KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.
QEMU’s system emulation provides a virtual model of a machine (CPU, memory and emulated devices) to run a guest OS. It supports a number of hypervisors (known as accelerators) as well as a JIT known as the Tiny Code Generator (TCG) capable of emulating many CPUs.
libvirt is a toolkit to manage virtualization platforms.
libvirt website
Linux KVM website
QEMU website
My system: MSI Mortar B550M / AMD Ryzen 7 5800X / 32Gb RAM / Debian Bookworm – it is a desktop PC that is my tiny lab too.
Pre Checks
Check the CPU for hardware virtualization support (amd-v here).
lscpu |grep -i virtualization
Virtualization: AMD-V
The IOMMU must be supported by the CPU and the motherboard as well for optimal virtual machine performance.
sudo dmesg | grep -e DMAR -e IOMMU -e AMD-Vi
(...)
[ 0.310709] perf/amd_iommu: Detected AMD IOMMU #0 (2 banks, 4 counters/bank).
If the system is compatible with the virtualization, then the necessary packages can be installed.
Installation
KVM is part of the Linux kernel, and the rest can be installed from the Debian repository:
sudo apt install qemu-kvm qemu-utils \
libvirt-daemon-system libvirt-clients \
virtinst virt-manager
The command will install the necessary packages and dependencies.
Post Checks
After the installation the libvirtd must be enabled and it must be running:
systemctl status libvirtd
If it is not enabled or running by default:
systemctl enable --now libvirtd
Let’s check if every tool was installed perfectly:
kvm --version
virsh --version
lsmod |grep kvm
The libvirt can check the host for the necessary QEMU configuration and support:
sudo virt-host-validate qemu
All parameters must pass.
User Permissions
Add your user to the necessary groups to be able to use KVM virtualization as a non-root user:
sudo usermod -aG libvirt tmolnar
sudo usermod -aG kvm tmolnar
The libvirt default URI should be the system resource:
sudo virsh uri
echo "export LIBVIRT_DEFAULT_URI='qemu:///system'" >> ~/.bashrc
source .bashrc
By default the virtual images are stored in the /var/lib/libvirt/images directory. An ordinary non-root user does not have read/write permissions here.
Some virsh subcommands for a better management, and the virsh documentation.
Let’s use Linux ACLs to fix this:
sudo setfacl -R -b /var/lib/libvirt/images
sudo setfacl -R -m u:tmolnar:rwX /var/lib/libvirt/images
sudo setfacl -m d:u:tmolnar:rwx /var/lib/libvirt/images
getfacl /var/lib/libvirt/images
Now you have read/write access to the images directory.
More info about Linux ACLs at the Red Hat sysadmin blog and at geeksforgeeks.
The Arch Wiki has an extensive tutorial about it too.
NAT Network Config
By default, QEMU uses macvtap in VEPA mode to provide NAT internet access or bridged access with other guests. The default network will allow the virtual machines to connect to the internet. You have to enable this network.
sudo virsh net-list
sudo virsh net-start default
sudo virsh net-autostart default
Bridge Network Config
Creating a bridge network enables the hypervisor to place the virtual machines into the same network.
A bridge device can be created for a network bridge:
sudo nmcli device status
sudo nmcli connection add type bridge con-name bridge0 ifname bridge0
sudo nmcli connection add type ethernet slave-type bridge con-name 'Bridge connection 1' ifname enp42s0 master bridge0
sudo nmcli connection up bridge0
sudo nmcli connection modify bridge0 connection.autoconnect-slaves 1
sudo nmcli connection up bridge0
sudo nmcli device status
Some NetworkManager quickstart can be found in the Arch Wiki.
If you want to discuss the topic with other technology-minded people, join my Discord: https://discord.gg/YbSYGsQYES
Now we have an IRC channel as well: irc.libera.chat / #tomsitcafe
Tom's IT Cafe 