The Ultimate KVM setup
-
I'm starting to think that Emad has gone full blown Curtis here.
-
Fixed some typos and made it more clearer article. Also posted 2 Centos logos for dominance.
-
I always thought it was Fedora > RedHat > CentOS.
-
@black3dynamite said in The Ultimate KVM setup:
I always thought it was Fedora > RedHat > CentOS.
It is. Fedora is the original. RH is more or less a frozen version of Fedora. CentOS is a code recompile of RH.
-
@dustinb3403 said in The Ultimate KVM setup:
@wirestyle22 said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
@wirestyle22 said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
@wirestyle22 said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
@wirestyle22 said in The Ultimate KVM setup:
@emad-r said in The Ultimate KVM setup:
I got triggered cause there can be only 1 KVM MASTER
It's weird that you're attempting to take the KVM Master role with a GUI install
Why is that any more weird? The CLI is still there to be used, but as far as a tool goes, a GUI is just another one. . .
It's wasted resources. I'd think the KVM Master would be as efficient as possible.
If a tool is needed, why would it be wasted resources? I get what you are trying to get at here, but a tool is a tool is a tool.
If you need a GUI to do something (whatever it is) and it's the best approach "you" know then why bash the tool?
So my old users who say they can't operate a computer shouldn't learn the right way to file things digitally. We should be okay with her using paper because she understands that? I understand what you're saying, but how far down that rabbit hole do we go?
Why would your user be the administrator of the computer? Why are CLI's the golden child tool, and GUI's are the bastard tools?
My point is it's a tool to be used, why not use it if it's available?
It's just an argument for learning the most efficient/best way to do things. I have a lot of failures and some successes with my learning, but I am learning how to do things in the most efficient way I can.
We could start installing hyper-v as a role because i don't know powershell, but the reality is i should learn powershell to manage hyper-v anyway.
The argument is flawed though.
Tools are only meant to make the process efficient. You're stating that using a GUI is counter efficiency. Which in terms of resources required to use the GUI, makes sense.
But the GUI it's self is there to eliminate wasted time remembering powershell (and human error) by providing a button to start a specific VM etc.
That's what scripts are for...
-
@emad-r said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
e GUI it's self is there to eliminate wasted time remembering powershell (and human error)
BUT I am using GUI i am just moving it away of the KVM host, and giving the KVM host one role only, instead of
Web server
PHP/Python
Node JSAnd those stuff that KIMCHI use
Kimchi and all the stuff it requires to run barely uses any resources. We're talking tens of megabytes, almost no CPU, barely any RAM. I'm not using any 15-year-old servers, so they can all handle that tiny extra bit without it having any impact whatsoever on running VMs or the host.
I do agree with installing the web services on a separate device on the perimeter network if setting it up to be accessed from the internet, and having that connected to your Host via another NIC. But I highly recommend keeping selinux enabled. I don't see why everyone always disables that. I always keep selinux and firewall enabled, even on internal-only servers. Banks don't only lock the front door and keep the vault open. They lock both.
-
@tim_g said in The Ultimate KVM setup:
@emad-r said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
e GUI it's self is there to eliminate wasted time remembering powershell (and human error)
BUT I am using GUI i am just moving it away of the KVM host, and giving the KVM host one role only, instead of
Web server
PHP/Python
Node JSAnd those stuff that KIMCHI use
Kimchi and all the stuff it requires to run barely uses any resources. We're talking tens of megabytes, almost no CPU, barely any RAM. I'm not using any 15-year-old servers, so they can all handle that tiny extra bit without it having any impact whatsoever on running VMs or the host.
I do agree with installing the web services on a separate device on the perimeter network if setting it up to be accessed from the internet, and having that connected to your Host via another NIC. But I highly recommend keeping selinux enabled. I don't see why everyone always disables that. I always keep selinux and firewall enabled, even on internal-only servers. Banks don't only lock the front door and keep the vault open. They lock both.
Then why did you permanently set it to permissive for
httpd_tin your guide? -
@jaredbusch said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@emad-r said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
e GUI it's self is there to eliminate wasted time remembering powershell (and human error)
BUT I am using GUI i am just moving it away of the KVM host, and giving the KVM host one role only, instead of
Web server
PHP/Python
Node JSAnd those stuff that KIMCHI use
Kimchi and all the stuff it requires to run barely uses any resources. We're talking tens of megabytes, almost no CPU, barely any RAM. I'm not using any 15-year-old servers, so they can all handle that tiny extra bit without it having any impact whatsoever on running VMs or the host.
I do agree with installing the web services on a separate device on the perimeter network if setting it up to be accessed from the internet, and having that connected to your Host via another NIC. But I highly recommend keeping selinux enabled. I don't see why everyone always disables that. I always keep selinux and firewall enabled, even on internal-only servers. Banks don't only lock the front door and keep the vault open. They lock both.
Then why did you permanently set it to permissive for
httpd_tin your guide?SELinux is still enabled. That command only puts Apache in a single permissive security domain.
It's way better than putting SELinux in permissive mode or disabling it altogether.
-
@nerdydad said in The Ultimate KVM setup:
I'm starting to think that Emad has gone full blown Curtis here.
well it is not fault madness is in my name
-
@tim_g said in The Ultimate KVM setup:
@jaredbusch said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@emad-r said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
e GUI it's self is there to eliminate wasted time remembering powershell (and human error)
BUT I am using GUI i am just moving it away of the KVM host, and giving the KVM host one role only, instead of
Web server
PHP/Python
Node JSAnd those stuff that KIMCHI use
Kimchi and all the stuff it requires to run barely uses any resources. We're talking tens of megabytes, almost no CPU, barely any RAM. I'm not using any 15-year-old servers, so they can all handle that tiny extra bit without it having any impact whatsoever on running VMs or the host.
I do agree with installing the web services on a separate device on the perimeter network if setting it up to be accessed from the internet, and having that connected to your Host via another NIC. But I highly recommend keeping selinux enabled. I don't see why everyone always disables that. I always keep selinux and firewall enabled, even on internal-only servers. Banks don't only lock the front door and keep the vault open. They lock both.
Then why did you permanently set it to permissive for
httpd_tin your guide?SELinux is still enabled. That command only puts Apache in a single permissive security domain.
But from a web server, that is the single largest attack vector. why do it? Instead properly set httpd_t_rw on the select files or directories that need it.
@tim_g said in The Ultimate KVM setup:
It's way better than putting SELinux in permissive mode or disabling it altogether.
True, but see above.
-
@jaredbusch said in The Ultimate KVM setup:
Instead properly set httpd_t_rw on the select files or directories that need it.
That would be the most thorough way to do it. But I don't know everything it needs or have time to figure it out. (yet)
If you do, go for it. I'll credit you for it if works and I put it in my blog.
-
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
-
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization".Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
-
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization".Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
-
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization".Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
-
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization".Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
-
Can I create VMs within cockpit? I do not see an option for that.
Who resurrected MEEEEE and this thread, I WILL BURY YOU ALL.
seriously no you cant, cockpit is very simple and meant to be simple, and currently you can only view.
Regarding this setup it involves basically a Fedora machine in the cloud for management and you connect it and do anything/everything, it works but only if you are the only IT person. (my idea is making Fedora a Virt Manager program, like Vsphere C# or Hyper-V manager, and you can connect to it using web interface thanks to NoVNC)
I love it and use it, cause it keeps the KVM servers basic and simple, however cockpit for me can be the cherry topping, after I setup everything I can connect via cockpit and quickly edit, but if I want to do management I will use Virt Manager
-
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization".Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
-
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization".Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
Or do a search for my Kimchi guide:
https://mangolassi.it/topic/14675/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi
Guide is here:
https://www.timothygruber.com/linux/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi-part-1/I have tried connecting virt manger to my KVM host but I get all kinds of errors. Not sure if I am doing it right. Do you have a guide for connecting to a remote KVM host with virt manger for a non-root user? I get lots of accessed denied. I did end up finding your guide after searching cockpit on the forum.
-
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization".Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
Or do a search for my Kimchi guide:
https://mangolassi.it/topic/14675/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi
Guide is here:
https://www.timothygruber.com/linux/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi-part-1/I have tried connecting virt manger to my KVM host but I get all kinds of errors. Not sure if I am doing it right. Do you have a guide for connecting to a remote KVM host with virt manger for a non-root user? I get lots of accessed denied. I did end up finding your guide after searching cockpit on the forum.
You have to put your user in the virtual manager group. Forget the proper name of the group.
@stacksofplates knows it
