KVM (Kernel Virtual Machine) is a Linux kernel module that allows a user space process to utilize hardware virtualization capabilities. When people refer to KVM they are usually talking about the hypervisor but there are in fact three components (or balls our penguin seems to be juggling): KVM (hardware acceleration), Qemu (hypervisor), and Libvirt (management library). KVM and Qemu started as separate projects but their code streams have been merged and hence the qemu-kvm package. In order to communicate with the KVM hypervisor libvirt is used which also has support for the management of other hypervisors such as ESX.
KVM consists of many packages, most notable are qemu-kvm, libvirt, virt-manager and virt-viewer. The virt-manager and virt-viewer packages are optional and only required for the GUI.
yum groupinstall "Virtualisation Tools" "Virtualization Platform"
yum install python-virtinst
yum install virt-manager virt-viewer
yum install qemu-kvm
This step is mainly for development environments or management tools that require tcp access to libvirtd. In order to use the libvirt APIs we need to enable access through tcp and configure authentication. In this example we will use SASL authentication.
listen_tls = 0 listen_tcp = 1 tcp_port=”16509” listen_addr=”<IP>” auth_tcp = “sasl”
Note: you can disable authentication by setting auth_tcp=”none” but this is only recommended for development or test environments.
Configure Authentication Credentials
KVM has various authentication options and protocol support. Documentation regarding libvirt and remote connections as well as authentication can be found on the libvirt website. The most secure way to do things is with TLS and certificates however in the below example we are just using tcp and standard SASL user/password authentication.
Create a SASL user and password for the libvirt service.
saslpasswd2 -a libvirt kvmuser
Add authentication credentials so you are not prompted for credentials. This is critical for remote access tools requiring access over tcp.
[credentials-test] authname=kvmuser password=mypassword [auth-libvirt-192.168.8.132] credentials=test
Upon adding credentials make sure you restart libvirtd.
service libvirtd restart
In order to test the credentials use the vrish cli command with the “no_verify” option. If things are working correctly you should not be prompted for credentials and get a list of virtual machines.
virsh -c qemu+tcp:///system?no_verify=1 list
(c) 2014 Keith Tenzer