{{tag>[Hardware HP kvm centos]}}
=====HP Proliant DL320e Gen8=====
Hardware used:
  *HP Proliant DL 320e gen8
  * 8GB Memory
  * P222 RAID controller
  * RAID 10 with 4x1TB 7200RPM SATA HDD's
  * CPU E3-1240 V2 @ 3.40GHz
==== Install KVM Host with CentOS 6.4 ====
**!Note: If you are not using an HP authenticated HDD, the drive will be seen as degraded.**
  * The drive LEDs will be off
  * iLO show's storage status as degraded
  * Health LED will be flashing amber
==== BIOS ====
  * Enter BIOS, F9
  * **After install!** System Options -> USB Options -> USB Boot Support -> Disabled
  * PCI Device enable/disable -> Disable B120i RAID controller
  * PCI Device enable/disable -> Disable Accelerator Manager
  * Advanced options -> Advanced System ROM options -> Power-On Logo -> Disabled
  * Advanced options -> Thermal Configuration -> Increased cooling
==== Storage Settings ====
  * Enter ACU, F5
  * Create 4 disk array
  * Create RAID 1+0 logical drive


==== Configure iLO4 ====
=== Administration ===
  * Enter iLO license
  * Create additional user(s)
  * Server name
  * Server FQDN
  * Enable Login Security Banner
  * Enable / configure iLO AlertMail
  * Configure SSH Port
  * Disable SNMP
  * Disable IPMI over LAN
  * Upload SSH Authorized key

=== Network (Shared Network Port) ====
  * iLO Subsystem Name
  * Domain name
  * IP-Address / netmask / gateway / dns
  * Ping Gateway on Startup
  * SNTP

=== Power management ===
  * Restore Last Power State
  * Delay: Minimum Delay
  * HP Dynamic Power Savings Mode


==== Install OS ====
  * Set iLO One-Time Boot Option to USB and reboot / start.

  * Install minimal OS.
  * Type of installation: Use all space, review and modify partitioning layout.
  * Configure filesystems, make sure /var is larger than memory, if you want to suspend all guests at reboot.
      * / = 64G
      * /home = 1G
      * /tmp = 4G
      * /var = 16G
      * swap = 1G
  * Configure network later

Update OS:
  yum update

==== Configure OS ====
=== Network ===
  * Disable zeroconf in /etc/sysconfig/network
  NOZEROCONF=yes
  * Configure /etc/sysconfig/network-scripts/ifcfg-eth0
  * Configure /etc/resolv.conf

=== Access control ===

  * Create user

== SSH ==
  * Only allow admin users (AllowUsers)
  * Disable the use of passwords (keys only)
      * ChallengeResponseAuthentication no
      * PasswordAuthentication no
      * UsePAM no
      * PubkeyAuthentication yes
  * Disable root login (PermitRootLogin)
  * Enable authorized keys (AuthorizedKeysFile)
  * Change Port to another priv-port. 
      * Update iptables!
      * Modify selinux: semanage port -a -t ssh_port_t -p tcp <ssh-port-number>
      * restart sshd

== iptables ==
Configure iptables (use the ipv4 and v6 script).
==== Install and configure additional software ====

== Utilities ==
Install various utilities for selinux, iostat, lspci, mail, etc...
  yum install pciutils policycoreutils-python mailx sysstat openssh-clients traceroute telnet man bind-utils

== Configure HP software ==
Add /etc/yum.repos.d/HPSPP.repo

<code>
[HP-SPP]
name=HP Software Delivery Repository for SPP
Baseurl=http://downloads.linux.hp.com/SDR/downloads/SPP/RHEL/$releasever/$basearch/current
enabled=1
gpgcheck=1
gpgkey=http://downloads.linux.hp.com/SDR/downloads/SPP/GPG-KEY-SPP
</code>

Install hponcfg, hpacucli, hpssacli, etc:
  yum update
  yum -y install hponcfg hpacucli hpssacli hp-health
  
=== Update iLO 4 firmware ===
Download CP018365.scexe (v 1.30)
  sh /tmp/CP018365.scexe

=== NTP ===
  yum -y install ntp
  chkconfig ntpd on
Edit /etc/ntp.conf
<code>
server ntp1.polaire.nl
server ntp2.polaire.nl
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
</code>
Restart ntpd:
  service ntpd restart

=== Mail ===
  * Modify /etc/aliases -> root: <mail address>

  newaliases

  * /etc/postfix/main.cf
      * mydomain = <domain name>
      * masquerade_domains = $mydomain
  * Reload postfix
==== Install and configure KVM ====

=== Install KVM ===
  yum groupinstall "Virtualization" "Virtualization Client" "Virtualization Platform" "Virtualization Tools" 
  yum install bridge-utils

=== Configure network ===


=== Create VM script ===
<code>
#!/bin/bash

VMNAME="web"
VMMEM="1024"
VMCPU="4"
DISK="/dev/vg_colo/lv_vm_web"
#lvcreate -L64G -n lv_vm_web vg_colo

virt-install --connect qemu:///system \
--name $VMNAME \
--ram $VMMEM \
--vcpus $VMCPU \
--disk path=$DISK \
--network=bridge:virbr0 \
--os-type=linux \
--os-variant=rhel6 \
--nographics \
--location=http://mirror.1000mbps.com/centos/6.4/os/x86_64 \
--initrd-inject=/root/vmks.cfg \
--extra-args="ks=file:/vmks.cfg console=tty0 console=ttyS0,115200" \
--autostart
</code>

Kickstart file:
<code>
install
url --url=http://mirror.1000mbps.com/centos/6.4/os/x86_64
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --ipv6 auto
rootpw  --iscrypted PUTYOURHASHHERE
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc Europe/Amsterdam
bootloader --location=mbr --driveorder=vda --append="crashkernel=auto console=ttyS0,115200"
zerombr
clearpart --all
autopart

repo --name="CentOS"  --baseurl=http://mirror.1000mbps.com/centos/6.4/os/x86_64 --cost=100

reboot

%packages --nobase
@core
acpid
ntp
bind-utils
openssh-clients
%end

%post
# Update packages
/usr/bin/yum update -y --skip-broken

# Configure services to start at boot
chkconfig acpid on
chkconfig ntpd on

# Set time
ntpdate ntp1.polaire.nl

# Configure ntp.conf
cat > /etc/ntp.conf <<EOF_ntpconfig
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
server ntp1.polaire.nl
server ntp2.polaire.nl
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
EOF_ntpconfig

# Start ntpd
service ntpd start

# No ZeroConf
echo "NOZEROCONF=yes" >> /etc/sysconfig/network


exit 0
%end
</code>

=== Create and configure guest ===
  ./create-vm.sh

Configure static IP
  virsh net-destroy default
  virsh net-edit default
  virsh net-start default

Example:
<code>
<network>
  <name>default</name>
  <uuid>a278ff00-d3cf-45d3-898a-69d820ce4f73</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='off' delay='0' />
  <mac address='52:54:00:A8:7C:72'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.128' end='192.168.122.254' />
      <host mac='52:54:00:34:d9:eb' name='web' ip='192.168.122.10' />
    </dhcp>
  </ip>
</network>

</code>

==== Port forwarding to guest ====
[[http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections]]