Fedora 26 KVM HTML5 Remote Access with Web-Console via Kimchi – Part 1

This is the first part of a two-part series.

>>> Part 1  (Server Prep – Setting up the server) <<<
Part 2  (Kimchi Set-up – Getting things going)

I created this guide because there is not any real info out there on how to do this.  It took me a while to figure out how to go from a fresh Fedora 26 install to a working hypervisor with full remote manageability using a web browser that also has a web-based console for the VMs.  The official instructions don’t work and will not get you going at all.  There is too much that is left out.  Other information is either too old to be relevant or just doesn’t work.

As said above, this guide will show you how to go from a clean or fresh Fedora 26 install to a working hypervisor using KVM / qemu that you can remotely manage from anywhere via HTML5 using your web browser.  This also gives you the ability to manage your virtual machines via a web-based console.

Server Prep

Host Recommendation:  I recommend using Fedora 26 Server Edition using the Netinst .iso.

After you install the host OS, start at first boot following these steps:

  1. NetworkManager needs to go, or some things will not work later:
    systemctl stop NetworkManager.service
    systemctl disable NetworkManager.service
    systemctl enable network.service
    reboot now
  2. Installs the ability to use ‘semanage’. I couldn’t figure out how to get WOK accessible remotely without this:
    dnf install policycoreutils-python-utils
  3. Installs more Cockpit stuff; the built-in install is too minimal:
    dnf install cockpit
  4. Make sure everything is up to date. If you used Netinst, it probably is:
    dnf upgrade
  5. You need a place to store your virtual machine data if you haven’t set it up during OS installation.
    1. In Cockpit, create a new logical volume, as the DATA drive.
      1. Mount Point: /DATA
      2. Mount Options: auto
  6. Set up ports and access:
    firewall-cmd --add-port=8000/tcp --permanent
    firewall-cmd --add-port=8001/tcp --permanent
    firewall-cmd --add-port=8010/tcp --permanent
    firewall-cmd --add-port=64667/tcp --permanent
    firewall-cmd --reload
    semanage permissive -a httpd_t
    semanage port -a -t http_port_t -p tcp 8001
    semanage port -a -t http_port_t -p tcp 8010
    semanage port -a -t http_port_t -p tcp 64667

  7. WOK says some prereqs require the RHEL epel repo:
    wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  8. Install and update the epel repo, then remove the install file:
    dnf install epel-release-latest-7.noarch.rpm
    dnf update
    rm epel-release-latest-7.noarch.rpm
  9. Install prereqs for WOK:
    dnf install gcc make autoconf automake gettext-devel git rpm-build libxslt python-cherrypy python-cheetah PyPAM m2crypto python-jsonschema python-psutil python-ldap python-lxml nginx openssl python-websockify fontawesome-fonts logrotate python-ordereddict
  10. Download WOK, Ginger-base, Ginger, and Kimchi:
    wget http://kimchi-project.github.io/wok/downloads/latest/wok.fedora.noarch.rpm
    wget http://kimchi-project.github.io/gingerbase/downloads/latest/ginger-base.fedora.noarch.rpm
    wget http://kimchi-project.github.io/ginger/downloads/latest/ginger.fedora.noarch.rpm
    wget http://kimchi-project.github.io/kimchi/downloads/latest/kimchi.fedora.noarch.rpm
  11. Install WOK, Ginger-base, Ginger, and Kimchi, then remove the install files:
    dnf install wok.fedora.noarch.rpm ginger-base.fedora.noarch.rpm ginger.fedora.noarch.rpm kimchi.fedora.noarch.rpm
    rm wok.fedora.noarch.rpm ginger-base.fedora.noarch.rpm ginger.fedora.noarch.rpm kimchi.fedora.noarch.rpm
  12. Specify user and group for QEMU processes to be root by uncommenting the following lines below. I couldn’t get things running right without doing this:
    1. user = “root”
    2. group = “root”
    3. In the following file:
      nano /etc/libvirt/qemu.conf

  13. Reboot
    reboot now
  14. Now you should be able to remotely access your server at:
    https://IP:8001

Leave a Reply

Your email address will not be published. Required fields are marked *