IP-KVM Using QEMU

Sometimes it is hard to work with servers without including KVM in the workspace. For example, when dealing with any kind of malfunction of the operating system installed on the remote PC. In such cases, a service called KVM-over-IP becomes quite useful. Thanks to this piece of software you can simplify tasks like rebooting the server, diagnosing system faults, or even accessing the BIOS of a remote device. All these procedures stay accessible even if you have no access to an external IP address because of protocols RDP and SSH (in these cases a special dedicated address is used)

A bit of terminology

Hypervisor KVM (Kernel-based Virtual Machine) is a separate module that works like a manager of a virtual machine. It makes it possible to launch different types of software hiding all the server's hardware from this software. It can be considered a pipeline between the "bare metal" of the server and applications working on that server as a guest process. At the same time, KVM itself has access to all the resources of the PC (CPU, RAM, SSD or HDD).

When you use KVM and QEMU together you should try to control this combination with a QEMU monitor. It is a command-line utility that can be used to obtain the data coming from the virtual machines launched on the server. The same utility can be used to change some settings on a VM.

Usually, developers and administrators use a QEMU monitor with a QEMU emulator. It is a lightweight program that can create virtual machines for the operating systems made for different processor architectures. For example, the QEMU emulator is often utilized as a tool that makes it possible to use DOS and Windows applications on computers with ARM-chips and vice versa. Furthermore, such utilities help to launch modern software products on relatively old "machines" manufactured before implementing technologies like Intel VT-x or AMD SVM existed.

Connecting to remote KVM

The idea of using KVM is appealing because of the opportunity to include tools like QEMU VNC into an established workflow. QEMU VNC represents a protected channel that helps to pass data between devices in a secure and encrypted manner. To deploy such a channel you only have to turn on default mechanisms like an IPMI or Intel vPro. But it is important to notice that the most secure way to use QEMU VNC is to connect to external devices like IP-KVM because of the more extensive capabilities of the latter.

Features:

1. Restoring images that can be utilized as a fully-fledged OS in cases when you stumbled upon any bugs or faults in the main operating system.

2. Let you launch any kind of software including virtual machines with Linux-based OSes preinstalled.

3. Real server disk drives are used as hardware for future virtual machines.

In Linux-based operating systems such disks are presented as dev/sdX block-devices. On the user side, it looks exactly like regular system files. If a user wants to work with hypervisors like QEMU or VirtualBox he can "communicate" with the hardware part of the server directly. But to do so you have to provide at least 4 gigabytes of RAM to these applications.

Preparing the environment

Before using some functions of KVM (like restoring OS) you have to create special restoring images. There are some prerequisites you must consider before starting. You should update all the components of the operating system. Then you need to install QEMU and launch it in tandem with hardware virtualization technology called KVM QEMU. Below, we will look at an example of implementing all the preparation procedures on the FreeBSD OS with package manager Packman.

There are two main steps:

• Open the command line and write a command pacman -Suy that will check for OS updates.

• Then write a command pacman -S qemu that will install the QEMU module.

After that, the OS will be ready to create a restoring image that will be the foundation of the virtual machine restoring module. If necessary, the administrator of the server might want to check updates of other software tools and install them before creating an image (so they save there too). Such an approach might be useful if you just ordered a completely clean server and are going to create your first restoring image.

Start virtual machine

The interesting thing about this kind of virtualisation is that the user has an opportunity to choose how many hardware resources will be dedicated to any virtual machine. And the only restriction is the physical parameters of the remote PC. The amount of hardware resources is chosen by the renters when ordering the server. Let us create a virtual machine with 2 CPU cores, 2 GB of RAM and 2 disks with paths /dev/sda and /dev/sdb respectively.

Here are the commands you must use to create and launch your own virtual machine:

qemu-system-x86_64 \

-m 2048M \ (this will dedicate 2 GB of RAM to the virtual OS)

-net nic -net user \ (create the connection through hypervisor using NAT)

-enable-kvm \ (this one turns full KVM-virtualisation)

-cpu host, nx \ (grants access to all the hardware resources of CPU)

-M pc \ (activates the platform that is compatible with PC)

-smp 2 \ (connects virtual processor with 2 cores)

-vga std \ (selects "default videochip")

-drive file=/dev/sda, format=raw, index=0, media=disk \ (sets up the path to the disk, makes system consider the data on the disk to be raw data and automatizes the process of selecting the number of the disk)

-drive file=/dev/sdb, format=raw, index=1, media=disk \ (does the same thing as a previos command)

-vnc :0, password \ (by default the server will be launched on the following address 0.0.0.0.5900 and authorisation via password will be a requrement)

-monitor stdio (turns on standart IO-streams)

If everything goes right you'll see the following message on the screen:

QEMU 4.0.0 monitor - type 'help' for more information (qemu)

Before the first connection to the KVM virtual machine you'll have to make up a password which will be used as a key for accessing the server. In the case of the QEMU module it is impossible to create passwords longer than 8 symbols. To set up a password use this command:

(qemu) change vnc password
Password: **

In real life cases instead of asterisks we would write a real password. After saving all the information administrators and developers could use any VNC-software like Remmina (it is an optimal solution). In the settings you must indicate the address of the server and the password that was set up earlier. If there are errors the applications will show them all once the system starts.

Install the operating system

At this stage of setting up a virtual machine we must install the operating system that will be used to manipulate the user data. The system on which all the necessary software will be installed. If we use QEMU with Linux, we can install any OS in a virtual machine. Even if you want to work with Windows you'll have such an opportunity. Devices like KN9108 will make it possible to control 8 servers simultaneously.

How to install the OS:

1. Give more RAM so there are no problems with performance and the whole image fits into the block of memory provided.

mount -t tmpfs -o size=4G tmpfs /mnt

2. Load distribution image of selected operating system.

wgte -P /mnt ftp.freebsd.org/pub/FreeBSD/release/amd64/amd64/ISO-IMAGES/12.0/FreeBSD-12.0-RELEASE-amd64-bootonly.iso

3. Launch virtual machine.

qemu-system-x86_64 \

-m 2048M \

-net nic -net user \

-enable-kvm \

-cpu host,nx \

-M pc \

-smp 2 \

-vga std \

-drive file=/dev/sda,format=raw,index=0,media=disk \

-drive file=/dev/sdb,format=raw,index=1,media=disk \

-vnc :0,password \

-monitor stdio \

-cdrom /mnt/FreeBSD-12.0-RELEASE-amd64-bootonly.iso \

-boot d

After that, if any user connects to the virtual machine via VNC-client they will see the loading menu of downloaded images. This image will be connected to the device as a drive D (because of command -boot d). After the the installation process is finished the virtual machine will be ready to do any stuff it is capable of (installing third-party software, loading users' data). The same thing goes with Windows Server and other software platforms.

Conclusion

The example of creating a FreeBSD KVM host as demonstrated above shows how you can create a restoring image that uses a minimal amount of hardware resources while at the same time being an effective tool that can be used as a controlling tool in emergency cases.