Setting Up libvirt on Rocky Linux
AI usage¶
This document adheres to the AI contribution policy found here. If you find any errors in the instructions, please let us know.
Introduction¶
libvirt1 is an incredible virtualization API that allows for the virtualization of almost any operating system of your choice with the power of KVM as the hypervisor, and QEMU as the emulator.
This document will provide the instructions for setting up libvirt on Rocky Linux 9 and 10. Where steps differ between the two versions, these are clearly marked.
Prerequisites¶
- A machine running Rocky Linux 9 and 10.
- Ensure you enable virtualization in your BIOS settings. If the following command returns output, virtualization has been successfully enabled:
sudo grep -e 'vmx' /proc/cpuinfo
Repository setup and package installation¶
- Enable the EPEL (Extra Packages for Enterprise Linux) repository:
sudo dnf install -y epel-release
- Install the required packages for
libvirt(optionally forvirt-managerif you want to use a GUI to manage your VMs):
sudo dnf install -y bridge-utils virt-top libguestfs-tools bridge-utils virt-viewer qemu-kvm libvirt virt-manager virt-install
Note
The virt-manager package has been deprecated and is no longer available in Rocky Linux 10 (it remains available in Rocky Linux 9). For Rocky Linux 10, you should install the following packages instead and enable the cockpit service:
sudo dnf install -y bridge-utils virt-top libguestfs-tools bridge-utils virt-viewer qemu-kvm libvirt virt-install
sudo dnf install -y cockpit cockpit-machines
sudo systemctl enable --now cockpit.socket
After installation, you can manage your VMs by navigating to the Cockpit console at https://<your-host>:9090
libvirt user setup¶
- Add your user to the
libvirtgroup. This enables the management of your VMs and allows you to use commands such asvirt-installas a non-root user:
sudo usermod -aG libvirt $USER
- Activate the
libvirtgroup by using thenewgrpcommand:
newgrp libvirt
- Enable and start the
libvirtdservice:
sudo systemctl enable --now libvirtd
Bridge interface setup for direct access to virtual machines¶
- Check the current interfaces in use and note down the main interface with an Internet connection:
nmcli connection show
- Delete the interface connected to the Internet and any virtual bridge connections currently present:
nmcli connection delete <CONNECTION_NAME>
Warning
Make sure you have direct access to the machine. If you are configuring the machine over SSH, the connection will be severed after deleting the main interface connection. While you can run the below commands (up to "nmcli connection up") via a BASH script on a remote system, this is risky and ideally, having another way to connect to the system via a direct or console connection is the best approach.
- Create the new bridge connection:
nmcli connection add type bridge autoconnect yes con-name <VIRTUAL_BRIDGE_CON-NAME> ifname <VIRTUAL_BRIDGE_IFNAME>
- Assign a static IP address:
sudo nmcli connection modify <VIRTUAL_BRIDGE_CON-NAME> ipv4.addresses <STATIC_IP/SUBNET_MASK> ipv4.method manual
- Assign a gateway address:
nmcli connection modify <VIRTUAL_BRIDGE_CON-NAME> ipv4.gateway <GATEWAY_IP>
- Assign a DNS address:
nmcli connection modify <VIRTUAL_BRIDGE_CON-NAME> ipv4.dns <DNS_IP>
- Add the bridge slave connection:
nmcli connection add type bridge-slave autoconnect yes con-name <MAIN_INTERFACE_WITH_INTERNET_ACCESS_CON-NAME> ifname <MAIN_INTERFACE_WITH_INTERNET_ACCESS_IFNAME> master <VIRTUAL_BRIDGE_CON-NAME>
- Start the bridge connection:
nmcli connection up <VIRTUAL_BRIDGE_CON-NAME>
- Add the
allow allline tobridge.conf:
sudo tee -a /etc/qemu-kvm/bridge.conf <<EOF
allow all
EOF
- Enable and start the
libvirtdservice:
sudo systemctl enable --now libvirtd
Installing and running VMs outside of /var/lib/libvirt/ for Rocky Linux 10¶
# Grant read and traversal access to the directory where you are storing your ISOs
sudo setfacl -R -m u:qemu:rx <ISO_DIRECTORY>
sudo setfacl -d -m u:qemu:rx <ISO_DIRECTORY>
# Configure SELinux for read access
sudo semanage fcontext -a -t virt_image_t "<ISO_DIRECTORY>os(/.*)?"
sudo restorecon -Rv <ISO_DIRECTORY>
# 1. Grant traversal access to the home directory
sudo setfacl -m u:qemu:x <HOME_DIRECTORY>
# 2. Grant access to your images directory where you will store the VMs
sudo setfacl -m u:qemu:rwx <IMAGES_DIRECTORY>
# 3. Ensure new files created in the directory inherit these permissions
sudo setfacl -d -m u:qemu:rwx <IMAGES_DIRECTORY>
# 4. Define the SELinux context for the directory and its contents
sudo semanage fcontext -a -t virt_image_t "<IMAGES_DIRECTORY>(/.*)?"
# 5. Apply the SELinux context
sudo restorecon -Rv <IMAGES_DIRECTORY>
Virtual machine installation¶
- Set the ownership of the
/var/lib/libvirtdirectory and its nested directories to your user:
sudo chown -R $USER:libvirt /var/lib/libvirt/
- You can create a virtual machine on the command line by using the
virt-installcommand. For example, to create a Rocky Linux 9.8 VM, you can run the following command:
virt-install --name Rocky-Linux-9 --ram 4096 --vcpus 4 --disk path=/var/lib/libvirt/images/rocky-linux-9.img,size=20 --os-variant rocky9 --network bridge=virbr0,model=virtio --graphics none --console pty,target_type=serial --extra-args 'console=ttyS0,115200n8' --location ~/isos/Rocky-9.8-x86_64-dvd.iso
- For those that want to manage their VMs via a GUI,
virt-manageris the perfect tool for Rocky Linux 9. For Rocky Linux 10, Cockpit is now the standard aftervirt-managerwas deprecated.
How to shutdown a virtual machine¶
- The
shutdowncommand accomplishes this:
virsh shutdown --domain <YOUR_VM_NAME>
- To force shutdown an unresponsive VM, use the
destroycommand:
virsh destroy --domain <YOUR_VM_NAME>
How to delete a virtual machine¶
- Use the
undefinecommand:
virsh undefine --domain <YOUR_VM_NAME> --nvram
- For further
virshcommands, check thevirshmanpages.
Conclusion¶
- libvirt allows you to install and manage your virtual machines with ease, alongside extensive XML editing options, secureboot, cloud-init support, and more.
References¶
- "libvirt.org" by the libvirt project https://libvirt.org/index.html
Author: Howard Van Der Wal
Contributors: Steven Spencer