Adding Virtualization Support

Author: Peter Boy (pboy) | Creation Date: 2021-03-10 | Last update: N/A | Affected Fedora Version(s): 33

First Draft! Please comment on server mailing list

Libvirt is the standard virtualization method in Fedora and provides a management toolkit for KVM / QEMU. This includes a local virtual network for protected communication between the virtual guest systems with each other and with the host.

Preparation

Libvirt stores its data including the image files of the virtual hard disk(s) for the guest systems in /var/lib/libvirt. If you adhere to the default partitioning concept, the libvirt application data is stored in its own logical volume in the default volume group (fedora_fedora).

Before starting the installation, a logical partition must be created. The easiest way is to use Cockpit to create a logical volume, e.g. named libvirt, format it with XFS and mount it at the position /var/lib/libvirt. Cockpit creates this directory automatically.

Installing libvirt Virtualization Software

Installing the software is quite simple.

[…]# dnf install qemu-kvm libvirt virt-install cockpit-machines libguestfs-tools

Package libguestfs-tools provides various useful tools to maintain virtual disks. It is recommended not to install the group @virtualization onto a Fedora Server. It includes various graphical programs and libraries that are not usable on headless servers.

Next check the SELinux labels

[…]# ls -alZ /var/lib/libvirt

Usually, the installation adjusts the labels accordingly. Otherwise, an adjustment must be made manually.

[…]# /sbin/restorecon -R -vF /var/lib/libvirt

If everything is correct, libvirtd must be activated and started.

[…]# systemctl enable libvirtd  --now

By default, libvirt creates a bridge with an interface virbr0, the IP 192.168.122.1 and the internal name default. In addition, a separate firewall zone libvirt is set up. Check if everything is running as expected.

[…]# ip a
[…]# firewall-cmd –get-active-zones

Adjusting libvirt Configuration

The internal network should be used for the internal, protected communication of the VMs with each other and with the host. For this purpose, it is advantageous to set up a DNS for the internal network so that the VMs can be addressed by their names.

The first step is to decide about a domain name. A top-level ".local" is explicitly not recommended, nor taking one if the official top-level names. But for example, you can take the official domain name and replace the top-level domain with 'lan' or 'internal'. The example domain example.com then becomes example.lan. We use that one throughout this tutorial. The host gets the name host.example.lan.

Modify libvirt default network

[…]# virsh  net-edit  default
<network>
  <name>default</name>
  <uuid>aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee</uuid>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:xx:yy:zz'/>
  <forward mode='nat'/>
  <mtu size='8000'/>
  <domain name='example.lan'/>
  <dns forwardPlainNames='no'>
    <forwarder domain='example.lan' />
    <forwarder addr='213.133.98.98'/>
    <forwarder addr='213.133.99.99'/>
    <host ip='192.168.122.1'>
      <hostname>host</hostname>
      <hostname>host.example.lan</hostname>
    </host>
  </dns>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254'/>
    </dhcp>
  </ip>
</network>

Activate the modified configuration

[…]# virsh net-destroy default
[…]# virsh net-start default

Converting the Hosts DNS Configuration

Wait, systemd project is currently working to fix the resolved split-DNS bug

Final Test

Check the functionality of the name resolution with internal and external addresses.[source,]

[…]# ping host
[…]# ping host.example.lan
[…]# ping host.example.com
[…]# ping guardian.co.uk

These nice people helped write this page:

Peter Boy, Jan Kuparinen

Want to help? Learn how to contribute to Fedora Docs.