The Ultimate KVM setup
-
@tim_g said in The Ultimate KVM setup:
@emad-r said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
e GUI it's self is there to eliminate wasted time remembering powershell (and human error)
BUT I am using GUI i am just moving it away of the KVM host, and giving the KVM host one role only, instead of
Web server
PHP/Python
Node JSAnd those stuff that KIMCHI use
Kimchi and all the stuff it requires to run barely uses any resources. We're talking tens of megabytes, almost no CPU, barely any RAM. I'm not using any 15-year-old servers, so they can all handle that tiny extra bit without it having any impact whatsoever on running VMs or the host.
I do agree with installing the web services on a separate device on the perimeter network if setting it up to be accessed from the internet, and having that connected to your Host via another NIC. But I highly recommend keeping selinux enabled. I don't see why everyone always disables that. I always keep selinux and firewall enabled, even on internal-only servers. Banks don't only lock the front door and keep the vault open. They lock both.
Then why did you permanently set it to permissive for
httpd_t
in your guide? -
@jaredbusch said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@emad-r said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
e GUI it's self is there to eliminate wasted time remembering powershell (and human error)
BUT I am using GUI i am just moving it away of the KVM host, and giving the KVM host one role only, instead of
Web server
PHP/Python
Node JSAnd those stuff that KIMCHI use
Kimchi and all the stuff it requires to run barely uses any resources. We're talking tens of megabytes, almost no CPU, barely any RAM. I'm not using any 15-year-old servers, so they can all handle that tiny extra bit without it having any impact whatsoever on running VMs or the host.
I do agree with installing the web services on a separate device on the perimeter network if setting it up to be accessed from the internet, and having that connected to your Host via another NIC. But I highly recommend keeping selinux enabled. I don't see why everyone always disables that. I always keep selinux and firewall enabled, even on internal-only servers. Banks don't only lock the front door and keep the vault open. They lock both.
Then why did you permanently set it to permissive for
httpd_t
in your guide?SELinux is still enabled. That command only puts Apache in a single permissive security domain.
It's way better than putting SELinux in permissive mode or disabling it altogether.
-
@nerdydad said in The Ultimate KVM setup:
I'm starting to think that Emad has gone full blown Curtis here.
well it is not fault madness is in my name
-
@tim_g said in The Ultimate KVM setup:
@jaredbusch said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@emad-r said in The Ultimate KVM setup:
@dustinb3403 said in The Ultimate KVM setup:
e GUI it's self is there to eliminate wasted time remembering powershell (and human error)
BUT I am using GUI i am just moving it away of the KVM host, and giving the KVM host one role only, instead of
Web server
PHP/Python
Node JSAnd those stuff that KIMCHI use
Kimchi and all the stuff it requires to run barely uses any resources. We're talking tens of megabytes, almost no CPU, barely any RAM. I'm not using any 15-year-old servers, so they can all handle that tiny extra bit without it having any impact whatsoever on running VMs or the host.
I do agree with installing the web services on a separate device on the perimeter network if setting it up to be accessed from the internet, and having that connected to your Host via another NIC. But I highly recommend keeping selinux enabled. I don't see why everyone always disables that. I always keep selinux and firewall enabled, even on internal-only servers. Banks don't only lock the front door and keep the vault open. They lock both.
Then why did you permanently set it to permissive for
httpd_t
in your guide?SELinux is still enabled. That command only puts Apache in a single permissive security domain.
But from a web server, that is the single largest attack vector. why do it? Instead properly set httpd_t_rw on the select files or directories that need it.
@tim_g said in The Ultimate KVM setup:
It's way better than putting SELinux in permissive mode or disabling it altogether.
True, but see above.
-
@jaredbusch said in The Ultimate KVM setup:
Instead properly set httpd_t_rw on the select files or directories that need it.
That would be the most thorough way to do it. But I don't know everything it needs or have time to figure it out. (yet)
If you do, go for it. I'll credit you for it if works and I put it in my blog.
-
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
-
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
-
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
-
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
-
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
-
Can I create VMs within cockpit? I do not see an option for that.
Who resurrected MEEEEE and this thread, I WILL BURY YOU ALL.
seriously no you cant, cockpit is very simple and meant to be simple, and currently you can only view.
Regarding this setup it involves basically a Fedora machine in the cloud for management and you connect it and do anything/everything, it works but only if you are the only IT person. (my idea is making Fedora a Virt Manager program, like Vsphere C# or Hyper-V manager, and you can connect to it using web interface thanks to NoVNC)
I love it and use it, cause it keeps the KVM servers basic and simple, however cockpit for me can be the cherry topping, after I setup everything I can connect via cockpit and quickly edit, but if I want to do management I will use Virt Manager
-
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
-
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
Or do a search for my Kimchi guide:
https://mangolassi.it/topic/14675/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi
Guide is here:
https://www.timothygruber.com/linux/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi-part-1/I have tried connecting virt manger to my KVM host but I get all kinds of errors. Not sure if I am doing it right. Do you have a guide for connecting to a remote KVM host with virt manger for a non-root user? I get lots of accessed denied. I did end up finding your guide after searching cockpit on the forum.
-
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
Or do a search for my Kimchi guide:
https://mangolassi.it/topic/14675/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi
Guide is here:
https://www.timothygruber.com/linux/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi-part-1/I have tried connecting virt manger to my KVM host but I get all kinds of errors. Not sure if I am doing it right. Do you have a guide for connecting to a remote KVM host with virt manger for a non-root user? I get lots of accessed denied. I did end up finding your guide after searching cockpit on the forum.
You have to put your user in the virtual manager group. Forget the proper name of the group.
@stacksofplates knows it
-
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
Or do a search for my Kimchi guide:
https://mangolassi.it/topic/14675/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi
Guide is here:
https://www.timothygruber.com/linux/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi-part-1/I have tried connecting virt manger to my KVM host but I get all kinds of errors. Not sure if I am doing it right. Do you have a guide for connecting to a remote KVM host with virt manger for a non-root user? I get lots of accessed denied. I did end up finding your guide after searching cockpit on the forum.
I dont' know, I follow my guides exactly, from start to finish, before I post them (unless otherwise mentioned). So I know they work. I don't get any errors when connecting and I don't do anythign different than what's on my guide.
On the computer you are trying to connect from (not the KVM host), you might need to install
dnf install openssh-askpass
.Then you may be prompted to input the password like 8 times and type the word yes. But after that you should be connected.
-
@jaredbusch said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
@tim_g said in The Ultimate KVM setup:
@mattbagan said in The Ultimate KVM setup:
I'm having a hard time following this. So we have one(two) KVM host, fedora instance running virt manger, another fedora running vnc server?
Install Cockpit:
dnf install cockpit cockpit-machines
Then do adnf group install "Virtualization"
.Set each VM to use SPICE and VNC. You can get VM console access via Cockpit and the VNC display.
cockpit gets installed on the KVM host?
Yes.
Can I create VMs within cockpit? I do not see an option for that.
No, but you can connect to your KVM host via virt-manager from another Linux PC.
Or do a search for my Kimchi guide:
https://mangolassi.it/topic/14675/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi
Guide is here:
https://www.timothygruber.com/linux/fedora-26-kvm-html5-remote-access-with-web-console-via-kimchi-part-1/I have tried connecting virt manger to my KVM host but I get all kinds of errors. Not sure if I am doing it right. Do you have a guide for connecting to a remote KVM host with virt manger for a non-root user? I get lots of accessed denied. I did end up finding your guide after searching cockpit on the forum.
You have to put your user in the virtual manager group. Forget the proper name of the group.
@stacksofplates knows it
libvirtd
-
This post is deleted!