Skip to content

Installing a AlmaLinux 9 hypervisor

curl https://install.virtfusion.net/install-hypervisor-kvm-rhel-9.sh | sh -s -- --verbose
If the curl command is missing, install it using:dnf install curl -y

Once the installer has completed, you may add it to the control server.

installer

Network setup

VirtFusion supports MacVTap, Bridge, Libvirt routed and Libvirt networking.

MacVTap is the default networking used by VirtFusion since v1.7.2 and does not require further network setup, however, if you need the ability to filter traffic (IP Spoofing) you should use a bridge or routed network.

MacVTap networking

MacVTap is a device driver meant to simplify virtualized bridged networking. It replaces the combination of the tun/tap and bridge drivers with a single module based on the macvlan device driver.

This option has a limitation that you cannot filter traffic and you will lose IP Anti-Hijacking functionality.

No configuration required.

Standard bridge networking (Network Manager)

NetworkManager information is incomplete and should be used as reference only.

Get the main interface name:

nmcli con show --active

We will use eth0 and the main interface name.

nmcli con mod eth0 ipv4.gateway ""
nmcli con mod eth0 ipv4.address ""

nmcli conn add type bridge con-name br0 ifname br0
nmcli conn mod br0 ipv4.addresses 'xxx.xxx.xxx.xxx/24'
nmcli conn mod br0 ipv4.gateway 'xxx.xxx.xxx.xxx'
nmcli conn mod br0 ipv4.dns '8.8.8.8'
nmcli con mod br0 ipv4.method manual

nmcli conn add type ethernet slave-type bridge con-name bridge-br0 ifname eth0 master br0

Standard bridge networking (network-scripts)

On RHEL a standard /etc/sysconfig/network-scripts/ifcfg-eth0 file will look similar to this.

TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="xxx.xxx.xxx.xxx"
GATEWAY="xxx.xxx.xxx.xxx"
NETMASK="255.255.255.0"
DNS1="8.8.8.8"
IPV6_PRIVACY="no"

Make a copy of the original file.

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/ifcfg-eth0

Create a new file for the bridge.

vi /etc/sysconfig/network-scripts/ifcfg-br0

And copy the networking parts from /etc/sysconfig/network-scripts/ifcfg-eth0 to /etc/sysconfig/network-scripts/ifcfg-br0.

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.255.0
GATEWAY=xxx.xxx.xxx.xxx

Next, remove the networking parts from /etc/sysconfig/network-scripts/ifcfg-eth0.

BRIDGE=br0
TYPE="Ethernet"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
DNS1="8.8.8.8"
IPV6_PRIVACY="no"

Once the bridge is set up, networking will need to be restarted.

systemctl restart NetworkManager.service

Libvirt routed networking

No modification of the main networking configuration is required.

Network configuration

Defining a Libvirt network is reasonably straightforward and should be low maintenance.

Create a file named network.xml with the following contents.

<network>
    <name>br0</name>
    <forward mode='route' dev="eth0"/>
    <bridge name='br0' stp='on' delay='0'/>
    <ip address='10.0.0.1' netmask='255.255.255.0'/>
    <ip family="ipv6" address="2001:db8:aa::1" prefix="64"/>
</network>
  • If you don't require IPv6 you may remove the family="ipv6" line.
  • Replace eth0 with the device name of the main network.
  • Replace 10.0.0.1 with your own subnet that is to be assigned to the server and the corresponding netmask.
  • If you require IPv6, replace the address with your own subnet and the corresponding prefix.
You may need to install dnsmasq if it's not installed already. You can do so by running dnf -y install dnsmasq.

Define the network, set it to autostart and start it.

virsh net-define --file network.xml
virsh net-autostart br0
virsh net-start br0

Network setup is now complete. You should use the main IP of the hypervisor as the gateway for the defined subnet.

Notes

Although it's not advised, you may install a hypervisor directly on the control server. This allows for a single server setup.