1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
Author: Jesús E.
Category: Tutorial
Date: 2020-05-03 03:12
Modified: 2022-02-25 05:57
Diaspora: https://diasp.org/u/heckyel
Image: 2020/05/virt-manager.jpg
Lang: en
Mastodom: https://masto.nobigtech.es/@heckyel
Save_as: install-a-virtual-machine-manager-on-hyperbola-gnulinux-libre/index.html
Slug: instalar-un-gestor-de-maquinas-virtuales-en-hyperbola-gnulinux-libre
Tags: virtual machine, tutorial
Title: Install a virtual machine manager in Hyperbola GNU/Linux-libre
URL: install-a-virtual-machine-manager-on-hyperbola-gnulinux-libre/
Your host may be Hyperbola GNU/Linux-libre x86_64 architecture, for example,
but with enough memory and processing power you could run
[Trisquel][trisquel]{:target="_blank" rel="noopener noreferrer"} and
[Dragora][dragora]{:target="_blank" rel="noopener noreferrer"}
at the same time, on the same machine.
## What is a virtual machine?
A virtual machine is software that simulates a computer system and can
execute programs as if it were a real computer. This software was
originally defined as "an efficient and isolated duplicate of a
physical machine".
## What programs allow me to run a virtual machine?
In totally free operating systems there is a program
called `qemu` that allows us to virtualize.
[Qemu][qemu]{:target="_blank" rel="noopener noreferrer"}
works through the command line, but there are
also GUIs.
In this guide we explain how to install
[Virtual Machine Manager][vm]{:target="_blank" rel="noopener noreferrer"}
which is very complete when virtualizing operating systems.
## Virtual Machine Manager installation
### Check if your PC supports virtualization
:::console
$ LC_ALL=C lscpu | grep Virtualization
or run the command:
:::console
$ lsmod | grep kvm
If your computer supports virtualization, you should see the
output as `Virtualization: VT-x` or `Virtualization: AMD-V`,
otherwise your computer is not capable of virtualizing.
### Virtual Machine Manager Installing
:::console
# pacman -Sy
# pacman -S virt-manager qemu vde2 dnsmasq bridge-utils libvirt
# gpasswd -a <your-user> kvm
# gpasswd -a <your-user> libvirt
### Check kvm group
:::console
# grep -E 'group="kvm"|group="78"' /etc/libvirt/qemu.conf
Check if there is `group="kvm"` or `group="78"`
### Enable kernel modules for virtualization
- kvm_intel module (Intel processors)
:::console
# modprobe kvm_intel
- kvm_amd module (AMD processors)
:::console
# modprobe kvm_amd
### Verify that the virtual machine is configured correctly
:::console
$ virt-host-validate
### Services
Virt-Manager relies on `libvirtd` services to function.
Here we explain how to start these service:
#### Start libvirtd
:::console
# rc-service libvirtd start
#### Add libvirtd for default
:::console
# rc-update add libvirtd default
#### Remove Service
If you want to remove the service and start
only when you want, run:
:::console
# rc-update del libvirtd default
### Enable nested virtualization in KVM
Nested virtualization allows you to run a virtual machine (VM)
within another VM while still using host hardware acceleration.
#### Checking if nested virtualization is supported
For Intel processors, check the
`/sys/module/kvm_intel/parameters/nested` file.
For AMD processors, check the
`/sys/module/kvm_amd/parameters/nested`.
If you see `1` or `Y`, nested virtualization is supported;
if you see `0` or `N`, nested virtualization is not supported.
For example:
:::console
$ cat /sys/module/kvm_intel/parameters/nested
Y
#### Enable nested virtualization for Intel processors:
1. Turn off all running virtual machines and reload `kvm_intel` module:
:::console
# modprobe -r kvm_intel
2. Activate the nesting function
:::console
# modprobe kvm_intel nested=1
3. Nested virtualization is enabled until the host is restarted.
To enable it permanently, add the following line to
`/etc/modprobe.d/kvm.conf` file:
:::console
# nano -w /etc/modprobe.d/kvm.conf
----------------------------------
options kvm_intel nested=1
#### Enable nested virtualization for AMD processors:
1. Turn off all running virtual machines and reload `kvm_amd` module:
:::console
# modprobe -r kvm_amd
2. Activate the nesting function
:::console
# modprobe kvm_amd nested=1
3. Nested virtualization is enabled until the host is restarted.
To enable it permanently, add the following line to
`/etc/modprobe.d/kvm.conf` file:
:::console
# nano -w /etc/modprobe.d/kvm.conf
----------------------------------
options kvm_intel nested=1
### Virtual Machine Manager screenshots
<figure>
<a href="{filename}/wp-content/uploads/article/images/2020/05/vm-dragora.png">
<img src="{filename}/wp-content/uploads/article/images/2020/05/vm-dragora.png" alt="Dragora in Virtual Machine Manager">
</a>
<figcaption>Screenshot of Dragora GNU/Linux in Virtual Machine Manager</figcaption>
</figure>
<figure>
<a href="{filename}/wp-content/uploads/article/images/2020/05/vm-trisquel.png">
<img src="{filename}/wp-content/uploads/article/images/2020/05/vm-trisquel.png" alt="Trisquel in Virtual Machine Manager">
</a>
<figcaption>Screenshot of Trisquel GNU/Linux in Virtual Machine Manager</figcaption>
</figure>
### Modules with security issues
The `vhost_net` module has
[CVE-2018-3646][spectre]{:target="_blank" rel="noopener noreferrer"}
security issues which is L1TF and SMT CPU error
with possible data leak.
It's recommended to disable it as follows:
:::console
# modprobe -r vhost_net
If you are in Hyperbola GNU/Linux-libre
this module comes disabled.
[dragora]: https://dragora.org
[trisquel]: https://trisquel.info
[qemu]: https://wiki.qemu.org/Main_Page
[spectre]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html
[vm]: https://virt-manager.org/
*[GUI]: Graphical user interface
|
