Ubuntu – Johnny Morano's Tech Articles https://jmorano.moretrix.com Ramblings of an old-fashioned space cowboy Sun, 10 Apr 2022 09:44:36 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://jmorano.moretrix.com/wp-content/uploads/2022/04/cropped-jmorano_emblem-32x32.png Ubuntu – Johnny Morano's Tech Articles https://jmorano.moretrix.com 32 32 Libvirt guest startup issue with AppArmor https://jmorano.moretrix.com/2022/04/libvirt-guest-startup-issue-with-apparmor/ https://jmorano.moretrix.com/2022/04/libvirt-guest-startup-issue-with-apparmor/#respond Sun, 10 Apr 2022 09:37:48 +0000 https://jmorano.moretrix.com/?p=1487 With AppArmor enabled on Debian/ Ubuntu systems, starting up virtual machines with libvirt can cause startup failures if not AppArmor is not properly configured.

AppArmor will write messages to the kernel log (visible with either the dmesg command or in kernel.log if available) regarding its actions.

If your libvirt guests are not starting up or failing, have a look at dmesg. Example:

In the above example AppArmor has denied (apparmor="DENIED") read access (requested_mask=r) to the file /data/vms/cluster_storage/base-os-ubuntu-focal.qcow2. This blocks of course the startup guest machines we have previously created in the article: Terraform and libvirtd nodes.

To fix the issue, edit the file: /etc/apparmor.d/libvirt/TEMPLATE.qemu

By default it has the following content:

#
# This profile is for the domain whose UUID matches this file.
#

#include <tunables/global>

profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
  #include <abstractions/libvirt-qemu>
}

In order to allow libvirt to use the guest image files, change the content to (or add a similar line if your file path is different):

#
# This profile is for the domain whose UUID matches this file.
#

#include <tunables/global>

profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
  #include <abstractions/libvirt-qemu>
  /data/vms/cluster_storage/**.qcow2 rwk,
}

The added line (line 9) will allow read (r), write (w) and lock (k) access to all qcow2 files in the directory /data/vms/cluster_storage.

Once added, all libvirt guests will start up again without any (AppArmor) issues.

]]> https://jmorano.moretrix.com/2022/04/libvirt-guest-startup-issue-with-apparmor/feed/ 0 Terraform and libvirt nodes https://jmorano.moretrix.com/2022/03/terraform-and-libvirtd-nodes/ https://jmorano.moretrix.com/2022/03/terraform-and-libvirtd-nodes/#comments Wed, 30 Mar 2022 09:45:11 +0000 https://jmorano.moretrix.com/?p=1302 Libvirt (libvirtd) nodes (based on KVM and Qemu) are a great and cheap (read: free) alternative of deploying virtual nodes in a cloud. Required is a server which will act as a hypervisor, in our article we chose to use a Hetzner server installed with Ubuntu Linux 20.4-lts.

After the default installation of Ubuntu 20.4-lts, the following packages are required to get started as a hypervisor:

apt install qemu-kvm libvirt-daemon bridge-utils virtinst libvirt-daemon-system virt-top libguestfs-tools libosinfo-bin qemu-system virt-manager qemu pm-utils

Once these are installed, the vnet_hosts module needs to be pre-loaded in /etc/modules:

echo vhost_net | tee -a /etc/modules
modprobe vhost_net

The hypervisor is now ready to start creating and deploying virtual machines.

In this article, Terraform will be used to manage the virtual machines in libvirtd. All example code snippets are available on Github, under https://github.com/insani4c/terraform-libvirt

Terraform has an excellent provider (dmacvicar/libvirtd) to manage the libvirtd nodes, which needs to be loaded and initialized:

terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
    }
  }
}

provider "libvirt" {
  uri = "qemu+ssh://root@192.168.1.1/system"
}

In the above code snippet, Terraform will ensure the libvirt provider is loaded and it is configured to connect to the host with IP address 192.168.1.1 as the root user (this requires that a SSH public key is installed on the remote server, of the user who will be executing Terraform).

Next, the network will defined, where the virtual nodes will be deployed in.

resource "libvirt_network" "my_network" {
  name = "my_net"

  mode = "nat"

  addresses = ["10.1.2.0/24"]
  domain    = var.dns_domain

  autostart = true

  dhcp {
    enabled = false
  }

  dns {
    enabled = true

    local_only = false
    forwarders { address = "127.0.0.53" }

    hosts  {
        hostname = "host01"
        ip = "10.1.2.10"
      }
    hosts {
        hostname = "host02"
        ip = "10.1.2.20"
      }
  }  
}

The above code will ensure that a network of type NAT (to allow internal IPs, reachable from the hypervisor only) with network mask 10.1.2.0/24, will be created. It will ensure that DHCP is disabled and it will enable a DNS setup (the package dnsmasq must be installed) with two predefined hosts, host01 and host02.

Up next is the definition of the storage pools and volumes required for the virtual machines.

resource "libvirt_pool" "default" {
  name = "default"
  type = "dir"
  path = "/data/vms/cluster_storage"
}

resource "libvirt_volume" "local_install_image" {
  name   = var.local_install_image
  pool   = libvirt_pool.default.name
  source = var.os_img_url
  format = "qcow2"
}

The above defines the libvirt_pool, which basically configures the path on-disk for storing all sorts of volumes. Next it defines a volume called “local_install_image“, which will be used to set up the virtual machine as the volume will contain the “cloud image” for the installation. This volume requires two variables:

variable "os_img_url" {
  description = "URL to the OS image"
  default     = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
}

variable "local_install_image" {
    description = "The name of the local install image"
    default     = "base-os-ubuntu-focal.qcow2"
}
]]> https://jmorano.moretrix.com/2022/03/terraform-and-libvirtd-nodes/feed/ 1