Fedora iTOps Tube

Thursday, December 13, 2012

Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Ubuntu 12.10

This document describes how to install a PureFTPd server that uses virtual users from a MySQL database instead of real system users. This is much more performant and allows to have thousands of ftp users on a single machine. In addition to that I will show the use of quota and upload/download bandwidth limits with this setup. Passwords will be stored encrypted as MD5 strings in the database. This tutorial is based on Ubuntu 12.10.

For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. phpMyAdmin is a comfortable graphical interface which means you do not have to mess around with the command line.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

Make sure that you are logged in as root (type in

sudo su

to become root), because we must run all the steps from this tutorial as root user.

 

2 Install MySQL And phpMyAdmin

This can all be installed with one single command:

apt-get install mysql-server mysql-client phpmyadmin apache2

You will be asked these questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

 

3 Install PureFTPd With MySQL Support

For Ubuntu 12.10 there is a pre-configured pure-ftpd-mysql package available. Install it like this:

apt-get install pure-ftpd-mysql

Then we create an ftp group (ftpgroup) and user (ftpuser) that all our virtual users will be mapped to. Replace the group- and userid 2001 with a number that is free on your system:

groupadd -g 2001 ftpgroup
useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser

 

4 Create The MySQL Database For PureFTPd

Now we create a database called pureftpd and a MySQL user named pureftpd which the PureFTPd daemon will use later on to connect to the pureftpddatabase:

mysql -u root -p

CREATE DATABASE pureftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
FLUSH PRIVILEGES;

Replace the string ftpdpass with whatever password you want to use for the MySQL user pureftpd. Still on the MySQL shell, we create the database table we need (yes, there is only one table!):

USE pureftpd;

CREATE TABLE ftpd (
User varchar(16) NOT NULL default '',
status enum('0','1') NOT NULL default '0',
Password varchar(64) NOT NULL default '',
Uid varchar(11) NOT NULL default '-1',
Gid varchar(11) NOT NULL default '-1',
Dir varchar(128) NOT NULL default '',
ULBandwidth smallint(5) NOT NULL default '0',
DLBandwidth smallint(5) NOT NULL default '0',
comment tinytext NOT NULL,
ipaccess varchar(15) NOT NULL default '*',
QuotaSize smallint(5) NOT NULL default '0',
QuotaFiles int(11) NOT NULL default 0,
PRIMARY KEY (User),
UNIQUE KEY User (User)
) ENGINE=MyISAM;

quit;

As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.

BTW, (I'm assuming that the hostname of your ftp server system is server1.example.com) you can access phpMyAdmin underhttp://server1.example.com/phpmyadmin/ (you can also use the IP address instead of server1.example.com) in a browser and log in as the user pureftpd. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your PureFTPd server.

 

5 Configure PureFTPd

Edit /etc/pure-ftpd/db/mysql.conf. It should look like this:

cp /etc/pure-ftpd/db/mysql.conf /etc/pure-ftpd/db/mysql.conf_orig
cat /dev/null > /etc/pure-ftpd/db/mysql.conf
vi /etc/pure-ftpd/db/mysql.conf

  MYSQLSocket      /var/run/mysqld/mysqld.sock  #MYSQLServer     localhost  #MYSQLPort       3306  MYSQLUser       pureftpd  MYSQLPassword   ftpdpass  MYSQLDatabase   pureftpd  #MYSQLCrypt md5, cleartext, crypt() or password() - md5 is VERY RECOMMENDABLE uppon cleartext  MYSQLCrypt      md5  MYSQLGetPW      SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")  MYSQLGetUID     SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")  MYSQLGetGID     SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")  MYSQLGetDir     SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")  MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")  MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")  MySQLGetQTASZ   SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")  MySQLGetQTAFS   SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

Make sure that you replace the string ftpdpass with the real password for the MySQL user pureftpd in the line MYSQLPassword! Please note that we use md5 asMYSQLCrypt method, which means we will store the users' passwords as an MD5 string in the database which is far more secure than using plain text passwords!

Then create the file /etc/pure-ftpd/conf/ChrootEveryone which simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone

This will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory.

Also create the file /etc/pure-ftpd/conf/CreateHomeDir which again simply contains the string yes:



echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir

This will make PureFTPd create a user's home directory when the user logs in and the home directory does not exist yet.

Finally create the file /etc/pure-ftpd/conf/DontResolve which again simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/DontResolve

This will make that PureFTPd doesn't look up host names which can significantly speed up connections and reduce bandwidth usage.

Afterwards, we restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

 

6 Populate The Database And Test

To populate the database you can use the MySQL shell:

mysql -u root -p

USE pureftpd;

Now we create the user exampleuser with the status 1 (which means his ftp account is active), the password secret (which will be stored encrypted using MySQL's MD5 function), the UID and GID 2001 (use the userid and groupid of the user/group you created at the end of step two!), the home directory/home/www.example.com, an upload and download bandwidth of 100 KB/sec. (kilobytes per second), and a quota of 50 MB:

INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`) VALUES ('exampleuser', '1', MD5('secret'), '2001', '2001', '/home/www.example.com', '100', '100', '', '*', '50', '0');

quit;

Now open your FTP client program on your work station (something like FileZilla, WS_FTP, SmartFTP or gFTP) and try to connect. As hostname you useserver1.example.com (or the IP address of the system), the username is exampleuser, and the password is secret.

If you are able to connect - congratulations! If not, something went wrong.

Now, if you run

ls -l /home

you should see that the directory /home/www.example.com (exampleuser's home directory) has been automatically created, and it is owned by ftpuser andftpgroup (the user/group we created at the end of step two):

root@server1:~# ls -l /home
total 8
drwxr-xr-x 3 administrator administrator 4096 Apr 27 11:54 administrator
drwxr-xr-x 2 ftpuser       ftpgroup      4096 Jul  3 22:23 www.example.com
root@server1:~#

 

7 Database Administration

For most people it is easier if they have a graphical front-end to MySQL; therefore you can also use phpMyAdmin (in this example underhttp://server1.example.com/phpmyadmin/) to administrate the pureftpd database.


Whenever you want to create a new user, you have to create an entry in the table ftpd so I will explain the columns of this table here:

ftpd Table:

  • User: The name of the virtual PureFTPd user (e.g. exampleuser).
  • status: 0 or 1. 0 means the account is disabled, the user cannot login.
  • Password: The password of the virtual user. Make sure you use MySQL's MD5 function to save the password encrypted as an MD5 string:

  • UID: The userid of the ftp user you created at the end of step two (e.g. 2001).
  • GID: The groupid of the ftp group you created at the end of step two (e.g. 2001).
  • Dir: The home directory of the virtual PureFTPd user (e.g. /home/www.example.com). If it does not exist, it will be created when the new user logs in the first time via FTP. The virtual user will be jailed into this home directory, i.e., he cannot access other directories outside his home directory.
  • ULBandwidth: Upload bandwidth of the virtual user in KB/sec. (kilobytes per second). 0 means unlimited.
  • DLBandwidth: Download bandwidth of the virtual user in KB/sec. (kilobytes per second). 0 means unlimited.
  • comment: You can enter any comment here (e.g. for your internal administration) here. Normally you leave this field empty.
  • ipaccess: Enter IP addresses here that are allowed to connect to this FTP account. * means any IP address is allowed to connect.
  • QuotaSize: Storage space in MB (not KB, as in ULBandwidth and DLBandwidth!) the virtual user is allowed to use on the FTP server. 0 means unlimited.
  • QuotaFiles: amount of files the virtual user is allowed to save on the FTP server. 0 means unlimited.

 

8 Anonymous FTP

If you want to create an anonymous ftp account (an ftp account that everybody can login to without a password), you can do it like this:

First create a user ftp (with the homedir /home/ftp) and group ftp:

groupadd ftp
useradd -s /bin/false -d /home/ftp -m -c "anonymous ftp" -g ftp ftp

Then create the file /etc/pure-ftpd/conf/NoAnonymous which contains the string no:

echo "no" > /etc/pure-ftpd/conf/NoAnonymous

With this configuration, PureFTPd will allow anonymous logins.

Restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Then we create the directory /home/ftp/incoming which will allow anonymous users to upload files. We will give the /home/ftp/incoming directory permissions of 311 so that users can upload, but not see or download any files in that directory. The /home/ftp directory will have permissions of 555 which allows seeing and downloading of files:

cd /home/ftp
mkdir incoming
chown ftp:nogroup incoming/
chmod 311 incoming/
cd ../
chmod 555 ftp/

Now anonymous users can login, and they can download files from /home/ftp, but uploads are limited to /home/ftp/incoming (and once a file is uploaded into/home/ftp/incoming, it cannot be read nor downloaded from there; the server admin has to move it into /home/ftp first to make it available to others).

 

9 Links

How To Install XFCE On Linux Mint 14

XFCE is a lightweight desktop environment. For Linux Mint 13, the was an XFCE edition in addition to the Cinnamon and Mate editions, but for Linux Mint 14, there isn't. This short guide explains how to install XFCE on your Linux Mint 14 desktop.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

In addition to the method described here, it's also possible to install the xubuntu-desktop package which will give you the Xubuntu desktop (which also uses XFCE), but I found that this desktop, although it seems to work fine, reports various crashes concerning Ubuntu Software Center and update-apt-xapian-index. That's why I don't describe the Xubuntu method, but only the "pure" XFCE way.

 

2 Installing XFCE

Open the Synaptic Package Manager (Administration > Synaptic Package Manager):


Type in your password:


Click on the search button. In the search dialogue, search for xfce4:


Click on the xfce4 package and select Mark for Installation from the context menu:


Accept XFCE's dependencies by clicking on Mark:


Then click on the Apply button:


Confirm your selection by clicking on Apply again:


The packages are now being downloaded and installed:


Afterwards click on Close and leave Synaptic:


Then log out of your current desktop session:



On the Linux Mint login screen, click on the Session icon...


... and select Xfce Session from the list of available desktop environments, then click on Change Session:


After you've typed in your username and password, you will be asked if you want to use XFCE just for this session, or if you want to make it your default desktop environment (in the first case, you'd have to make the desktop selection again when you reboot the system).


This is how the default XFCE desktop looks:


Here's how it looks after I changed a few simple settings:


 

3 Links

Encrypt Your Data With EncFS (Fedora 17)

EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. It is a pass-through filesystem, not an encrypted block device, which means it is created on top of an existing filesystem. This tutorial shows how you can use EncFS on Fedora 17 to encrypt your data.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using the username falko on my Fedora 17 system in this tutorial.

 

2 Installing EncFS

Become root first:

su

EncFS can then be installed as follows:

yum install fuse-encfs

Exit the root shell:

exit

You should now take a look at the EncFS man page to familiarize yourself with its options:

man encfs

 

3 Using EncFS

I will now create the directories encrypted and decrypted in my home directory:

mkdir -p ~/encrypted
mkdir -p ~/decrypted

The decrypted directory acts as the mount point for the encrypted directory. To mount ~/encrypted to ~/decrypted, simply run:

encfs ~/encrypted ~/decrypted

If you run this command for the first time, the EncFS setup is started, and you must define a password for the encrypted volume:

[falko@localhost ~]$ encfs ~/encrypted ~/decrypted
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?>
 <-- p

Paranoia configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 3:0:1
Key Size: 256 bits
Block Size: 1024 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.
File holes passed through to ciphertext.

-------------------------- WARNING --------------------------
The external initialization-vector chaining option has been
enabled.  This option disables the use of hard links on the
filesystem. Without hard links, some programs may not work.
The programs 'mutt' and 'procmail' are known to fail.  For
more information, please see the encfs mailing list.
If you would like to choose another configuration setting,
please press CTRL-C now to abort and start over.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
 <-- yoursecretpassword
Verify Encfs Password: <-- yoursecretpassword
[falko@localhost ~]$

Make sure you remember the password because there's no way to recover your encrypted data if you forget the password!

You should now find the EncFS volume in the outputs of

mount

[falko@localhost ~]$ mount
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime,seclabel)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=504616k,nr_inodes=126154,mode=755)
devpts on /dev/pts type devpts (rw,relatime,seclabel,gid=5,mode=620,ptmxmode=000)
tmpfs on /dev/shm type tmpfs (rw,relatime,seclabel)
tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
/dev/mapper/VolGroup-lv_root on / type ext4 (rw,relatime,seclabel,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,seclabel,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
tmpfs on /media type tmpfs (rw,nosuid,nodev,noexec,relatime,seclabel,mode=755)
mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
sunrpc on /proc/fs/nfsd type nfsd (rw,relatime)
/dev/sda1 on /boot type ext4 (rw,relatime,seclabel,data=ordered)
gvfs-fuse-daemon on /run/user/falko/gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,relatime,user_id=500,group_id=500)
encfs on /home/falko/decrypted type fuse.encfs (rw,nosuid,nodev,relatime,user_id=500,group_id=500,default_permissions)
[falko@localhost ~]$

and

df -h

[falko@localhost ~]$ df -h
Filesystem                    Size  Used Avail Use% Mounted on
rootfs                         28G  6.2G   21G  23% /
devtmpfs                      493M     0  493M   0% /dev
tmpfs                         502M  240K  502M   1% /dev/shm
tmpfs                         502M  1.3M  501M   1% /run
/dev/mapper/VolGroup-lv_root   28G  6.2G   21G  23% /
tmpfs                         502M     0  502M   0% /sys/fs/cgroup
tmpfs                         502M     0  502M   0% /media
/dev/sda1                     485M   87M  373M  19% /boot
encfs                          28G  6.2G   21G  23% /home/falko/decrypted
[falko@localhost ~]$

To save your data in encrypted form, put your data into the decrypted directory, just as you would do with a normal directory:

cd ~/decrypted
echo "hello foo" > foo
echo "hello bar" > bar
ln -s foo foo2

If you check the contents of the directory, you will see that you can see it in unencrypted form...

ls -l

[falko@localhost decrypted]$ ls -l
total 8
-rw-rw-r--. 1 falko falko 10 Dec  5 19:54 bar
-rw-rw-r--. 1 falko falko 10 Dec  5 19:54 foo
lrwxrwxrwx. 1 falko falko  3 Dec  5 19:54 foo2 -> foo
[falko@localhost decrypted]$

... while in the encrypted directory, it's encrypted:

cd ~/encrypted
ls -l

[falko@localhost encrypted]$ ls -l
total 8
lrwxrwxrwx. 1 falko falko 24 Dec  5 19:54 JW2UGj8FE455Fz,UeG8pssdd -> wRgqhN5pJJ-8howYSOvnP-Aq
-rw-rw-r--. 1 falko falko 26 Dec  5 19:54 novYngutPaPhTfBmaz-9Roi,
-rw-rw-r--. 1 falko falko 26 Dec  5 19:54 wRgqhN5pJJ-8howYSOvnP-Aq
[falko@localhost encrypted]$

To unmount the encrypted volume, run:

cd
fusermount -u ~/decrypted

Check the outputs of...

mount

... and...

df -h

... and you will see that the EncFS volume isn't listed anymore.

To mount it again, run

encfs ~/encrypted ~/decrypted

You will be asked for the password you defined earlier:

[falko@localhost ~]$ encfs ~/encrypted ~/decrypted
EncFS Password:
 <-- yoursecretpassword
[falko@localhost ~]$

If you specify the correct password, this will mount the ~/encrypted directory to ~/decrypted from where you can access your encrypted data in unencrypted form. If you forget the password, your encrypted data is lost!

If you want to change the password, you can do this with the

encfsctl passwd ~/encrypted

command.

[falko@localhost ~]$ encfsctl passwd ~/encrypted
Enter current Encfs password
EncFS Password:
 <-- yoursecretpassword
Enter new Encfs password
New Encfs Password:
 <-- newsecretpassword
Verify Encfs Password: <-- newsecretpassword
Volume Key successfully updated.
[falko@localhost ~]$

Installing KVM Guests With virt-install On Ubuntu 12.10 Server

Unlike virt-manager, virt-install is a command line tool that allows you to create KVM guests on a headless server. You may ask yourself: "But I can use vmbuilder to do this, why do I need virt-install?" The difference between virt-install and vmbuilder is that vmbuilder is for creating Ubuntu-based guests, whereas virt-install lets you install all kinds of operating systems (e.g. Linux, Windows, Solaris, FreeBSD, OpenBSD) and distributions in a guest, just like virt-manager. This article shows how you can use it on an Ubuntu 12.10 KVM server.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm assuming that KVM is already installed (e.g. as shown here: Virtualization With KVM On Ubuntu 12.10). My KVM host has the IP address 192.168.0.100.

I will show how to install a CentOS 6.3 guest in this tutorial.

We also need an Ubuntu 12.10 desktop so that we can connect to the graphical console of our KVM guests. It doesn't matter if the desktop is installed on the Ubuntu 12.10 KVM server or on a remote system (there are small differences if the desktop is installed on the KVM host compared to a remote desktop, but I will outline these differences, so read carefully).

 

2 Installing virt-install

Ubuntu 12.10 Host:

Open a terminal and install virt-install:

sudo apt-get install virtinst

 

3 Installing virt-manager On Your Ubuntu 12.10 Desktop

Ubuntu 12.10 Desktop:

We need a means of connecting to the graphical console of our guests - we can use virt-viewer or virt-manager (see KVM Guest Management With Virt-Manager On Ubuntu 8.10) for this. I'm assuming that you're using an Ubuntu 12.10 desktop (it doesn't matter if it is a remote desktop of if the desktop is installed on the Ubuntu 12.10 KVM server!).

I suggest you use virt-manager instead of virt-viewer because virt-manager lets you also create and delete virtual machines and do other tasks. virt-manager can be installed as follows:

sudo apt-get install virt-manager

4 Creating A CentOS 6.3 Guest

Ubuntu 12.10 KVM Host:

Now let's go back to our Ubuntu 12.10 KVM host.

Take a look at

man virt-install

to learn how to use it.

We will create our image-based virtual machines in the directory /var/lib/libvirt/images/ which was created automatically when we installed KVM.

To create a CentOS 6.3 guest (in bridging mode) with the name vm10, 1024MB of RAM, two virtual CPUs, and the disk image /var/lib/libvirt/images/vm10.img(with a size of 12GB), insert the CentOS DVD into the CD drive and run

sudo virt-install --connect qemu:///system -n vm10 -r 1024 --vcpus=2 --disk path=/var/lib/libvirt/images/vm10.img,size=12 -c /dev/cdrom --vnc --noautoconsole --os-type linux --accelerate --network=bridge:br0 --hvm

Of course, you can also create an ISO image of the CentOS DVD (please create it in the /var/lib/libvirt/images/ directory because later on I will show how to create virtual machines through virt-manager from your Ubuntu desktop, and virt-manager will look for ISO images in the /var/lib/libvirt/images/ directory)...

sudo dd if=/dev/cdrom of=/var/lib/libvirt/images/CentOS-6.3-x86_64-bin-DVD1.iso

... and use the ISO image in the virt-install command:

sudo virt-install --connect qemu:///system -n vm10 -r 1024 --vcpus=2 --disk path=/var/lib/libvirt/images/vm10.img,size=12 -c /var/lib/libvirt/images/CentOS-6.3-x86_64-bin-DVD1.iso --vnc --noautoconsole --os-type linux --accelerate --network=bridge:br0 --hvm

The output is as follows:

administrator@server1:~$ sudo virt-install --connect qemu:///system -n vm10 -r 1024 --vcpus=2 --disk path=/var/lib/libvirt/images/vm10.img,size=12 -c /var/lib/libvirt/images/CentOS-6.3-x86_64-bin-DVD1.iso --vnc --noautoconsole --os-type linux --accelerate --network=bridge:br0 --hvm

Starting install...
Allocating 'vm10.img'       |  12 GB     00:00
Creating domain...          |    0 B     00:00
Domain installation still in progress. You can reconnect to
the console to complete the installation process.
administrator@server1:~$


5 Connecting To The Guest

 

Ubuntu 12.10 Desktop:

The KVM guest will now boot from the CentOS 6.3 DVD and start the graphical CentOS installer - that's why we need to connect to the graphical console of the guest. You can do this with virt-manager on the Ubuntu 12.10 desktop (see KVM Guest Management With Virt-Manager On Ubuntu 8.10).

Start Virtual Machine Manager (you can search for virt-manager in Unity to find it):


When you start virt-manager for the first time and no KVM is installed on your Ubuntu desktop (i.e., the KVM host is not identical to your dekstop), you will most likely see the following message (Could not detect a default hypervisor.). You can ignore this because we don't want to connect to the local libvirt daemon, but to the one on our remote Ubuntu 12.10 KVM host.


In virt-manager, go to File > Add Connection... to connect to your Ubuntu 12.10 KVM host. In my virt-manager, I couldn't find the File menu, it was missing, so I had to right-click a certain area just below the cross that is used to close the program, and then the menu opened from where I could select Add Connection...:


Select QEMU/KVM as Hypervisor. If the KVM host is identical to your desktop, you are done now and can click on Connect.

But if the KVM host is on a remote Ubuntu 12.10 server, then check Connect to remote host, select SSH from the Method drop-down menu, fill in root in theUsername field, type in the hostname or IP address (192.168.0.100) of the Ubuntu 12.10 KVM host in the Hostname field, and click on Connect.

(Replace 192.168.0.100 with the IP address or hostname of the KVM host. Please note that the root account must be enabled on the KVM host, and that root logins must be allowed on the KVM host. To enable the root login on an Ubuntu system, run

sudo passwd root

To check if root logins are allowed check the directive PermitRootLogin in /etc/ssh/sshd_config - you might have to restart the SSH daemon afterwards. )


If this is the first connection to the remote KVM server, you must type in yes and click on OK:

Afterwards type in the root password of the Ubuntu 12.10 KVM host:


You should see vm10 as running. Mark that guest and click on the Open button to open the graphical console of the guest:


Type in the root password of the KVM host again:


You should now be connected to the graphical console of the guest and see the CentOS installer:



Now install CentOS as you would normally do on a physical system. Please note that at the end of the installation, the CentOS system needs a reboot. The guest will then stop, so you need to start it again, either with virt-manager or like this on the KVM host's command line:

Ubuntu 12.10 KVM Host:

sudo virsh --connect qemu:///system

start vm10

quit

Afterwards, you can connect to the guest again with virt-manager and configure the guest. You can as well connect to it with an SSH client (such as PuTTY).


Instead of creating a virtual machine from the command line (as shown in chapter 4), you can as well create it from the Ubuntu desktop using virt-manager (of course, the virtual machine will be created on the Ubuntu 12.10 KVM host - in case you ask yourself if virt-manager is able to create virtual machines on remote systems).

To do this, click on the following button:

The New VM dialogue comes up. Fill in a name for the VM (e.g. vm11), select Local install media (ISO image or CDROM), and click on Forward:


Next select Linux in the OS type drop-down menu and Red Hat Enterprise Linux 6 in the Version drop-down menu, then check Use ISO image and click on theBrowse... button:


Select the CentOS-6.3-x86_64-bin-DVD1.iso image that you created in chapter 4 and click on Choose Volume:


Now click on Forward:


Assign memory and the number of CPUs to the virtual machine and click on Forward:


Now we come to the storage. Check Enable storage for this virtual machine, select Create a disk image on the computer's hard drive, specify the size of the hard drive (e.g. 12GB), and check Allocate entire disk now. Then click on Forward:


Now we come to the last step of the New VM dialogue. Go to the Advanced options section. Select Specify shared device name; the Bridge name field will then appear where you fill in the name of your bridge (if you have used the Virtualization With KVM On Ubuntu 12.10 guide to set up the KVM host, this is br0). Click on Finish afterwards:




The disk image for the VM is now being created:


Afterwards, the VM will start. If you use a remote KVM host, type in the root password of the KVM host:

You should now be connected to the graphical console of the guest and see the CentOS installer:

Now install CentOS as you would normally do on a physical system.

 

7 Cloning Guests

Ubuntu 12.10 KVM Host:

The python-virtinst package comes with a second tool, virt-clone, that lets you clone guests. To clone vm10 and name the clone vm12 with the disk image/var/lib/libvirt/images/vm12.img, you simply run (make sure that vm10 is stopped!)

sudo virt-clone --connect qemu:///system -o vm10 -n vm12 -f /var/lib/libvirt/images/vm12.img

Afterwards, you can start vm12 with virt-manager or like this...

sudo virsh --connect qemu:///system

start vm12

quit

... and connect to it using virt-manager.

 

8 Links