projects
asked on
Install KVM on a live Centos7 server?
Centos7
I have a server which is already set up, being used as a web server mainly.
The original plan was to set it up as a KVM host but I didn't have time so simply set up the web sites and off it went.
Now I need to get back to this and figure out if I can still add KVM on it but everything I read talks about first using iptables instead of firewalld and how iptables has to be set up to allow the virtual routing.
I don't want to mess with the server because it's running live sites but I still need to get it to host vms.
It's just a server so I'm assuming I can still turn it into a vm host but need to know the steps so I don't take it down while I'm doing the changes.
Last part of the question is... can ESXi vms be converted to be hosted on Centos7 KVM? Most of them which are important are all Centos based, a new Debian vms.
I have a server which is already set up, being used as a web server mainly.
The original plan was to set it up as a KVM host but I didn't have time so simply set up the web sites and off it went.
Now I need to get back to this and figure out if I can still add KVM on it but everything I read talks about first using iptables instead of firewalld and how iptables has to be set up to allow the virtual routing.
I don't want to mess with the server because it's running live sites but I still need to get it to host vms.
It's just a server so I'm assuming I can still turn it into a vm host but need to know the steps so I don't take it down while I'm doing the changes.
Last part of the question is... can ESXi vms be converted to be hosted on Centos7 KVM? Most of them which are important are all Centos based, a new Debian vms.
ASKER
The reason I would prefer using firewalld is because at some point, iptables will no longer be supported. If that is years away, then it's not an issue.
For the live server part, only one is critical so I could do it at night. How long could the network change take anyhow, moments?
For the live server part, only one is critical so I could do it at night. How long could the network change take anyhow, moments?
Sorry for the late answer, couldn't keep my eyes open last night.
Firewalld still uses iptables underneath, so don't expect iptables to go anywhere anytime soon, so if you feel more comfortable with iptables there's no reason to switch to firewalld except for learning to use it maybe.
The thing is, you're going to create a bridge of your server's nic as wel as enable ip forwarding, this is not such a big deal if your server is on the LAN, but can be a security risk if your server is directly connected to the Internet. You have to make sure that your iptables are properly configured.
Regarding the bridge, you will only do that if you want your VM's to be available on the LAN, if you want them to stay into their own private network (92.168.122.0) then there's no need for the bridge.
But,, if you're going to use a bridge, how will this impact your webserver, which is reachable from the Internet I assume? Do you have an extra nic maybe?
It might take a few minutes, half an hour maybe, to configure everything for the networking, not counting the iptables config.
Firewalld still uses iptables underneath, so don't expect iptables to go anywhere anytime soon, so if you feel more comfortable with iptables there's no reason to switch to firewalld except for learning to use it maybe.
The thing is, you're going to create a bridge of your server's nic as wel as enable ip forwarding, this is not such a big deal if your server is on the LAN, but can be a security risk if your server is directly connected to the Internet. You have to make sure that your iptables are properly configured.
Regarding the bridge, you will only do that if you want your VM's to be available on the LAN, if you want them to stay into their own private network (92.168.122.0) then there's no need for the bridge.
But,, if you're going to use a bridge, how will this impact your webserver, which is reachable from the Internet I assume? Do you have an extra nic maybe?
It might take a few minutes, half an hour maybe, to configure everything for the networking, not counting the iptables config.
ASKER
This particular server is in a data center on a public IP.
It has two NICs, one which is on the LAN to access the server via IP KVM in case of problems and the other is for the public IP along with additional aliased public IPs.
>Regarding the bridge, you will only do that if you want your VM's to be available on the LAN,
>if you want them to stay into their own private network (92.168.122.0) then there's no need
>for the bridge.
I'm a little confused about this comment. If the vms have two virtual NICs, could they not talk to each other anyhow since they are all on the same host?
In reality, there isn't much need for the vms to communicate together using LAN, they could simply use their WAN IPs if really needed.
However, the part that is still not clear to me on this is how it all comes together.
Does the host Centos7 server become the firewall for the vms or do the vms exist as stand alone, needing public IPs no matter?
I thought I could create as many vms as I want (available resources of course) on the host, then public connections hit the host, which in turn uses NAT to reach the vms. Basically, in the same way as any network with a firewall in front of the LAN.
It has two NICs, one which is on the LAN to access the server via IP KVM in case of problems and the other is for the public IP along with additional aliased public IPs.
>Regarding the bridge, you will only do that if you want your VM's to be available on the LAN,
>if you want them to stay into their own private network (92.168.122.0) then there's no need
>for the bridge.
I'm a little confused about this comment. If the vms have two virtual NICs, could they not talk to each other anyhow since they are all on the same host?
In reality, there isn't much need for the vms to communicate together using LAN, they could simply use their WAN IPs if really needed.
However, the part that is still not clear to me on this is how it all comes together.
Does the host Centos7 server become the firewall for the vms or do the vms exist as stand alone, needing public IPs no matter?
I thought I could create as many vms as I want (available resources of course) on the host, then public connections hit the host, which in turn uses NAT to reach the vms. Basically, in the same way as any network with a firewall in front of the LAN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If this were a lab situation I'd say go for it, but on a production system that needs to stay live...
For the last part, yes you can convert vmdk files, the disks from the VMware VMs, with qemu-img.