Fabric server
I use Debian for all my servers and I will explain why at a later time.
First we need to install the "fabric", server that will be used to install virtual servers. Ideally, it should not be accessible to anyone other than the person who will administer it. There is nothing strange, we do a standard installation but deselect the graphical interface and select Open ssh server.
After installing the operating system we need to do some configuration. So lets logon as root.
Basic configuration
Generating locales
Set the system language to English to make it easier to find problems in the logs:
apt install locales-all
localectl set-locale LANG=en_US.utf8
localectl statusUpdate Debian and install the necessary administration tools
apt update
apt install wget sudo screen nmap telnet tcpdump rsync net-tools dnsutils htop \
apt-transport-https vim gnupg lsb-releaseCreate nano /etc/sudoers.d/10-nopasswd and add:
%emir ALL=(ALL) NOPASSWD: ALLConfigure VIM
Open nano /etc/vim/vimrc and replace all its contents with:
runtime! debian.vim
syntax on
set background=dark
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
filetype plugin indent on
set encoding=utf-8
set nobackup
set nowritebackup
set showcmd
set updatetime=300
set showmatch
set ignorecase
set smartcase
set incsearch
set tabstop=2
set softtabstop=2
set shiftwidth=2
set expandtab
if filereadable("/etc/vim/vimrc.local")
source /etc/vim/vimrc.local
endifCreate users vim config file nano ~/.vimrcand add:
set mouse=
set nocompatible
set cursorline
set nocursorcolumn
set nowrap
set showmode
set hlsearch
set wildmenu
set wildmode=list:longest
set wildignore=*.docx,*.jpg,*.png,*.gif,*.pdf,*.pyc,*.exe,*.flv,*.img,*.xlsxReboot system and logon as regular user. In my case emir.
Set same vim user preferences as above for current user.
Virtualization
Configure folders
sudo mkdir -p /srv/virt/vmdisks
sudo mkdir -p /srv/virt/isoConfirm Virtualization support
egrep -c '(vmx|svm)' /proc/cpuinfo
grep -E --color '(vmx|svm)' /proc/cpuinfoAs you run the above commands to confirm virtualization is enabled or not, the output will be more than zero. And if not then first you have to reboot your system and enter system BIOS. Enable the virtualization and then boot to OS where again the run the above command to confirm the same.
Install QEMU-KVM & Libvirt
sudo apt install qemu-system libvirt-daemon-system qemu-kvm \
libvirt-clients libvirt-daemon-system bridge-utils dnsmasq virtinst \
libvirt-daemon virt-manager net-toolsMake Network active and auto-restart
sudo virsh net-start default
sudo virsh net-autostart default
sudo modprobe vhost_net
lsmod | grep vhost
# if vhost_net does not exist in /etc/modules run:
sudo echo "vhost_net" | sudo tee -a /etc/modules Create Bridge Network
Although the KVM comes with a bridge network interface called “virbr0″ setup out of the box, however, that won’t let us access the KVM virtual machine out of the host PC using some other computer in the network because of the IP range assigned by it. Therefore, we will create our own full-bridge interface over the physical nic of the host system that will have the IP range of our network.
Find the physical network interface attached to your host system that you want
to use for the bridge ip a and edit your network interface file
sudo vim /etc/network/interfaces.
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eno1
auto br0
iface br0 inet static
address 10.115.100.2/24
gateway 10.115.100.1
bridge_ports eno1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8 8.8.4.4
dns-search yourdomain.comSecond disk
Read this chapter if, like me, you use a different disk for virtual machines.
You can check to ensure the hard drive was picked up by the server using a few methods:
Dmesg will give you the last several events on the server the drive should have been given a /dev/ label (Ex: /dev/sdc)
dmesgAnother method you can use is to check fdisk for a new drive in the list:
fdisk -lEither method you choose should display the drive if it was picked up by the OS you may need to detach and reconnect the drive if you go the dmesg route and the drive was connected a long time ago.
Once you have established the drive was reckognized by the OS you will need to format it using your preferred method. (fdisk/parted/etc.) After you have formatted the drive you will need to create a FS on the drive and it is ready to mount. See the bottom of this post for step-by-step if you are not familiar with the formatting/FS creation process.
Make a directory to mount the new drive to (I will use existing /srv):
sudo mkdir -p /new/drive/Mount the drive to the new directory:
sudo mount /dev/sdb1 /new/driveBe sure to add the following to sudo vim /etc/fstab if you wish for the mount
to survive a reboot of the machine:
/dev/sdb1 /new/drive ext4 defaults 0 1For Example: (Assuming the new drive is /dev/sdb and assuming you wish to use ext4 as your FS type and you plan to use the entire disk)
sudo parted /dev/sdb
mklabel
gpt # label type
mkpart
srv # partition name
ext4 # File system type (ext3,ext4,etc.)
1 # Partition Starting point
100% # Partition ending point
quit # exit parted
sudo mkfs.ext4 /dev/sdb1Create a Storage Pool
A storage pool can be created using both the virsh command-line tool. The virsh
command-line tool allows you to define all parameters. In this example pool is
called vmdisks:
sudo virsh pool-define-as \
--name vmdisks \
--type dir \
--target /srv/virt/vmdisks
sudo virsh pool-start --build vmdisks
sudo virsh pool-autostart vmdisks
sudo virsh pool-list --allFinally, review the storage pool information:
sudo virsh pool-info vmdisksUseful commands
sudo virsh console VM (or ID) # Escape character is ^] (Ctrl + ])
sudo virsh destroy VM # force shutdown
sudo virsh shutdown VM
sudo virsh start VM
sudo virsh edit VM
sudo virsh undefine VM # delete VM and then delete disk if actuellt
sudo virsh list --all
sudo virsh vncdisplay VMConfigure SSH logon with keys
Create keypair on client macshine:
ssh-keygenTransfer pub key to destination machine:
ssh-copy-id -i ~/.ssh/id_rsa.pub root@{IP-ADDRESS-OR-FQDN}other ways to transfer pub keY
You can copu pub key with scp then run:
cat id_rsa.pub >> ~/.ssh/authorized_keysOr from windows:
type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {IP-ADDRESS-OR-FQDN} "cat >> .ssh/authorized_keys"My design
| Server | IPv4 address | IPv6 address | Description |
|---|---|---|---|
| gateway | 10.115.100.1 | fd55:cdbc:12df::1/64 | fire |
| fabric | 10.115.100.2 | fd55:cdbc:12df::2/64 | KVM host |
| ca | 10.115.100.3 | fd55:cdbc:12df::3/64 | Certificate server |
| dc01 | 10.115.100.4 | fd55:cdbc:12df::4/64 | Domain controller (PDC) |
| dc02 | 10.115.100.5 | fd55:cdbc:12df::5/64 | Second domain controller |
| srv01 | 10.115.100.6 | fd55:cdbc:12df::6/64 | Applications server |
| srv02 | 10.115.100.7 | fd55:cdbc:12df::7/64 | HA applications server |
| 10.115.100.8 | fd55:cdbc:12df::8/64 | Mail server |
Virtual servers
As for virtual servers, we will install a certificate server, two domain controllers (samba), two database (MariaDB) servers for high availability, e-mail server with webmail (iRedMail), a Nextcloud server and Diaspora server. All services run on Debian servers. Although we can administer everything from Debian, we will end up using Windows 11 with RSAT just to show that it works.
There are several ways to install virtual server. We can use VLC for graphical installation (useful if installing Windows). You can choose to install from the ISO image placed on the server or over the Internet. I usually install Debian server over the internet and without a graphical interface.
Now let's install our first virtual server. I choose certificate server ->