Ubuntu KVM guide.txt

Linux Guest Configuration:
	CPU -> [] DO NOT Copy Host CPU configuration
	Disk -> VirtIO
	RAM -> 512 MB
	Network -> VirtIO (20 GB)
	CDROM -> SCSI
	Video -> QXL
	Boot Options ->
			1. VirtIO Disk
			2. SCSI CDROM

Windows Guest Configuration:
	CPU -> Copy Host CPU configuration
	RAM -> 3072 MB
	Disk -> VirtIO (40 GB)
	CDROM -> IDE
	CDROM 2 -> IDE -> VirtIO Drivers ISO
	Network -> VirtIO
	Video -> QXL
	Boot Options ->
			1. VirtIO Disk
			2. SCSI CDROM

WINDOWS: DO NOT FORGET TO ADD "virtio" DRIVERS ISO DOWNLOADABLE FROM HERE:
WINDOWS: LOAD "viostor" DRIVERS! FOR INSTALLATION!
https://fedoraproject.org/wiki/Windows_Virtio_Drivers

WINDOWS: AFTER INSTALLATION, INSTALL QXL GRAPHICS DRIVER FROM HERE:
http://people.redhat.com/~vrozenfe/qxlwddm/

WINDOWS: EDIT "video" RAM SIZE USING "virsh edit <VMNAME>" AND INCREASE IT TO
4 TIMES LARGER THAN VALUES:
<model type='qxl' ram='262144' vram='262144' vgamem='65536' heads='1'/>

GUIDE ON SAMBA: https://www.tecmint.com/setup-samba-file-sharing-for-linux-windows-clients/
=================================================================


# install cpu-checker, we check if we can safely use kvm
sudo apt-get install cpu-checker

# check if kvm can be used
kvm-ok

# install libvirt and qemu
sudo apt-get install qemu-kvm libvirt-bin

# add users to groups
sudo adduser arcana libvirtd
sudo adduser arcana libvirt
sudo adduser root libvirtd
sudo adduser root libvirt

# reboot
reboot

# install more libvirt tools
sudo apt install virtinst virt-viewer virt-manager

# change default networking configuration to allow static ip ranges
virsh net-edit default
> <range start='192.168.122.100' end='192.168.122.254'/>

# set domain name to "arcana.me"
# add bellow line below <mac address ....
virsh net-edit default
> <domain name="arcana.me"/>

# restart network
virsh net-destroy default
virsh net-start default

# add nested virtualization support
sudo vim /etc/modprobe.d/qemu-system-x86.conf
................
options kvm_intel nested=1
................
sudo vim /etc/modprobe.d/kvm_intel.conf
................
options kvm_intel nested=1
................

===================================================================

# increase size of image
qemu-img resize /var/lib/libvirt/images/web.qcow2 +2G

# stop kvm temporarily
sudo lsmod | grep kvm
sudo rmmod kvm_intel
sudo rmmod kvm

http://people.redhat.com/~vrozenfe/qxlwddm/
https://fedoraproject.org/wiki/Windows_Virtio_Drivers

## ENABLE SHARED FOLDER SUPPORT (view guide below)

=====================================================================

# view running instances
virsh list

# view all instances
virsh list --all

# view all configuration of instance
virsh dumpxml <NAME>

# list qemu instances
sudo ps aux | grep qemu

# allow for shared cloning
Base Machine -> Details -> Disk -> Shareable

# edit network
virsh net-edit default

# restart network
virsh net-destroy default
virsh net-start default

# export VM
virsh dumpxml > export.xml

# import VM
# remember that disks should exist
# so copy them!
virsh define export.xml

###### assign static ip address
virsh net-update default add ip-dhcp-host \
          "<host mac='52:54:00:00:00:01' name='bob' ip='192.168.122.45' />" \
          --live --config

###### remove static ip address
virsh net-update default delete ip-dhcp-host \
      '<host mac="52:54:00:6f:78:f3" ip="192.168.122.222"/>' \
      --live --config --parent-index

################ ENABLE SHARED FOLDER #############################

# first set user/group of qemu instances to local user
sudo vim /etc/libvirt/qemu.conf
> user = "arcana"
> group = "arcana"

# now restart libvirt
sudo systemctl restart libvirtd.service libvirt-guests.service libvirt-bin.service

### create a new filesystem device in virt-manager
# Driver -> Default
# Mode -> Mapped
# Source Path -> /
# Target path -> share

## MAP IN GUEST
sudo mkdir -p /share
sudo mount -t 9p -o trans=virtio,version=9p2000.L,rw share /share
##

## MAP IN GUEST USING FSTAB
# first create directory
sudo mkdir -p /share

# add modules to initramfs
sudo vi /etc/initramfs-tools/modules
> 9p
> 9pnet
> 9pnet_virtio

# regenerate initramfs
sudo update-initramfs -u

# add entry to fstab
sudo vim /etc/fstab
> share	/share	9p	trans=virtio,version=9p2000.L,rw	0	0
########################################################################

########################################################################
########################################################################
########################################################################
################ CREATE SAMBA SERVER #############################

## clone a machine (ubuntu 16.04 xenial)
Linux Guest Configuration:
	CPU -> Copy Host CPU configuration
	Name -> samba-server
	Memory -> 512 MB
	Disk -> VirtIO (20 GB)
	Network -> VirtIO
	CDROM -> SCSI
	Video -> QXL
	Boot Options ->
			1. VirtIO Disk
			2. SCSI CDROM
	Add Hardware -> Filesystem ->
					Driver -> Default
					Mode -> Mapped
					Source Path -> /
					Target path -> share

# assign static ip address
virsh net-update default add ip-dhcp-host \
          "<host mac='52:54:00:4b:56:5d' name='samba-server.arcana.me' ip='192.168.122.2' />" \
          --live --config

####### GO TO GUEST CONSOLE

# first update system
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

# reboot
sudo reboot

# install some tools
sudo apt-get autoremove
sudo apt-get install vim nano screen htop psmisc dnsutils wget \
			xz-utils openssh-server ufw mlocate \
			uuid-runtime tcpdump man-db \
			traceroute w3m bridge-utils iputils-arping \
			dnsmasq git rar unrar

# configure firewall
sudo systemctl enable ufw
sudo systemctl restart ufw
sudo ufw enable

# configure ssh
sudo vim /etc/ssh/sshd_config
...
Port 2122
PermitRootLogin no
...
sudo ufw reload
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2122/tcp
sudo ufw reload
sudo systemctl enable sshd
sudo systemctl restart sshd

######## SSH INTO SAMBA SERVER!

# update mlocate
sudo updatedb

# set default editor to vim
sudo update-alternatives --config editor

# set hostname
sudo hostnamectl set-hostname samba-server
sudo vim /etc/hosts
> 127.0.0.1 samba-server

# reboot
sudo reboot

######### Enable shared folder
---> follow guide on above

# install samba server
sudo apt-get install samba samba-common python-glade2 
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.org

# create shared folder configuration
sudo vim /etc/samba/smb.conf
.....
[general]
       map to guest = bad user

[Public]
       comment = Public
       path = /share
       browsable = yes
       writable = yes
       guest ok = yes
       read only = no
       force user = arcana
       force group = arcana
.....

# enable and restart samba service
sudo systemctl restart smbd
sudo systemctl enable smbd

# allow ports through firewall
sudo ufw reload
sudo ufw allow 139/tcp
sudo ufw allow 445/tcp
sudo ufw reload


################ ENABLE GPU PASSTHROUGH (nvidia) #############################
###### REMEMBER TO HAVE 2 HDMI CARDS: ONE FOR "intel"
###### WHICH WILL BE USED ON LINUX DESKTOP
###### ONE CONNECTED TO GPU WHICH WILL BE PASSED THROUGH
###### TO WINDOWS VM.
# guide: https://scottlinux.com/2016/08/28/gpu-passthrough-with-kvm-and-debian-linux/
# guide: https://www.pugetsystems.com/labs/articles/Multiheaded-NVIDIA-Gaming-using-Ubuntu-14-04-KVM-585/
# guide: https://bbs.archlinux.org/viewtopic.php?id=162768
# guide: https://ycnrg.org/vga-passthrough-with-ovmf-vfio/

# add iommu support to GRUB_CMDLINE_LINUX_DEFAULT
# for intel: intel_iommu=on
# for amd: amd_iommu=on
sudo nano -w /etc/default/grub
....................................
GRUB_CMDLINE_LINUX_DEFAULT+="intel_iommu=on vfio_iommu_type1.allow_unsafe_interrupts=1 nogpumanager modprobe.blacklist=nouveau,radeon,amdgpu,nvidia,nvidia_drm,nvidia_uvm,nvidia_modeset blacklist=nouveau,radeon,amdgpu,nvidia,nvidia_drm,nvidia_uvm,nvidia_modeset nomodeset"
GRUB_CMDLINE_LINUX+="intel_iommu=on vfio_iommu_type1.allow_unsafe_interrupts=1 nogpumanager modprobe.blacklist=nouveau,radeon,amdgpu,nvidia,nvidia_drm,nvidia_uvm,nvidia_modeset blacklist=nouveau,radeon,amdgpu,nvidia,nvidia_drm,nvidia_uvm,nvidia_modeset nomodeset"
GRUB_GFXMODE=1920x1080
GRUB_GFXPAYLOAD_LINUX=keep
....................................

# regenerate grub.cfg
sudo grub-mkconfig -o /boot/grub/grub.cfg

# blacklist nvidia driver
sudo nano -w /etc/modprobe.d/blacklist.conf
....................................
# used for KVM passthrough
blacklist nouveau
blacklist radeon
blacklist amdgpu
blacklist nvidia
blacklist nvidia_drm
blacklist nvidia_uvm
blacklist nvidia_modeset

remove nvidia rmmod nvidia_uvm nvidia_drm nvidia_modeset nvidia

install nouveau /bin/false
install radeon /bin/false
install amdgpu /bin/false
install nvidia /bin/false
install nvidia_drm /bin/false
install nvidia_uvm /bin/false
install nvidia_modeset /bin/false
....................................

# comment nvidia drivers
sudo vim /etc/modprobe.d/nvidia-graphics-drivers.conf
....................................
# {comment all lines}
....................................

# load some necessary drivers
sudo nano -w /etc/modules
....................................
pci_stub
vfio
vfio_iommu_type1
vfio_pci
kvm
kvm_intel 
vfio_virqfd
....................................

# get device ids (inside bracets []) from lscpi
lspci -nn | grep NV
######## SAMPLE OUTPUT:
## 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GK104 [GeForce GTX 660 Ti] [10de:1183] (rev a1)
## 01:00.1 Audio device [0403]: NVIDIA Corporation GK104 HDMI Audio Controller [10de:0e0a] (rev a1)
##
## in this case we are interested in [10de:1183] and [10de:0e0a]
########

# blacklist nvidia drivers using pci stub
sudo nano -w /etc/initramfs-tools/modules 
....................................
pci_stub ids=10de:1183,10de:0e0a
....................................

#####################################################################################
# restore drivers using:
# sudo cp -rfv /home/arcana/nvidia-backup/$(uname -r)/* /lib/modules/$(uname -r)/updates/dkms/
#####################################################################################
# verify where nvidia kernel modules are located
ll /lib/modules/$(uname -r)/updates/dkms/

# backup nvidia drivers
mkdir -p ~/nvidia-backup/$(uname -r)
cp -rfv /lib/modules/$(uname -r)/updates/dkms/nvidia* ~/nvidia-backup/$(uname -r)/

# remove nvidia drivers
sudo rm -rfv /lib/modules/$(uname -r)/updates/dkms/nvidia*
#####################################################################################

# regenerate initramfs
sudo update-initramfs -u

#####################################################################################
# verify initramfs no longer contains nvidia drivers
lsinitramfs /boot/initrd.img-$(uname -r) | grep nv
#####################################################################################

# also add pci stubs to bootloader
sudo nano -w /etc/default/grub
....................................
GRUB_CMDLINE_LINUX_DEFAULT+="pci-stub.ids=10de:1183,10de:0e0a"
GRUB_CMDLINE_LINUX+="pci-stub.ids=10de:1183,10de:0e0a"
....................................

# regenerate grub.cfg
sudo grub-mkconfig -o /boot/grub/grub.cfg

# disable nvidia services
sudo systemctl disable nvidia-persistenced.service 
sudo systemctl disable nvidia-prime.service
sudo systemctl mask nvidia-persistenced.service 
sudo systemctl mask nvidia-prime.service
sudo systemctl stop nvidia-persistenced.service 
sudo systemctl stop nvidia-prime.service
sudo systemctl disable gpu-manager.service
sudo systemctl stop gpu-manager.service

# edit xorg.conf
sudo vim /etc/X11/xorg.conf
....................................
# change {Inactive "intel"} to {Inactive "nvidia"}
# change {Screen 0 "nvidia"} to {Screen 0 "intel"}
# comment all "nvidia" stuff
....................................

# set primary display to intel
sudo prime-select intel

# reboot system
sudo reboot

# change primary display in BIOS
# mine is "Asys Z87 Pro"
Advanced -> System Agent Configuration ->
	Graphics Configuration -> Primary Display -> iGPU

# verify nvidia is not loaded
sudo lsmod | grep nvidia

# check if IOMMU is enabled
dmesg | grep -e DMAR -e IOMMU

# check iommu groups
ll /sys/kernel/iommu_groups/

# check devices claimed by stub
dmesg | grep stub

# add pci ids to vfio.conf
sudo nano -w /etc/modprobe.d/vfio.conf
....................................
options vfio-pci ids=10de:1183,10de:0e0a
....................................

# regenerate initramfs
sudo update-initramfs -u

# enable OVMF support
sudo nano -w /etc/libvirt/qemu.conf
....................................
nvram = [    "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd"
]

user = "root"

group = "root"
....................................

# reboot system
sudo reboot