PXE is conglomeration of tools used to get a new operating system onto a computer. It is based on two protocols: DHCP and TFPT. I used PXER a long time ago at Penguin and have always wanted to set it up for my home personal use. I’m doing that now for my lab. My goal is to first be able to provision virtual machines, and then to provision physical boxes. I need to do a full install of RHEL 7 and RHEL 8, which means I also need Kickstart to automate the install process. I had it working, but after rebooting the NUC it is running on it broke. Here’s my debugging.
Continue readingCategory Archives: Virtualization
Remotely Provisioning a Virtual Machine using Ansible and Libvirt
Ansible exists to help automate the time consuming repeated tasks that technologist depend upon. One very common jobs is to create and tear down a virtual machine. While cloud technologies have made this possible to perform remotely, there are many times when I’ve needed to setup and tear down virtual machines on systems that were stand alone Linux servers. In this case, the main interfaces to the machine are ssh and libvirt. I recently worked through an Ansible role to setup and tear down an virtual machine via libvirt, and I’d like to walk through it, and record my reasons for some of the decisions I made.
Continue reading
Passwordless access to System libvirt on Fedora 28
I can connect to the system libvirtd on my system without password. I set this up some time ago, and forgot how, so figured I would document it.
Continue reading
Getting a Virtual Machine’s IP Address from virsh
Ten Years later, and I finally know how to get virsh to tell me the IP address for a VM.
Continue reading
SE Linux for CentOS Part 3
After the previous two days debugging, Simo Sorce suggested that I need to tell the OS to show all AVCs, some are hidden by default.
SE Linux for CentOS Continued
Trying to troubleshoot the issues from Yesterday’s SELinux errors.
Continue reading
SELinux for Kubevirt on Centos
Without disabling SELinux enforcement, an attempt to deploy a VM generates the following audit message:
type=AVC msg=audit(1504194626.938:877): avc: denied { transition } for pid=9574 comm="libvirtd" path="/usr/local/bin/qemu-system-x86_64" dev="dm-19" ino=31526884 scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:svirt_tcg_t:s0:c408,c741 tclass=process |
Running this through audit2allow provides a little more visibility into the problem:
#============= spc_t ============== #!!!! The file '/usr/local/bin/qemu-system-x86_64' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /usr/local/bin/qemu-system-x86_64 allow spc_t svirt_tcg_t:process transition; |
This is probably due to running as much of the virtualization machinery in containers. /usr/local/bin/qemu-system-x86_64 comes from inside the libvirt container. It does not exist on the base OS filesystem. Thus, just running restorecon won’t do much.
Deploying Kubevirt on Origin Master
Now that I have a functional OpenShift Origin built from source, I need to deploy KubeVirt on top of it.
Here are my notes. This is rough, and not production quality yet, but should get you started.
Adding External IPs for Minishift
In the interest of simplifying the development and deployment of Kubevirt, we decided to make sure it was possible to run with minishift. After downloading and running the minishift binary, I had a working minishift cluster. However, in order to deploy the api-server to the cluster, I needed an external IP; otherwise I’d get the error:
Error:
service "" is invalid spec.externalIPs: Forbidden: externalIPs have been disabled
Here is how I got around this error.
Manually Deploying Kubevirt on OpenShift Origin
It has been enjoyable to learn the Kubevirt code base and coding in Go. However, unless the code gets deployed to servers, no one will use it in production. I’ve been learning OpenShift as an integration point for Kubevirt. Here are my notes for getting it up and running. This is not quite production grade, but should help write a proper deployment mechanism.
Please note, as of KubeVirt v0.17 installing KubeVirt directly via manifests is deprecated. KubeVirt is now deployed using the operator pattern.
https://kubevirt.io/user-guide/docs/latest/administration/intro.html
The rest of this document is maintained for historical value only.