HOWTO: kvm on Ubuntu Feisty

KVM is a kernel-level virtualization technology/application that provides a complete PC virtual machine under Linux when you have a processor supporting VT. AMD and Intel both have processors which provide hardware support for virtualization to decrease the cost of translating all privileged instructions. In a recent study, vmware showed performance losses of 46% when functioning as a webserver. This is not out of line with expectations; the primary purpose of vmware is to consolidate little-used servers into a single machine.

But some of us would like a little more performance. Many of us are simply trying to escape from Windows, and we need a last couple of pieces of Windows software to keep us going. Some of the time, these are programs which place high demands on the CPU, such as database reporting software. It is simply not appropriate to have this software running with a serious performance penalty. In addition, although I am grateful for the use of the free VMware Server software, I would prefer to exclusively have Free software (as in speech) on my computer. That day is not yet here, but it will never come if we don't work towards it.

KVM

To that end, while I am of course still using VMware Server on Windows, where KVM is not available, I have installed KVM on my Linux system. This was a big part of my move to Ubuntu Feisty, which is currently still in beta - It includes the 2.6.20 kernel, which has KVM support without requiring patches. Installing kvm is as simple as installing a single package, although you will want others.

KVM has some benefits and some limitations as compared to the many other virtualization solutions. Put simply, it is Free-as-in-speech, it enforces strict partitioning and reduces overhead through the use of VT, and it is also free-as-in-beer. On the down side, it requires VT (otherwise you are just using qemu) and it is a less-than mature package. If you want reliability today, you want to use something other than KVM.

Here's what Ubuntu Feisty says about KVM:

Using KVM, one can run multiple virtual PC:s, each running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux hosts on x86 hardware with x86 guests. KVM is intended for systems where the processor has hardware support for virtualization, see below for details. All combinations of 32-bit and 64-bit host and guest systems are supported, except 64-bit guests on 32-bit hosts.

For the best performance the processor must support hardware virtualization, provided by AMD's SVM capability and Intel's VT.

VT

VT, or Virtualization Technology, is hardware support for virtualization. It is also known as "Vanderpool Technology" because this was Intel's code name for their VT project (known simply as IVT.) However, hardware virtualization support long predates this equipment; for example, it is a mainstay in IBM's System i (formerly iSeries, formerly AS/400) platform and that system can run binaries from the oldest versions of the AS/400 system. Everything old is new again...

The document goes on to explain how to find out if your processor supports VT. This doesn't tell you if it's turned on, however:

egrep '^flags.*(vmx|svm)' /proc/cpuinfo

If you get any output but just a prompt back, your processor supports some form of VT. Here's what it looks like when I do that:

mespinoza@sec2lpt7-linux:~$ egrep '^flags.*(vmx|svm)' /proc/cpuinfo
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc pni monitor vmx est tm2 xtpr
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc pni monitor vmx est tm2 xtpr

I have a Core Duo T2600, which has two cores, both of which (of course) support VT. You can tell because they have the flag "vmx".

Enabling VT

Another issue is that VT must be enabled. A lot of manufacturers disabled VT right away, and some never enabled it. If you have a consumer-level (not a "workstation" class machine) laptop from HP, for example, VT is probably disabled and cannot be enabled. If you have a business-class laptop, then you will probably need to download and apply a BIOS update. Even if the revision log for the update doesn't say anything about VT, you should try installing it anyway on nw- and nc- series laptops; there are both a Windows and a DOS bootable floppy version of my BIOS update, and the Windows version's revision log says NOTHING for the latest revision, while the DOS version says that it enables VT. Go HP! The completeness of your web efforts never fails to astound. Sony is known to allow VT, at least on some models; likewise Dell. My understanding is that business-class HP laptops now come with VT in the BIOS.

The processor, however, remembers whether VT is enabled or not, although it must be enabled by the BIOS. The HP laptops require that you make the BIOS setting, then disconnect the system from power and remove the battery, then attempt to turn it on. That will completely drain power and make sure that the machine will go through the full boot process, and VT will be enabled. Some laptops require this, and some will work without it, but HP suggests you do it with all models just to be sure.

Installing KVM

Installing KVM is extremely trivial when your distribution supports it. As this is one primary reason to move to the new kernel, the packages are indeed included in Ubuntu Feisty. Here's a snippet from the package's information (gathered with aptitude show kvm:

Depends: libasound2 (> 1.0.12), libc6 (>= 2.5-0ubuntu1), libsdl1.2debian (>=
         1.2.10-1), libuuid1, zlib1g (>= 1:1.2.1), iproute, bridge-utils
PreDepends: adduser
Recommends: kvm-source, qemu, vde2, linux-image-2.6
Suggests: sudo, debootstrap, hal, etherboot

I installed kvm; I tried to install vde2 but it didn't exist. I installed vde instead. I also installed qemu (you want it for the tools, such as for creating disk files. Everything installed properly.

Starting KVM

Identifying a proper command line with which to start KVM can be a challenge. Two things to note are that both running under VT and trying to use ACPI will break the Windows 2000 and Windows XP installers, so you will always need to specify -no-acpi and during the install you will need -no-kvm. After the install, when you restart KVM, you can drop the -no-kvm switch to run in the virtualized environment. I got my initial command-line from a post to the kvm-devel mailing list (from the archive) and found out about -no-kvm from another article on kvm. That latter article provides much more information on how KVM works than this article, which is almost entirely a HOWTO.

Creating the disk image

Before you can install an operating system, you must have a place to install it. qemu and thus kvm is happy to let you install nearly anywhere. You could just create a raw file (with the dd command) and install to it if you liked, but qemu has an image file format called "qcow" that works much like vmware; instead of creating a contiguous file as dd would do, it allows the file to grow as needed. Thus you could specify a ten gigabyte image, but it would only be two gigabytes if no more than two gigabytes had ever been used. This is indeed the format I used. The command to create these files is called qemu-img.

I wanted to create a three gigabyte file, enough to have a little breathing room for a couple of applications. I used the following command:

qemu-img create drivec.img -f qcow 3G

Very simple, tells the story, and comes back very quickly because it is not writing three gigabytes' worth NULLs to a file.

Now that we have a disk image (created in a writable location of your choice) we can install Windows. This is the command to use when installing Windows (XP or 2000) to KVM:

sudo kvm . -hda drivec.img -cdrom /dev/scd0 -boot d -m 384 -localtime \
    -usb -usbdevice tablet -k en-us -net nic,model=rtl8139 -net user \
    -monitor tcp::10023,server,nowait -no-acpi -no-kvm

Remember, ACPI must be disabled because it's broken in qemu/kvm, and KVM must be disabled because it's broken too! :) At some point you can expect both ACPI and KVM to work for the install, but that day is not today. Once the install is complete, you can go ahead and stop disabling KVM, but not ACPI (if you want good results.) The only lack when ACPI is enabled is that you will have to manually terminate KVM processes when Windows shuts down. My command line for starting KVM after the install looks like the following:

sudo kvm . -hda drivec.img -cdrom /dev/scd0 -boot c -m 384 -localtime \
    -usb -usbdevice tablet -k en-us -net nic,model=rtl8139 -net user \
    -monitor tcp::10023,server,nowait -no-acpi

"Briefly": hda (first hard disk, IDE primary master) is in the file drivec.img. The cdrom device /dev/scd0 is mounted - this could also be an ISO image made from a CD (or made from another source.) -boot c specifies booting the drive the PC BIOS would identify as C; this is the INT 19h device, in this case hda. (Don't worry if you don't know what this stuff means; you don't need to.) -m 384 specifies the use of 384MB RAM - I have 2GB. Windows 2000 can run acceptably in 128MB and quite well in 256MB. -localtime sets the virtual machine's clock to the same as the local system. The -usb options seem to be significant in that they provide functionality like VMware Tools; when those options are specified, you don't need to hit control-alt to disassociate the mouse from the virtual machine, just mouse in and out of the window like normal. -k en-us specifies the use of the US English keyboard map. The usual shortcuts (like de for deutsch) apply here. the -net options, as you might guess, specify the use of the rtl8139 virtual network card on a user-type interface. The -monitor option specifies where the console goes, and if you want to see console output, you can just connect to that port and listen via TCP (e.g. with telnet or netcat.)

I'm running with sudo so I have access to /dev/kvm, /dev/scd0 (for the cdrom), etc etc. I currently have the disk image file installed on an NTFS partition which is mounted with ntfs-3g. So I'm running Windows under Linux with a NTFS filesystem on a qcow qemu image file stored on an NTFS filesystem. Very convoluted, but it's working nicely.

You don't need sudo if you add users to the group "kvm", which gives them access to /dev/kvm, which in turn is the interface to the kvm kernel module. This module uses either the kvm-intel or kvm-amd kernel module to handle the CPU. You need to install both the appropriate module for your processor and the kvm module itself (in that order) before kvm can be used. Once kvm is installed, you can accomplish this through the following:

sudo depmod -a
sudo modprobe kvm-intel
sudo modprobe kvm

These commands could be placed in the rc.local script to execute them at boot time. All modules will be automatically unloaded if necessary at shutdown time, and kvm processes killed long before that, so you don't need to worry about unloading them.

That about wraps things up! This should get you going, at the very least. Using this method I was able to get KVM installed and running, and install Windows 2000. Currently it's downloading service pack 4 - I'll let you know how it all turns out later. In a future article, I will discuss KVM networking, and management tools. You have been warned...

Add new comment