Installing KVM guest OS via VNC over SSH tunnel

Verry merry and christmas is over. And I’ve bought myself a brand new server for this occasion :D So this is it – enough of doing-nothing or not-doing-anything and I had to start migrating services from the old box. And as old machine is just bare-metal env, where users kill each other for memory, than I decided – no more. KVM, cgroups and hell with ya guys – You won’t ever know about each other! And all this for the same price (as the old box has 2 years and I paid the same price for the new one, where I’ve got 8x more RAM, 2x more storage and some quad-core…).

Ok enough of this talking. So I’ve got clean CentOS 6.3 installation with basic KVM environment and SELinux set to Permissive mode (You could leave it in Enforcing, having to “chcon –reference /var/lib/libvirt/images /your/vm/repodir” – but i see no point in using SELinux in host OS – this would eat to much resources, and is at all not needed – what you have to do on host OS for security is using very strict rules.

So… Centos, KVM, Permissive and We’re ready to engage. For lazy guys I suggest using Virtual Manger (virt-manager) where You can click through the whole guest configuration process (for making this work You should turn off iptables for a while or open some virt-manager TCP ports). But as virt-manager is for lame, then we write on the terminal:

And installation is running. Now We’d like to connect to it – so VNC FTW! But…

VNC daemon is safely listening only on localhost, so We have to try some different way. We could make this daemon to listen also on WAN interface, but this would be to lame and risky. So we create SSH tunnel:

And just after that We can safely connect our VNC client (like Tiger-VNC) to our installation process using host :)

Of course after successfull installation I suggest creating clone of our brand-new VPS just to save some time for future installations – use virt-clone command to do this.

And that’s all for now – next time I’ll write how to configure guest OS to make it possible to use virsh console command to connect to it via serial console.