Virtualization Management (libvirt)
Skill Level: Intermediate
| This exercise depends on the work created by the Image Builder unit. If you have not completed that work, please do so before proceeding. |
Provided your hardware is reasonably modern, chances are that it supports virtualization. This unit introduces simple virtualization management using kvm and libvirt. You will learn how to:
-
Install additional necessary software
-
Enable necessary system services and firewall ports
-
Use the command line to create and manage a virtual machine
-
Use the web console (cockpit) to create and manage a virtual machine
1. Getting Started
For these exercises, you will be using the host node3 as user root.
From host bastion, ssh to node3.
ssh node3Use sudo to elevate your privileges.
[[ "$UID" == 0 ]] || sudo -iVerify that you are on the right host for these exercises.
workshop-virt-checkhost.shYou are now ready to proceed with these exercises.
2. Requirements
First we need to ensure the system being used supports either:
-
Intel VT-x and Intel 64 virtualization extensions
-
AMD-V and the AMD64 virtualization extensions
This is done with the following simple commands.
You can start by examining the CPU flags (capabilities) advertised by your system.
grep -E 'svm|vmx' /proc/cpuinfoflags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnow prefetch invpcid_single ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rds eed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat pku os pke avx512_vnni md_clear arch_capabilities
You are looking for either the Intel flag (vmx) or the AMD flag (svm). A more sophisticated command makes it a little easier to determine.
if grep -qE 'svm|vmx' /proc/cpuinfo ; then echo 'Virt Supported' ; else echo 'WARNING: no hardware virtualization support detected'; fiVirt Supported
After you install all the required software, there are some additional tools to provide more detailed reporting on system capabilities.
| It could very well be that your environment does not support native or nested virtualization. This does not mean that this exercise will not work, but it does mean that (if it does work) it will be VERY slow. |
3. Installation and Configuration
| Please note that all software has been pre-installed and configured. These steps are provided as reference material only. |
The system needs to be configured with access to the following repos:
-
rhel-10-baseos-rpms
-
rhel-10-appstream-rpms
Install the required packages.
dnf install -y qemu-kvm libvirt virt-install libvirt-client libguestfs-tools cockpit-machinesNext we need to enable the libvirtd service.
systemctl enable --now libvirtd| The "enable --now" syntax was introduced in RHEL 8 and allows for permanently enabling as well as immediately starting services in a single command. |
Finally check the service status.
systemctl --no-pager status libvirtd3.1. Verify Virtualization Host Status
One simple command checks various hardware and software configurations for support of virtualization.
virt-host-validateQEMU: Checking for hardware virtualization : PASS QEMU: Checking if device /dev/kvm exists : PASS QEMU: Checking if device /dev/kvm is accessible : PASS QEMU: Checking if device /dev/vhost-net exists : PASS QEMU: Checking if device /dev/net/tun exists : PASS QEMU: Checking for cgroup 'cpu' controller support : PASS QEMU: Checking for cgroup 'cpuacct' controller support : PASS QEMU: Checking for cgroup 'cpuset' controller support : PASS QEMU: Checking for cgroup 'memory' controller support : PASS QEMU: Checking for cgroup 'devices' controller support : PASS QEMU: Checking for cgroup 'blkio' controller support : PASS QEMU: Checking for device assignment IOMMU support : WARN (No ACPI IVRS table found, IOMMU either disabled in BIOS or not supported by this hardware platform)
4. Deploy A Virtual-Machine with 'virt-install'
Red Hat provides pre-made generic images of RHEL for use as virtual machines in a QCOW2 format.
However, in order to access them for download one needs to have an active Red Hat Enterprise Linux entitlement. An alternative to downloading a qcow image is to make one.
Fortunately, that’s precisely what you did in the previous unit with Image Builder.
5. Customize your QCOW Image
Now you need to do a few more things to your image:
-
set a hostname
-
set a root password
-
copy a simple HTML file
-
SELinux file relabeling in the guest
-
remove the cloud-init package
We need to capture the filename of our public SSH key.
export PUBKEY=$(ls ~/.ssh/*.pub | head -1)Now you can proceed to customize the virt image.
We will include a timer on this command in order to measure how long this process takes.
| For the resources used at the 2025 Red Hat Summit, this process runs for about 30 seconds. |
time virt-customize \
-a /var/lib/libvirt/images/vmguest.qcow2 \
--hostname vmguest \
--root-password password:redhat \
--ssh-inject root:file:${PUBKEY} \
--copy-in /usr/local/etc/index.html:/var/www/html \
--selinux-relabel \
--run-command 'echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.d/rootlogin.conf' \
--uninstall cloud-init[ 0.0] Examining the guest ... [ 19.1] Setting a random seed [ 19.2] Setting the machine ID in /etc/machine-id [ 19.2] Setting the hostname: vmguest [ 19.2] SSH key inject: root [ 20.7] Copying: /usr/local/etc/index.html to /var/www/html [ 20.7] Running: echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.d/rootlogin.conf [ 20.8] Uninstalling packages: cloud-init [ 24.0] Setting passwords [ 25.2] SELinux relabelling [ 30.5] Finishing off real 0m30.882s user 0m0.884s sys 0m1.583s
6. VM Deployment
| Please note that if your workshop environment did NOT show support for native or nested virtualization, every step beyond this point will likely take a very long time (if it works at all). |
It is now time to launch the VM
virt-install \
--import \
--name vmguest \
--memory 2048 \
--cpu host \
--vcpus 1 \
--disk /var/lib/libvirt/images/vmguest.qcow2 \
--graphics vnc \
--noautoconsole\
--os-variant rhel10.0Give the VM a few moments to boot.
| If you explored the web-console exercise, you can use cockpit to access the VM’s console and see what’s going on. Just be sure you selected administrative access. |
7. Virtual Machine Connectivity
To determine what IP address was assigned to the new host, we can use the virsh utility.
virsh net-dhcp-leases defaultThe output will show us the clients MAC address and the IP address it was assigned via the libvirt integrated dnsmasq service.
Expiry Time MAC address Protocol IP address Hostname Client ID or DUID ----------------------------------------------------------------------------------------------------------- 2021-11-13 11:19:33 52:54:00:63:85:76 ipv4 192.168.122.62/24 - 01:52:54:00:63:85:76
Another mechanism determine the IP address of the client is to use the 'domifaddr' option.
virsh domifaddr vmguestName MAC address Protocol Address ------------------------------------------------------------------------------- vnet0 52:54:00:63:85:76 ipv4 192.168.122.62/24
| Before you proceed, empty data in the above commands is an indication that the virtual machine has not completed its bootstrap. Just give it a few more moments and try again. |
Now that we have the network information, it is time to connect to the host.
export VM_IP=$(virsh domifaddr vmguest | sed -e '1,2d' -e '$d' | awk '{ split($4,a,/\//) ; print a[1] }')curl $VM_IP*** Success !!! It Works ***
8. Virtual Machine Inspection
Now it is time to connect to the host and check out some its characteristics.
export VM_IP=$(virsh domifaddr vmguest | sed -e '1,2d' -e '$d' | awk '{ split($4,a,/\//) ; print a[1] }')ssh root@$VM_IP -o "StrictHostKeyChecking no"The root password was set to 'redhat' in a previous step using the virt-customize command. However, since we injected an SSH public key at the same time, you should not be prompted for a password.
The virtual machine is on a private network and not accessbile from the internet. You will only be able to access it from the bastion via SSH, or from the web console.
Verify that the httpd daemon is running.
systemctl --no-pager status httpdVerify that index.html exists.
ls /var/www/html/index.htmlExit back to the host.
exit9. Additional CLI Commands
Some additional simple virtual machine management commands:
-
virsh list lists running virtual machines
-
virsh list --all lists all virtual machines regardless of state
-
virsh start <vm-name> starts a virtual machine
-
virsh shutdown <vm-name> performs a soft shutdown of the virtual machine
-
virsh destroy <vm-name> performs destructive cold stop of the virtual machine
10. Explore VM Management with Web Console
Use the following URL:
And the following UserID and Password:
ASK-INSTRUCTORASK-INSTRUCTORSelect Virtual machines from the menu on the left. You will notice that the interface is pretty rudimentary compared to a modern virtualization manager like OpenShift Virtualization, but one critical feature is available: the console.
Take some time to explore the capabilities of the Web Console Virtual machines interface.
11. Cleanup
| It is IMPORTANT to shutdown the deployed VMs. Leaving any VM running in this workshop environment can adversely impact other exercises. |
Using either the CLI (or the Web-Console), be sure to shutdown and remove the VM(s) you deployed to ensure additional workshop exercises perform reasonably.
virsh destroy vmguest
virsh undefine vmguest --remove-all-storage12. Conclusion
This concludes the exercises related to virtualization.
Time to finish this unit and return the shell to its home position.
workshop-finish-exercise.sh