Install VirtManager for KVM on Arch Linux

Check Virtualization Support

lscpu | grep -i Virtualization

• VT-x for Intel
• AMD-Vi for AMD

Ensure that your kernel includes KVM modules

zgrep CONFIG_KVM /proc/config.gz

• y = Yes (always installed)
• m = Loadable module

Install QEMU, libvirt, viewers, and tools

sudo pacman -S qemu-full qemu-img libvirt virt-install virt-manager virt-viewer \
edk2-ovmf dnsmasq swtpm guestfs-tools libosinfo tuned

• qemu-full - user-space KVM emulator, manages communication between hosts and VMs
• qemu-img - provides create, convert, modify, and snapshot, offline disk images
• libvirt - an open-source API, daemon, and tool for managing platform virtualization
• virt-install - CLI tool to create guest VMs
• virt-manager - GUI tool to create and manage guest VMs
• virt-viewer - GUI console to connect to running VMs
• edk2-ovmf - enables UEFI support for VMs
• dnsmasq - lightweight DNS forwarder and DHCP server
• swtpm - TPM (Trusted Platform Module) emulator for VMs
• guestfs-tools - provides a set of extended CLI tools for managing VMs
• libosinfo - a library for managing OS information for virtualization.
• tuned - system tuning service for linux allows us to optimise the hypervisor for speed.

VirtIO Drivers for Windows Guests

Go to the Fedora People repository and download virtio-win.iso.

Save it anywhere on disk, and attach it to a CD-ROM it when creating Windows VM.

The default location on Debian/RedHat based is /usr/share/virtio-win/

Enable the libvirt daemon

• Here is the documentation detailing the difference between monolithic and modular daemons.
• Choose between option 1 and 2 and then do a reboot.

Enable the monolithic daemon.

sudo systemctl enable libvirtd.service

sudo systemctl enable libvirtd.service

Verify Host Virtualization

sudo virt-host-validate qemu

If you receive warnings, proceed to their respective sections. Re-run the above command to check your changes.

Enable nested virtualization (optional)

For the current session

Intel:

sudo modprobe -r kvm_intel
sudo modprobe kvm_intel nested=1

AMD:

sudo modprobe -r kvm_amd
sudo modprobe kvm_amd nested=1

Persistent nested virtualization

Intel:

echo "options kvm_intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf

AMD:

echo "options kvm_amd nested=1" | sudo tee /etc/modprobe.d/kvm-amd.conf

Optimise Host with TuneD

1. Enable TuneD daemon

sudo systemctl enable --now tuned.service

2. Check active TuneD profile

tuned-adm active

Current active profile: balanced

• balanced - generic profile not specialised for KVM, we will change this.

3. List all TuneD profiles

tuned-adm list

4. Set profile to virtual-host

sudo tuned-adm profile virtual-host

5. Verify that TuneD profile

tuned-adm list

Current active profile: virtual-host

sudo tuned-adm verify

Verification succeeded, current system settings match the preset profile. See TuneD log file ('/var/log/tuned/tuned/log') for details.

Configure bridge interface

1. Find the interface name of your ethernet connection.

sudo nmcli device status

2. create a bridge interface using nmcli

sudo nmcli connection add type bridge con-name bridge0 ifname bridge0

3. connect the ethernet interface to the bridge

sudo nmcli connection add type ethernet slave-type bridge con-name 'Bridge connection 1' \
ifname enp2s0 master bridge0

4. activate the newly created connection

sudo nmcli connection up bridge0

5. enable connection.autoconnect-slaves parameter.

sudo nmcli connection modify bridge0 connection.autoconnect-slaves 1

6. reactivate the bridge and verify connection.

sudo nmcli connection up bridge0
sudo nmcli device status

Libvirt connection modes

Libvirt has two methods for connecting to the KVM Hypervisor, Session and System.

Session Mode

In session mode, a regular user is connected to a per-user instance. Allowing each user to manage their own pool of virtual machines. This is also the default mode.

The advantage of this mode is, permissions are not an issue. As no root access is required.

The disadvantage is this mode uses QEMU User Networking (SLIRP). This is a user-space IP stack, which yields overhead resulting in poor networking performance.

And if you want to implement an option that requires root privileges. You will be unable to do so.

System Mode

In the system mode you are granted access to all system resources.

Granting system-wide access to regular user.

1. check current mode

sudo virsh uri

qemu:///session

2. add the current user to the libvirt group

sudo usermod -aG libvirt $USER

3. set env variable with the default uri and check

echo 'export LIBVIRT_DEFAULT_URI="qemu:///system"' >> ~/.bashrc
sudo virsh uri

Set ACL for the KVM images directory

1. check permissions on the images directory

sudo getfacl /var/lib/libvirt/images

getfacl: Removing leading '/' from absolute path names
# file : var/lib/libvirt/images/
# owner: root
# group: root
user::rwx
group::--x
other::--x

2. recursively remove existing ACL permissions

sudo setfacl -R -b /var/lib/libvirt/images/

3. recursively grant permission to the current user

sudo setfacl -R -m "u:${USER}:rwX" /var/lib/libvirt/images/

• uppercase X states that execution permission only applied to child folders and not child files.

4. enable special permissions default ACL

sudo setfacl -m "d:u:${USER}:rwx" /var/lib/libvirt/images/

• if this step is omitted, new dirs or files created within the images directory will not have this ACL set.

5. verify your ACL permissions within the images directory.

sudo getfacl /var/lib/libvirt/images/

getfacl: Removing leading '/' from absolute path names
# file : var/lib/libvirt/images/
# owner: root
# group: root
user::rwx
user:tatum:rwx
group::--x
mask::rwx
other::--x
default:user::rwx
default:user:tatum:rwx
default:group::--x
default:mask::rwx
default:other::--x

Reference

QEMU-KVM Installation for Arch Linux

QEMU-KVM Installation for Arch Linux . GitHub Gist: instantly share code, notes, and snippets.

Gist262588213843476