Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


kvm_host_centos_6.4

HP Proliant DL320e Gen8

Hardware used:

  • HP Proliant DL 320e gen8
  • 8GB Memory
  • P222 RAID controller
  • RAID 10 with 4x1TB 7200RPM SATA HDD's
  • CPU E3-1240 V2 @ 3.40GHz

Install KVM Host with CentOS 6.4

!Note: If you are not using an HP authenticated HDD, the drive will be seen as degraded.

  • The drive LEDs will be off
  • iLO show's storage status as degraded
  • Health LED will be flashing amber

BIOS

  • Enter BIOS, F9
  • After install! System Options → USB Options → USB Boot Support → Disabled
  • PCI Device enable/disable → Disable B120i RAID controller
  • PCI Device enable/disable → Disable Accelerator Manager
  • Advanced options → Advanced System ROM options → Power-On Logo → Disabled
  • Advanced options → Thermal Configuration → Increased cooling

Storage Settings

  • Enter ACU, F5
  • Create 4 disk array
  • Create RAID 1+0 logical drive

Configure iLO4

Administration

  • Enter iLO license
  • Create additional user(s)
  • Server name
  • Server FQDN
  • Enable Login Security Banner
  • Enable / configure iLO AlertMail
  • Configure SSH Port
  • Disable SNMP
  • Disable IPMI over LAN
  • Upload SSH Authorized key

Network (Shared Network Port)

  • iLO Subsystem Name
  • Domain name
  • IP-Address / netmask / gateway / dns
  • Ping Gateway on Startup
  • SNTP

Power management

  • Restore Last Power State
  • Delay: Minimum Delay
  • HP Dynamic Power Savings Mode

Install OS

  • Set iLO One-Time Boot Option to USB and reboot / start.
  • Install minimal OS.
  • Type of installation: Use all space, review and modify partitioning layout.
  • Configure filesystems, make sure /var is larger than memory, if you want to suspend all guests at reboot.
    • / = 64G
    • /home = 1G
    • /tmp = 4G
    • /var = 16G
    • swap = 1G
  • Configure network later

Update OS:

yum update

Configure OS

Network

  • Disable zeroconf in /etc/sysconfig/network

NOZEROCONF=yes

  • Configure /etc/sysconfig/network-scripts/ifcfg-eth0
  • Configure /etc/resolv.conf

Access control

  • Create user
SSH
  • Only allow admin users (AllowUsers)
  • Disable the use of passwords (keys only)
    • ChallengeResponseAuthentication no
    • PasswordAuthentication no
    • UsePAM no
    • PubkeyAuthentication yes
  • Disable root login (PermitRootLogin)
  • Enable authorized keys (AuthorizedKeysFile)
  • Change Port to another priv-port.
    • Update iptables!
    • Modify selinux: semanage port -a -t ssh_port_t -p tcp <ssh-port-number>
    • restart sshd
iptables

Configure iptables (use the ipv4 and v6 script).

Install and configure additional software

Utilities

Install various utilities for selinux, iostat, lspci, mail, etc…

yum install pciutils policycoreutils-python mailx sysstat openssh-clients traceroute telnet man bind-utils
Configure HP software

Add /etc/yum.repos.d/HPSPP.repo

[HP-SPP]
name=HP Software Delivery Repository for SPP
Baseurl=http://downloads.linux.hp.com/SDR/downloads/SPP/RHEL/$releasever/$basearch/current
enabled=1
gpgcheck=1
gpgkey=http://downloads.linux.hp.com/SDR/downloads/SPP/GPG-KEY-SPP

Install hponcfg, hpacucli, hpssacli, etc:

yum update
yum -y install hponcfg hpacucli hpssacli hp-health

Update iLO 4 firmware

Download CP018365.scexe (v 1.30)

sh /tmp/CP018365.scexe

NTP

yum -y install ntp
chkconfig ntpd on

Edit /etc/ntp.conf

server ntp1.polaire.nl
server ntp2.polaire.nl
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org

Restart ntpd:

service ntpd restart

Mail

  • Modify /etc/aliases → root: <mail address>
newaliases
  • /etc/postfix/main.cf
    • mydomain = <domain name>
    • masquerade_domains = $mydomain
  • Reload postfix

Install and configure KVM

Install KVM

yum groupinstall "Virtualization" "Virtualization Client" "Virtualization Platform" "Virtualization Tools" 
yum install bridge-utils

Configure network

Create VM script

#!/bin/bash

VMNAME="web"
VMMEM="1024"
VMCPU="4"
DISK="/dev/vg_colo/lv_vm_web"
#lvcreate -L64G -n lv_vm_web vg_colo

virt-install --connect qemu:///system \
--name $VMNAME \
--ram $VMMEM \
--vcpus $VMCPU \
--disk path=$DISK \
--network=bridge:virbr0 \
--os-type=linux \
--os-variant=rhel6 \
--nographics \
--location=http://mirror.1000mbps.com/centos/6.4/os/x86_64 \
--initrd-inject=/root/vmks.cfg \
--extra-args="ks=file:/vmks.cfg console=tty0 console=ttyS0,115200" \
--autostart

Kickstart file:

install
url --url=http://mirror.1000mbps.com/centos/6.4/os/x86_64
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --ipv6 auto
rootpw  --iscrypted PUTYOURHASHHERE
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc Europe/Amsterdam
bootloader --location=mbr --driveorder=vda --append="crashkernel=auto console=ttyS0,115200"
zerombr
clearpart --all
autopart

repo --name="CentOS"  --baseurl=http://mirror.1000mbps.com/centos/6.4/os/x86_64 --cost=100

reboot

%packages --nobase
@core
acpid
ntp
bind-utils
openssh-clients
%end

%post
# Update packages
/usr/bin/yum update -y --skip-broken

# Configure services to start at boot
chkconfig acpid on
chkconfig ntpd on

# Set time
ntpdate ntp1.polaire.nl

# Configure ntp.conf
cat > /etc/ntp.conf <<EOF_ntpconfig
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
server ntp1.polaire.nl
server ntp2.polaire.nl
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
EOF_ntpconfig

# Start ntpd
service ntpd start

# No ZeroConf
echo "NOZEROCONF=yes" >> /etc/sysconfig/network


exit 0
%end

Create and configure guest

./create-vm.sh

Configure static IP

virsh net-destroy default
virsh net-edit default
virsh net-start default

Example:

<network>
  <name>default</name>
  <uuid>a278ff00-d3cf-45d3-898a-69d820ce4f73</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='off' delay='0' />
  <mac address='52:54:00:A8:7C:72'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.128' end='192.168.122.254' />
      <host mac='52:54:00:34:d9:eb' name='web' ip='192.168.122.10' />
    </dhcp>
  </ip>
</network>

Port forwarding to guest

kvm_host_centos_6.4.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1