KVM/QEMU (QCOW2)

Installation Guide | QEMU/QCOW2

This guide provides step-by-step instructions for deploying and managing Rocky Linux Hardened (RLC-H) using QEMU and QCOW2 images. It covers prerequisites, downloading and verifying images, setting up a KVM hypervisor, customizing the initial RLC-H instance with Cloud-Init, and performing essential post-deployment tasks such as system enrollment and updates.

Prerequisites

CIQ Portal access

This guide assumes you have followed the instructions in the Getting Started guide to perform the following tasks.

• Login to CIQ Portal and download installers file. (QCOW2s and checksum files)
• QCOW2s downloaded and checksum verified

Hardware requirements

This guide assumes your hardware meets the requirements

KVM RLC-Hardened deployment

Virtual machine (VM) images are files that contain a complete operating system and its applications. They can be used to create and run virtual machines on a physical computer. VM images are commonly stored in disk formats such as *.qcow2, *.img, or *.raw

Some common methods for deploying operating systems using VM images include:

• Using a local hypervisor: A hypervisor is a software program that allows multiple operating systems to run on a single physical computer. Kernel-based Virtual Machine (KVM) is a popular hypervisor implementation on Linux distributions. Applications such as QEMU, virt-install, virsh and so on can then be used for running and managing virtual machines running on KVM.
• Using a cloud platform: Cloud platforms such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) provide services that allow users to create and manage virtual machines. VM images can be deployed to cloud platforms using tools such as the AWS EC2 console and the Azure portal.

The following section provides instructions on how to deploy a RLC-H image on a KVM hypervisor.

Deploying RLC-H on KVM hypervisor

Deploying Rocky Linux from CIQ Hardened (RLC-H) on a KVM hypervisor using virt-install is a straightforward process. First, the necessary tools and sub-systems such as qemu-kvm, libvirt, virt-manager, and virt-install must be installed.
Once the tools are in place, the QEMU image can be launched using the virt-install command.
The virt-install command allows you to customize the resulting VM by specifying options such as the VM name, memory, vCPUs, disk image, and network configuration.

Initial tool installation and hypervisor subsystem setup

1. Install necessary tools:

   sudo dnf install qemu-kvm libvirt virt-manager virt-install
   

2. Start the libvirtd service and enable it for automatic startup. Type:

   sudo systemctl enable --now libvirtd
   

Initial RLC-H instance customization (cloud-init)

Cloud-Init is a widely used tool for automating the initialization and configuration of cloud instances during their first boot. It allows administrators to define user accounts, set passwords, configure SSH access, initialize storage, and perform various other bootstrap tasks automatically.

This is particularly useful when deploying Linux based cloud images and ensuring that virtual machines are set up consistently and securely with minimal manual intervention.

To automatically create a user named testuser with the password ciq_4_YOU, follow these steps:

1. Use a HereDoc to generate the cloudinit-userdata.yaml file. Type:

   cat <<EOF > cloudinit-userdata.yaml
   #cloud-config
   users:
     - name: testuser
       password: ciq_4_YOU
       chpasswd: { expire: False }
       groups: wheel
       shell: /bin/bash
       sudo: ["ALL=(ALL) NOPASSWD:ALL"]
   
   ssh_pwauth: true
   EOF
   

   Explanation of Cloud-Init Directives

   users:

   • Creates a new user named testuser.
   • Sets the password to ciq_4_YOU.
   • Adds the user to the wheel group for sudo privileges.
   • Assigns /bin/bash as the default shell.
   • Grants passwordless sudo access.

   ssh_pwauth: true

   • Enables SSH password authentication

2. Confirm that the file was created correctly:

   cat cloudinit-userdata.yaml
   

   Note

   For more information about Cloud-init see the full cloud-init documentation

   Launch the RLC-H virtual machine

3. Use the virt-install tool to launch the QEMU image

   sudo virt-install \
     --name rlc-h \
     --memory 4096 \
     --vcpus 2 \
     --disk path=/path/to/RLC_Hardened_EL9_Server-v20250320.qcow2 \
     --cloud-init user-data="~/cloudinit-userdata.yaml"
     --import \
     --os-variant rhel9.0 \
     --network network=default \
     --graphics none \
     --console pty,target_type=serial
   

   Explanation of virt-install options

   • --name: Sets the virtual machine's name.
   • --memory: Specifies the amount of RAM.
   • --vcpus: Defines the number of virtual CPUs.
   • --disk: Specifies the path and format of the VM disk.
   • --import: Directly imports the specified disk image.
   • --os-variant: Optimizes the VM configuration for Rocky Linux 9.
   • --network: Connects the VM to the default virtual network.
   • --graphics none: Disables graphical interface.
   • --console: Enables a serial console interface for management.

Once the VM is launched, it can be accessed and managed using virt-manager or the command line.

Post-Install

Once installation is complete, proceed to the Post Installation Guide for enrollments and updates.