KVM/QEMU Installation on Linux: Complete Guide
Introduction
KVM (Kernel-based Virtual Machine) and QEMU (Quick Emulator) form the foundation of modern Linux virtualization, powering everything from personal development environments to enterprise cloud infrastructure. Together, they provide hardware-assisted virtualization that delivers near-native performance with minimal overhead.
This comprehensive guide walks you through the complete installation and configuration of KVM/QEMU on Linux, covering everything from hardware verification to advanced optimization. Whether you're setting up a home lab, building a development environment, or deploying production virtualization infrastructure, this guide provides the detailed instructions and best practices you need.
KVM is a Linux kernel module that transforms your Linux system into a type-1 hypervisor, while QEMU provides device emulation and management capabilities. Combined with libvirt for management and virt-manager for a graphical interface, this stack offers a powerful, open-source virtualization solution that rivals commercial alternatives.
By the end of this guide, you'll have a fully functional KVM/QEMU virtualization environment with optimized performance, proper networking, storage management, and the tools needed to create and manage virtual machines efficiently.
Understanding KVM and QEMU
What is KVM?
KVM (Kernel-based Virtual Machine) is a virtualization infrastructure built into the Linux kernel. It turns Linux into a Type-1 (bare-metal) hypervisor by leveraging hardware virtualization extensions available in modern processors (Intel VT-x or AMD-V).
Key characteristics of KVM:
- Integrated into Linux kernel since version 2.6.20
- Requires CPU virtualization support (Intel VT-x or AMD-V)
- Provides near-native performance through hardware acceleration
- Each VM runs as a regular Linux process
- Full isolation between virtual machines
- Supports memory and I/O virtualization
What is QEMU?
QEMU (Quick Emulator) is a generic machine emulator and virtualizer that provides:
- Hardware device emulation (CPU, disk, network, graphics)
- Userspace component for KVM
- Support for multiple architectures
- Device management and I/O handling
How KVM and QEMU work together:
Guest VM → QEMU (device emulation) → KVM (kernel module) → Physical Hardware
QEMU provides the userspace tools while KVM handles the actual virtualization in kernel space, delivering optimal performance.
Architecture Overview
┌─────────────────────────────────────────┐
│ Virtual Machine (Guest OS) │
├─────────────────────────────────────────┤
│ Virtual CPU │ Virtual RAM │ Virtual I/O│
├─────────────────────────────────────────┤
│ QEMU Process │
│ (Device Emulation & Management) │
├─────────────────────────────────────────┤
│ KVM Kernel Module │
│ (Hardware Virtualization) │
├─────────────────────────────────────────┤
│ Linux Kernel │
├─────────────────────────────────────────┤
│ Physical Hardware (CPU/RAM/I/O) │
└─────────────────────────────────────────┘
Prerequisites and Hardware Requirements
CPU Requirements
Your CPU must support hardware virtualization extensions:
For Intel processors:
- Intel VT-x (Intel Virtualization Technology)
- Available in most Intel CPUs from 2006 onwards
- Model names: Core i3/i5/i7/i9, Xeon
For AMD processors:
- AMD-V (AMD Virtualization)
- Available in most AMD CPUs from 2006 onwards
- Model names: Ryzen, EPYC, Opteron (with "V" suffix)
Check CPU Virtualization Support
# Check if CPU supports virtualization
egrep -c '(vmx|svm)' /proc/cpuinfo
# Output interpretation:
# 0 = No virtualization support (or disabled in BIOS)
# >0 = Number of cores with virtualization support
# Detailed information
lscpu | grep Virtualization
# Intel output: Virtualization: VT-x
# AMD output: Virtualization: AMD-V
If the command returns 0, you need to:
- Verify your CPU supports virtualization (check manufacturer specifications)
- Enable virtualization in BIOS/UEFI settings (usually under "Advanced" or "CPU Configuration")
Enable Virtualization in BIOS/UEFI
If virtualization is disabled:
# Reboot and enter BIOS/UEFI (usually DEL, F2, F10, or F12 during boot)
# Look for these settings:
# Intel: "Intel Virtualization Technology", "Intel VT-x", "Virtualization Extensions"
# AMD: "AMD-V", "SVM Mode", "Secure Virtual Machine"
# Enable the setting and save changes
System Requirements
Minimum requirements:
- CPU: 64-bit processor with virtualization support
- RAM: 4GB (host OS needs 2GB minimum, rest for VMs)
- Storage: 20GB free space
- Linux kernel: 2.6.20 or newer
Recommended for production:
- CPU: Multi-core processor (4+ cores)
- RAM: 16GB+ (allows multiple VMs)
- Storage: SSD with 100GB+ free space
- Network: Gigabit Ethernet
Check Kernel KVM Support
# Check if KVM modules are available
ls -l /dev/kvm
# Expected output:
# crw-rw----+ 1 root kvm 10, 232 Jan 11 10:00 /dev/kvm
# If /dev/kvm doesn't exist, check if modules are available
modinfo kvm
modinfo kvm_intel # For Intel
modinfo kvm_amd # For AMD
Installation on Ubuntu/Debian
Step 1: Update System
# Update package lists
sudo apt update
# Upgrade existing packages
sudo apt upgrade -y
Step 2: Install KVM and Related Packages
# Install KVM, QEMU, and essential tools
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils
# Install management tools
sudo apt install -y virt-manager virt-viewer virtinst
# Install additional utilities
sudo apt install -y libguestfs-tools libosinfo-bin
Package explanation:
qemu-kvm: QEMU binaries with KVM supportlibvirt-daemon-system: Libvirt daemon for managing VMslibvirt-clients: Command-line tools (virsh)bridge-utils: Network bridge configuration utilitiesvirt-manager: Graphical VM management interfacevirt-viewer: VM console viewervirtinst: VM installation tools (virt-install)libguestfs-tools: Guest filesystem tools (virt-customize, virt-sysprep)libosinfo-bin: OS information database
Step 3: Verify Installation
# Check if KVM modules are loaded
lsmod | grep kvm
# Expected output for Intel:
# kvm_intel 311296 0
# kvm 872448 1 kvm_intel
# Expected output for AMD:
# kvm_amd 131072 0
# kvm 872448 1 kvm_amd
# Verify libvirt is running
sudo systemctl status libvirtd
# Enable libvirt to start on boot
sudo systemctl enable libvirtd
Step 4: Add User to Required Groups
# Add your user to libvirt and kvm groups
sudo usermod -aG libvirt $USER
sudo usermod -aG kvm $USER
# Verify group membership
groups $USER
# Log out and log back in for changes to take effect
# Or use: newgrp libvirt
Step 5: Verify Virtualization Capabilities
# Check virtualization capabilities
virt-host-validate
# Expected output should show all PASS:
# QEMU: Checking for hardware virtualization : PASS
# QEMU: Checking if device /dev/kvm exists : PASS
# QEMU: Checking if device /dev/kvm is accessible : PASS
# QEMU: Checking if device /dev/vhost-net exists : PASS
# QEMU: Checking if device /dev/net/tun exists : PASS
# LXC: Checking for Linux >= 2.6.26 : PASS
Installation on CentOS/RHEL/Rocky Linux
Step 1: Update System
# Update system packages
sudo dnf update -y
# Or for CentOS 7
sudo yum update -y
Step 2: Install KVM and Related Packages
# Install virtualization group (recommended)
sudo dnf groupinstall "Virtualization Host" -y
# Or install individual packages
sudo dnf install -y qemu-kvm libvirt virt-install virt-manager virt-viewer
# Install additional tools
sudo dnf install -y libguestfs-tools libvirt-client
For CentOS 7:
# Install virtualization packages
sudo yum install -y qemu-kvm libvirt libvirt-python libguestfs-tools virt-install
# Install management tools
sudo yum install -y virt-manager virt-viewer
Step 3: Start and Enable Libvirt Service
# Start libvirtd service
sudo systemctl start libvirtd
# Enable libvirtd to start on boot
sudo systemctl enable libvirtd
# Verify service status
sudo systemctl status libvirtd
Step 4: Configure Firewall
# Allow libvirt services through firewall
sudo firewall-cmd --permanent --add-service=libvirt
sudo firewall-cmd --reload
# For VNC access (if needed)
sudo firewall-cmd --permanent --add-port=5900-5999/tcp
sudo firewall-cmd --reload
Step 5: Add User to Groups
# Add user to libvirt group
sudo usermod -aG libvirt $USER
# Verify
groups $USER
# Reboot or log out/in for changes to take effect
Step 6: Verify Installation
# Check KVM module
lsmod | grep kvm
# Validate virtualization setup
virt-host-validate
Installation on Arch Linux
Step 1: Update System
# Update system
sudo pacman -Syu
Step 2: Install KVM Packages
# Install KVM and QEMU
sudo pacman -S qemu-full virt-manager virt-viewer libvirt bridge-utils dnsmasq
# Install additional tools
sudo pacman -S ebtables iptables-nft
Step 3: Enable Libvirt Service
# Start and enable libvirtd
sudo systemctl enable libvirtd.service
sudo systemctl start libvirtd.service
# Enable default network
sudo virsh net-autostart default
sudo virsh net-start default
Step 4: Configure User Permissions
# Add user to libvirt group
sudo usermod -aG libvirt $USER
# Edit libvirt configuration (optional)
sudo nvim /etc/libvirt/libvirtd.conf
# Uncomment these lines:
# unix_sock_group = "libvirt"
# unix_sock_rw_perms = "0770"
Step 5: Restart Libvirt
# Restart libvirt service
sudo systemctl restart libvirtd.service
# Verify
sudo systemctl status libvirtd.service
Post-Installation Configuration
Configure Default Network
# Check default network status
sudo virsh net-list --all
# If default network is inactive, start it
sudo virsh net-start default
# Set it to autostart
sudo virsh net-autostart default
# View network configuration
sudo virsh net-dumpxml default
Default network XML configuration:
<network>
<name>default</name>
<bridge name='virbr0'/>
<forward mode='nat'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
Configure Storage Pools
# List storage pools
sudo virsh pool-list --all
# Default pool location
ls -la /var/lib/libvirt/images/
# Create custom storage pool
sudo virsh pool-define-as mypool dir --target /data/vms
# Build and start the pool
sudo virsh pool-build mypool
sudo virsh pool-start mypool
sudo virsh pool-autostart mypool
# Verify
sudo virsh pool-info mypool
Optimize KVM Performance Settings
# Enable nested virtualization (Intel)
sudo modprobe -r kvm_intel
sudo modprobe kvm_intel nested=1
# Make it persistent
echo "options kvm_intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf
# Verify nested virtualization
cat /sys/module/kvm_intel/parameters/nested
# Should output: Y
# For AMD
echo "options kvm_amd nested=1" | sudo tee /etc/modprobe.d/kvm-amd.conf
cat /sys/module/kvm_amd/parameters/nested
Configure CPU Governor for Performance
# Check current governor
cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
# Set to performance mode
echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
# Make permanent (systemd service)
sudo cat << 'EOF' > /etc/systemd/system/cpu-performance.service
[Unit]
Description=Set CPU governor to performance
[Service]
Type=oneshot
ExecStart=/bin/bash -c 'echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor'
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable cpu-performance.service
sudo systemctl start cpu-performance.service
Enable Huge Pages for Better Memory Performance
# Check current huge pages configuration
cat /proc/meminfo | grep Huge
# Calculate huge pages needed (2GB for VMs with 8GB total)
# Each huge page is 2MB, so 2GB = 1024 pages
# Configure huge pages
echo 1024 | sudo tee /proc/sys/vm/nr_hugepages
# Make permanent
echo "vm.nr_hugepages=1024" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Verify
cat /proc/meminfo | grep HugePages_Total
Configure IOMMU for PCI Passthrough
# Enable IOMMU in GRUB (Intel)
sudo vim /etc/default/grub
# Add to GRUB_CMDLINE_LINUX:
# For Intel: intel_iommu=on iommu=pt
# For AMD: amd_iommu=on iommu=pt
# Example:
GRUB_CMDLINE_LINUX="intel_iommu=on iommu=pt"
# Update GRUB
sudo update-grub # Debian/Ubuntu
sudo grub2-mkconfig -o /boot/grub2/grub.cfg # RHEL/CentOS
# Reboot
sudo reboot
# After reboot, verify IOMMU
dmesg | grep -i iommu
Creating Your First Virtual Machine
Method 1: Using virt-install (Command Line)
# Download Ubuntu ISO (example)
cd /var/lib/libvirt/images/
sudo wget https://releases.ubuntu.com/22.04/ubuntu-22.04-live-server-amd64.iso
# Create VM with virt-install
sudo virt-install \
--name ubuntu-vm \
--ram 2048 \
--vcpus 2 \
--disk path=/var/lib/libvirt/images/ubuntu-vm.qcow2,size=20 \
--os-variant ubuntu22.04 \
--network network=default \
--graphics vnc,listen=0.0.0.0 \
--console pty,target_type=serial \
--cdrom /var/lib/libvirt/images/ubuntu-22.04-live-server-amd64.iso
# Parameters explained:
# --name: VM name
# --ram: Memory in MB
# --vcpus: Number of virtual CPUs
# --disk: Disk configuration (size in GB)
# --os-variant: OS type (list available: osinfo-query os)
# --network: Network configuration
# --graphics: Display type
# --cdrom: ISO file path
Method 2: Using virt-manager (GUI)
# Launch virt-manager
virt-manager
# GUI steps:
# 1. Click "Create a new virtual machine"
# 2. Select "Local install media (ISO image or CDROM)"
# 3. Browse and select your ISO file
# 4. Choose memory and CPU settings
# 5. Create disk image (default: qcow2 format)
# 6. Name your VM and finish
# 7. VM will start automatically
Verify VM Creation
# List all VMs
sudo virsh list --all
# Show VM information
sudo virsh dominfo ubuntu-vm
# Check VM status
sudo virsh domstate ubuntu-vm
Advanced Configuration
Configure Virtio Drivers for Better Performance
Virtio provides paravirtualized drivers for better performance:
# Create VM with virtio drivers
sudo virt-install \
--name ubuntu-virtio \
--ram 4096 \
--vcpus 4 \
--disk path=/var/lib/libvirt/images/ubuntu-virtio.qcow2,size=30,bus=virtio \
--network network=default,model=virtio \
--os-variant ubuntu22.04 \
--graphics spice \
--video qxl \
--cdrom /var/lib/libvirt/images/ubuntu-22.04-live-server-amd64.iso
# Key changes:
# bus=virtio: Use virtio for disk (better performance)
# model=virtio: Use virtio for network (better performance)
# graphics spice: Better graphics performance
# video qxl: QXL video driver
Configure CPU Pinning
# Check host CPU topology
lscpu
# Pin VM CPUs to specific host CPUs
sudo virsh vcpupin ubuntu-vm 0 0
sudo virsh vcpupin ubuntu-vm 1 1
# Verify pinning
sudo virsh vcpupin ubuntu-vm --live
# Make it persistent (edit VM XML)
sudo virsh edit ubuntu-vm
# Add in <vcpu> section:
# <vcpu placement='static' cpuset='0-3'>4</vcpu>
# <cputune>
# <vcpupin vcpu='0' cpuset='0'/>
# <vcpupin vcpu='1' cpuset='1'/>
# <vcpupin vcpu='2' cpuset='2'/>
# <vcpupin vcpu='3' cpuset='3'/>
# </cputune>
Configure NUMA Topology
# Check host NUMA layout
numactl --hardware
# Create VM with NUMA awareness
sudo virsh edit ubuntu-vm
# Add NUMA configuration:
# <cpu mode='host-passthrough'>
# <topology sockets='1' cores='2' threads='2'/>
# <numa>
# <cell id='0' cpus='0-1' memory='2097152' unit='KiB'/>
# <cell id='1' cpus='2-3' memory='2097152' unit='KiB'/>
# </numa>
# </cpu>
Enable KSM (Kernel Same-page Merging)
# KSM reduces memory usage by sharing identical pages
# Enable KSM
echo 1 | sudo tee /sys/kernel/mm/ksm/run
# Configure scan parameters
echo 100 | sudo tee /sys/kernel/mm/ksm/pages_to_scan
echo 20 | sudo tee /sys/kernel/mm/ksm/sleep_millisecs
# Make persistent
echo "w /sys/kernel/mm/ksm/run - - - - 1" | sudo tee /etc/tmpfiles.d/ksm.conf
echo "w /sys/kernel/mm/ksm/pages_to_scan - - - - 100" | sudo tee -a /etc/tmpfiles.d/ksm.conf
# Check KSM statistics
cat /sys/kernel/mm/ksm/pages_sharing
cat /sys/kernel/mm/ksm/pages_shared
Network Configuration
Create Bridge Network
# Install bridge utilities (if not already installed)
sudo apt install bridge-utils
# Create bridge configuration
sudo cat << 'EOF' > /etc/netplan/01-netcfg.yaml
network:
version: 2
ethernets:
ens18:
dhcp4: no
bridges:
br0:
interfaces: [ens18]
dhcp4: yes
EOF
# Apply configuration
sudo netplan apply
# Verify bridge
ip addr show br0
brctl show
Create Libvirt Bridge Network
# Create bridge network XML
cat << 'EOF' > bridge-net.xml
<network>
<name>br0</name>
<forward mode='bridge'/>
<bridge name='br0'/>
</network>
EOF
# Define and start network
sudo virsh net-define bridge-net.xml
sudo virsh net-start br0
sudo virsh net-autostart br0
# Verify
sudo virsh net-list --all
Create Isolated Network
# Create isolated network for VMs
cat << 'EOF' > isolated-net.xml
<network>
<name>isolated</name>
<ip address='10.10.10.1' netmask='255.255.255.0'>
<dhcp>
<range start='10.10.10.2' end='10.10.10.254'/>
</dhcp>
</ip>
</network>
EOF
# Define and start
sudo virsh net-define isolated-net.xml
sudo virsh net-start isolated
sudo virsh net-autostart isolated
Performance Tuning
Disk I/O Optimization
# Use virtio-scsi for better performance
sudo virt-install \
--disk path=/var/lib/libvirt/images/vm.qcow2,bus=scsi,cache=none,io=native
# Or edit existing VM
sudo virsh edit vm-name
# Change disk configuration:
# <disk type='file' device='disk'>
# <driver name='qemu' type='qcow2' cache='none' io='native'/>
# <source file='/var/lib/libvirt/images/vm.qcow2'/>
# <target dev='sda' bus='scsi'/>
# </disk>
I/O Scheduler Optimization
# Check current scheduler
cat /sys/block/sda/queue/scheduler
# Set to none for NVMe (best for SSDs)
echo none | sudo tee /sys/block/nvme0n1/queue/scheduler
# Set to mq-deadline for SATA SSDs
echo mq-deadline | sudo tee /sys/block/sda/queue/scheduler
# Make persistent
cat << 'EOF' | sudo tee /etc/udev/rules.d/60-scheduler.rules
# Set scheduler for NVMe
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/scheduler}="none"
# Set scheduler for SSDs
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"
EOF
Network Performance Tuning
# Enable multiqueue virtio-net
sudo virsh edit vm-name
# Modify network interface:
# <interface type='network'>
# <source network='default'/>
# <model type='virtio'/>
# <driver name='vhost' queues='4'/>
# </interface>
# Inside the guest VM
sudo ethtool -L eth0 combined 4
Monitoring and Management
Monitor VM Performance
# VM resource usage
sudo virt-top
# Detailed VM stats
sudo virsh domstats ubuntu-vm
# CPU statistics
sudo virsh cpu-stats ubuntu-vm
# Memory statistics
sudo virsh dommemstat ubuntu-vm
# Block device statistics
sudo virsh domblkstat ubuntu-vm vda
# Network statistics
sudo virsh domifstat ubuntu-vm vnet0
VM Lifecycle Management
# Start VM
sudo virsh start ubuntu-vm
# Shutdown VM gracefully
sudo virsh shutdown ubuntu-vm
# Force power off
sudo virsh destroy ubuntu-vm
# Reboot VM
sudo virsh reboot ubuntu-vm
# Suspend VM
sudo virsh suspend ubuntu-vm
# Resume VM
sudo virsh resume ubuntu-vm
# Autostart VM on host boot
sudo virsh autostart ubuntu-vm
# Disable autostart
sudo virsh autostart --disable ubuntu-vm
Snapshot Management
# Create snapshot
sudo virsh snapshot-create-as ubuntu-vm \
--name "snapshot1" \
--description "Clean installation"
# List snapshots
sudo virsh snapshot-list ubuntu-vm
# Revert to snapshot
sudo virsh snapshot-revert ubuntu-vm snapshot1
# Delete snapshot
sudo virsh snapshot-delete ubuntu-vm snapshot1
Backup and Cloning
Clone Virtual Machine
# Clone VM (while powered off)
sudo virt-clone \
--original ubuntu-vm \
--name ubuntu-vm-clone \
--file /var/lib/libvirt/images/ubuntu-vm-clone.qcow2
# Verify clone
sudo virsh list --all
Backup VM Disk
# Backup VM disk image
sudo cp /var/lib/libvirt/images/ubuntu-vm.qcow2 \
/backup/ubuntu-vm-$(date +%Y%m%d).qcow2
# Compress backup
sudo qemu-img convert -O qcow2 -c \
/var/lib/libvirt/images/ubuntu-vm.qcow2 \
/backup/ubuntu-vm-$(date +%Y%m%d).qcow2
# Backup VM configuration
sudo virsh dumpxml ubuntu-vm > /backup/ubuntu-vm.xml
Export and Import VMs
# Export VM
sudo virsh dumpxml ubuntu-vm > ubuntu-vm.xml
sudo cp /var/lib/libvirt/images/ubuntu-vm.qcow2 /export/
# Import VM on another host
sudo cp /export/ubuntu-vm.qcow2 /var/lib/libvirt/images/
sudo virsh define ubuntu-vm.xml
sudo virsh start ubuntu-vm
Troubleshooting
Common Issues and Solutions
Issue: KVM module not loading
# Check if virtualization is enabled
egrep -c '(vmx|svm)' /proc/cpuinfo
# If 0, enable in BIOS
# Check for conflicts
dmesg | grep kvm
lsmod | grep kvm
# Reload module
sudo modprobe -r kvm_intel # or kvm_amd
sudo modprobe kvm_intel
Issue: Permission denied accessing /dev/kvm
# Check permissions
ls -l /dev/kvm
# Add user to kvm group
sudo usermod -aG kvm $USER
# Restart session
newgrp kvm
Issue: Default network not starting
# Check network status
sudo virsh net-list --all
# Start network
sudo virsh net-start default
# Check for errors
sudo journalctl -u libvirtd
# Recreate default network
sudo virsh net-destroy default
sudo virsh net-undefine default
# Redefine
cat << 'EOF' > default-net.xml
<network>
<name>default</name>
<bridge name='virbr0'/>
<forward mode='nat'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
EOF
sudo virsh net-define default-net.xml
sudo virsh net-start default
sudo virsh net-autostart default
Issue: Poor VM performance
# Enable virtio drivers
sudo virsh edit vm-name
# Change bus='ide' to bus='virtio'
# Change model='e1000' to model='virtio'
# Enable host CPU passthrough
# Add: <cpu mode='host-passthrough'/>
# Allocate more resources
sudo virsh setmem vm-name 4G --config
sudo virsh setvcpus vm-name 4 --config
# Check I/O scheduler
cat /sys/block/sda/queue/scheduler
Issue: Cannot connect to VM console
# Check if VM is running
sudo virsh list
# Try serial console
sudo virsh console vm-name
# Check VNC configuration
sudo virsh vncdisplay vm-name
# Connect with virt-viewer
virt-viewer vm-name
Security Best Practices
Secure Libvirt Access
# Configure libvirt authentication
sudo vim /etc/libvirt/libvirtd.conf
# Uncomment and set:
# unix_sock_group = "libvirt"
# unix_sock_ro_perms = "0770"
# unix_sock_rw_perms = "0770"
# auth_unix_ro = "none"
# auth_unix_rw = "none"
# Restart libvirtd
sudo systemctl restart libvirtd
Enable SELinux/AppArmor for VMs
# Ubuntu/Debian (AppArmor)
sudo apt install apparmor-utils
sudo aa-enforce /etc/apparmor.d/usr.sbin.libvirtd
# CentOS/RHEL (SELinux)
sudo setsebool -P virt_use_nfs 1
sudo setsebool -P virt_use_samba 1
# Check SELinux context
ls -Z /var/lib/libvirt/images/
Isolate VM Networks
# Create isolated network without NAT or forwarding
cat << 'EOF' > secure-net.xml
<network>
<name>secure</name>
<bridge name='virbr-secure'/>
<ip address='172.16.0.1' netmask='255.255.255.0'/>
</network>
EOF
sudo virsh net-define secure-net.xml
sudo virsh net-start secure
Conclusion
You now have a fully functional KVM/QEMU virtualization environment installed and configured on your Linux system. This powerful open-source virtualization stack provides enterprise-grade features with near-native performance, making it suitable for everything from development environments to production workloads.
Key takeaways from this guide:
- KVM leverages hardware virtualization for optimal performance
- Proper configuration of CPU, memory, and I/O is crucial for performance
- Virtio drivers provide the best paravirtualized performance
- Libvirt provides robust management capabilities through virsh and virt-manager
- Network bridges and storage pools offer flexible infrastructure options
As you continue working with KVM/QEMU, explore advanced topics like live migration, GPU passthrough, and high-availability clustering to unlock even more capabilities. The virtualization stack is constantly evolving, so stay updated with the latest kernel and QEMU versions for optimal performance and security.
Remember to regularly backup your VMs, monitor resource usage, and follow security best practices to maintain a stable and secure virtualization environment. With the foundation established in this guide, you're well-equipped to build and manage sophisticated virtualized infrastructure using open-source technologies.