kvm_host_centos_6.4
Table of Contents
HP Proliant DL320e Gen8
Hardware used:
- HP Proliant DL 320e gen8
- 8GB Memory
- P222 RAID controller
- RAID 10 with 4x1TB 7200RPM SATA HDD's
- CPU E3-1240 V2 @ 3.40GHz
Install KVM Host with CentOS 6.4
!Note: If you are not using an HP authenticated HDD, the drive will be seen as degraded.
- The drive LEDs will be off
- iLO show's storage status as degraded
- Health LED will be flashing amber
BIOS
- Enter BIOS, F9
- After install! System Options → USB Options → USB Boot Support → Disabled
- PCI Device enable/disable → Disable B120i RAID controller
- PCI Device enable/disable → Disable Accelerator Manager
- Advanced options → Advanced System ROM options → Power-On Logo → Disabled
- Advanced options → Thermal Configuration → Increased cooling
Storage Settings
- Enter ACU, F5
- Create 4 disk array
- Create RAID 1+0 logical drive
Configure iLO4
Administration
- Enter iLO license
- Create additional user(s)
- Server name
- Server FQDN
- Enable Login Security Banner
- Enable / configure iLO AlertMail
- Configure SSH Port
- Disable SNMP
- Disable IPMI over LAN
- Upload SSH Authorized key
Network (Shared Network Port)
- iLO Subsystem Name
- Domain name
- IP-Address / netmask / gateway / dns
- Ping Gateway on Startup
- SNTP
Power management
- Restore Last Power State
- Delay: Minimum Delay
- HP Dynamic Power Savings Mode
Install OS
- Set iLO One-Time Boot Option to USB and reboot / start.
- Install minimal OS.
- Type of installation: Use all space, review and modify partitioning layout.
- Configure filesystems, make sure /var is larger than memory, if you want to suspend all guests at reboot.
- / = 64G
- /home = 1G
- /tmp = 4G
- /var = 16G
- swap = 1G
- Configure network later
Update OS:
yum update
Configure OS
Network
- Disable zeroconf in /etc/sysconfig/network
NOZEROCONF=yes
- Configure /etc/sysconfig/network-scripts/ifcfg-eth0
- Configure /etc/resolv.conf
Access control
- Create user
SSH
- Only allow admin users (AllowUsers)
- Disable the use of passwords (keys only)
- ChallengeResponseAuthentication no
- PasswordAuthentication no
- UsePAM no
- PubkeyAuthentication yes
- Disable root login (PermitRootLogin)
- Enable authorized keys (AuthorizedKeysFile)
- Change Port to another priv-port.
- Update iptables!
- Modify selinux: semanage port -a -t ssh_port_t -p tcp <ssh-port-number>
- restart sshd
iptables
Configure iptables (use the ipv4 and v6 script).
Install and configure additional software
Utilities
Install various utilities for selinux, iostat, lspci, mail, etc…
yum install pciutils policycoreutils-python mailx sysstat openssh-clients traceroute telnet man bind-utils
Configure HP software
Add /etc/yum.repos.d/HPSPP.repo
[HP-SPP] name=HP Software Delivery Repository for SPP Baseurl=http://downloads.linux.hp.com/SDR/downloads/SPP/RHEL/$releasever/$basearch/current enabled=1 gpgcheck=1 gpgkey=http://downloads.linux.hp.com/SDR/downloads/SPP/GPG-KEY-SPP
Install hponcfg, hpacucli, hpssacli, etc:
yum update yum -y install hponcfg hpacucli hpssacli hp-health
Update iLO 4 firmware
Download CP018365.scexe (v 1.30)
sh /tmp/CP018365.scexe
NTP
yum -y install ntp chkconfig ntpd on
Edit /etc/ntp.conf
server ntp1.polaire.nl server ntp2.polaire.nl server 0.nl.pool.ntp.org server 1.nl.pool.ntp.org
Restart ntpd:
service ntpd restart
- Modify /etc/aliases → root: <mail address>
newaliases
- /etc/postfix/main.cf
- mydomain = <domain name>
- masquerade_domains = $mydomain
- Reload postfix
Install and configure KVM
Install KVM
yum groupinstall "Virtualization" "Virtualization Client" "Virtualization Platform" "Virtualization Tools" yum install bridge-utils
Configure network
Create VM script
#!/bin/bash VMNAME="web" VMMEM="1024" VMCPU="4" DISK="/dev/vg_colo/lv_vm_web" #lvcreate -L64G -n lv_vm_web vg_colo virt-install --connect qemu:///system \ --name $VMNAME \ --ram $VMMEM \ --vcpus $VMCPU \ --disk path=$DISK \ --network=bridge:virbr0 \ --os-type=linux \ --os-variant=rhel6 \ --nographics \ --location=http://mirror.1000mbps.com/centos/6.4/os/x86_64 \ --initrd-inject=/root/vmks.cfg \ --extra-args="ks=file:/vmks.cfg console=tty0 console=ttyS0,115200" \ --autostart
Kickstart file:
install url --url=http://mirror.1000mbps.com/centos/6.4/os/x86_64 lang en_US.UTF-8 keyboard us network --onboot yes --device eth0 --bootproto dhcp --ipv6 auto rootpw --iscrypted PUTYOURHASHHERE firewall --service=ssh authconfig --enableshadow --passalgo=sha512 selinux --enforcing timezone --utc Europe/Amsterdam bootloader --location=mbr --driveorder=vda --append="crashkernel=auto console=ttyS0,115200" zerombr clearpart --all autopart repo --name="CentOS" --baseurl=http://mirror.1000mbps.com/centos/6.4/os/x86_64 --cost=100 reboot %packages --nobase @core acpid ntp bind-utils openssh-clients %end %post # Update packages /usr/bin/yum update -y --skip-broken # Configure services to start at boot chkconfig acpid on chkconfig ntpd on # Set time ntpdate ntp1.polaire.nl # Configure ntp.conf cat > /etc/ntp.conf <<EOF_ntpconfig driftfile /var/lib/ntp/drift restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 includefile /etc/ntp/crypto/pw keys /etc/ntp/keys server ntp1.polaire.nl server ntp2.polaire.nl server 0.nl.pool.ntp.org server 1.nl.pool.ntp.org EOF_ntpconfig # Start ntpd service ntpd start # No ZeroConf echo "NOZEROCONF=yes" >> /etc/sysconfig/network exit 0 %end
Create and configure guest
./create-vm.sh
Configure static IP
virsh net-destroy default virsh net-edit default virsh net-start default
Example:
<network> <name>default</name> <uuid>a278ff00-d3cf-45d3-898a-69d820ce4f73</uuid> <forward mode='nat'/> <bridge name='virbr0' stp='off' delay='0' /> <mac address='52:54:00:A8:7C:72'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.128' end='192.168.122.254' /> <host mac='52:54:00:34:d9:eb' name='web' ip='192.168.122.10' /> </dhcp> </ip> </network>
Port forwarding to guest
kvm_host_centos_6.4.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1