KVM VM hosting on failover IP on OVH Ubuntu 18.04 hypervisor

In this article I describe the installation of the KVM hypervisor on a dedicated OVH server and how to host VMs using failover IPs so that the hypervisor and the VM use separate public IP addresses.

Foreword

Throughout this post we will make the assumption that:

  • The operating system of the hypervisor (Ubuntu 18.04) is already installed

  • The Debian 9 and Ubuntu 18.04 iso image have been downloaded in /isos

  • The network interface of the hypervisor is named eno1

  • The client computer from where we are connecting to the server is running Ubuntu

  • You know how to install Ubuntu or Debian from the ISO image

  • You know to connect to the hypervisor using an SSH keypair

OVH admin panel

  1. In the OVH manager, go to Serveur > IP and click on Order additional IPs.

  2. Follow the procedure

  3. After a few minutes a new IP address will appear in the list Select the new address and add a new virtual mac using the …​ at the end of the line Choose an OVH MAC

Hypervisor configuration

We will now prepare the physical server to host virtual machines.

Network bridge

If you make a mistake in this section, you may lose access to your server. You might need to use the rescue mode to modify the files again and correct your mistake.

For some reason I never got the email with the login credentials after rebooting in resuce mode. I had to go to My account > My profile > Emails in the OVH admin panel to get those credentials

By default when spawning a VM, KVM will set its NIC on a NAT network. This is an internal network, it will allow the VM to access the Internet but the VM IP will be masked as the hypervisor’s one. We need to create network bridge that will allow the VM to have direct access to the external network.

When you deploy a physical server on Ubuntu 18.04 using the OVH admin panel, its network is configured using systemd-networkd instead of netplan.

We have to modify the files in /etc/systemd/network/:

  • leave the 50-public-interface.link file

  • Rename the 50-default.network file to 50-default.network.bak

  • Create the eno1.network file:

    [Match]
Name=eno1  (1)

[Network]
Bridge=br0  (2)

[Network]
DHCP=no
    1 Our VMs will use the hypervisor’s eno1 physical interface
    2 The bridge we are creating is named br0

  • create the br0.netdev file:

    [NetDev]
Name=br0
Kind=bridge

  • create the br0.network file:

    [Match]
Name=br0

[Link]
MACAddress=xx:xx:xx:xx:xx:xx  (1)

[Network]
Address=xx.xx.xx.xx/24  (2)
Gateway=xx.xx.xx.254  (3)
DNS=213.186.33.99
    1 Mac address of eno1, check with ip link
    2 IP address of eno1, check with ip -4 a
    3 IP address of your gateway, check with ip route, it’s the one on the default line

You should now have four files:

  • 50-public-interface.link

  • br0.netdev

  • br0.network

  • eno1.network

Install bridge-utils:

apt update && apt install -y bridge-utils

Check the files content, then restart systemd-networkd: systemctl restart systemd-networkd

If everything has been done correctly, a br0 interface will appear when executing ip -4 a, in the worst case you will need the rescue mode.

If everyting went fine, it might be a good idea to restart to make sure nothing breaks.

KVM installation

You just need to install some packages:

apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils
I don’t install virt-manager (graphical tool to manage the hypervisor) on the server, I rather install it on my desktop computer then add a connection to the remote server.

KVM configuration

There are still some little changes to make before deploying virtual machines.

First of all the bridge won’t be available in KVM, we need to fix that:

  1. Create a bridge definition file

    cat << EOCONF > bridge-network.xml
<network>
  <name>host-bridge</name>
  <forward mode="bridge"/>
  <bridge name="br0"/>
</network>
EOCONF

  2. Define the bridge in libvirt

    virsh net-define ./bridge-network.xml

  3. Make sure the bridge starts automatically

    virsh net-autostart host-bridge

For the ISO images storage pool creation I use virtual machine manager from my desktop computer.

Make sure to have your ssh keypair authorized on the hypervisor’s root account for a smoother experience with virt-manager.

  • Install virt-manager

    sudo apt-get install -y virt-manager

  • Launch Virtual Machine Manager (or run virt-manager)

  • Click on File > Add a connection…​

  • Check Connect to a remote host

  • Leave the method on SSH, the user on root and set the hypervisor’s IP address or hostname in the Hostname field

  • When connected, right click the server and select Details

  • Go to the Storage tab click on the little + sign to add a pool

  • Name the pool, isos for instance and click Next

  • Enter the path /isos and click Finish

  • Click on the new pool in the list and check Autostart

VM installation

We should have everything we need for a VM installation, so let’s go!

  • Launch Virtual Machine Manager and connect to the hypervisor

  • Click on Create a new VM button

  • Selection Local installation media then on Next

  • Choose Use ISO image then Browse to select the correct image in the isos storage pool

  • Follow the creation steps When choosing your virtual network, leave it on the NAT default, we will get to that once the installation is done. At the end the VM starts booting on the ISO image

  • Install the OS as you would on a physical server

VM Configuration

Once the OS is installed, we will make sure it uses the failover IP

Debian 9

Debian 9 uses legacy configuration files in /etc/network/.

  • Modify the /etc/network/interfaces file:

    auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens3  (1)
iface ens3 inet static
	address xxx.xxx.xxx.xxx  (2)
	netmask 255.255.255.255
	gateway xxx.xxx.xxx.254  (3)
	dns-nameservers 213.186.33.99
    1 Adapt it to your VM NIC name
    2 Failover IP you created earlier in OVH Manager
    3 Gateway IP address set in the previous section

  • When this is done, modify your VM settings in Virtual Machine Manager (double click the VM, then the Display virtual hardware details tab).

  • Go on the network configuration (NIC xx:xx:xx) and on the Network source line, select host-bridge: Bridge Network.

  • Go back to the VM screen and restart networking: systemctl restart networking.

  • Once everything works, make sure it keeps working after a reboot

Ubuntu 18.04

Ubuntu 18.04 uses netplan for the network configuration.

  • Delete everything from the /etc/netplan directory and create a 50-static.yml file instead:

    network:
    version: 2
    renderer: networkd
    ethernets:
        ens3:  (1)
            addresses:
                - xxx.xxx.xxx.xxx/32  (2)
            nameservers:
                addresses:
                    - 213.186.33.99
                search: []
            optional: true
            routes:
                - to: 0.0.0.0/0
                  via: xxx.xxx.xxx.254  (3)
                  on-link: true
    1 Adapt it to your VM NIC name
    2 Failover IP you created earlier in OVH Manager
    3 Gateway IP address set in the previous section

  • When this is done, modify your VM settings in Virtual Machine Manager (double click the VM, then the Display virtual hardware details tab).

  • Go on the network configuration (NIC xx:xx:xx) and on the Network source line, select host-bridge: Bridge Network.

  • Go back to the VM screen and apply the netplan configuration:

    netplan apply

  • Once everything works, make sure it keeps working after a reboot

There you go, you now can communicate with both your hypervisor and your VM on separate IP addresses.