How to install KVM server on Debian 9/10 Headless Server

Steps for install KVM server on Debian Linux 9.x/10.x server

1. The host server located in the remote data center and it is a headless server.
2. All commands in this tutorial typed over the ssh based session.
3. You need a vnc client to install the guest operating system.
4. In this tutorial, you will learn how to install KVM software on Debian Linux 9.x server and use KVM to setup your first guest VM.

Follow installation steps of KVM on Debian Linux 9.x/10.x headless sever

Step 1: Install kvm

Type the following apt-get command/apt command:
$ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils libguestfs-tools genisoimage virtinst libosinfo-bin

Allow normal user to manage virtual machine

If you want normal/regular user can manage virtual machines. Add user vivek to libvirt and libvirt-qemu using usermod command:
$ sudo adduser vivek libvirt
$ sudo adduser vivek libvirt-qemu
Reload group membership with the help of newgrp command:
$ newgrp libvirt
$ newgrp libvirt-qemu
Verify your group membership with id command:
$ id
Please note that you need to use the following command to connect to KVM server:
$ virsh --connect qemu:///system
$ virsh --connect qemu:///system command
$ virsh --connect qemu:///system list --all

Step 2: Verify kvm installation on Debain

Run the following egrep command to verify that Intel VMX or AMD SVM supported on your CPU:
$ egrep --color 'vmx|svm' /proc/cpuinfo
Sample outputs:

rf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm epb kaiser tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm epb kaiser tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts

Step 3: Configure bridged networking on Debian

I am going to create bridge Interface br0 as the network connection in VM guests configuration for eth0 interface:
$ sudo vi /etc/network/interfaces.d/br0
Append the following:

## make sure all config related to eth0 deleted ##
auto br0
iface br0 inet static
	address 192.168.2.23        ## set up/netmask/broadcast/gateway as per your setup
	broadcast 192.168.2.255
	netmask 255.255.255.0
	gateway 192.168.2.254
	bridge_ports eth0    # replace eth0 with your actual interface name
	bridge_stp off       # disable Spanning Tree Protocol
        bridge_waitport 0    # no delay before a port becomes available
        bridge_fd 0          # no forwarding delay

Restart the networking service on Linux:
$ sudo systemctl restart network-manager
To see current networking setting for KVM, run:
$ sudo virsh net-list --all
Sample outputs:

 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              inactive   no            yes

You need to configure a KVM guest domain on a bridged network. So create a file named bridge.xml as follows a text editor such as NA command:
$ sudo vi /root/bridged.xml
Append the following config:

<network>
  <name>br0</name>
  <forward mode="bridge"/>
  <bridge name="br0"/>
</network>

Save and close the file in vi/vim.
$ sudo virsh net-define --file /root/bridged.xml
$ sudo virsh net-autostart br0
$ sudo virsh net-start br0

Step 4: Create your first virtual machine using an ISO image installer

I am going to create a CentOS 7.x VM. First, grab CentOS 7.x latest ISO image:
$ cd /var/lib/libvirt/boot/
$ sudo wget https://mirrors.kernel.org/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1708.iso

Create CentOS 7 VM

In this example, I’m creating CentOS 7.x VM with 2GB RAM, 2 CPU core, 1 nic and 40GB disk space, enter:
$ sudo virt-install \
--virt-type=kvm \
--name centos7 \
--ram 2048 \
--vcpus=2 \
--os-variant=rhel7 \
--virt-type=kvm \
--hvm \
--cdrom=/var/lib/libvirt/boot/CentOS-7-x86_64-DVD-1708.iso \
--network=bridge=br0,model=virtio \
--graphics vnc \
--disk path=/var/lib/libvirt/images/centos7.qcow2,size=40,bus=virtio,format=qcow2
To configure vnc login from another terminal over ssh and type:
$ sudo virsh dumpxml centos7 | grep vnc
<graphics type='vnc' port='5901' autoport='yes' listen='127.0.0.1'>
You can also use the following command:
$ sudo virsh vncdisplay centos7
Please note down the port value (i.e. 5901). You need to use an SSH client to setup tunnel and a VNC client to access the remote vnc server. Type the following SSH port forwarding command from your client/desktop:
$ ssh vivek@server1.cyberciti.biz -L 5901:127.0.0.1:5901
Once you have ssh tunnel established, you can point your VNC client at your own 127.0.0.1 (localhost) address and port 5901 as follows:

Fig.01 : VNC client to complete CentOS 7.x installation

Fig.02: CentOS 7.x installation on KVM based VM

Step 5 – Use virt-builder to create VM

Above method (virt-install) works nicely but if you need quickly building new virtual machines, try virt-builder.

How to list the virtual machines available

$ virt-builder --list | more
You can use the grep command to filter out only x86_64 arch based VMs:
$ virt-builder --list | grep x86_64
Sample outputs:

opensuse-13.1            x86_64     openSUSE 13.1
opensuse-13.2            x86_64     openSUSE 13.2
opensuse-42.1            x86_64     openSUSE Leap 42.1
opensuse-tumbleweed      x86_64     openSUSE Tumbleweed
centos-6                 x86_64     CentOS 6.6
centos-7.0               x86_64     CentOS 7.0
centos-7.1               x86_64     CentOS 7.1
centos-7.2               x86_64     CentOS 7.2
centos-7.3               x86_64     CentOS 7.3
centos-7.4               x86_64     CentOS 7.4
cirros-0.3.1             x86_64     CirrOS 0.3.1
cirros-0.3.5             x86_64     CirrOS 0.3.5
debian-6                 x86_64     Debian 6 (Squeeze)
debian-7                 x86_64     Debian 7 (wheezy)
debian-8                 x86_64     Debian 8 (jessie)
debian-9                 x86_64     Debian 9 (stretch)
fedora-18                x86_64     Fedora® 18
fedora-19                x86_64     Fedora® 19
fedora-20                x86_64     Fedora® 20
fedora-21                x86_64     Fedora® 21 Server
fedora-22                x86_64     Fedora® 22 Server
fedora-23                x86_64     Fedora® 23 Server
fedora-24                x86_64     Fedora® 24 Server
fedora-25                x86_64     Fedora® 25 Server
fedora-26                x86_64     Fedora® 26 Server
fedora-27                x86_64     Fedora® 27 Server
freebsd-11.1             x86_64     FreeBSD 11.1
scientificlinux-6        x86_64     Scientific Linux 6.5
ubuntu-10.04             x86_64     Ubuntu 10.04 (Lucid)
ubuntu-12.04             x86_64     Ubuntu 12.04 (Precise)
ubuntu-14.04             x86_64     Ubuntu 14.04 (Trusty)
ubuntu-16.04             x86_64     Ubuntu 16.04 (Xenial)

To see additional notes for any os run:
$ virt-builder --notes ubuntu-16.04
$ virt-builder --notes debian-9
Sample outputs:

Debian 9 (stretch)
 
This is a minimal Debian install.
 
This image does not contain SSH host keys.  To regenerate them use:
 
    --firstboot-command "dpkg-reconfigure openssh-server"
 
This template was generated by a script in the libguestfs source tree:
    builder/templates/make-template.ml
Associated files used to prepare this template can be found in the
same directory.

Create Debian 9.x VM

Create Debian 9 VM with 10GB disk space, 2GB ram, 2 vCPU and random password for root account, run:
$ sudo virt-builder debian-9 \
--size=10G \
--format qcow2 -o /var/lib/libvirt/images/debian9-vm1.qcow2 \
--hostname debain9-vm1 \
--network \
--timezone Asia/Kolkata

Finally import image with virt-install command:
$ sudo virt-install --import --name debian9-vm1 \
--ram 2048 \
--vcpu 2 \
--disk path=/var/lib/libvirt/images/debian9-vm1.qcow2,format=qcow2 \
--os-variant debian9 \
--network=bridge=br0,model=virtio \
--noautoconsole
Sample outputs:

Starting install...
Creating domain...  
Domain creation completed.

You can login to your VM using x0E4iZ8sHjA6ekb6 password for root account:
$ sudo virsh list --all
$ virsh console debian9-vm1

You must disable root account for ssh session and create ssh keys for your VM. Login as above:
# dpkg-reconfigure openssh-server
# useradd -r -m -d /home/vivek -s /bin/bash vivek
# passwd vivek
# systemctl enable ssh
### [ Disable root user login when using ssh ] ###
# echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
# systemctl restart ssh
# ip a s
Verify that you can login using an IP address for vivek user and use ‘su -‘ to become a root user:
$ ssh vivek@192.168.2.132
$ su -

Useful commands

Let us see some useful commands.

Find the list of the accepted OS variants

$ osinfo-query os | less
$ osinfo-query os | grep debian
$ osinfo-query os | grep freebsd

List a running vms/domains

$ sudo virsh list

Shutodwn a vm/domain called debian9-vm1

$ sudo virsh shutdown debian9-vm1

Start a vm/domain called debian9-vm1

$ sudo virsh start debian9-vm1

Suspend a vm/domain called debian9-vm1

$ sudo virsh suspend debian9-vm1

Reboot (soft & safe reboot) a vm/domain called debian9-vm1

$ sudo virsh reboot debian9-vm1

Reset (hard reset/not safe) a vm/domain called debian9-vm1

$ sudo virsh reset debian9-vm1

Delete/remove a vm/domain called debian9-vm1

$ sudo virsh undefine debian9-vm1
$ sudo virsh destroy debian9-vm1
To see a complete list of virsh command type
$ virsh help | less
$ virsh help | grep reboot