Secret IT Engineer

The following is a simple guide to deploying KVM and NSX-T on Ubuntu.  NSX-T Support for Linux was a game changer, not limiting themselves to ESXi was a masterstroke as most new deployments were on Linux natively on HW, or as a VM. Windows application servers are a thing of the past, plus the advent of K8s and Docker container platforms mean we need to extend security into Linux more and more.

 

#Configure Interfaces: manual configuration of /etc/network/interfaces.

 
 

sudo apt-get update

sudo apt-get install -y qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils virtinst virt-manager virt-viewer libguestfs-tools

 
 

cat /proc/cpuinfo | egrep “vmx|svm”

 
 

#Validate output of VMX or SVM. You should see either of those in the response.

 
 

sudo kvm-ok

 
 

#Response should be

#INFO: /dev/kvm exists

#KVM acceleration can be used

 
 

Sudo vi /tmp/bridge.xml

 
 

# paste the following

 
 

<network>
<name>bridge</name>
<forward mode=’bridge’/>
<bridge name=’br0’/>
</network>

 
 

sudo virsh net-define /tmp/bridge.xml

sudo virsh net-start bridge

 
 

#response should be

#Network bridge started

 
 

sudo virsh net-autostart bridge

#response should be

#Network bridge marked as autostarted

 
 

sudo virsh net-list –all

#response should be

# Name State Autostart Persistent

#———————————————————-

# bridge active yes yes

# default active yes yes

 
 

sudo apt-get install -y libunwind8 libgflags2v5 libgoogle-perftools4 traceroute

sudo apt-get install -y python-mako python-simplejson python-unittest2 python-yaml python-netaddr

sudo apt-get install -y libboost-filesystem1.58.0 libboost-chrono1.58.0 libgoogle-glog0v5

sudo apt-get install -y dkms

sudo apt-get install -y libboost-date-time1.58.0 python-protobuf python-gevent libsnappy1v5 libleveldb1v5

 
 

awk ‘{print $2}’ /etc/ssh/ssh_host_rsa_key.pub | base64 -d | sha256sum -b | sed ‘s/ .*$//’ | xxd -r -p | base64

 
 

#copy the thumbprint to enter into the NSX-T GUI

 
 

#add the node to the GUI, Fabric – > Nodes -> +Add. Supply the hostname, the IP, type of hypervisor, and the thumbprint.

 
 

dpkg –get-selections | grep nsx

 
 

#result should be the nsx modules which were installed.

#nsx-agent install

#nsx-aggservice install

#nsx-cli install

#nsx-da install

#nsx-host install

#nsx-host-node-status-reporter install

#nsx-hyperbus install

#nsx-lldp install

#nsx-logical-exporter install

#nsx-mpa install

#nsx-nestdb install

#nsx-netcpa install

#nsx-platform-client install

#nsx-sfhc install

#nsx-support-bundle-client install

#nsx-transport-node-status-reporter install

#nsxa install

 
 

ifconfig nsx-vtep0.0

 
 

#output should be something like

 
 

# nsx-vtep0.0 Link encap:Ethernet HWaddr 06:06:88:8e:0b:98

# inet addr:10.101.117.212 Bcast:10.101.117.255 Mask:255.255.255.0

# inet6 addr: fe80::406:88ff:fe8e:b98/64 Scope:Link

# UP BROADCAST RUNNING MULTICAST MTU:1600 Metric:1

# RX packets:2411 errors:0 dropped:0 overruns:0 frame:0

# TX packets:9 errors:0 dropped:0 overruns:0 carrier:0

# collisions:0 txqueuelen:1000

# RX bytes:110906 (110.9 KB) TX bytes:690 (690.0 B)

 
 

sudo ovs-vsctl show

 
 

#output should be something like:

 
 

#65fbede3-0665-4ee3-8ad9-ba7ab89522ce

# Manager “unix:/var/run/vmware/nsx-agent/nsxagent_ovsdb.sock”

# # is_connected: true

# Bridge nsx-managed

# Controller “unix:/var/run/vmware/nsx-agent/nsxagent_vswitchd.sock”

# is_connected: true

# fail_mode: secure

# Port nsx-managed

# Interface nsx-managed

# type: internal

# Port hyperbus

# Interface hyperbus

# type: internal

# Bridge “nsx-switch.0”

# Controller “unix:/var/run/vmware/nsx-agent/nsxagent_vswitchd.sock”

# is_connected: true

# fail_mode: secure

# Port “nsx-uplink.0”

# Interface “enp10s0”

# Port “nsx-switch.0”

# Interface “nsx-switch.0”

# type: internal

# Port “nsx-vtep0.0”

# tag: 0

# Interface “nsx-vtep0.0”

# type: internal

# ovs_version: “2.7.0.6383692”

 
 

VM needs to be edited using virsh

 
 

Commands KVM’s are

 
 

Create KVM instance with Virsh (NSX T)

 
 

1. Create VM Folder.

2. Create in VM folder a Disk image using a command like: fallocate -l 8192M ./guest.img

3. Use virt-install to create and start an instance (will have default networking) example CLI below:

virt-install –name kbVM1 –vcpus 1 –ram 512 –disk /home/kevin/kbVM1/guest.img –cdrom /home/kevin/ubuntu-14.04.4-server-amd64.iso –os-type linux –graphics=vnc,password=password,listen=0.0.0.0

 
 

Below not needed as listen=0.0.0.0 binds VNC to all IP’s  not just loopback.

4. Use ssh tunnel to allow you to VNC to instance. example below (where 10.29.15.149 is KVM Host IP):

 
 

ssh kevin@10.29.15.149 -L 5901:127.0.0.1:5901

 
 

5. From VNC session install Guest OS. Use virsh CLI to shutdown instance after guest OS is installed. Then use vrish CLI to edit instance and follow below process to update instances NIC.

 
 

Attach VM interfaces to OVS bridges

Follow these steps to attach your VMs’ network interfaces to OVS bridges:

1. On the hypervisor machine, use the virsh edit command to edit each VM:               # virsh edit <domain name of VM>
2. In the editor find the “<interface>” block for each interface that you want to attach to the OVS bridge, and add or edit its <virtualport> block as shown below:

…

     <interface type=’bridge’>

       <mac address=’52:54:00:d0:3f:f2’/>

       <source bridge=’nsx-managed’/>

       <virtualport type=’openvswitch’>

       </virtualport>

       <address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x03′ function=’0x0’/>

     </interface>

 
 

Get the UUID of the interfaces using

 
 

virsh dumpxml <insert VM name here> | grep interfaceid

 
 

Another method is

 
 

virsh dumpxml <insert VM name here> | grep interfaceid | awk -F”<parameters interfaceid=’” ‘{print $2}’ | awk -F”‘/>” ‘{print $1}’

 
 

Then create a virtual port in the gui..

 
 

Switching -> port. Click Add, then in the GUI add the UUID, set the port to be a VIF, edit the name of the port to something useful.