Libvirt in Podman| 2 minute read
Running Silverblue on my primary machine, one of the things that I miss most in the base distribution is Libvirt and QEMU/KVM. There are a few simple options for this - one would be to simply layer the necessary packages with
rpm-ostree. However, I try to layer as few packages as possible and keep my system as close to the base tree as possible. There’s also a flatpak for GNOME Boxes that can get you quickly up and running, but it’s fairly bare bones and makes it difficult to do any configuration beyond basic parameters without diving into XML editing.
However, what Silverblue does have is Podman. Podman and Toolbox are recommended for running containerized software that you either don’t want to layer, or isn’t available in Flatpak form, and Libvirt is no exception.
To start I create a new privileged container:
$ sudo podman run -d --name virtbox --privileged --net=host -v /proc/modules:/proc/modules -v /var/lib/libvirt/:/var/lib/libvirt:z -v /sys/fs/cgroup:/sys/fs/cgroup:rw registry.fedoraproject.org/fedora-minimal:latest
I make sure to pass
--net=host so that we can SSH into the container later on and that our VMs can talk out. We pass through
/sys/fs/cgroup as well so that our container has access to full KVM virtualization. Finally, I pass through a directory from the host, in this case
/var/lib/libvirt where we can store our configuration and our VM images.
Once the container is created, enter it with:
$ sudo podman exec -it virbox /bin/bash
Inside the container, we have access to microdnf, a lighter version of the DNF package manager. We’ll use it to install the packages we need for virtualization.
# microdnf install passwd libvirt qemu-kvm systemd nc openssh-server passt --nodocs
In order to manage libvirt, we’ll SSH into the container from the host. To do that, we’ll set up sshd on the container to listen on an alternate port. Within the container’s
/etc/ssh/sshd_config, add the following lines:
Port 2222 ListenAddress 127.0.0.1 PermitRootLogin yes
Be sure to set a root password as well.
Finally, enable your services:
# systemctl enable --now sshd libvirtd
From your host, or another container on the system, run
virt-manager and connect to your libvirt container with
localhost:2222. You may also want to copy your SSH keys to the container so it doesn’t constantly ask for your password with
$ ssh-copy-id -p 2222 root@localhost