Using KVM for virtual server setup

What best way to test a server setup than to just use a brand new machine dedicated for this purpose ? Unfortunately, not everyone has a spare computer dedicated to such activities. But there is at least one solution : use a virtual machine !

The virtualization solution I have been using is KVM, one of the most efficient ones.

This article deals with the different problems system administrators may encounter when setting up such a virtual server, as well as setting up the host computer (running a flavour of Debian GNU/Linux) to let it communicate with the virtual server.

Host system setup

Check KVM compatibility

First, you need to ensure your computer is able to handle the KVM linux extension. Your machine requires a CPU with virtualization extensions. To figure out whether your CPU has the required extensions, issue the following command :

grep vmx /proc/cpuinfo

If nothing is displayed, sorry but you will not be able to run KVM on your machine. Otherwise, you may proceed to the next step.

Activate the VMX extension

Some PC's have VMX deactivated by default. This has to be enabled in the BIOS setup of the computer. On my Dell workstation, the option is simply called "virtualization". This may differ on other machines. Check the manual of your computer or motherboard for additional details.

Install and setup kvm

As root, issue the command:

apt-get install kvm

Then, give the correct rights to your normal user by adding it to the kvm group using the command:

adduser username kvm

After that, you will need to log out from your user account and log in again, in order the correct rights to be active.

Host virtual network setup

In order your host system to be able to communicate with the guest OS, a dedicated virtual network layer has to be set up. This is made possible using the tun/tap virtual network interface. I will give the required commands to get a quickly working setup. For more information, please check the numerous available resources on the web.

As root, edit the /etc/network/interfaces file, and add the following lines:

auto tap0
iface tap0 inet static
pre-up tunctl -u username -t tap0
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
post-up iptables -A FORWARD -i tap0 -j ACCEPT
post-up iptables -A FORWARD -o tap0 -j ACCEPT
post-up sysctl -q net.ipv4.ip_forward=1
pre-down sysctl -q net.ipv4.ip_forward=0
pre-down iptables -F
pre-down iptables -t nat -F
post-down tunctl -d tap0

Ensure you have set the correct value for username and that the interface set for internet access in the first post-up line is correct. I have used eth0 in the example, but it may change depending on your configuration.

For your information, the iptables configuration lines enables your host computer to behave like a NAT router for all the computers connected to the virtual network which is accessible from the tap0 interface. This way, all the guest systems which are connected to the virtual network will have access to the internet using the host system as a gateway.

Save the file, then check the tunctl tool is installed and activate the tun0 network interface by issuing the commands:

apt-get install uml-utilities
ifup tap0

Now, your host network is ready !

Guest system installation

Everything can be done from the user account you configured for kvm access rights, and for the ownership of the tap0 network device.

Get and generate the disk image files

First of all, gather all the necessary files in the same directory on the host system. I will suppose all the following commands are issued from that dedicated directory.

Get the Debian lenny ISO image using the command:


Create a virtual disk image using the command:

qemu-img create -f qcow2 debian.qcow2 10G

This will create a disk image for a 10 GB disk. It is more than sufficient for basic server setup. You may eventually change the size to fit your needs.

Run the installation setup

Execute kvm using the command:

kvm -m 512 -net nic -net tap,ifname=tap0,script=no,downscript=no -cdrom debian-501-i386-netinst.iso debian.qcow2

The guest system should boot, using the debian iso as boot CD. Proceed with standard Debian installation.

Network setup

You will have to set up the network yourself. To fit the configuration of the virtual network we performed above, the following settings should be correct:

  • Network IP address:
  • Netmask:
  • Gateway:
  • DNS name server: use your usual DNS server settings

Then, partition the virtual disk to fit your needs. The default assisted partitioning method is exactly what you need.

Take a seat, wait for the installation process to be done.

In the final configuration step, choose a password for the root user, and choose a user name and password for a normal user.

The final APT configuration can be kept as simple as possible: choose the default values for the repository (one is selected by default, according to your country settings). At the software package selection step, you can unselect everything; the necessary packages will have to be manually installed afterwards.

Finally after having installed the bootloader, the guest system will reboot to the newly installed Debian system.

Final setup

As root in the guest OS, you may find useful to install ssh:

apt-get install ssh

This will allow you to get a remote shell session on the guest OS from the host OS using the command:

ssh username@

The guest OS can be safely stopped using the halt command.

You may run the guest OS again using the command:

kvm -m 512 -net nic -net tap,ifname=tap0,script=no,downscript=no debian.qcow2

I personally have written that command in a shell script, which is much more convenient when running the same setup a numerous number of times.

Also note that the image file for your freshly installed Debian system can be duplicated, archived, and reused for testing different server setups.


Such a guest server OS can be really useful to safely check system setups (and write documentation too ! :) ). You may use it for testing the Apache/PostgreSQL/PHP server setup I will present in an upcoming article.


1. On 02/05/2009, 13:26 by Arnaud


(Et merci pour le lien)