We’ve been building out a new development environment at work – virtualised using KVM, and managed with Chef and MCollective. It has made it so easy to try out new things that I found myself wishing I had the same facilities for my own projects.
An article on Hacker News had me taking another look at Hetzner, which was followed a few days later by an order for a dedicated server with a quad-core i7, 32GB memory, and a pair of 3TB SATA disks. Hetzner gets mixed reviews, but the negatives weren’t enough to put me off – the prices are good, and I’m not planning to host any critical services. I’ll try not to complain when I get what I pay for.
The rest of this post describes the initial configuration of the server for use as a KVM host.
Hetzner’s default partitioning is a little questionable – with
mirrored 3TB disks, I was given a system with a 1TB root and 1.7TB
/home. Fortunately, this is easy to customise using
after booting into the Hetzner rescue image.
The following installimage configuration allocates most of the space to LVM, and creates a 10GB volume for the root filesystem. Ubuntu 11.10 is the most recent version currently supported by Hetzner.
1 2 3 4 5 6 7 8 9 10 11
Upon booting into the newly provisioned machine, I found that the firewall wasn’t enabled. That is easily fixed:
I then used
do-release-upgrade to bring the system up to 12.04.
Creating a NAT network
Although libvirt can be used to manage a NAT network for guests (and does this out of the box), its simplicity comes at a cost. I want to create a VPN that gives my workstation an address on the same network as the guests, and that requires custom iptables rules. I couldn’t figure out a clean way of doing this with libvirt managing the interface, so I set it up manually instead.
Define a detached bridge by appending to /etc/network/interfaces:
1 2 3 4 5 6 7
Install brctl, and bring it up.
1 2 3 4 5
Enabling IP masquerading (NAT)
To complete the setup of our new network, we need enable IP forwarding and configure the firewall. I followed the instructions in the Ubuntu firewall documentation and they worked as written.
At this point, we have Ubuntu 12.04 installed under LVM, with a
manually created network ready for use by our VMs and VPN. In the
next post, we’ll configure a VPN and confirm that the
works as intended.