Installing KVM guest OS via VNC over SSH tunnel

Verry merry and Christmas is over. And I’ve bought myself a brand-new server for this occasion :D So this is it – enough of doing-nothing or not-doing-anything and I had to start migrating services from the old box. And as old machine is just bare-metal env, where users kill each other for memory, than I decided – no more. KVM, cgroups and hell with ya guys – You won’t ever know about each other! And all this for the same price (as the old box has 2 years and I paid the same price for the new one, where I’ve got 8x more RAM, 2x more storage and some quad-core…).

Ok enough of this talking. So I’ve got clean CentOS 6.3 installation with basic KVM environment and SELinux set to Permissive mode (You could leave it in Enforcing, having to “chcon –reference /var/lib/libvirt/images /your/vm/repodir” – but i see no point in using SELinux in host OS – this would eat too many resources, and is at all not needed – what you have to do on host OS for security is using very strict rules.

So… Centos, KVM, Permissive and We’re ready to engage. For lazy guys I suggest using Virtual Manger (virt-manager) where You can click through the whole guest configuration process (for making this work You should turn off iptables for a while or open some virt-manager TCP ports). But as virt-manager is for lame, then we write on the terminal:

[[email protected] iso]# virt-install -r 2048 --accelerate -n VM-docent --disk path=/vm/VM-docent/VM-docent.img,size=50 --cdrom CentOS-6.3-x86_64-minimal.iso --vcpus=2  --vnc --os-type linux --hvm --vncport=65322

Starting install...
Creating storage file VM-docent.img                         |  50 GB     00:00
Creating domain...                                          |    0 B     00:00
Cannot open display:
Run 'virt-viewer --help' to see a full list of available command line options
Domain installation still in progress. You can reconnect to
the console to complete the installation process.

And installation is running. Now We’d like to connect to it – so VNC FTW! But…

[[email protected] iso]# netstat -nlp | grep 65322
tcp        0      0   *                   LISTEN      12768/qemu-kvm

VNC daemon is safely listening only on localhost, so We have to try some different way. We could make this daemon to listen also on WAN interface, but this would be to lame and risky. So we create SSH tunnel:

[[email protected] ~]$ ssh -p 65234 [email protected] -L 65322:
RSA host key for IP address '' not in list of known hosts.
Last login: Thu Jan  3 20:26:48 2013 from neostradaaa
CentOS release 6.3 (Final)
Linux 2.6.32-279.19.1.el6.x86_64 #1 SMP Wed Dec 19 07:05:20 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

ip        :
hostname  :

[[email protected] ~]$

And just after that We can safely connect our VNC client (like Tiger-VNC) to our installation process using host :)

Of course after successful installation, I suggest creating clone of our brand-new VPS just to save some time for future installations – use virt-clone command to do this.

And that’s all for now – next time I’ll write how to configure guest OS to make it possible to use virsh console command to connect to it via serial console.