Product QVD 4.2 Virtual Deckard
QVD Docs Team <>
Legal notice


Important The current guide contains the necessary commands to make a mononode QVD installation, where all the components will installed into the same machine. In a multinode installation will exist additional steps and network configuration may be different.
Important During the process, some packages will be installed and the network configuration will be affected. It is recommended use a testing environment.

1. Requirements

1.1. Database

  • 2 CPU cores

  • 2 GB of RAM

  • PostgreSQL 10 or higher

1.2. HKD

2. Pre-installation

root@qvdnode:~# yum install yum-utils
root@qvdnode:~# rpm --import
root@qvdnode:~# yum-config-manager --add-repo
root@qvdnode:~# yum update

For commercial packages:

root@qvdnode:~# echo "[QVD-4.2.0]" > /etc/yum.repos.d/QVD-4.2.0.repo
root@qvdnode:~# echo "name=QVD-4.2.0" >> /etc/yum.repos.d/QVD-4.2.0.repo
root@qvdnode:~# echo "baseurl=http://$USER:$" | sed 's/@\(.*@\)/%40\1/' >> /etc/yum.repos.d/QVD-4.2.0.repo
root@qvdnode:~# echo "enabled=1" >> /etc/yum.repos.d/QVD-4.2.0.repo
root@qvdnode:~# yum update
Note $USER and $PASSWORD are the credentials received when the suscription is purchased.

3. Database installation and configuration

root@qvdnode:~# yum install
root@qvdnode:~# yum install postgresql10-server postgresql10-contrib
root@qvdnode:~# /usr/pgsql-10/bin/postgresql-10-setup initd
root@qvdnode:~# systemctl enable --now postgresql-10.service

3.1. Create a user account

root@qvdnode:~# su - postgres
postgres@qvdnode:~$ createuser -SDRP qvd
Enter password for new role: passw0rd
Enter it again: passw0rd

3.2. Create the QVD database

postgres@qvdnode:~$ createdb -O qvd qvddb
postgres@qvdnode:~$ exit

3.3. Change the PostgreSQL configuration

Edit the file /var/lib/pgsql/10/data/postgresql.conf and set the following parameters:

listen_addresses = ''
default_transaction_isolation = 'serializable'

Edit the file /var/lib/pgsql/10/data/pg_hba.conf and add the following line to the beginning:

host qvddb qvd md5
Note Make sure to replace the default network with the network that your platform uses.

Restart PostgreSQL.

root@qvdnode:~# systemctl restart postgresql-10.service

4. Installation of the HKD

root@qvdnode:~# yum install perl-QVD-HKD

4.1. Basic configuration

root@qvdnode:~# cp -v /usr/lib/qvd/config/sample-node.conf /etc/qvd/node.conf
root@qvdnode:~# chown root:root /etc/qvd/node.conf
root@qvdnode:~# chmod 0640 /etc/qvd/node.conf

Edit the file /etc/qvd/node.conf and modify/add the following entries:



4.2. QVD tables population

root@qvdnode:~# /usr/lib/qvd/bin/

5. Administration tools installation

5.1. SSL Configuration

Note If you already have a certificate signed by a third party, you can skip the auto signed certificate creation and use your signed certificate instead.
Auto signed certificate creation
root@qvdnode:~# yum install openssl
root@qvdnode:~# mkdir /etc/qvd/certs
root@qvdnode:~# cd /etc/qvd/certs

Generate a private key.

root@qvdnode:/etc/qvd/certs# openssl genrsa 2048 > key.pem

Create an auto signed certificate.

root@qvdnode:/etc/qvd/certs# openssl req -new -x509 -nodes -sha256 -days 365 -key key.pem > cert.pem
Note OpenSSL will prompt you to enter the various fields that it requires for the certificate. In the field Common Name you must insert the fully qualified domain name of the host that will be running your QVD node.

5.2. API

root@qvdnode:~# yum install perl-QVD-API

Create the file /etc/qvd/api.conf with the following content:

api.user = root = root


To execute either the CLI or the WAT we must start the API.

root@qvdnode:~# systemctl enable --now qvd-api

Calling to the endpoint info from the browser or using the following command, we will check that the API is working.

root@qvdnode:~# curl -k https://localhost:443/api/info

It should return a JSON with system information.

5.3. CLI

root@qvdnode:~# yum install perl-QVD-Admin4

Create the file /etc/qvd/qa.conf with the following content:

qa.url = https://localhost:443/
qa.tenant = *
qa.login = superadmin
qa.password = superadmin
qa.format = TABLE
qa.insecure = 1
Caution This is just a testing installation guide. Never for be using in production environment. The parameter qa.insecure must be replaced by the parameter with your Authority certification path.

With the following command we will check that QA4 is working.

root@qvdnode:~# qa4 admin get

It should return the two administrators of the system: admin and superadmin.

5.4. WAT

root@qvdnode:~# yum install QVD-WAT
Executing the WAT

Visit https://localhost:443


  • username: superadmin@*

  • password: superadmin

6. Basic and indispensable configuration

6.1. Network configuration

6.1.1. Set dnsmasq to be controlled by QVD

  • Firstly, check dnsmasq status service:

    root@qvdnode:~# systemctl is-enabled dnsmasq
  • By default, it starts the process that is executed as a daemon in the background, so you should avoid it starting automatically. This is done with the following commands:

    root@qvdnode:~# systemctl stop dnsmasq
    root@qvdnode:~# systemctl disable dnsmasq

6.1.2. Configure IP forwarding

Edit the file /etc/sysctl.conf and uncomment the line:



root@qvdnode:~# sysctl -p

6.1.3. Configure a network bridge

  • Install the necessary tools

    root@qvdnode:~# yum install bridge-utils -y
  • Verify that the bridge module is loaded with the command:

    root@qvdnode:~# modinfo bridge
    • If it is not loaded, run:

      root@qvdnode:~# modprobe --first-time bridge
  • To create the interface configuration file to be used for QVD run:

    root@qvdnode:~# vi /etc/sysconfig/network-scripts/ifcfg-qvdnet0
    • Add the following lines:

  • Firewall Configuration in CentOS

    Enable NAT for container navigation, for this, 2 zones are required, internal and external. The internal zone will use the container network or whatever chosen with interface qvdnet0 previously created. And the external zone should use the interface eth0 (replace with external network interface), for this we do the following:

    root@qvdnode:~# firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o eth0 -j MASQUERADE -s
    root@qvdnode:~# firewall-cmd --change-interface=eth0 --zone=external --permanent
    root@qvdnode:~# firewall-cmd --set-default-zone=external
    root@qvdnode:~# firewall-cmd --change-interface=qvdnet0 --zone=internal --permanent

    You must make a "port forwarding" of port 8443 in external network to port 8443 in internal network to the bridge ip qvdnet0

    root@qvdnode:~# firewall-cmd --zone=external --add-forward-port=port=8443:proto=tcp:toport=8443:toaddr= --permanent

    Open in the external network the connection ports that QVD uses, 8443 to connect to the sessions and 443 to connect to WAT.

    root@qvdnode:~# firewall-cmd --add-port=8443/tcp --permanent --zone=external
    root@qvdnode:~# firewall-cmd --add-service=https --permanent --zone=external

    Reload the rules to apply the changes made:

    root@qvdnode:~# firewall-cmd --complete-reload
  • Restart the network service:

    root@qvdnode:~# systemctl restart network

6.1.4. Configure QVD for your network

root@qvdnode:~# qa4 config set tenant_id=-1,,value=0
root@qvdnode:~# qa4 config set tenant_id=-1,,value=
root@qvdnode:~# qa4 config set tenant_id=-1,,value=24
root@qvdnode:~# qa4 config set tenant_id=-1,,value=
root@qvdnode:~# qa4 config set tenant_id=-1,,value=
root@qvdnode:~# qa4 config set tenant_id=-1,,value=qvdnet0

6.2. Configure QVD to use the SSL certificates

root@qvdnode:~# qa4 config ssl key=/etc/qvd/certs/key.pem, cert=/etc/qvd/certs/cert.pem
root@qvdnode:~# openssl version -d

The previous command may return the following response by default:

OPENSSLDIR: "/etc/pki/tls"
Note If other directory is returned, use it instead /etc/pki/tls for the following steps.

The trusted certificates are stored in /etc/pki/tls/certs.

root@qvdnode:~# trusted_ssl_path=/etc/pki/tls/certs
root@qvdnode:~# cert_path=/etc/qvd/certs/cert.pem
root@qvdnode:~# cert_name=`openssl x509 -noout -hash -in $cert_path`.0
root@qvdnode:~# cp $cert_path $trusted_ssl_path/QVD-L7R-cert.pem
root@qvdnode:~# ln -s $trusted_ssl_path/QVD-L7R-cert.pem $trusted_ssl_path/$cert_name

6.3. Configure HKD node

  • Now, add the node to the solution by running:

    root@qvdnode:~# qa4 host new name=qvdnode,address=
  • And restart HKD service:

    root@qvdnode:~# systemctl restart qvd-hkd

And now, what?

Should you have any issue, please check the full QVD installation guide.

If you have already done all the steps of this guide, congratulations, you already have a solution QVD installed. Now you should:

  • Configure your first OSF

  • Install your first image

  • Add your first user

  • Add a VM for your user

Note We recommend to you to continue with the Web Administration Tool (WAT) Manual to do these steps.

Once finished, you will only have to:


If you have any questions or need additional support, visit our Web Site or contact us.