openEuler 20.03
Disabling the Firewall and SELinux
The OVS flow table normalization feature provided by Kunpeng BoostKit for Virtualization requires creating VMs. However, the SELinux security mechanism enabled by default on Linux prevents guest VM images from being loaded. As a result, services for virtualization scenarios cannot be deployed. This is the behavior of Linux itself, and Kunpeng BoostKit for Virtualization does not provide a solution to this issue. If you want to use SELinux in your own system, please find a solution by yourself.
We provide a method for quickly disabling SELinux. The SELinux configuration method provided in Kunpeng BoostKit for Virtualization is for reference only. You need to evaluate the method and bear related risks.
Disabling SELinux may cause security issues. If you do not plan to enable SELinux, it is recommended that an end-to-end solution be used to eliminate the risks caused by disabling SELinux. You shall bear the security risks by yourself. If you need to enable SELinux, configure fine-grained security rules based on actual SELinux issues to ensure system security.
- Open the /etc/selinux/config file and change SELINUX=enforcing to SELINUX=disabled.
- Stop and disable the firewall.
1 2
systemctl stop firewalld.service systemctl disable firewalld.service
Configuring Huge Pages
- Check whether hugepage memory is enabled.
1cat /proc/meminfo |grep -i huge
- If the value of HugePages_Total is 0, hugepage memory is not enabled. Go to 2.
- If the value of HugePages_Total is not 0, hugepage memory is enabled. In this case:
- If the value of HugePagesize is greater than or equal to 5 GB, skip the following steps in this section.
- If the value of HugePagesize is less than 5 GB, go to 2.
- Modify the boot settings.
- Open the /boot/efi/EFI/openEuler/grub.cfg file.
1vim /boot/efi/EFI/openEuler/grub.cfg - Find the boot item menuentry, press I to enter the insert mode, and add the following configuration:
default_hugepagesz=512M hugepagesz=512M hugepages=128 iommu.passthrough=1
- Press Esc to exit the insert mode. Input :wq! and press Enter to save the file and exit.
- Open the /boot/efi/EFI/openEuler/grub.cfg file.
- Configure the huge pages to be mounted upon system startup.
- Open the /etc/fstab file.
1vim /etc/fstab - Press i to enter the insert mode and add the following content:
1nodev /mnt/huge hugetlbfs defaults 0 0
- Press Esc to exit the insert mode. Input :wq! and press Enter to save the file and exit.
- Open the /etc/fstab file.
- Create an /mnt/huge directory.
1mkdir -p /mnt/huge
- Reboot the server for huge pages to take effect.
reboot
Enabling IOMMU
Configuring a Yum Source
- Mount an image.
1 2
mkdir -p /mnt/repo mount -o loop /home/software/openEuler-20.03-LTS-everything-aarch64-dvd.iso /mnt/repo/
- Configure a yum source.
- Back up other sources in the system and create a local source.
1 2 3 4
cd /etc/yum.repos.d mkdir backup mv *.repo backup vim /etc/yum.repos.d/local.repo
- Press i to enter the insert mode and add the following content:
[local] name=local baseurl=file:///mnt/repo enable=1 gpgcheck=0 priority=1 [arch_fedora_online] name=arch_fedora baseurl=https://mirrors.huaweicloud.com/fedora/development/rawhide/Everything/aarch64/os enabled=1 gpgcheck=0 priority=2
- Press Esc to exit the insert mode. Input :wq! and press Enter to save the file and exit.
- Back up other sources in the system and create a local source.
- Make the yum source configuration take effect.
1yum clean all&&yum makecache
Installing Dependencies
- Install the dependencies.
yum install -y numactl numactl-devel openssl-devel libcap-ng-devel qemu-guest-agent qemu* libvirt* traceroute iperf3 virt-install edk2-aarch64 python2-paramiko
- Modify the /etc/libvirt/qemu.conf file.
- Open the file.
vim /etc/libvirt/qemu.conf
- Press i to enter the insert mode and change the following content:
#user = "root" #group = "root"
To:
user = "root" group = "root"
- Press Esc to exit the insert mode. Input :wq! and press Enter to save the file and exit.
- Open the file.
- Restart the libvirt service.
systemctl restart libvirtd