Showing posts with label visudo. Show all posts
Showing posts with label visudo. Show all posts

Feb 4, 2014

KVM with Virt-Manager as a virtualization tool for Linux

I have use several operating system (OS) level virtualization tools like VMware Workstation, VMware Player, Oracle VirtualBox, Microsoft VirtualPC and KVM for many years.

Overall VMware Workstation is the best tool for me. But to use that we need to purchase a license.  As an alternative to VMware Workstation we can use VMware player (a stripdown version of WMware Workstation) for free but only for non-commercial use. Also you can't run multiple guest operating systems concurrently using that.

As an alternative to VMware products most of linux people use Oracle VirtualBox. I had some issues when I try to NAT a virtual instance (guest OS) on Ubuntu 12.10 (host OS) machine. As a solution for this most blogs forums suggest to change the virtual network option into Bridge. But most networks (including my home wifi network) doesn't allow this option because we do MAC address filtering.

Obviously you can not install Microsoft VirtualPC on a Linux host (even with vine). Truly I haven't use Xen, so I can't give any opinions on that.

kernel-based virtual machine (KVM) is another tool that we can use to do OS level virtualization. I will explain how to install KVM and Virt-Manager the graphical user interface which can use to interact with KVM on Ubuntu (Check this to install KVM on CentOS).

Installing KVM and Virt-manager on Ubuntu


Update your repository list
sudo apt-get update
Install packages and dependencies
sudo apt-get install kvm virt-manager
After completing the installation you can search for "Virtual machine Manager" on the search of Ubuntu Unity. Give the sudo password in the popup window.

Or else you can use the following command to start the virt-manager GUI from the terminal.
sudo virt-manager
In the first attempt it will prompt the following user interface. Use the default settings and click on "connect".

KVM Virt-Manager add connection

Installing guest operating system in KVM


Open virt-manager by clicking on the icon from unity search or using command. Then click on the left most icon of the GUI as follows. It will open a wizard to create a new virtual machine.

Create new virtual machine


Give a proper name, that name will appear on the virt-manager virtual machine list.

There are several ways to install an operating system and this tool also support few of them too. Usually we use a boot-able CD/DVD to install an operating system to a new machine/laptop. Also we can directly give the ISO image of an operating system.  Therefore, I will go ahead with the "Local installation media" option and click on "Forward"


In this I'm going to give an Ubuntu 12.04 desktop ISO image. Select the "Use ISO image" option and click on "Browse".


It will open another window which will list down all the image files of your virtual machines. Click on the bottom "Browse Local" button and browse to the ISO image that you need to install. Give the OS type and version in relevant fields. Then continue the wizard.


You can download those ISO images from relevant websites other than Windows.

In this step you need to set the guest machines memory and CPU. As I'm going to install a Ubuntu Desktop with the user interface (UI), I'm going to give 1024 MB of RAM and a single CPU will work for this.


Now we need to set the disk space. It is enough to give 8-10GB of disk space for a virtual (guest) machine.

Specially, remove the default check on the "Allocate entire disk now" option. If you do so, KVM will not allocate full 10GB (or what you set) from your host machines hard disk. It will only use the real data capacity used in the installation and only when you add data to the guest system it will grow. So this save lot of disk space.


In the last step you will get a confirmation page.

Few best practices when using KVM

  • To run virtual machine manager you need sudo permission. So you can create an alias for this.
alias virt-manager='sudo virt-manager'
sudo visudo
  • Add the line with your username
username ALL= NOPASSWD: ALL
  • Try to use text only installations of operating systems. It will reduce resources (RAM/disk space) usage. Most server edition operating systems by default install the text only (run level 3) environment.
  • Use base images
Create some base operating system installations in the system. If you need a virtual machine you can get a clone of the base installation and use. In this figure I have create three base images (virtual machines)
a CentOS, RHEL and a Ubuntu.

Other three machines are clones of a Ubuntu base machine which I used to simulate a Ubuntu base network. After the simulation I can delete those virtual machines with used virtual hard disk (.img file).


Install your favorite commonly used tools like vim/emacs, tree, htop, telnet, git, subversion, oracle JDK, links, debug tools and custom scripts.

Install additional repositories like EPEL, RPMForge,  repos on RedHat base distributions. Puppet repositories on all distributions.

So how to clone a virtual machine? Right click on the virtual machine (should be on power off state) and select "Clone" option. It will give the following window. Give a proper name for that and continue it. It will take few minutes to copy and the time will depend on your base image size.


When you need delete a virtual machine, select and right click on that and select "Delete" option. It will prompt another window as follows. Select the "Delete associated storage files" option and it will enable the list of storages which you need to delete in order to save your disk space. Keep in mind not to delete any iso images if those appear on this list.


Jan 14, 2013

Run a specific command as root without root password

In most Linux/Unix systems users need special privileges to run some command. Specially to stop a service, mount a device likewise. In these scenarios most old Linux/Unix systems used the command 'su -'. But this command requires the root users password. Sharing a root password with other users is not a good practice. Therefore, we need to use some other way to do this task.

'Sudo' command allows non-privileged users to run various commands as a root user without the root password. Root user can specify which user or the user group can run command(s) as root or any other user. Those information will be saved in a configurations file in '/etc/sudoers'. But I strongly advice you not to edit that file directly. Because if there is an error, that will cause a system malfunctioning. The best way to do these changes is to use the 'visudo' command. Though you edit the same file via this command, it will check the syntax before it save those changes to the configurations file permanently.

For an example, think that there is a Linux based proxy server running on your office environment. Normally you do lots of changes upon requests. (It's not a very good practice.) So you want to get the help of a new trainee person to handle the proxy server. But there are few problems. One is you need to restart the proxy service to activate a configuration change. And also you may have some other services running on the same host server. So the server is critical but you need to provide some high level privileges to a non-experienced user.

Now you need to provide some high privileges to the user but only to run some identified commands. According to the example you need to provide privileges to edit the "squid.conf" file, restart the squid service. So you can do this things in many different ways on the "sudoes" file.

Run 'visudo' and go to the line "root  ALL=(ALL) ALL". Add those commands on the next line.

bob squidhost= NOPASSWD: /usr/bin/vim /etc/squid/squid.conf, /sbin/service squid

In the first part you need to set the user name. In this case it's Bob. If you want to set a group you need to add a "%" sign in front of the group name.

Oh the second part you need to specify the hostname.

Then you can add " NOPASSWD: " in between the equal (=) sign and the command to not to ask the password when the user run that command. If you remove that, system will ask user to give the his/her password each time he/she runs a command out of these.

Then you can specify commands that you need to provide to the user. Absolute path is required when specifying commands and configuration files.