KVM ?? Debian Stretch

????????? ???????????
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ stretch main

aptitude update
aptitude install bridge-utils kvm libvirt-bin virtinst isc-dhcp-server iptables-persistent vim

??????? ??????? ???? ??? ??????????? ?????
vim /etc/network/interfaces:

auto br0
allow-hotplug br0
iface br0 inet static
        address 192.168.40.1
        gateway 192.168.40.1
        bridge_ports eth0
        bridge_stp off
        bridge_maxwait 0

/etc/init.d/networking stop && /etc/init.d/networking start

??????????? DHCP ??????
vim /etc/dhcp/dhcpd.conf:

option domain-name "example.com";
option domain-name-servers 192.168.40.1;
default-lease-time 3600;
max-lease-time 43200;
authoritative;
ddns-update-style none;
log-facility local7;
subnet 192.168.40.0 netmask 255.255.255.0 {
default-lease-time 3600;
option domain-name "example.com";
option subnet-mask 255.255.255.0;
option routers 192.168.40.1;
range 192.168.40.2 192.168.40.30;
}
vim /etc/default/isc-dhcp-server
INTERFACES="br0"
/etc/init.d/isc-dhcp-server restart ???????? ????????? ??????? vim /etc/sysctl.conf:
net.ipv4.ip_forward=1

sysctl -p

??????????? kvm ?? ???????? ?????????? ??????? spice
??????? ????????????? ??????????? TLS
mkdir /etc/ssl/spicetls
cd /etc/ssl/spicetls
openssl genrsa -des3 -out ca-key.pem 1024
openssl req -new -x509 -days 7300 -key ca-key.pem -out ca-cert.pem
openssl genrsa -out server-key.pem 1024
openssl req -new -key server-key.pem -out server-key.csr
openssl x509 -req -days 7300 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
openssl rsa -in server-key.pem -out server-key.pem.insecure
mv server-key.pem server-key.pem.secure
mv server-key.pem.insecure server-key.pem

vim /etc/libvirt/qemu.conf:

spice_listen = "0.0.0.0"
spice_tls = 1
spice_tls_x509_cert_dir = "/etc/ssl/spicetls/"

/etc/init.d/libvirtd restart

??????? ??????????? ??????
??????????? ??? ??? ???????? ??????????? ??????? ??????
pool-define-as ssd dir --target /root/kvm/
pool-start ssd
pool-autostart ssd

????????? ?????????
virt-install --name deb --ram 1024 --vcpus=6 --boot cdrom,hd,network,menu=on --cdrom=debian-testing-amd64-DVD-1.iso --disk pool=ssd,bus=ide,size=20,format=qcow2,io=native --network bridge=br0,model=e1000 --graphics spice,port=52000,listen=0.0.0.0,keymap=en-us,password=mypasswd --noautoconsole --hvm --soundhw=ac97 --video qxl --channel spicevmc

??? ?????????? ??????????? ??????? ????? ?????????? ?????? spice
Linux: spice-client-gtk (? ??????? ????????? spicy), virt-manager ??? virt-viewer
Windows: virt-viewer (https://virt-manager.org/download/sources/virt-viewer/virt-viewer-x64-3.1.msi)

? ???????? ?? ????? ?????????? ??????????
aptitude install spice-vdagent
?? Windows http://www.spice-space.org/download/windows/spice-guest-tools/spice-guest-tools-0.100.exe

????????? ????? ? ???????? NAT
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.40.0/24 -d 192.168.40.1 -i br0 -p tcp -m state --state NEW --dport 52000 -j ACCEPT
iptables -I INPUT 3 -s 192.168.40.0/24 -d 192.168.40.1 -i br0 -p udp --dport 67 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -s 192.168.40.0/24 -o eth0 -j SNAT --to-source 192.168.40.1
/etc/init.d/netfilter-persistent save

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *