Is it possible to add a KVM host running SLES 15 to OpenNebula?

matheussantos972 · July 2, 2025, 4:22pm

I’m evaluating the setup of a virtualization environment using KVM and OpenNebula. Our bare metal servers are licensed with SLES 15+. I noticed that there’s no official opennebula-node-kvm package for SUSE, but some forums — although not very detailed — mention that it’s possible to add a host manually.

I’d like to confirm: is it truly possible to add a host manually, or is SLES 15 incompatible with OpenNebula?

I sincerely thank you in advance and apologize for my lack of familiarity with the tool.

Note: I extracted the opennebula-node-kvm package and reviewed the installation process. It seemed relatively generic, suggesting it could be adapted to other distributions. The only incompatibility I found was the dependency on two specific opennebula-common packages.

dclavijo · July 2, 2025, 5:03pm

The opennebula-node-kvm purpose is to guarantee that the host that it will be installed on will have all of the required dependencies that the KVM driver requires. Essentially what it does is

install all of the libvirt + related storage and network components required to create KVM VMs managed through libvirt with many possible networking and storage configurations,
- plus the required ruby runtime to run the drivers
besides this it sets up the oneadmin user, which is the administrator user in OpenNebula, so that the control plane can properly issue operations

You can do all of this yourself without requiring packages by installing equivalent dependencies and running the install scripts shipped on the package with probably some modifications.

The main issue is that since we don’t test KVM nodes in SLES 15+ at all, hence why there are no packages. Therefore we can’t guarantee (nor we know) if the node will work properly. It is not necessarily incompatible, it is simply not certified.

If you want to give it a go, after setting up the node with the dependencies and the oneadmin user. Follow the KVM node creation guide and look for possible monitoring errors in /var/log/one/monitor.log on the OpenNebula frontend. If the host shows up as ON, then good news, proceed to try VM operations.

matheussantos972 · July 4, 2025, 11:56am

I’ve put together this step-by-step guide, which is currently working as expected. In your opinion, does this configuration, as it stands, have the security and stability potential to be used in a production environment?

Run all commands as root. Replace <NODE> with the hostname or IP of the SLES host.

1 — Install the SUSE KVM Stack

zypper ref && zypper up -y

zypper in -t pattern kvm_server

zypper install -y qemu qemu-tools qemu-guest-agent libvirt libvirt-daemon libvirt-client augeas augeas-lenses bridge-utils dnsmasq iptables rsync ruby2.5-rubygem-sqlite3 dmidecode lshw ruby2.5-rubygem-rexml augeas cronie ipset iptables libnbd libvirt libxml2 nfs-utils nftables openssh pciutils qemu rsync ruby tar

systemctl enable --now libvirtd

2 — Create oneadmin User and Directories

groupadd -g 9860 oneadmin

useradd -u 9860 -g oneadmin -m -d /var/lib/one -s /bin/bash oneadmin

usermod -aG libvirt oneadmin # access to RW socket

mkdir -p /var/{lib,run,log}/one

chown -R oneadmin:oneadmin /var/{lib,run,log}/one

3 — Apply Bridge Netfilter sysctl

Create /etc/sysctl.d/bridge-nf-call.conf with:

net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

Apply immediately:

sysctl --system

4 — Polkit Rule for libvirt

cat >/etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage-opennebula.pkla <<'EOF'
[OpenNebula libvirt manage]
Identity=unix-group:oneadmin
Action=org.libvirt.unix.manage
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF

5 — Minimalist sudo Permissions

cat >/etc/sudoers.d/opennebula <<'EOF'
Defaults:oneadmin !requiretty
oneadmin ALL = (root) NOPASSWD: \
/usr/bin/virsh *, /usr/bin/qemu-img *, \
/usr/sbin/iptables *, /usr/sbin/ebtables *, \
/usr/sbin/arping, /usr/sbin/brctl *
EOF

visudo -cf /etc/sudoers.d/opennebula

6 — `qemu-kvm-one-gen` systemd Generator

Copy the file extracted from the RPM and set executable permission:

install -m 755 qemu-kvm-one-gen /usr/lib/systemd/system-generators/

systemctl daemon-reload

This generator creates qemu-kvm@**.service units automatically during live migration.

7 — (Optional) `opennebula-node` Script

Optional, for reference:

install -m 755 opennebula-node /usr/sbin/

8 — Fine-tune libvirt

cat >/etc/libvirt/libvirtd.conf.d/opennebula.conf <<'EOF'
unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"
auth_unix_rw = "none"
EOF

systemctl restart libvirtd

9 — Copy remotes from the Front-end

On the OpenNebula Front-end:

sudo -u oneadmin rsync -az --delete \
/var/lib/one/remotes/ oneadmin@<NODE>:/var/lib/one/remotes/

10 — Configure Passwordless SSH

Still on the Front-end, as oneadmin:

ssh-keygen -t ed25519 # if not already created

ssh-copy-id oneadmin@<NODE>

11 — Open live migration Ports

Ensure the firewall allows TCP range 49152–49215.

12 — Add Host to OpenNebula

On the Front-end:

onehost create <NODE> --im kvm --vm kvm --net dummy

onehost list

In a few seconds, the state should change from INIT to ON.

13 — Post-installation Adjustment Script (Standalone)

If you prefer to apply the same changes as the RPM postinstall separately, create the script below at /usr/local/sbin/opennebula-postconf.sh and run it after all previous steps.

#!/bin/bash

# opennebula-postconf.sh — replicates the RPM postinstall on SLES 15
# Author: Infra Team — July/2025

set -euo pipefail

backup_cfg() {
  local f="$1"
  [[ -f "$f" ]] || return 0
  cp -f "$f" "${f}.$(date +'%Y-%m-%d_%H:%M:%S')"
}

# 1. Backup original files
backup_cfg /etc/libvirt/qemu.conf
backup_cfg /etc/libvirt/libvirtd.conf

# 2. Apply changes with Augeas
command -v augtool >/dev/null || {
  echo "Error: augeas/augeas-lenses packages missing." >&2
  exit 1
}

augtool -A <<'EOF'
set /augeas/load/Libvirtd_qemu/lens Libvirtd_qemu.lns
set /augeas/load/Libvirtd_qemu/incl /etc/libvirt/qemu.conf
set /augeas/load/Libvirtd/lens Libvirtd.lns
set /augeas/load/Libvirtd/incl /etc/libvirt/libvirtd.conf
load
set /files/etc/libvirt/qemu.conf/user oneadmin
set /files/etc/libvirt/qemu.conf/group oneadmin
set /files/etc/libvirt/qemu.conf/dynamic_ownership 0
set /files/etc/libvirt/libvirtd.conf/auth_unix_ro none
set /files/etc/libvirt/libvirtd.conf/auth_unix_rw none
set /files/etc/libvirt/libvirtd.conf/unix_sock_group oneadmin
set /files/etc/libvirt/libvirtd.conf/unix_sock_ro_perms 0770
set /files/etc/libvirt/libvirtd.conf/unix_sock_rw_perms 0770
save
EOF

# 3. Generate (or update) generic symlink qemu-kvm-one
/usr/bin/qemu-kvm-one-gen || true

# 4. Restart libvirtd only if changes occurred
systemctl try-restart libvirtd || true

echo "✓ Post-installation adjustments applied successfully."

Usage:

chmod +x /usr/local/sbin/opennebula-postconf.sh

/usr/local/sbin/opennebula-postconf.sh

system · July 7, 2025, 4:03pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple KVM nodes in Single opennebula Integration Support	10	1108	June 25, 2025
Ovirt node (kvm) as host Installation & Configuration	3	1426	March 3, 2020
Failed to adding a KVM Host to OpenNebula Operations	9	1969	April 10, 2019
Creating a node using source Product Support	1	655	March 9, 2016
Opennebula add kvm on different ssh port :) Installation & Configuration	0	298	December 13, 2021