully added

URI : https://download.opensuse.org/repositories/systemsmanagement:/cockpit/15.5/

Enabled : Yes

GPG Check : Yes

Autorefresh : No

Priority : 99 (default priority)

Repository priorities are without effect. All enabled repositories share the same priority.

boris@localhost:~> sudo zypper refresh

Repository 'Update repository of openSUSE Backports' is up to date.

Repository 'Non-OSS Repository' is up to date.

Repository 'Open H.264 Codec (openSUSE Leap)' is up to date.

Repository 'Main Repository' is up to date.

Repository 'Update repository with updates from SUSE Linux Enterprise 15' is up to date.

Repository 'Main Update Repository' is up to date.

Repository 'Update Repository (Non-Oss)' is up to date.

New repository or package signing key received:

Repository: cockpit-project.org (15.5)

Key Fingerprint: 50E6 0431 5448 5D99 0732 B5D6 ACAA 9CF7 E6E5 A213

Key Name: systemsmanagement OBS Project <systemsmanagement@build.opensuse.org>

Key Algorithm: RSA 2048

Key Created: Mon 11 Oct 2021 05:00:48 AM EDT

Key Expires: Wed 20 Dec 2023 04:00:48 AM EST (expires in 50 days)

Rpm Name: gpg-pubkey-e6e5a213-6163fd40

Note: Signing data enables the recipient to verify that no modifications occurred after the data

were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system

and in extreme cases even to a system compromise.

Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If

you are not sure whether the presented key is authentic, ask the repository provider or check

their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they

are using.

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a

Retrieving repository 'cockpit-project.org (15.5)' metadata .......................................[done]

Building repository 'cockpit-project.org (15.5)' cache ............................................[done]

All repositories have been refreshed.

boris@localhost:~> sudo zypper install cockpit

Loading repository data...

Reading installed packages...

Resolving package dependencies...

The following 2 recommended packages were automatically selected:

cockpit-networkmanager cockpit-storaged

The following package is recommended, but will not be installed due to conflicts or dependency issues:

cockpit-packagekit

The following 2 packages are suggested, but will not be installed:

cockpit-pcp cockpit-selinux

The following 9 NEW packages are going to be installed:

cockpit cockpit-bridge cockpit-networkmanager cockpit-storaged cockpit-suse-theme cockpit-system

cockpit-ws libpwquality-tools libudisks2-0_lvm2

9 new packages to install.

Overall download size: 7.9 MiB. Already cached: 0 B. After the operation, additional 9.2 MiB will be

used.

Continue? [y/n/v/...? shows all options] (y): y

Retrieving: libpwquality-tools-1.4.4-150400.15.4.x86_64 (Main Repository) (1/9), 18.6 KiB

Retrieving: libpwquality-tools-1.4.4-150400.15.4.x86_64.rpm .......................................[done]

Retrieving: libudisks2-0_lvm2-2.9.2-150400.3.3.1.x86_64 (Main Repository) (2/9), 57.0 KiB

Retrieving: libudisks2-0_lvm2-2.9.2-150400.3.3.1.x86_64.rpm ...........................[done (1.1 KiB/s)]

Retrieving: cockpit-bridge-300.1-lp155.122.1.x86_64 (cockpit-project.org (15.5)) (3/9), 358.5 KiB

Retrieving: cockpit-bridge-300.1-lp155.122.1.x86_64.rpm ...............................[done (1.1 MiB/s)]

Retrieving: cockpit-suse-theme-0.1-lp155.6.1.noarch (cockpit-project.org (15.5)) (4/9), 855.8 KiB

Retrieving: cockpit-suse-theme-0.1-lp155.6.1.noarch.rpm ...............................[done (1.7 MiB/s)]

Retrieving: cockpit-ws-300.1-lp155.122.1.x86_64 (cockpit-project.org (15.5)) (5/9), 1.7 MiB

Retrieving: cockpit-ws-300.1-lp155.122.1.x86_64.rpm ...................................[done (3.1 MiB/s)]

Retrieving: cockpit-system-300.1-lp155.122.1.noarch (cockpit-project.org (15.5)) (6/9), 3.2 MiB

Retrieving: cockpit-system-300.1-lp155.122.1.noarch.rpm ...............................[done (2.7 MiB/s)]

Retrieving: cockpit-storaged-300.1-lp155.122.1.noarch (cockpit-project.org (15.5)) (7/9), 899.7 KiB

Retrieving: cockpit-storaged-300.1-lp155.122.1.noarch.rpm .............................[done (2.4 MiB/s)]

Retrieving: cockpit-networkmanager-300.1-lp155.122.1.noarch (cockpit-project.org (15.5))

(8/9), 780.4 KiB

Retrieving: cockpit-networkmanager-300.1-lp155.122.1.noarch.rpm .......................[done (1.9 MiB/s)]

Retrieving: cockpit-300.1-lp155.122.1.x86_64 (cockpit-project.org (15.5)) (9/9), 43.1 KiB

Retrieving: cockpit-300.1-lp155.122.1.x86_64.rpm ......................................[done (2.4 KiB/s)]

Checking for file conflicts: ......................................................................[done]

(1/9) Installing: libpwquality-tools-1.4.4-150400.15.4.x86_64 .....................................[done]

(2/9) Installing: libudisks2-0_lvm2-2.9.2-150400.3.3.1.x86_64 .....................................[done]

(3/9) Installing: cockpit-bridge-300.1-lp155.122.1.x86_64 .........................................[done]

(4/9) Installing: cockpit-suse-theme-0.1-lp155.6.1.noarch .........................................[done]

(5/9) Installing: cockpit-ws-300.1-lp155.122.1.x86_64 .............................................[done]

(6/9) Installing: cockpit-system-300.1-lp155.122.1.noarch .........................................[done]

(7/9) Installing: cockpit-storaged-300.1-lp155.122.1.noarch .......................................[done]

(8/9) Installing: cockpit-networkmanager-300.1-lp155.122.1.noarch .................................[done]

(9/9) Installing: cockpit-300.1-lp155.122.1.x86_64 ................................................[done]

boris@localhost:~> sudo systemctl start cockpit

boris@localhost:~> sudo systemctl status cockpit

\u25cf cockpit.service - Cockpit Web Service

Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static)

Active: active (running) since Tue 2023-10-31 04:19:30 EDT; 8s ago

TriggeredBy: \u25cf cockpit.socket

Docs: man:cockpit-ws(8)

Process: 5809 ExecStartPre=/usr/lib/cockpit-certificate-ensure --for-cockpit-tls (code=exited, statu>

Main PID: 5830 (cockpit-tls)

Tasks: 1 (limit: 4915)

CGroup: /system.slice/cockpit.service

\u2514\u2500 5830 /usr/lib/cockpit-tls

Oct 31 04:19:29 localhost.localdomain systemd[1]: Starting Cockpit Web Service...

Oct 31 04:19:29 localhost.localdomain cockpit-certificate-ensure[5824]: /usr/lib/cockpit-certificate-hel>

Oct 31 04:19:29 localhost.localdomain cockpit-certificate-ensure[5825]: Generating a RSA private key

Oct 31 04:19:30 localhost.localdomain cockpit-certificate-ensure[5825]: ................................>

Oct 31 04:19:30 localhost.localdomain cockpit-certificate-ensure[5825]: writing new private key to '0-se>

Oct 31 04:19:30 localhost.localdomain cockpit-certificate-ensure[5825]: -----

Oct 31 04:19:30 localhost.localdomain systemd[1]: Started Cockpit Web Service.

[boris@ServerFedora38 ~]$ ssh boris@192.168.0.37

(boris@192.168.0.37) Password:

Last login: Tue Oct 31 04:08:45 2023 from 192.168.0.18

Have a lot of fun...

boris@localhost:~> sudo firewall-cmd --add-service=cockpit --zone=public --permanent

[sudo] password for root:

success

boris@localhost:~> sudo firewall-cmd --reload

success

Deploying F40 KVM guest via bridge0

One additional step was required

localhost:/usr/lib/systemd/system # cat cockpit.service

[Unit]

Description=Cockpit Web Service

Documentation=man:cockpit-ws(8)

Requires=cockpit.socket

Requires=cockpit-wsinstance-http.socket cockpit-wsinstance-https-factory.socket

After=cockpit-wsinstance-http.socket cockpit-wsinstance-https-factory.socket

[Service]

RuntimeDirectory=cockpit/tls

# systemd ≥ 241 sets this automatically

Environment=RUNTIME_DIRECTORY=/run/cockpit/tls

ExecStartPre=+/usr/lib/cockpit-certificate-ensure --for-cockpit-tls

ExecStart=/usr/lib/cockpit-tls

User=cockpit-ws

Group=cockpit-ws

NoNewPrivileges=true

ProtectSystem=strict

ProtectHome=true

PrivateTmp=true

PrivateDevices=true

ProtectKernelTunables=true

RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

MemoryDenyWriteExecute=true

# This lines have been added to enable cockpit.service

[Install]

WantedBy=graphical.target

*******************************************************

Managing VMs via Cockpit Web Console on openSUSE 15.5 Leap

*******************************************************

Friday, October 27, 2023

Debian Network Installer on Debian Testing (Trixie)

Debian network installer appears to be extremely stable and flexible no matter of version Debian GNU/Linux to be deployed in particular case. I also have to admit that problem with LVM confiruration still persist for the most recent versions of Calamares Installer (3.2.6X), affecting ability for flexible LVM configurations of such distros as SparkyLinux 2023.10 and Manjaro Linux 23.0/5. I would be happy to be wrong about problems with Calamares, however RH's software engineers stated that RH will use Anaconda Installer for F39 KDE spin. Just compare RH's standpoint with recent declaration concerning switching F39 Asahi Remix to Calamares Installer.

KVM Hypervisor running Ubuntu Server 23.10 (L2 Guest) inside Debian Testing (L1 Guest )

Monday, October 23, 2023

LMDE Faye (6) vs Debian (11/12) network installers regarding LVM flexibility

Looks like it's hard to associate LVM group with physical volumes created by Gparted when running LMDE 6 installation vs GUI provided by classical Debian Network installer.

Either I am missing some technical skills or LMDE 6 just cannot provide standard functionality of Debian Network Installer has been known for a while. Say Debian 10/11/12 at least as far as to my knowledge .

Classical Debian Network installer behavior snapshoted below and it does provide an option for creating LVM group - vg_debian (for instance) followed by creating LVMs and mounting desired formatted (btrfs) file-systems on corresponding logical volumes.

Debian Network installer perfoming encrypted instance setup

Thursday, October 19, 2023

Attempt to deploy KVM Hypervisor to openSUSE 15.5 instance (VENV test)

Looks like the only surprising step appeared to be was manual linux bridge configuration via nmcli vs utilizing Cockpit Web Console on almost all Linux free flavors like Fedora,Debian,Manjaro and etc . Original disk layout for openSUSE (L1 Guest) been configured :-

Just a reminder - A BTRFS subvolume is a part of filesystem with its own independent file/directory hierarchy and inode number namespace. Subvolumes can share file extents. A snapshot is also subvolume, but with a given initial content of the original subvolume. A subvolume has always inode number 256.

A subvolume in BTRFS is not like an LVM logical volume, which is block-level snapshot while BTRFS subvolumes are file extent-based.

A subvolume looks like a normal directory, with some additional operations described below. Subvolumes can be renamed or moved, nesting subvolumes is not restricted but has some implications regarding snapshotting. The numeric id (called subvolid or rootid) of the subvolume is persistent and cannot be changed.

Setting up linux bridge for KVM Guest via nmcli :-

boris@localhost:~> sudo nmcli connection add type bridge con-name bridge0 ifname br0

Connection 'bridge0' (43c96163-9a20-45ac-bbd5-fb1479b6973d) successfully added.

boris@localhost:~> sudo nmcli con add type ethernet slave-type bridge con-name bridge0-port0 ifname eth0 master br0

Connection 'bridge0-port0' (0c5d2d2d-03a7-4fa7-adce-b93fb2921895) successfully added.

boris@localhost:~> sudo nmcli con up bridge0-port0

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)

boris@localhost:~> ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000

link/ether 52:54:00:66:cb:3b brd ff:ff:ff:ff:ff:ff

altname enp1s0

4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000

link/ether 52:54:00:39:27:c2 brd ff:ff:ff:ff:ff:ff

inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

valid_lft forever preferred_lft forever

14: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000

link/ether 52:54:00:66:cb:3b brd ff:ff:ff:ff:ff:ff

inet 192.168.0.36/24 brd 192.168.0.255 scope global dynamic noprefixroute br0

valid_lft 28740sec preferred_lft 28740sec

inet6 fe80::8cda:d5b4:7526:9610/64 scope link noprefixroute

valid_lft forever preferred_lft forever

I also have to notice that setup of Cockpit Web Console on openSUSE 15.5 appears to be unsupported either I've missed some important steps.

Final disk layout after F39WKS (L2 KVM Guest) deployment

References

1. https://btrfs.readthedocs.io/en/latest/btrfs-subvolume.html

2. https://doc.opensuse.org/documentation/leap/virtualization/html/book-virtualization/cha-vt-installation.html#:~:text=Start%20YaST%20and%20select%20Virtualization,Confirm%20with%20Accept.

Saturday, October 14, 2023

Install KVM on Ubuntu Server 23.10 (Gnome 45 Desktop)

Ubuntu Server installation is pretty straightforward , then connect via ssh to server instance and install Gnome 45 desktop environment via command $ sudo apt install ubuntu-gnome-desktop. Reboot Ubuntu Server's instance and log into newly installed Gnome 45 environment. Now you are ready to proceed with KVM setup on Ubuntu 23.10

[boris@ServerFedora38 ~]$ ssh boris@192.168.0.53

boris@192.168.0.53's password:

Welcome to Ubuntu 23.10 (GNU/Linux 6.5.0-9-generic x86_64)

* Documentation: https://help.ubuntu.com

* Management: https://landscape.canonical.com

* Support: https://ubuntu.com/advantage

System information as of Sat Oct 14 10:03:45 AM UTC 2023

System load: 0.0 Processes: 315

Usage of /home: 20.3% of 12.00GB Users logged in: 1

Memory usage: 8% IPv4 address for br0: 192.168.0.53

Swap usage: 0%

* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s

just raised the bar for easy, resilient and secure K8s cluster deployment.

https://ubuntu.com/engage/secure-kubernetes-at-the-edge

0 updates can be applied immediately.

Last login: Fri Oct 13 09:10:53 2023 from 192.168.0.18

boris@mantic-server2310:~$ uname -a

Linux mantic-server2310 6.5.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct 7 01:35:40 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

boris@mantic-server2310:~$ sudo apt -y install qemu-kvm libvirt-daemon-system libvirt-daemon virtinst bridge-utils libosinfo-bin virt-manager virt-viewer

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Note, selecting 'qemu-system-x86' instead of 'qemu-kvm'

The following additional packages will be installed:

acl cpu-checker gir1.2-atk-1.0 gir1.2-ayatanaappindicator3-0.1 gir1.2-freedesktop

gir1.2-gdkpixbuf-2.0 gir1.2-gstreamer-1.0 gir1.2-gtk-3.0 gir1.2-gtk-vnc-2.0

gir1.2-gtksource-4 gir1.2-harfbuzz-0.0 gir1.2-libosinfo-1.0 gir1.2-libvirt-glib-1.0

gir1.2-pango-1.0 gir1.2-spiceclientglib-2.0 gir1.2-spiceclientgtk-3.0 gir1.2-vte-2.91

gstreamer1.0-plugins-good gstreamer1.0-x ibverbs-providers ipxe-qemu

. . . . . .

Processing triggers for shared-mime-info (2.2-1) ...

Processing triggers for install-info (7.0.3-2) ...

Processing triggers for hicolor-icon-theme (0.17-2) ...

Scanning processes...

Scanning linux images...

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

boris@mantic-server2310:~$ sudo systemctl start libvirtd

boris@mantic-server2310:~$ sudo systemctl status libvirtd

● libvirtd.service - Virtualization daemon

Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; preset: enabled)

Active: active (running) since Sat 2023-10-14 09:19:45 UTC; 36s ago

TriggeredBy: ● libvirtd-ro.socket

● libvirtd-admin.socket

● libvirtd.socket

Docs: man:libvirtd(8)

https://libvirt.org

Main PID: 5114 (libvirtd)

Tasks: 22 (limit: 32768)

Memory: 9.4M

CPU: 345ms

CGroup: /system.slice/libvirtd.service

├─5114 /usr/sbin/libvirtd --timeout 120

├─5220 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasef>

└─5221 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasef>

Oct 14 09:19:45 mantic-server2310 systemd[1]: Started libvirtd.service - Virtualization daemon.

Oct 14 09:19:46 mantic-server2310 dnsmasq[5220]: started, version 2.89 cachesize 150

Oct 14 09:19:46 mantic-server2310 dnsmasq[5220]: compile time options: IPv6 GNU-getopt DBus no-UBus>

Oct 14 09:19:46 mantic-server2310 dnsmasq-dhcp[5220]: DHCP, IP range 192.168.122.2 -- 192.168.122.2>

Oct 14 09:19:46 mantic-server2310 dnsmasq-dhcp[5220]: DHCP, sockets bound exclusively to interface >

Oct 14 09:19:46 mantic-server2310 dnsmasq[5220]: reading /etc/resolv.conf

Oct 14 09:19:46 mantic-server2310 dnsmasq[5220]: using nameserver 127.0.0.53#53

Oct 14 09:19:46 mantic-server2310 dnsmasq[5220]: read /etc/hosts - 8 names

Oct 14 09:19:46 mantic-server2310 dnsmasq[5220]: read /var/lib/libvirt/dnsmasq/default.addnhosts - >

Oct 14 09:19:46 mantic-server2310 dnsmasq-dhcp[5220]: read /var/lib/libvirt/dnsmasq/default.hostsfi>

boris@mantic-server2310:~$ sudo systemctl enable libvirtd

boris@mantic-server2310:~$ sudo usermod -aG kvm $USER

boris@mantic-server2310:~$ sudo usermod -aG libvirt $USER

Now create file /etc/netplan/01-netcfg.yaml

boris@mantic-server2310:~$ cat /etc/netplan/01-netcfg.yaml

network:

ethernets:

enp1s0:

dhcp4: false

dhcp6: false

# add configuration for bridge interface

bridges:

br0:

interfaces: [enp1s0]

dhcp4: false

addresses: [192.168.0.53/24]

macaddress: 52:54:00:cc:d9:c6

routes:

- to: default

via: 192.168.0.1

metric: 100

nameservers:

addresses: [8.8.8.8]

parameters:

stp: false

dhcp6: false

version: 2

When done issue command

boris@mantic-server2310:~$ sudo netplan apply

and make sure that bridge br0 has been configured

boris@mantic-server2310:~$ ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo