Entirius KVM Server Installation Guide on Ubuntu 24.04
This guide describes the complete installation and configuration process for an Entirius deployment on an Ubuntu 24.04 server on a local network, with KVM virtualization and HAProxy load balancing.
Server Recommended Specifications
- CPU: 8+ cores
- RAM: 16+ GB
- Storage: 200+ GB NVMe SSD
- Network: 1 Gbps connection
Update the system:
sudo apt update && sudo apt upgrade
sudo reboot
Install essential packages:
sudo apt install \
curl \
wget \
git \
htop \
vim \
ufw \
fail2ban \
unattended-upgrades \
software-properties-common \
apt-transport-https \
ca-certificates \
gnupg \
lsb-release \
genisoimage
Configure Firewall, we turn off the firewall, it will be turned on when needed
sudo ufw --force disable
Connect to your server via SSH:
ssh root@your-server-address
Create non-root user with sudo privileges
sudo adduser vm-admin
sudo usermod -aG sudo,libvirt,libvirt-qemu,kvm,www-data vm-admin
Prepare .ssh dir
sudo -i -u vm-admin
mkdir ~/.ssh
chmod 700 ~/.ssh
Put your ssh pub certificate
vim /home/vm-admin/.ssh/authorized_keys
chmod 600 /home/vm-admin/.ssh/authorized_keys
Log in as a new user
ssh vm-admin@your-server-address
Create ssh keys
ssh-keygen
Configure sudo to allow virsh commands without password:
echo "vm-admin ALL=(ALL) NOPASSWD: /usr/bin/virsh" | sudo tee /etc/sudoers.d/vm-admin-virsh
sudo chmod 440 /etc/sudoers.d/vm-admin-virsh
Install KVM and related packages:
sudo apt install \
qemu-kvm \
libvirt-daemon-system \
libvirt-clients \
bridge-utils \
virtinst \
virt-manager \
cpu-checker
Verify KVM installation:
# Check if hardware virtualization is supported
kvm-ok
# Verify libvirt is running
sudo systemctl enable --now libvirtd
sudo systemctl status libvirtd
Add user to libvirt group (if not using root):
usermod -aG libvirt $USER
Grant permissions to the image directory
sudo chgrp -R libvirt /var/lib/libvirt/images
sudo chmod -R g+xrw /var/lib/libvirt/images
Tests:
systemctl status libvirtd
grep -E -c "vmx | svm" /proc/cpuinfo
lsmod | grep -i kvm
Create a network bridge for VM external access:
# Backup current network configuration
sudo cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-init.yaml.backup
# Edit network configuration
sudo vim /etc/netplan/50-cloud-init.yaml
Disable DHCP on the physical interface and enable it on the bridge:
network:
version: 2
ethernets:
enp6s0: # Your physical interface
dhcp4: false # Disable DHCP on the physical port
dhcp6: false
bridges:
br0: # Created bridge for KVM
interfaces: [enp6s0]
dhcp4: true # Obtain bridge address from local network DHCP
dhcp6: false
parameters:
stp: false
forward-delay: 0
Or assign a static IP address, gateway, and DNS servers to the bridge.
# /etc/netplan/50-cloud-init.yaml
bridges:
br0:
interfaces: [enp6s0]
addresses:
- 192.168.0.10/24 # Your static server IP
routes:
- to: default
via: 192.168.0.1 # Your network gateway
nameservers:
addresses: [8.8.8.8, 1.1.1.1] # Your DNS servers
parameters:
stp: false
forward-delay: 0
Apply network configuration:
sudo netplan apply
Create libvirt bridge network:
# Create bridge network XML
cat << EOF > /tmp/br0.xml
<network>
<name>br0</name>
<forward mode='bridge'/>
<bridge name='br0'/>
</network>
EOF
# Define and start the network
virsh net-define /tmp/br0.xml
virsh net-start br0
virsh net-autostart br0
Install HAProxy:
apt install -y haproxy
tworzenie i Konfiguracja Certyfikatu SSL
sudo mkdir /etc/haproxy/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/haproxy/ssl/haproxy.pem -out /etc/haproxy/ssl/haproxy.pem
sudo chown haproxy:haproxy /etc/haproxy/ssl/haproxy.pem
sudo chmod 600 /etc/haproxy/ssl/haproxy.pem
Create HAProxy configuration:
# Backup original configuration
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.backup
Create new configuration: /etc/haproxy/haproxy.cfg
global
log stdout local0
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
option log-health-checks
option forwardfor
option http-server-close
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
# Statistics interface
listen stats
bind *:8404
stats enable
stats uri /stats
stats refresh 30s
stats admin if TRUE
# Frontend for HTTP traffic
frontend http_frontend
bind *:80
# Redirect HTTP to HTTPS (optional)
# redirect scheme https if !{ ssl_fc }
# Example routing rules
# acl is_api path_beg /api
# use_backend api_servers if is_api
default_backend web_servers
# Frontend for HTTPS traffic (if SSL is configured)
frontend https_frontend
bind *:443 ssl crt /etc/haproxy/ssl/haproxy.pem
# Example routing rules
# acl is_api path_beg /api
# use_backend api_servers if is_api
default_backend web_servers
# Backend for web servers
backend web_servers
balance roundrobin
server web1 127.0.0.1:8080 check
# Backend for API servers
backend api_servers
balance roundrobin
# Add your API KVM instances here
# server api1 192.168.122.20:8000 check
# server api2 192.168.122.21:8000 check
Check haproxy configuration:
haproxy -c -f /etc/haproxy/haproxy.cfg
Enable and start HAProxy:
systemctl enable haproxy
systemctl restart haproxy
systemctl status haproxy
Open haproxy stats page for test:
http://YOUR-SERVER-IP:8404/stats
We place the “entirius-scripts-kvm-deployer” scripts which will be used for future container creation within the Entirius platform
ssh vm-admin@your-server-ip
Clone scripts repo:
git clone https://github.com/entirius/entirius-scripts-kvm-deployer.git ~/entirius-scripts-kvm-deployer
Download Ubuntu 24.04 ISO images
cd /var/lib/libvirt/images
# cloud image (no installation)
sudo wget https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img
sudo cp ubuntu-24.04-server-cloudimg-amd64.img ubuntu-24.04-server-cloudimg-amd64.qcow2
sudo chown www-data:www-data /var/lib/libvirt/images/ubuntu-24.04-server-cloudimg-amd64.qcow2
# official Ubuntu iso (optional)
sudo wget https://releases.ubuntu.com/24.04.2/ubuntu-24.04.2-live-server-amd64.iso
# WebVirtCloud only sees files that are located exactly in the pool directory and have the owner www-data
sudo chown www-data:www-data \
/var/lib/libvirt/images/ubuntu-24.04-server-cloudimg-amd64.img
Create cloud-init files
cd /var/lib/libvirt/images
sudo cat > user-data <<EOF
#cloud-config
users:
- name: ubuntu
plain_text_passwd: ubuntu
ssh-authorized-keys:
- ssh-rsa AAAAB3Nza...YOUR_SSH_PUB_KEY...
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
lock_passwd: false # is account blocked
ssh_pwauth: True
EOF
sudo cat > meta-data <<EOF
instance-id: ubuntu-24.04-example
local-hostname: ubuntu-24.04-example
EOF
Build seed.iso
sudo genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data
Create VM with virt-install
virt-install \
--name ubuntu-24.04-example \
--memory 2048 \
--vcpus 2 \
--disk path=/var/lib/libvirt/images/ubuntu-24.04-example.qcow2,backing_store=/var/lib/libvirt/images/ubuntu-24.04-server-cloudimg-amd64.qcow2,size=10,format=qcow2 \
--disk path=/var/lib/libvirt/images/seed.iso,device=cdrom \
--import \
--os-variant ubuntu24.04 \
--network bridge=br0,model=virtio \
--graphics none