This howto rather continues the previous one “Howto do QEMU full virtualization with MacVTap networking” with the exception it will be showed how to use a classic setup of the networking – the use of bridge device. Because this setup requires a specific configuration for every Linux distro if we do not just add the bridge manually it is separated in this howto. For the clear and full howto, we would repeat the two first steps just to enable this howto to be independent of the original one mentioned above.
So use full virtualization under Linux you can use QEMU and no other library or manager like virt-manager. QEMU is simple enough and with a couple of parameters to it, you can start KVM virtual machines with near-native performance. To use KVM you must enable it in the BIOS of your server (or desktop machine).
Here are the main steps:
STEP 1) Enable KVM in the BIOS
- For Intel machine you must find option Intel Virtualization Technology (or Intel VT-x) probably in BIOS menu of Chipset, Advanced CPU Configuration or other.
- For AMD machine the virtualization cannot be disabled so it is enabled by default, but you can check for additional virtualization features to enable like Virtualization Extensions, Vanderpool and other.
- Enable also additional features – Intel VT-d or AMD IOMMU, if they are available.
Reboot your machine and check if the KVM is supported:
srv@local ~$ cat /proc/cpuinfo |grep -E "vmx|svm"
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid rdseed adx smap xsaveopt dtherm ida arat pln pts
STEP 2) Install QEMU
Under CentOS 7 you can just install couple of packets – that’s all you need:
yum install -y qemu qemu-common qemu-img qemu-kvm-common qemu-system-x86 qemu-user bridge-utils
Or under Ubuntu
apt-get install qemu-kvm bridge-utils
STEP 3) Prepare the network 1 – the bridge device
Under CentOS 7 add the following configuration file
with the content of
If you want to use a real IP set to your virtual machine, you should set a real IP here and uncomment the GATEWAY0 with the real gateway IP. If real IP is used then you should include the main Internet network interface to the bridge by adding at the end of the configuration file /etc/sysconfig/network-scripts/ifcfg-eth0 (if eth0 is your network interface):
And restart the network
srv@local ~$ systemctl restart network
Under Ubuntu add to the file
iface br0 inet static
# gateway 192.168.0.1
If you want to use real IP set to your virtual machine, you should set a real IP here and uncomment the GATEWAY0 with the real gateway IP and replace the “none” in the option “bridge_ports” with the name of your main Internet network interface. For example:
And restart the network
srv@local ~$ /etc/init.d/networking restart
Or we can add the bridge device manually:
srv@local ~$ brctl addbr br0
srv@local ~$ ip link set dev br0 up
srv@local ~$ ip addr add 192.168.0.1/24 dev br0
If we use real IP we have to add the main Internet network interface to the bridge, so when you set up the network in our virtual machine with a real IP it will work with no more additional configurations, but if we use a local IPs like our setup here and we want to have Internet in our virtual machine we must enable masquerade and linux routing. You can do it with:
srv@local ~$ echo 1 > /proc/sys/net/ipv4/ip_forward
#NAT with firewalld
srv@local ~$ firewall-cmd --add-masquerade --permanent
#NAT with iptables
srv@local ~$ iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
Use either firewalld or iptables setup, depends on your system configuration, just check if firewalld is running with:
srv@local ~$ firewall-cmd --list-all
If you receive an error, saying command not found or firewalld is not running, you should use the “NAT with iptables”
So the network is ready!
STEP 4) Prepare the network 2 – the tun/tap for the virtual machine
After we have added a bridge device tun/tap device, which will be used for the QEMU virtual machine must be added:
srv@local ~$ ip tuntap add tap0 mode tap
srv@local ~$ brctl addif br0 tap0
STEP 5) Create a QEMU hard drive
Create a 100G file
srv@local ~$ cd /mnt/storage1/disks/
srv@local ~$ qemu-img create -f qcow2 vm_harddisk.qcow2 100G
Formatting 'vm_harddisk.qcow2', fmt=qcow2 size=107374182400 encryption=off cluster_size=65536 lazy_refcounts=off
or you can enable encryption (but on every start of your virtual machine you must set the key through the qemu console to start the virtual machine):
srv@local ~$ qemu-img create -f qcow2 vm_harddisk_e.bin -o encryption 100G
Formatting 'vm_harddisk_e.bin', fmt=qcow2 size=107374182400 encryption=on cluster_size=65536 lazy_refcounts=off
STEP 6) Boot up the QEMU KVM virtual server
srv@local ~$ qemu-system-x86_64 -enable-kvm -cpu host -smp 4 -runas qemu -daemonize -vnc 127.0.0.1:1 \
-drive file=/mnt/storage1/disks/vm_harddisk.qcow2,index=0,cache=none,aio=threads,if=virtio \
-boot d -net nic,model=virtio,macaddr=00:00:00:00:00:01 -net tap,ifname=tap0 \
-balloon virtio -m 2048 -monitor telnet:127.0.0.1:5801,server,nowait
The command above will :
- “-enable-kvm” – enable the KVM – full virtualization with near native performance
- “-cpu host” – will expose all supported host CPU features (only supported in KVM mode)
- “-smp 4” – sets 4 processors to the virtual machine
- “-daemonize” – start the command in daemon mode
- “-runas qemu” – run under user, you can run thwo whole virtual machine from a user created especially for it, no need to run it with root, even it is recommended to run it under unprivileged user
- “-vnc 192.168.1.10:1” – start a VNC server on this IP:PORT = 192.168.1.10:5901, the IP must present on the server or you can use 0.0.0.0:1 for 0.0.0.0:5901, but in every situation limit the access by a firewall
- “-drive file=/mnt/storage1/disks/vm_harddisk.qcow2,index=0,cache=none,aio=threads,if=virtio” – set the main hard drive of the system
- “-boot d” – boot from the first hard drive
- “-net nic,model=virtio,macaddr=00:00:00:00:00:01 -net tap,ifname=tap0” – set the network interface using the tap device created by STEP 3) and STEP 4)
- “-balloon virtio” – use balloon driver to be able to hot add or hot remove RAM (newer version this option is depricated and it can be skipped)
- “-m 2048” – set virtual RAM size to megs
- “-monitor telnet:127.0.0.1:5801,server,nowait” – set the management console for the this virtual server, you can connect with:
srv@local ~$ telnet 127.0.0.1 5801
Connected to 127.0.0.1.
Escape character is '^]'.
QEMU 2.0.0 monitor - type 'help' for more information
telnet> Connection closed.
When quitting the management console you must NOT exit the console with quite/exit or CTRL+d, becuause it will terminate the virtual server, you must disconnect from the console with “CTRL+]” and then quit the telnet shell. With the console you can hot add/remove CPU, RAM, network cards, pci devices, harddrives, start/stop/shutdown/reset the virtual machine and a lot more.
Boot the virtual machine from the hard drive given by “-drive” with network “-net” (couple of options), the RAM uses baloon memory and could be adjusted on-the-fly and sets the vncserver to listen for connection on port IP:port = 192.168.1.1:5901 (probably you’ll want to change this with a the real IP of your server, but be careful to set up a firewall rule for 5901 – the vnc port) and a management console listening on IP:port 127.0.0.1:5801.
* Boot the virtual server from a virtual CD/DVD
Probably the first time booting you might need to boot from an installation disk, this could be done by the following command:
srv@local ~$ qemu-system-x86_64 -enable-kvm -cpu host -smp 4 -runas qemu -daemonize -vnc 127.0.0.1:1 -cdrom /mnt/storage1/disks/isos/CentOS-7-x86_64-NetInstall-1708.iso -boot c -drive file=/mnt/storage1/disks/vm_harddisk.qcow2,index=0,cache=none,aio=threads,if=virtio -net nic,model=virtio,macaddr=00:00:00:00:00:01 -net tap,ifname=tap0 -balloon virtio -m 2048 -monitor telnet:127.0.0.1:5805,server,nowait
- “-boot c” – First boot device is now CD/DVD. “c” is for CD, “d” is for disk
- “-cdrom /mnt/storage1/disks/isos/CentOS-7-x86_64-NetInstall-1708.iso” – added the installation disk to the virtual machine
A newer QEMU version may need adding “script=no,downscript=no” to the tap0 interface!
srv@local ~$ qemu-system-x86_64 -enable-kvm -cpu host -smp 4 -runas qemu -daemonize -vnc 127.0.0.1:1 -cdrom /mnt/storage1/disks/isos/CentOS-7-x86_64-NetInstall-1708.iso -boot c -drive file=/mnt/storage1/disks/vm_harddisk.qcow2,index=0,cache=none,aio=threads,if=virtio -net nic,model=virtio,macaddr=00:00:00:00:00:01 -net tap,ifname=tap0,script=no,downscript=no -m 2048 -monitor telnet:127.0.0.1:5805,server,nowait