Install a KVM host on Ubuntu 14.04 Trusty Tahr

How to install a KVM host and configure KVM with libvirt and Open vSwitch on Ubuntu 14.04 Trusty Tahr. The following steps have been tested on freshly installed server installation. Let’s start from scratch by installing all required packages.

Install required packages

# apt-get install openvswitch-switch qemu-kvm libvirt-bin

And wait until all packages are downloaded and installed.
Afterwards, let’s continue by destroying the default bridge and creating the new ovs bridge.

Setup networking

# ovs-vsctl add-br ovsbr0
# virsh net-destroy default

Edit the config from the default bridge with this command.

# virsh net-edit default

And make sure, you change the file to this:

<network>
<name>ovsbr0</name>
<forward mode='bridge'/>
<bridge name='ovsbr0'/>
<virtualport type='openvswitch'/>
</network>

Remove the old bridge completely and make sure the new bridge is autostarted.

# virsh net-undefine default
# virsh net-autostart ovsbr0

I’d like to keep my networking configuration in /etc/network/interfaces. That’s why I added the following section to that file.

auto ovsbr0
iface ovsbr0 inet static
   address 172.16.11.1
   network 172.16.11.0
   netmask 255.255.255.0
   broadcast 172.16.11.255

iface ovsbr0 inet6 static
   address 2001:xxxx:xxxx:1::1
   netmask 64

Test new installed KVM host

Now reboot your machine and check with following commands if you’re network is properly configured.

# virsh net-list
# ip addr
# ovs-vsctl show

Congratulations! You’ve installed a KVM host. Now you can proceed and install virtual machines on this new host. The network interfaces will be added to the freshly created Open vSwitch bridge.

Edit on 2014/05/14 : changed the ovsbr0 XML file
Edit in 2014/05/28 : only tested on a Server installation of Ubuntu 14.04

16 thoughts on “Install a KVM host on Ubuntu 14.04 Trusty Tahr

  1. Bifrozt

    Thanks for the article!
    Glad to see its “a bit” easier to get KVM running with openswitch than on 12.04 🙂

    Got a couple of questions tho.
    – #1: ‘virsh net-show”
    This command was not recognized by virsh on my 14.04, should this be ‘virsh net-list’ or do i have an issue with my installation?
    – #2: multiple interfaces
    I’m going to add a second network interface (eth1) to my 14.04 that will be connected to a different network segment (eth1: 10.133.4.0/24) than the primary interface (eth0: 172.16.9.0/24).
    Is there any way to configure ovsbr0 to only accept connections on eth0 or will this be handled by configuring ovsbr0 to be on the required subnet?
    – #3: firewall
    Would you recommend that i configure firewall rules for ovsbr0 as well?

    Cheers

    Bifrozt

    Reply
    1. Thomas Elsen Post author

      Hi Bifrozt,

      #1 -> You’re right. I’ve corrected the article.
      #2 -> You’re right, will be handled by configuring ovsbr0 on the required subnet.
      #3 -> I’d certainly do that. This is your external interface so you should lock it down.

      Chreers

      Thomas

      Reply
  2. ahmed

    Hello;

    Thanks for this guide , I have one question please “how I can keep NAT and Bridge together?”

    Reply
    1. Thomas Elsen Post author

      Hi Admed,

      You can add a line after ‘broadcast 172.16.11.255’ in /etc/network/interfaces.
      This line : ‘post-up /etc/network/firewallscript.sh’

      That executable script can load firewall and NAT rules. Obviously you’d have to create the script manually.

      Make sure to create 1 hide nat rule like this in the script.
      iptables -t nat -A POSTROUTING -o eth0 -s 172.16.11.0/24 -j SNAT --to 123.123.123.123
      This line assumes that eth0 is your external interface and ‘123.123.123.132’ is the external IP address on that interface.

      Obviously it’s wise to use this script to create regular firewall rules as well.

      Best regards,
      Thomas

      Reply
  3. riccardo

    hi thomas,
    first I want to thank you for writing this guide, second I need your help.
    When I edit and change the parameters inside of default int by the command $: virsh net-edit default , as you reported I receive this error:

    error: XML error: bridge delay/stp options only allowed in route, nat, and isolated mode, not in bridge (network ‘ovsbr0’)
    Failed. Try again? [y,n,f,?]:

    as reports from the error we can set mode option just for nat, isolated mode and route mode, not for bridge, is it true? and if it’s true which is the correct configruation? thank a lot!

    Reply
  4. Shlomo

    # virsh net-autostart ovsbr0
    This fails on my fresh Ubuntu 14.04 Desktop installation. It doesn’t know about any network named “ovsbr0”, and that’s after I ran all the previous commands. I tried to delete ovsbr0 and undefine it, and it similarly complains; furthermore, when I try to recreate it, it complains of a network already existing by that name! I had to apt-get purge libvirt-bin, manually delete the folders /etc/libvirt/ and /var/lib/libvirt/, and reinstall libvirt-bin in order to get “default” back, BTW.

    Also, are you sure this plays nicely with NetworkManager, the default on Ubuntu Desktop? If you don’t have it installed, maybe you should mention that, or mention that you’re using Ubuntu Server if you are, since you said you were doing this “from scratch”.

    Thanks.

    Reply
    1. Thomas Elsen Post author

      Hi Shlomo,

      You’re right. I’ve only tested it on a server installation. Not an a typical desktop installation. I assumed this wouldn’t make a difference. My bad…

      Guide has been edited.

      Best regards,
      Thomas

      Reply
  5. runelind

    Don’t you need to bridge ovsbr0 to a physical interface? I followed your instructions, but wasn’t able to ping out from the server.

    Reply
        1. Thomas Elsen Post author

          First : thanks a lot!
          2nd: I didn’t bridge it to the external interface. The ovsbr0 has its own IP address 172.16.11.1 and I use the routing capabilities on the host to get out to the internet.

          Reply
  6. Thiago

    Works like a charm! For both IPv4 and IPv6 bridged networks… Also, works for OpenvSwitch fake bridges (a.k.a. vlanXXX)… Tks!

    Reply
  7. Sycrid

    Do you need to do something special to edit the file with Virsh? It seems that when ever I type things just go crazy, I can’t even delete correctly. Any advice?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *