The Architect's KVM Field Manual

ghostware.jpg

Enterprise hypervisors carry risks.

  • License volatility
  • Operational overhead
  • Telemetry

There is a quieter alternative.

KVM lives inside the Linux kernel.
It operates as a kernel module.

Open-source, with auditable code.

  • Security is directly influenced by the Architect.
  • The libvirt API exposes the hypervisor to automation and configuration management systems.
  • KVM runs Linux, Windows and BSD virtual machines.
  • It ships with an ecosystem of mature tools.

KVM is not a downgrade. It shifts responsibility to the Architect.

Install On Debian Linux

KVM runs on nearly all major Linux distributions.
Preparation and installation are similar across them.
Visit the documentation of your distribution for the differences.

Pre-Checks

  • In the BIOS/EFI verify that virtualization is supported and enabled.
  • Verify that the CPU supports virtualization. 
lscpu | grep -i virtualization

Installation

The required tooling can be installed directly from the Debian repository. 

sudo apt install -y qemu-kvm qemu-utils libvirt-daemon-system  \
     libvirt-clients virtinst bridge-utils

To manage KVM as a non-root user, add the account to the libvirt group. 

sudo usermod -aG libvirt $ USER

Configure the default libvirt connection URI. 

 echo  "export LIBVIRT_DEFAULT_URI='qemu:///system'" >> ~/.bashrc
 source ~/.bashrc

Log out and log in again for the group change to take effect.

Post-Checks

After installation libvirtd is enabled and running: 

systemctl status libvirtd

Verify the installed tools: 

qemu-system-x86_64 --version
virsh --version
lsmod | grep kvm

Default Network (NAT)

The default network allows virtual machines to access the internet behind NAT. 

sudo virsh net-list --all
sudo virsh net-start default
sudo virsh net-autostart default

NAT is ideal for isolated virtual machines.

Bridge Network

NAT isolates virtual machines.

Bridge networking exposes them to the local network.

  • VMs connect directly to the LAN.
  • They receive normal network visibility.
  • LAN resources become reachable.

This example assumes ifupdown is in use.

Create the bridge interface: 

sudo brctl addbr br0

For persistent configuration add it to /etc/network/interfaces: 

auto lo
iface lo inet loopback

auto 
iface  inet manual

auto br0
iface br0 inet static
    address 
    netmask 
    gateway 
    bridge_ports 
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0

Be careful when modifying remote servers — you can lock yourself out.

After modifying /etc/network/interfaces restart networking or reboot the host. 

sudo systemctl restart networking

Storage Pools

The default KVM storage pool resides in /var/lib/libvirt/images.
It is recommended to mount this directory on a dedicated filesystem.

This prevents virtual disks from exhausting the host filesystem and simplifies backups.

Storage pools are managed with virsh. 

virsh pool-list --all
virsh pool-info default

If the default pool is inactive: 

virsh pool-start default
virsh pool-autostart default

Virtual Image Formats

KVM supports multiple virtual disk formats.

Most Architects use either raw or qcow2.

Many production environments combine raw disks with LVM snapshots for maximum performance and external snapshot control.

Raw

  • raw is a fast and reliable disk format.
  • It is a simple disk container with no metadata or snapshot features.
  • For snapshots LVM or external tooling is recommended.
  • Raw images are typically fully allocated and do not provide thin-provisioning features.

Qcow2

  • qcow2 introduces a small performance overhead due to metadata management.
  • qcow2 supports internal and external snapshotting.
  • Images are thin-provisioned.

For heavy I/O virtual machines raw is recommended (e.g. database servers).

For general server workloads qcow2 is usually adequate.

Install Virtual Machines

virt-install installs virtual machines from the command line. 

virt-install  \
  --name debian-image  \
  --memory 4096  \
  --vcpus 4  \
  --disk  size=20, path=/var/lib/libvirt/images/debian-image.qcow2, format=qcow2  \
  --cdrom /var/lib/libvirt/images/debian-13.3.0-amd64-netinst.iso  \
  --os-variant debian13  \
  --network  bridge=br0  \
  --graphics spice

The installation ISO must be downloaded in advance:

/var/lib/libvirt/images/debian-13.3.0-amd64-netinst.iso

Alternatively the VM can be installed directly from the internet: 

--location

Clone Virtual Machines

virt-clone creates copies of existing virtual machines. 

virt-clone  \
    --original debian-image  \
    --name debian-clone  \
    --file /var/lib/libvirt/images/debian-clone.qcow2

The original VM should be powered off before cloning.

virt-clone automatically generates new MAC addresses for the cloned VM.

Basic Virtual Machine Operations

virsh performs basic virtual machine operations.

Start

virsh start debian-clone

Shutdown

If the guest OS supports ACPI or runs qemu-ga, the shutdown is graceful. 

virsh shutdown debian-clone

Destroy

Destroy forces an immediate power off. 

virsh destroy debian-clone

List

virsh list
virsh list --all

Autostart

Enable autostart to start the VM during host boot. 

virsh autostart debian-clone

Undefine

Undefining a virtual machine removes its definition from the host. 

virsh undefine debian-clone [--remove-all-storage]

Without --remove-all-storage the disk images remain on the filesystem.

Resize Virtual Machines

One disk size rarely fits all services.
Cloned virtual machines often require disk resizing.

qemu-img can resize disk images that do not contain snapshots.

Shrinking disk images is not supported by qemu-img and is generally unsafe.

To increase the size by 10G: 

sudo qemu-img resize /var/lib/libvirt/images/debian-image.qcow2 +10G

To set a new disk size: 

sudo qemu-img resize /var/lib/libvirt/images/debian-image.qcow2 60G

Running virtual machines can be resized with virsh if the guest OS supports it: 

sudo virsh blockresize debian-image /var/lib/libvirt/images/debian-image.qcow2 60G

After resizing the disk, expand the partitions and the filesystem inside the guest OS.

Virtual Machine Snapshots

Virtual machines with qcow2 storage support internal and external snapshots.

  • Internal snapshots are stored inside the qcow2 image.
  • External snapshots create an additional qcow2 file and a backing chain.

Internal snapshots are convenient but rarely used in production environments.

Create an external disk snapshot: 

virsh snapshot-create-as debian-clone clean-state  \
      --description  "Clean state snapshot" --disk-only

Create an internal snapshot: 

virsh snapshot-create-as debian-clone clean-state  \
      --description  "Clean state snapshot" --atomic

List snapshots: 

virsh snapshot-list debian-clone

Snapshot information: 

virsh snapshot-info debian-clone clean-state

Revert to snapshot: 

virsh snapshot-revert debian-clone clean-state

Delete snapshot: 

virsh snapshot-delete debian-clone clean-state

Backup Strategy

Snapshots aren't backups.

  • Internal qcow2 snapshots increase image complexity.
  • External snapshots depend on a file chain.
  • A corrupted base image breaks all dependent snapshots.
  • Snapshots typically reside on the same storage pool.

They are recovery points.
They are not disaster recovery.

What Must Be Backed Up

A KVM virtual machine consists of:

  • The disk image (e.g. /var/lib/libvirt/images/debian-image.qcow2)
  • The VM definition (libvirt XML configuration)

Export the VM definition: 

virsh dumpxml debian-image > debian-image.xml

Store it with your backups.

Cold Backup (Recommended For Simplicity)

The simplest and safest method:

  1. Shut down the virtual machine.
  2. Copy the disk image.
  3. Backup the XML definition. 
virsh shutdown debian-image
rsync -avh /var/lib/libvirt/images/debian-image.qcow2 /backup/location/

Simple. Predictable. Restorable.

Hot Backup (Advanced)

For running production systems:

  • Use storage-level snapshots (LVM, ZFS, Ceph, SAN).
  • Or create an external snapshot, back up the base image, then merge.

Hot backups require planning and testing.

Restore Procedure

A backup is valid only if it can be restored.

Ensure the disk image is restored to its original location. 

virsh define debian-image.xml
virsh start debian-image

Test restore procedures regularly.

Operator Rule

  • Never rely on qcow2 internal snapshots as backups.
  • Never keep backups on the same filesystem as the storage pool.
  • Always test restore workflows.

If you cannot restore it, you do not have a backup.

Final Whisper

KVM does not try to impress.

There are no glossy dashboards.
No marketing layers.
No hidden orchestration engines.

Just a hypervisor inside the Linux kernel.

The Architect receives something more valuable:

control.

  • The storage is visible.
  • The networking is transparent.
  • The machines obey simple commands.

Nothing is abstracted beyond understanding.

This is the real advantage.

When something breaks, you can see it.
When something must be rebuilt, you know how.

KVM rewards operators who understand their systems.

Not those who click buttons.

Keep the architecture simple.
Keep the machines observable.
Keep the recovery procedures tested.

The quiet tools endure.

And when the infrastructure must be rebuilt from the ashes,
the Architect will still know where every machine lives.

[ Fear the Silence. Fear the Switch. ]