KVM Installation on Ubuntu


To quote the Ubuntu server documentation: "The default virtualization technology supported in Ubuntu is KVM". Unlike ESX or Xen that replace the host OS and run directly on the hardware, this is software that runs inside a normal Linux system. This is mostly useful if you have a desktop in front of you or have a process that must run natively on the hardware,  but also want to run some server VMs in the background (as KVM lends itself better to this than VirtualBox).

To make use of it, we'll use the command line to: 
  • Prepare the host
    • CPU
    • Network
    • Firewall
  • Install the software



We make the assumption that any modern system has the hardware virtualization extensions that KVM needs. Make sure it's enabled in BIOS with this command;

If that fails and you can't enable,  you should evaluate which VM solution runs best without acceleration.


Do not use a btrfs filesystem for the images if you can avoid it. Performance is terrible. 


We will setup a tap device that allows the VMs to directly access the real network (desirable when running VM servers). To do this we will:
  • Create a bridge interface
  • Disable Network Manager (optional)
  • Disable packet filtering for the bridged interface
  • Allow access to the virtual console
Though check out the virsh command to do this automatically and the full docs for libvirt. If you've installed libvirt already,  you'll see a virbr0 interface. That's for NAT'd VMs and different from what we're doing here.

Creating a Bridge Interface
You'll need to manually configure your interfaces. Enumerate your interfaces with ifconfig and make it look like this, using em1/eth0/etc as your primary interface is labeled. For non-DHCP, refer to the docs.

sudo apt-get install bridge-utils

sudo vim /etc/network/interfaces

auto lo
iface lo inet loopback

# omit this block if you're keeping network manager
auto eth0
iface eth0 inet manual

auto br0
iface br0 inet dhcp
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0

Disable Network Manager
You usually only find this on a desktop variant of Ubuntu. Purportedly, if you manually configure an interface it will respect that, but you may prefer to disable it so there's no question.

echo "manual" | sudo tee /etc/init/network-manager.override

sudo service networking restart

Now, when you issue an ifconfig command you will see that there is a new br0 interface that has your IP address, and eth0 has none. You will also notice a virbr0 interface. This is the non-bridged interface added by libvirt  by default.

Disable Filtering
You must configure your Host's firewall (iptables/ufw) to allow the VMs to communicate. For performance and security reasons, you should let the VMs filter their own network traffic and disabling netfilter on the bridged device. It will remain active on your host's interface (usually eth0).

sudo vim /etc/sysctl.conf

# At the bottom, add this disable netfilter on the bridge
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

sudo sysctl -p /etc/sysctl.conf

Ubuntu also uses /etc/ufw/sysctl.conf but  this did not require modification in my testing on 13.10


Your VMs have virtual consoles that you can connect to. These are available on the Host (not the vm) and you must allow access to them. When using ufw, you would create an app profile and allow access as below. You probably want to expand the port range to handle multiple consoles.

sudo vim /etc/ufw/applications.d/kvm-console

title=KVM Console
description=Allows access to the KVM VM console via a VNC connection

sudo ufw allow from xxx.xxx.xxx.0/24 to any app kvm-console


The installation of the required software (for use at the command line) is:

sudo apt-get install qemu-kvm libvirt-bin 

You also need to add your user to a group and re-login

sudo adduser `id -un` libvirtd
(and back in)


You're done! Now you can create a VM and manage it.



Old Notes

(Not sure if this is still needed)

You'll also need to grant the qemu user the right to use this new interface. I didn't test this to see if this is still required per the bug listed in the doc

sudo setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64