Here is the original Online.net article for this:
But on Ubuntu 18.04 you will not have ifupdown by default. It uses netplan. Now, you can return to ifupdown but you may face issues. For example in my case – internet would not come back up after each reboot. This made auto apt updates and reboots straight impossible.
Only read this section if you don’t know KVM or servers at all. How to prepare your server / KVM NOOB SECTION:
I use KVM and virt-manager. And I install xorg + XFCE on my servers. Feel free to hate on me, I don’t care. The GUI is just way too comfortable and X forward is just too messy. So the way I set up my environment goes like this… Keep in mind, this section is about your server. This has nothing to do with the guest so far.
- First and foremost I’d say use SSH key authentication, install fail2ban, and change the SSH default port. You can just Google all of these, fairly simple things to do. If you happen to have a Github account and you have an SSH key there, you can use that to log in. That makes this process a breeze.
To import your github key, use:
As always, do test things before you manage to lock yourself out by accident. Worst case, you can request “IPMI access” (remote console) to your host machine at any time.
- Let’s install Xorg and XFCE4 and text editor Geany by issuing:
sudo apt install xorg xfce4 xfce4-goodies xfce4-terminal geany
- Let’s grab a VNC client for ourselves. I prefer TigerVNC. It’s FOSS, very fast/quick, has auto resize, clipboard support. It’s just good.
You can grab the executable from here: https://bintray.com/tigervnc/stable/tigervnc/
Simply use wget to download it on your server, like on Ubuntu 64-bit I use this command. This is for the 1.10.1 version, always make sure its the latest.:
- Now extract VNC, and start vncserver. It’ll ask for a password just give it some super simple pass. It doesn’t really support complex passwords. Such is life with VNC. Don’t worry, we’ll set this up just right. Once it starts, kill it. Like so:
~/tigervnc-1.10.1.x86_64/usr/bin/vncserver -kill :1
- Time to set up the xstartup file. This file tells VNC what to start when you start the server. We want xfce4. So let’s do just that.
Edit the following file:
nano -w ~/.vnc/xstartup
Change the bottom of the file, so it looks like this. Basically we comment out the last 3 lines and add one to the bottom. Yes you need & on the end too!
# xsetroot -solid grey
# xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
# twm &
- Two steps left.
a) Install ufw and enable ufw. This is a firewall. On our host server, we do NOT want to expose anything besides SSH. At least not unintentionally. You can allow others ports just like this for other services you run on the host.
sudo apt install ufw
sudo ufw allow 22 comment 'ssh'
sudo ufw enable
- Almost there. Now you can start the vnc properly.
This will ensure our vncserver is ONLY available from the host machine. DO NOT try to expose VNC over the internet.
Now, you have a VNC running, it is safe (since we firewalled it AND we have the -localhost switch on). At this point, you just have to grab “vncviewer” on your local PC, and set up SSH port forwarding.
My SSH tunnel looks like this:
And I connect in vncviewer from my PC like this:
- Let’s install KVM and virt-manager.
sudo apt install qemu qemu-kvm libvirt-bin bridge-utils virt-manager
- Open virt-manager from a console with: sudo virt-manager
- Create a VM in virt-manager. It’s straightforward. You pick an ISO, set storage size, CPU amount, etc. You can change all of this later on.
- Once the VM is created, installed, shut it down.
- Click the “i” button in virt-manager.
Go to Network, set Network source to Host Device … macvtap.
Source mode: Bridge
Click Apply on the bottom-right and close virt-manager.
- Open the .XML file for the VM by hand.
It’ll be in this folder: /etc/libvirt/qemu/
sudo nano -w /etc/libvirt/qemu/ubuntu1804.xml
- Let’s find the network section.
Should look similar:
<interface type='direct'> <mac address='00:11:22:33:AA:BB'/> <source dev='eno1' mode='bridge'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'$ </interface>
You need to change the 00:11:22:33:AA:BB section to match your failover IP’s mac address. You can see / generate the mac on OneProvider/Online.net’s online interface.
Once you change it, save the file, and let’s start libvirt. Yes, you have to.
sudo service libvirtd restart
Yay, now you can boot your VM and follow the next chapter.
At this point you have:
– A secure, well set-up host machine.
– A VM configured for your MAC address.
But you have no internet in the guest for now…
How to convert the ifupdown instructions to netplan…
So let’s just use netplan. Install the VM with dhcp internet, or just install it without internet connection.
Once you boot it up, edit the netplan config by:
sudo nano -w /etc/netplan/50-cloud-init.yaml
So there is only one bit you will have to change yourself. The “addresses” part. See the “123.234.456.678” part. It’s an invalid IP, it is an example, blah blah blah. You need to change ONLY that. Keep the /24 at the end. Keep the other parts. This is what you need.
You can, of course assign your own DNS addresses at the “nameservers” part. My example relies on Cloudflare and then Google. For me, those two are good enough.
Here is my config:
addresses: [ "220.127.116.11", "18.104.22.168" ]
- to: 0.0.0.0/0
Once you change the file, apply it and verify.
sudo netplan apply
If it pings, you are golden.
Keep in mind your VM/guest also needs a firewall to be protected. The host’s firewall has NO effect on the guest!