Hero Image


Fabric server

I use Debian for all my servers and I will explain why at a later time.

First we need to install the "fabric", server that will be used to install virtual servers. Ideally, it should not be accessible to anyone other than the person who will administer it. There is nothing strange, we do a standard installation but deselect the graphical interface and select Open ssh server.

After installing the operating system we need to do some configuration. So lets logon as root.

Basic configuration

Generating locales

Set the system language to English to make it easier to find problems in the logs:

apt install locales-all
localectl set-locale LANG=en_US.utf8
localectl status

Update Debian and install the necessary administration tools

apt update
apt install wget sudo screen nmap telnet tcpdump rsync net-tools dnsutils htop \
apt-transport-https vim gnupg lsb-release

Create nano /etc/sudoers.d/10-nopasswd and add:


Configure VIM

Open nano /etc/vim/vimrc and replace all its contents with:

runtime! debian.vim
syntax on
set background=dark
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
filetype plugin indent on
set encoding=utf-8
set nobackup
set nowritebackup
set showcmd
set updatetime=300
set showmatch
set ignorecase
set smartcase
set incsearch
set tabstop=2
set softtabstop=2
set shiftwidth=2
set expandtab
if filereadable("/etc/vim/vimrc.local")
  source /etc/vim/vimrc.local

Create users vim config file nano ~/.vimrcand add:

set mouse=
set nocompatible
set cursorline
set nocursorcolumn
set nowrap
set showmode
set hlsearch
set wildmenu
set wildmode=list:longest
set wildignore=*.docx,*.jpg,*.png,*.gif,*.pdf,*.pyc,*.exe,*.flv,*.img,*.xlsx

Reboot system and logon as regular user. In my case emir.

Set same vim user preferences as above for current user.


Configure folders

sudo mkdir -p /srv/virt/vmdisks
sudo mkdir -p /srv/virt/iso

Confirm Virtualization support

egrep -c '(vmx|svm)' /proc/cpuinfo
grep -E --color '(vmx|svm)' /proc/cpuinfo

As you run the above commands to confirm virtualization is enabled or not, the output will be more than zero. And if not then first you have to reboot your system and enter system BIOS. Enable the virtualization and then boot to OS where again the run the above command to confirm the same.

Install QEMU-KVM & Libvirt

sudo apt install qemu-system libvirt-daemon-system qemu-kvm \
libvirt-clients libvirt-daemon-system bridge-utils dnsmasq virtinst \
libvirt-daemon virt-manager net-tools

Make Network active and auto-restart

sudo virsh net-start default
sudo virsh net-autostart default
sudo modprobe vhost_net
lsmod | grep vhost
# if vhost_net does not exist in /etc/modules run:
sudo echo "vhost_net" | sudo  tee -a /etc/modules 

Create Bridge Network

Although the KVM comes with a bridge network interface called “virbr0″ setup out of the box, however, that won’t let us access the KVM virtual machine out of the host PC using some other computer in the network because of the IP range assigned by it. Therefore, we will create our own full-bridge interface over the physical nic of the host system that will have the IP range of our network.

Find the physical network interface attached to your host system that you want to use for the bridge ip a and edit your network interface file sudo vim /etc/network/interfaces.

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eno1
auto br0
iface br0 inet static
  bridge_ports eno1
  bridge_stp off
  bridge_fd 0
  bridge_maxwait 0
  # dns-* options are implemented by the resolvconf package, if installed
  dns-search yourdomain.com

Second disk

Read this chapter if, like me, you use a different disk for virtual machines.

You can check to ensure the hard drive was picked up by the server using a few methods:

Dmesg will give you the last several events on the server the drive should have been given a /dev/ label (Ex: /dev/sdc)


Another method you can use is to check fdisk for a new drive in the list:

fdisk -l

Either method you choose should display the drive if it was picked up by the OS you may need to detach and reconnect the drive if you go the dmesg route and the drive was connected a long time ago.

Once you have established the drive was reckognized by the OS you will need to format it using your preferred method. (fdisk/parted/etc.) After you have formatted the drive you will need to create a FS on the drive and it is ready to mount. See the bottom of this post for step-by-step if you are not familiar with the formatting/FS creation process.

Make a directory to mount the new drive to (I will use existing /srv):

sudo mkdir -p /new/drive/

Mount the drive to the new directory:

sudo mount /dev/sdb1 /new/drive

Be sure to add the following to sudo vim /etc/fstab if you wish for the mount to survive a reboot of the machine:

/dev/sdb1 /new/drive ext4 defaults 0 1

For Example: (Assuming the new drive is /dev/sdb and assuming you wish to use ext4 as your FS type and you plan to use the entire disk)

sudo parted /dev/sdb
gpt       # label type
srv       # partition name
ext4      # File system type (ext3,ext4,etc.)
1         # Partition Starting point
100%      # Partition ending point
quit      # exit parted
sudo mkfs.ext4 /dev/sdb1

Create a Storage Pool

A storage pool can be created using both the virsh command-line tool. The virsh command-line tool allows you to define all parameters. In this example pool is called vmdisks:

sudo virsh pool-define-as \
  --name vmdisks \
  --type dir \
  --target /srv/virt/vmdisks
sudo virsh pool-start --build vmdisks
sudo virsh pool-autostart vmdisks
sudo virsh pool-list --all

Finally, review the storage pool information:

sudo virsh pool-info vmdisks

Useful commands

sudo virsh console VM (or ID) # Escape character is ^] (Ctrl + ])
sudo virsh destroy VM # force shutdown
sudo virsh shutdown VM
sudo virsh start VM
sudo virsh edit VM
sudo virsh undefine VM # delete VM and then delete disk if actuellt
sudo virsh list --all
sudo virsh vncdisplay VM

Configure SSH logon with keys

Create keypair on client macshine:


Transfer pub key to destination machine:

ssh-copy-id -i ~/.ssh/id_rsa.pub root@{IP-ADDRESS-OR-FQDN}

other ways to transfer pub keY

You can copu pub key with scp then run:

cat id_rsa.pub >> ~/.ssh/authorized_keys

Or from windows:

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {IP-ADDRESS-OR-FQDN} "cat >> .ssh/authorized_keys"

My design

Server IPv4 address IPv6 address Description
gateway fd55:cdbc:12df::1/64 fire
fabric fd55:cdbc:12df::2/64 KVM host
ca fd55:cdbc:12df::3/64 Certificate server
dc01 fd55:cdbc:12df::4/64 Domain controller (PDC)
dc02 fd55:cdbc:12df::5/64 Second domain controller
srv01 fd55:cdbc:12df::6/64 Applications server
srv02 fd55:cdbc:12df::7/64 HA applications server
mail fd55:cdbc:12df::8/64 Mail server

Virtual servers

As for virtual servers, we will install a certificate server, two domain controllers (samba), two database (MariaDB) servers for high availability, e-mail server with webmail (iRedMail), a Nextcloud server and Diaspora server. All services run on Debian servers. Although we can administer everything from Debian, we will end up using Windows 11 with RSAT just to show that it works.

There are several ways to install virtual server. We can use VLC for graphical installation (useful if installing Windows). You can choose to install from the ISO image placed on the server or over the Internet. I usually install Debian server over the internet and without a graphical interface.

Now let's install our first virtual server. I choose certificate server ->