Install and Configure KVM (Bridge Net Interface) on CentOS 7 / RHEL 7

kvm installation configuration setup on centos7 redhat7
KVM (Kernel-based Virtual Machine) is a virtualization infrastructure for the Linux which requires a processor with hardware virtualization extension to be able to host guest sytems. KVM is convenient solution to test and try different operating systems if you don’t have a possibility to purchase expensive and power consuming physical hardware.

The below tutorial presents KVM (QEMU) installation and setup along with Linux Bridge configuration on CentOS7 / RedHat7 operating system.

Steps:

1. Verify CPU Hardware Virtualization support
Our CPU must support hardware virtualization (VT-x) in order to become KVM Hypervisor and host Virtual Machines (guest operating systems):

[root@tuxfixer ~]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    2
Core(s) per socket:    2
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 42
Model name:            Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Stepping:              7
CPU MHz:               800.000
BogoMIPS:              4988.58
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              3072K
NUMA node0 CPU(s):     0-3

2. Disable and stop NetworkManager
NetworkManager is known to cause problems when working with Linux Bridge, so for us it’s better to disable it:

[root@tuxfixer ~]# systemctl stop NetworkManager
[root@tuxfixer ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.

3. Install KVM related packages

[root@tuxfixer ~]# yum install qemu-kvm qemu-img libvirt libvirt-python libvirt-client virt-install virt-viewer virt-manager

4. Launch and enable libvirtd daemon

[root@tuxfixer ~]# systemctl enable libvirtd
[root@tuxfixer ~]# systemctl start libvirtd

5. Set system-wide privileges for KVM
We need to add our regular user tuxfixer to kvm group to let him launch virt-manager

[root@tuxfixer ~]# usermod -a -G kvm tuxfixer

We also need to set polkit (policy kit) rules for KVM.
Edit file 49-polkit-pkla-compat.rules:

[root@tuxfixer ~]# vim /etc/polkit-1/rules.d/49-polkit-pkla-compat.rules

and add the following ath the bottom:

polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" &&
        subject.isInGroup("kvm")) {
            return polkit.Result.YES;
        }
});

6. Create KVM Linux Bridge (bridge KVM hypervisor host network interface with VM network interfaces)
In this tutorial we want Virtual Machines to obtain their IP addresses from the same network where KVM Hypervisor host is connected, that’s why we will bridge it’s main network interface (em1) with VM network interfaces. To do so, we need to create Linux Bridge from em1 interface on KVM Hypervisor host.

Current Hypervisor network configuration (right after KVM installation):

[root@tuxfixer ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether d0:67:e5:33:15:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.3/24 brd 192.168.2.255 scope global dynamic em1
       valid_lft 73193sec preferred_lft 73193sec
    inet6 fe80::d267:e5ff:fe33:153f/64 scope link 
       valid_lft forever preferred_lft forever
3: wlp3s0:  mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:24:d7:f4:dc:e8 brd ff:ff:ff:ff:ff:ff
4: virbr0:  mtu 1500 qdisc noqueue state DOWN 
    link/ether 52:54:00:b7:22:b3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
    link/ether 52:54:00:b7:22:b3 brd ff:ff:ff:ff:ff:ff

ifcfg-em1 config file (before KVM Linux Bridge creation):

[root@tuxfixer ~]# cat /etc/sysconfig/network-scripts/ifcfg-em1 
DEVICE="em1"
TYPE="Ethernet"
BOOTPROTO="none"
NAME="em1"
ONBOOT="yes"
HWADDR="D0:67:E5:33:15:3F"
IPADDR=192.168.2.3
PREFIX=24
GATEWAY=192.168.2.1
PEERDNS="no"
NM_CONTROLLED="no"

For KVM networking configuration we will use virt-manager application which is a user-friendly GUI frontend for KVM command line interface.

Note: virbr0 interface was created automatically along with KVM installation and represents virtual network existing “inside” KVM environment with NAT (Network Address Translation) enabled.

Since we don’t need NAT inside KVM environment (we want to bridge Hypervisor interface), we can remove existing KVM virtual network based on virbr0 interface.

Launch virt-manager as root:

[root@tuxfixer ~]# virt-manager

virt-manager window should appear:

virt-manager install kvm on centos 7

Right click: QEMU/KVM -> Details -> Virtual Networks -> Disable network: “default” -> Delete network: “default” based on virbr0

kvm virtual network centos 7

Now we can bridge KVM Hypervisor interface (em1):

Right click: QEMU/KVM -> Details -> Network Interfaces -> Add Interface:

Interface type: Bridge
Interface name: br-em1
Start mode: on boot
Activate now: enabled
IP settings: copy configuration from ’em1′
Bridge settings: STP on, delay 0.00 sec

kvm centos 7 rhel 7 bridge interface
… press Finish to override the existing configuration and create KVM Linux Bridge.

Now we can verify newly created Linux Bridge (br-em1):

centos 7 rhel 7 linux bridge configuration

Check current IP configuration (IP is now assigned to br-em1 and em1 acts now as backend interface only):

[root@tuxfixer ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1:  mtu 1500 qdisc pfifo_fast master br-em1 state UP qlen 1000
    link/ether d0:67:e5:33:15:3f brd ff:ff:ff:ff:ff:ff
3: wlp3s0:  mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:24:d7:f4:dc:e8 brd ff:ff:ff:ff:ff:ff
6: br-em1:  mtu 1500 qdisc noqueue state UP 
    link/ether d0:67:e5:33:15:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.3/24 brd 192.168.2.255 scope global br-em1
       valid_lft forever preferred_lft forever
    inet6 fe80::d267:e5ff:fe33:153f/64 scope link 
       valid_lft forever preferred_lft forever

Verify Linux Bridge configuration:

[root@tuxfixer ~]# brctl show
bridge name	bridge id		   STP enabled interfaces
br-em1		8000.d067e533153f  yes		   em1

KVM Linux Bridge is now configured and we can proceed with Virtual Machines installation.


16 thoughts on “Install and Configure KVM (Bridge Net Interface) on CentOS 7 / RHEL 7

  1. jan August 22, 2016 at 18:25

    cool article

  2. JJ September 23, 2017 at 23:51

    WTF all network down – fucking | when finished added new – rewrite existing and down + lose ifcfg-* file WTF

    • Grzegorz Juszczak October 10, 2017 at 21:46

      I encountered such situation once on Debian, anyway on CentOS/RHEL it never happened to me, looks like you need to recreate it manualy.

  3. jliou October 16, 2017 at 06:21

    Best KVM on CentOS 7 installation article so far and I have checked at least three to four articles, including one posted by Dell engineer since I’m using Dell PowerEdge T110 as host.

  4. lemwish December 10, 2017 at 04:27

    Its taken 5 months to land on this gem. Thank you

  5. Dan December 29, 2017 at 15:51

    When the bridge is configured is the regular network interface for the host become unusable?

    • Grzegorz Juszczak January 2, 2018 at 12:23

      Hi Dan
      The regular interface acts only as backend device for the bridge, but should be enabled all the time. IP is transferred from this interface to the bridge, but the interface is still working, you can even capture packets from this device using tcpdump/Wireshark.

  6. derek January 4, 2018 at 23:11

    Perfect b/c it’s right to the point. duckcuckgo sent me here btw!

  7. Syafril Hermansyah January 18, 2018 at 00:10

    Awesome article, working great for multi bridge.
    Thank you very much Grzegorz Juszczak.
    +1

  8. jack August 2, 2018 at 03:46

    Thank you so much, this article has been brilliant!! Finally it works pretty good.

  9. francis September 20, 2018 at 14:13

    now that the host network has no ip, if I want to ssh into the host machine how do I do that

    • Grzegorz Juszczak September 20, 2018 at 22:16

      After moving the IP address from backend interface to the bridge, you just connect to the bridge via SSH, IP address in fact doesn’t change.

  10. Luander September 26, 2018 at 15:03

    Nice article. For me it works until I reboot the host machine. Is this configuration persistent? If not, how to make it survive a reboot?

    • Grzegorz Juszczak September 29, 2018 at 21:55

      Hi Launder
      This configuration is definitely persistent after reboot. There is no magic here, it’s simple Linux bridge.

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.