Search the OSCAR Documentation
< All Topics
Print

5: Hypervisor Host Server

[Original article by: KC Lai]

Setting up host Linux KVM virtualization server

[This is a part of a series on self-hosting OSCAR. Start by reading the first article.]

Before you start installing OSCAR or any other server applications, consider using a virtualization platform. Virtualization uses a host server that manages various guest servers. There are many options out there to choose from, such as VMware, Windows Hyper-V, Oracle VM VirtualBox, Proxmox VE, Linux KVM, or even Mac Parallels. Consider using an open source virtualization platform such as Proxmox VE and Linux KVM.

Virtualization allows you to save time, money and hardware. It allows for easier hardware management, without the need to reinstall the server software each time you want to upgrade hardware. Instead of installing one server application on one hardware server, you can set up one main server that acts as the hypervisor, on which you can install individual guest servers as virtual machines that run within the host hypervisor. For example, if you set up OSCAR as a virtual machine, the entire OSCAR can be encapsulated on a single image/container file. You can startup or shutdown the OSCAR image without ever having to physically turn off your actual server hardware. If you packed your physical host server with lots of CPU, hard drives, and RAM to start, you can then divvy up how much of these resources to OSCAR and how to much to another server (ie. Windows Server, email server, webserver etc). You can reassign and reallocate CPU cores, RAM, and other hardware resources at will. If you need to move to another more powerful server, it is as simple as copying over the virtualized image/container file. You can also make copies of the server, and test out any changes for practice, before you commit to any actual real changes on the live server.

Examples of other virtual servers running on the hypervisor server:
  • pfSense (virtual firewall appliance)
  • Windows Server: Active Directory, File Server, Remote Desktop environment
  • OSCAR electronic medical record system
  • Hylafax (fax server)
  • Owncloud/Nextcloud (private Dropbox/Google Drive like file server)
  • Asterisk/FreePBX (VoIP PBX system)
  • LDAP server
  • MySQL server
  • ZoneMinder (security system DVR)
  • OpenVPN (VPN server)
  • Zimbra (email server)
  • UCS Univention Corporate Server
  • Xibo (digital signage)
  • WordPress/Joomla/Drupal (web page server)
  • Any test copies of servers

Linux KVM Virtualization Host Server

Setting up the Linux bare metal (Type 1 hypervisor) host server

Before you set up the server, you need to buy a physical server. There are alot to choose from and depending on your needs, it can range from a few  hundred dollars to several thousand dollars. Once you have bought a server that fits your current needs (you can always upgrade to better server later, and easily since with virtualization, you can just move the image/container file), come back to this article on setting up the virtualization server.

Read: Choosing Server Hardware

There are three main server operating systems: Windows, Mac OS or Linux. The majority of the Internet runs on some form of Linux. There are many flavours of Linux, some are commercial, some are open source. The most popular Linux server distributions are: Ubuntu, Red Hat, SUSE, CentOS, Debian, and Oracle Linux. Choose a Linux distribution that works for you. Many big companies also use Red Hat or CentOS. We find Ubuntu Linux the easiest to use.

If you decide to use Proxmox VE as the baremetal hypervisor, then you can skip this section on Linux KVM Virtualization Host Server.

However, here is an example of how to set up Linux KVM on an Ubuntu Server. We install from scratch because it allows you minimize the host server resources (limiting waste and reserving more resourcs for the guest server), and also to reduce the attack surface for vulnerabilities and insecurities.

Step 1: Download Ubuntu Server LTS (Long Term Server)

Go to Canonical’s Ubuntu website and download the latest ISO image.

Burn the ISO to a DVD or make a bootable USB stick with a utility like BalenaEtcher.

Step 2: Enable Virtualization hardware in the BIOS of the server.

If you bought a CPU with VT-x or AMD-V, then you can run virtual servers on one machine. Determine the key to press in order to enter the BIOS screen for the motherboard by Googling the manufacturer name and “BIOS”. Turn on the computer and press the key to enter the BIOS (usually Esc or one of the Function keys). Find the option that says “Intel VT-x” or” Intel Virtualization Technology” or “AMD-V” or “Virtualization Extensions” and enable it. This option may be under a submenu under Processor, or Chipset, or Advanced CPU Configuration or Northbridge. One you have enabled the option, “Save the settings to CMOS and Exit the BIOS”.

Step 3: Install the server with the Ubuntu DVD or bootable USB stick.

You may need to enter the BIOS again and enable the “Boot Order” so the server computer can boot with the DVD drive or a USB. Otherwise, the BIOS may only allow booting from the hard drives (security feature). You can disable this after you finish installing the server.

There are many great online tutorials on how to install Ubuntu Server. Follow these tutorials and customize your installation with the following considerations:

Customization Considerations:

  • Install the baremetal hypervisor server on to a separate SSD (you can hardware RAID that if you are extra careful) that is different than your main RAID hard drives that will store your virtual machines and other files. This way, if you need to replace the much used hard drives, you don’t need to to reinstall the bare metal server.
  • Partition your installation with separate root, boot, mount, and swap partitions:
    • /boot =  1 GB (ext4 file system)
    • swap = 2 GB (if you have lots of RAM, you don’t need much swapfile space)
    • /mnt = 100 MB (ext4 file system) * This prevents backup scripts from filling up the root partition if copying to improperly mounted network drives
    • / = leftover space on the disk (ext4 file system)
  • If you use whole disk encryption at this stage, you run the risk of needing to physically present to manually typing in your root password everytime the server restarts or reboots after a power outage.
  • If you encrypt the “Home” directory, you run the risk of some things stored in your “Home” directory not running until you log in as the user. So don’t store scripts or virtual machine images in your Home directory if you choose to encrypt.
  • Allow Ubuntu to “install important security updates automatically”.
  • If you have the option of runing tasksel during the installation phase, consider installing these at this point (if not, we will show you how later):
    • Virtual Machines KVM
    • OpenSSH server

Various Tutorials and Resources on installing Ubuntu Server

Canonical

LinuxTechi

FossLinux

Step 4: Perform some initial housekeeping items

Once the server is installed, you can remove the installation media and boot in to the server. Using the administrator username and password you created when you installed the server, log in to the server.

Update and upgrade the server:

$ sudo apt-get update && apt-get upgrade

Allow the server to automatically remove unused dependencies (to keep the /boot from filling up). Edit the config file with nano:

$ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Find the line that looks like the following and remove the “//” characters in the beginning of the line (uncomment), and change the parameter to “true”:

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Press Ctrl-O to save, Ctrl-X to exit.

Lower the wait time “Raising networking interfaces….” when booting the server, in case you have multiple network interfaces and not all are connected to a network with DHCP:

$ sudo nano /etc/dhcp/dhclient.conf
Edit the timeout to be 15 seconds:
timeout 15;
Step 5: (Optional) Install a lightweight graphical user interface

Sometime, navigating and operating a server with command line only is difficult. If you prefer a graphical user interface (and you installed the Ubuntu Server edition, and not the Desktop edition) you can install the lightweight GUI XFCE desktop.

$ sudo apt-get update
$ sudo apt-get install xfce4

Whenever you want to start the GUI, type the command:

$ startx

or

$ startxfce4

Now you can use the graphical desktop to load a Terminal window and continue working on your installations.

Step 6: Install OpenSSH Server

If you did not install this originally with Tasksel, then install and configure it now.

$ sudo apt-get update
$ sudo apt-get install openssh-server
$ sudo systemctl enable ssh

Edit the configuration file:

$ sudo nano /etc/ssh/sshd_config
Modify the settings with the following:
PermitRootLogin prohibit-password
MaxAuthTries 10
PasswordAuthentication yes            (choose no if you plan on using SSH key only for SSH login)

Press Ctrl-O to save, Ctrl-X to exit.

Step 7: Install Linux KVM

Install the virtual machine server, virtual machine manager, bridge networking and dependencies:

$ sudo apt-get update
$ sudo apt-get install qemu-kvm-spice libvirt-bin bridge-utils virt-manager

You can run the GUI Virtual Machine Manager from the “System Tool” menu or with the command:

$ virt-manager &
Step 6: Setup Bridge Networking

Bridge networking allows you to connect your virtual machine servers to access the same network connection of the host server (the baremetal hypervisor) and also see each other on the same network.

Examine all the available network interfaces you have and their names and MAC address:

$ sudo ifconfig -a

The names of the network interfaces may be something like: eth0 or ens0 for one network NIC; eth1 or ens1 for a second network NIC

Install dependencies for bridge networking:

$ sudo apt-get install bridge-utils

Configure Bridge Networking (Ubuntu 16 LTS and earlier):

$ sudo nano /etc/network/interfaces

Edit the file to look something like this with your preferred options: (for Ubuntu 16 LTS and earlier)

auto lo
iface lo inet loopback
# Primary network interface
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp off
  bridge_fd 0
  bridge_maxwait 0
post-up ip link set br0 address 00:50:79:f0:ab:a8

# Secondary network interface
# If you have other network interfaces, you can add them below and follow the template above but change the bold items,
# ie. eth1 and br1 instead and the corresponding MAC address as shown with "ifconfig -a" command
# Here is an example of a static IP  configuration

auto eth1
iface eth1 inet manual
auto br1
iface  br1 inet static
  address 192.168.2.10
  netmask 255.255.255.0
  gateway 192.168.2.1
  bridge_ports eth1
  bridge_stp off
  bridge_maxwait 0
post-up ip link set br1 address 00:50:79:f0:ab:a7

Press Ctrl-O to save, Ctrl-X to exit.

Restart the networking service with the command:

$ sudo systemctl restart networking

* You may need to restart the server if the above step doesn’t work

Configure Bridge Networking (Ubuntu 18 LTS and later):

Note: Read these instructions for help on bridge networking on Ubuntu 18 LTS and later.

Ubuntu 18 and later uses Netplan to configure network interfaces:

network:
   version: 2
   renderer: networkd
   ethernets:
      eth0:
         dhcp4: no
   bridges:
      br0:
         dhcp4: yes
         dhcp4-overrides:
            route-metric: 10
         interfaces:
            - eth0
         parameters:
            stp: false
            forward-delay: 0
Press Ctrl-O to save, Ctrl-X to exit.
* The above settings in the yaml file should use exact consistent spacing for indents, not tabs. If the spacing is off a little for the indents, Netplan will not load the yaml file.
* Note: “stp” should be “false” and “forward-delay” should be “0” for some services like OpenVPN to work.

Load the netplan yaml file changes:

$ sudo netplan generate
$ sudo netplan apply

* If netplan fails to generate, check your yaml file for proper indentation and formatting. Use consistent number of space for indenting, not tab.

Now you can start creating guest Virtual Machines (VM’s) and install OSCAR!

Read Next: Install OSCAR

Other Commands:

Logging out:

$ exit

Shutting down the server:

$ sudo shutdown -P now
Restarting the server:
$ sudo shutdown -r now

Show network route (including metric):

$ sudo route -n

Read Next: Install OSCAR on a Virtual Machine

Other Optional Installation:
  • terminator
  • fail2ban
  • google-chrome-stable
  • gnome-system-monitor
  • gedit
  • ifmetric
Table of Contents