To KVM or not to KVM

[alamahant]

Virtual machines are really cool.
But VirtualBox isnt so much...
Firstly it is proprietary and secondly it is really horribly slow.
But let us not fret because we do have Qemu/KVM available in Linux.
I love KVM because it is blazing fast(almost @bare-metal speeds) but needs a little bit of effort to get it going.
Here's how:
Open a terminal and install the following:

Code: Select all

apt install qemu-kvm libvirt-daemon libvirt-daemon-system virtinst libosinfo-bin bridge-utils virt-manager qemu-system gir1.2-spiceclientgtk-3.0 ovmf ebtables dnsmasq

Then add your user to the libvirt group:

Code: Select all

usermod -aG libvirt <user>

Edit the /etc/libvirt/qemu.conf file and append the following:

Code: Select all

nvram = [
   "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd"
]

...to enable uefi boot.
Make sure the appropriate module is loaded @boot:

Code: Select all

echo vhost_net >> /etc/modules

If you need nat networking please start the default network:

Code: Select all

virsh net-start default ###and 
virsh net-autostart default ###if you need it enabled @boot

You will need to create a bridge interface to use with
vms if you need them to share your host network.
It is easy to create one via the network-manager cli or nmcli thus:

Code: Select all

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/99-sysctl.conf ###Enable -ip forwarding needed for bridging
sysctl -p /etc/sysctl.d/99-sysctl.conf ###apply it immediately
nmcli con add type bridge con-name br0 ifname br0 ip4  <your-desired-ip/your-network-netmask> gw4 <your-router-ip>
nmcli con mod br0 ipv4.dns <your-dns-server-ip> ipv4.method manual
nmcli con add type bridge-slave con-name br0-slave1 ifname <your-primary-eth-interface(eth0 or eth1)> master br0
nmcli con del "Wired connection 1"###and if needed 2 to delegate the network only to the bridge

WARNING:Do the above only if you have an ethernet(wired) interface,but NOT if you only have wifi, as wifi is not an ideal candidate for bridging
Start and enable libvirt service

Code: Select all

systemctl enable --now libvirtd ###OR if in sysvinit
update-rc.d libvirtd enable && service libvirtd start

Then reboot and the bridge should be up and running.
You can assign the bridge interface to guests in Virtual Manager UI by:
Pressing the "NIC xxxx" tab of the VM-->
"Specify shared device name"-->
and choosing "br0"
instead of the "default NAT" interface.

Thats it!!!
Now you can use Virtual Manager and have fun with VM-ing around.
Here is a link to Virtual Manager page https://virt-manager.org


ADDENDUM: THINLY-PROVISIONED DISKS
One drawback of kvm is that it assigns all disk space at once to the VM disks that it creates whether your VM will be using it or not.
Thus it is heavy on disk space consumption.
Fortunately there is a workaround.
Create a directory where you wish to store your KVM disks ---for example ~/kvm-disks:

Code: Select all

mkdir ~/kvm-disks && cd ~/kvm-disks

Open a terminal and install the following:

Code: Select all

 sudo apt install libguestfs-tools

Then enter the following:

Code: Select all

sudo qemu-img create -f qcow2 10g-template.qcow2 10G ###Create a 10G disk template
 sudo virt-sparsify -q  10g-template.qcow2 10g-template.thin.qcow2 ###Create the thinly-provisioned disk..Please wait for the command to complete--it might take some time.
sudo rm 10g-template.qcow2 ###Delete the original disk, keeping only the thinly-provisioned disk.

Likewise you might wish to create 10G 20G 60G etc disk templates to have them ready to use when creating VMs.
Take care to assign the correct sizes and names to the above commands accordingly.
Then before creating a new VM just go to ~/kvm-disks and COPY and PASTE the desired size disk, renaming it to the VM name you wish to create.(Take care not to delete the ".qcow2" extension) .
And in Virtual Manager do NOT create a NEW disk but IMPORT the one you already created.
Then after you finished creating disk templates according to your needs you might wish to remove the "libguestfs-tools".Its up to you.
Thats it!

ADDENDUM: GPU-PASSTHROUGH
Sometimes it is useful to "pass" a video graphics card for example nvidia from the host to the guest.This is particularly useful if one needs to run graphics-demanding apps and games on the guest.It is easy to do so in KVM.
This is HOW:
NOTE:Although I have tested and used this in my own MX and it seems to be functioning normally I BEAR NO RESPONSIBILITY in case of unstable or unresponsive system after applying these steps.PLEASE PROCEED AT YOUR OWN RISK!!!
YOU NEED TO HAVE AN EXTRA GRAPHICS CARD YOU CAN AFFORD TO PASS TO THE GUEST.
As an extra layer of caution we enable the REISUB functionality:

Code: Select all

echo "kernel.sysrq = 1" >> /etc/sysctl.d/99-sysctl.conf
sysctl -p /etc/sysctl.d/99-sysctl.conf

In this way if our machine freezes or becomes unstable while applying these steps we simply PRESS and HOLD Right-ALT+PRT SC and type "reisub".This will unfreeze and reboot the system.
First EDIT your "/etc/default/grub" file and in the line GRUB_CMDLINE_LINUX="" append:

Code: Select all

GRUB_CMDLINE_LINUX="..... intel_iommu=on" ###For Intel processors OR
GRUB_CMDLINE_LINUX="..... amd_iommu=on" ###For AMD processors 

Then run "sudo update-grub" to apply the changes.
Now run
lspci -nn | grep -i nvidia
to get your nvidia card's id,something like the following:

Code: Select all

root@mx:~# lspci -nn | grep -i nvidia
01:00.0 3D controller [0302]: NVIDIA Corporation GM107M [GeForce 845M] [10de:1398] (rev a2)

In my case the nvidia card id will be "10de:1398"
Now create a file
/etc/modprobe.d/vfio.conf
with the lines:

Code: Select all

options vfio-pci ids=10de:1398 ###SUBSTITUTE your own id.In case your nvidia card has an audio capability you might get an additional id and in that case seperate them with comma.

Make sure to load the appropriate kernel module @boot:

Code: Select all

echo 'vfio-pci' > /etc/modules-load.d/vfio-pci.conf#####IN CASE OF SYSTEMD
echo 'vfio-pci' >> /etc/modules#####IN CASE OF SYSVINIT

Now REBOOT your machine.
If everything went smoothly you will have now a functioning IOMMU.
Verify this:

Code: Select all

dmesg | grep -E "DMAR|IOMMU"
dmesg | grep -i vfio

IF YOU DONT SEE ANY ERRORS please continue with Virtual Manager
IMPORTANT THIS ONLY WORKS WITH VMs SET TO BOOT WITH UEFI.
Open your Virtual Manager and press the "Add Harware"--> "PCI Host Device"
Choose your graphics card.APPLY the changes and start your VM.
HOPEFULLY your guest will boot with no problem.
Once in the guest open a terminal and verify that everything worked as expected:

Code: Select all

lspci | grep -i nvidia

You should now be able to see your host NVIDIA card appearing in your guest.
NOTE:Not only can you pass your graphics card this way but also USB devices,disks and maybe even your wireless network card.


Thats it !!!
Congrats

[JayM]

Off-topic: I'm old so I always think of KVM as meaning the switch, Keyboard/Video/Mouse, so you can use the same keyboard, monitor and mouse to control several different computers. Likewise PS2 to me means the old IBM 286 and 386 PCs with an MCA bus.

(I know, I know. "OK, boomer.")

[jeffreyC]

Off-topic: I'm old so I always think of KVM as meaning the switch, Keyboard/Video/Mouse, so you can use the same keyboard, monitor and mouse to control several different computers.

(I know, I know. "OK, boomer.")

Don't feel so bad JayM, that was my first thought too.

[gosia]

This is a great manual, I have been looking for something like this for a long time. Thank you very much. But I have a problem, I cannot find the gir1.2-spiceclientgtk package. Why? Is a repo missing?

Code: Select all

System:    Host: mexiko.fritz.lokal Kernel: 4.19.0-1-amd64 x86_64 (64 bit gcc: 6.3.0)
           Desktop: Openbox 3.6.1
           Distro: MX-18.3_x64 Continuum March 14, 2018
Machine:   Device: laptop System: Packard Bell product: EasyNote TE11HC v: V1.07
           Mobo: Packard Bell model: EG50_HC_CR v: Type2 - Board Version
           UEFI [Legacy]: Packard Bell v: V1.07 date: 05/11/2012
Repos:     Active apt sources in file: /etc/apt/sources.list.d/antix.list
           deb http://mirror.plusserver.com/mxlinux/mxlinux/antix/stretch/ stretch main
           Active apt sources in file: /etc/apt/sources.list.d/debian-stable-updates.list
           deb http://ftp.de.debian.org/debian/ stretch-updates main contrib non-free
           Active apt sources in file: /etc/apt/sources.list.d/debian.list
           deb http://ftp.de.debian.org/debian/ stretch main contrib non-free
           deb http://security.debian.org/ stretch/updates main contrib non-free
           Active apt sources in file: /etc/apt/sources.list.d/mx.list

[Head_on_a_Stick]

I cannot find the gir1.2-spiceclientgtk package. Why?

I think the package is actually called gir1.2-spiceclientgtk-3.0, try that instead. EDIT: no, sorry, that's for MX-19.

@OP: great guide, thanks! I like to use gnome-boxes as a VB replacement, that supports KVM & SPICE OOTB.

[alamahant]

@gosia @all
You are right mate.
the package name is actually

Code: Select all

gir1.2-spiceclientgtk-3.0

Mea culpa.Please forgive me.I have rectified the error.
Now this package name is in MX-19.
I suppose it will be the same in other versions also.
But just to err on the side of caution please run:

Code: Select all

apt search spiceclientgtk

and install the package according to the output....

[Head_on_a_Stick]

Now this package name is in MX-19.
I suppose it will be the same in other versions also.

No, there is no gir1.2-spiceclientgtk package in Debian stretch.[1] The Debian wiki page about KVM suggests that it may not be needed: https://wiki.debian.org/KVM

[Buck Fankers]

@alamahant forgive me for this hijack question, you made a good tutorial, but gnome-boxes got me intrigued...

OT - Quick hijack question, hope it is OK

gnome-boxes as a VB replacement, that supports KVM & SPICE OOTB.

@HoaS I checked few videos about gnome-boxes, and got really interested, I like simplicity and it's speed.

To install it in MX19 is this bellow all I need? Any other library? Such as: gir1.2-libvirt-sanbox-1.0? ...

• gnome-boxes
  qemu-kvm

Then I need to add user to kvm, correct?

Code: Select all

sudo usermod -a -G kvm $USER

Inside gnome-boxes vm I need to install spice tools (for guest additions), correct? These two bellow or anything else?

• spice-vdagent
  spice-webdavd

[Head_on_a_Stick]

@{Buck Fankers}: yes, that's right. Just gnome-boxes and the spice packages should do it. MX-19 already has the spice-vdagent package (and I recently requested that they add spice-webdavd).

[Paul..]

Overall, what is the compatibility with .vbox files? Can KVM or gnome-boxes read them, or is there a significant conversion process required?