Having your own, separate environment to test configurations and scenarios is valuable. Doesn’t matter if you’re working with a product commercially and want to avoid breaking production by testing some change (a wise man once said, Everybody has a testing environment. Some people are lucky enough enough to have a totally separate environment to run production in. ) or you’re just a hobbyist that likes to tinker with things, the ability to simply scrap everything and start over without any repercussions is a blessing.
Since no one uses Windows anymore (obviously!) and some want to learn different hypervisors (No VirtualBox shaming, please! We’ve all been there), I’m going to base my lab on KVM, LibVirt and manage it with Virt-Manager. I really like the ease of managing networks and hosts it provides, but to be perfectly honest, I also haven’t used anything else in quite a while (except some ESXi from time to time). Just trying to be comfortable, you know?
For all the folks running Windows:
Despite the obvious joke I made just a second ago, you will be fine running any hypervisor that’s capable of handling virtual networking. As long as you can create isolated networks that will connect some of our VMs, you’re good to go
Some of the scenarios here will involve multiple VMs running CheckPoint R77.30 (it’s much lighter than everything from R80.x line), therefore I recommend to make sure your PC (host) will be able to handle at least 2-3 R77.30 VMs, as well as a single W10 virtual machine (if your host is running Linux. If you use Windows, it’s not needed as you can use the CheckPoint’s management software straight from your host).
- OS: Ubuntu 18.04
- CPU: i7 4790k
- Memory: 16GB
- Storage: 1TB 7200RPM HDD, 256GB SSD
- OS: Ubuntu 18.04
- CPU: i5 8250u
- Memory: 16GB
- Storage: 256GB SSD
To install the hypervisor, along with all the goodies, run:
sudo apt install qemu qemu-kvm libvirt-bin bridge-utils virt-manager
Once that’s done, sign out and sign in again. This is needed because once you install above packages, your user (in my case, it’s strelok) is automatically added to a libvirt group. Members of that group are allowed to make deploy, remove or edit machines through libvirt. This basically means, virt-manager, that’s essentially a front-end for libvirt will allow you to do whatever you like with your VMs.
Once everything is done, you should be able to open virt-manager and see something like this (except VMs I already deployed):
(Optional) Add storage pools
Storage pools provide a quick and organized way of accessing ISOs and storing VMs. To add storage pool, go to Edit -> Connection Details:
Then, in Storage tab, add new storage pool by clicking on the “plus” button:
Now, a new window called Add a New Storage Pool should open. Name it, for example, TecDenISOs and select dir: Filesystem Directory as type:
Press Forward. In the next step you will be asked to select location of the directory where all the ISOs will be kept. Click on “Browse” and simply select a directory you wish to use as a pool. I’d advise on selecting a directory where only ISOs will be stored as the storage view might get quickly obstructed by unnecessary elements (like pictures, for example). After you point it at a directory, press Finish. That’s it!
Repeat that step to add another pool, for example, TecDenVMs and point it at a directory where VM images will be kept.
If you get an error about insufficient permissions when you try to create a storage inside one of your pools, this means the libvirt-qemu user doesn’t have permission to see contents of a directory. You can either change the directory permissions to something like 775 (so “others” can view and execute contents) by running this:
chmod 755 -R /directory/you/want/to/use/as/storage/pool
Or you can set ACL to allow libvirt-qemu user read and execute access to directory:
sudo setfacl -m u:libvirt-qemu:rx /directory/you/want/to/use/as/storage/pool
Above solution was based on this GitHub comment
If you got your hypervisor up and running, why not grab some ISOs that we will need in my next post?
R77.30: You can download it here
[Optional for Linux users] Windows 10: Get it from Microsoft’s site here