Quick installation guide of QVD 4.2 for Linux Ubuntu 18.04

Product QVD 4.2 Virtual Deckard
QVD Docs Team <documentation@theqvd.com>
Legal notice

Warnings

The current guide contains the necessary commands to make a mononode QVD installation, where all the components will installed into the same machine. In a multinode installation will exist additional steps and network configuration may be different.

During the process, some packages will be installed and the network configuration will be affected. It is recommended use a testing environment.

1. Requirements

1.1. Database

2 CPU cores
2 GB of RAM
PostgreSQL 10 or higher

1.2. HKD

x86_64 architecture.

2. Pre-installation

Verify that the required ports (443 and 8443) are open

root@qvdnode:~# firewall-cmd --list-all

If they are not listening, perform the following configuration:

root@qvdnode:~# firewall-cmd --permanent --add-service https
root@qvdnode:~# firewall-cmd --permanent --add-port 8443/tcp
root@qvdnode:~# systemctl restart firewalld
root@qvdnode:~# firewall-cmd --list-all

Add the public key of the QVD parcels to your trusted keys (like root):

root@qvdnode:~# wget -qO - https://www.theqvd.com/packages/key/public.key | sudo apt-key add -

ANow, add the repository and get updates:

root@qvdnode:~# echo "deb http://theqvd.com/packages/ubuntu-bionic QVD-4.2.0 main" > \
                 /etc/apt/sources.list.d/qvd.list
root@qvdnode:~# apt-get update

For commercial packages:

root@qvdnode:~#  echo "deb http://$USUARIO:$PASSWORD@theqvd.com/packages/ubuntu-bionic QVD-4.2.0 main" > \
                  /etc/apt/sources.list.d/qvd.list
root@qvdnode:~#  apt-get update

$USER and $PASSWORD are the credentials received when the suscription is purchased.

3. Database installation and configuration

root@qvdnode:~# apt-get install postgresql
root@qvdnode:~# systemctl enable --now postgresql@10-main.service

3.1. Create a user account

root@qvdnode:~# su - postgres
postgres@qvdnode:~$ createuser -SDRP qvd
Enter password for new role: passw0rd
Enter it again: passw0rd

3.2. Create the QVD database

postgres@qvdnode:~$ createdb -O qvd qvddb
postgres@qvdnode:~$ exit

3.3. Change the PostgreSQL configuration

Edit the file /etc/postgresql/10/main/postgresql.conf and set the following parameters:

listen_addresses = '0.0.0.0'
default_transaction_isolation = 'serializable'

Edit the file /etc/postgresql/10/main/pg_hba.conf and add the following line to the beginning:

host qvddb qvd 192.168.0.0/24 md5

Make sure to replace the default network 192.168.0.0/24 with the network that your platform uses.

Restart PostgreSQL.

root@qvdnode:~# systemctl restart postgresql@10-main.service

4. HKD Installation

root@qvdnode:~# yum install perl-QVD-HKD

4.1. Basic configuration

Copy template sample-node.conf to your configuration:

root@qvdnode:~# cp -v /usr/lib/qvd/config/sample-node.conf /etc/qvd/node.conf
root@qvdnode:~# chown root:root /etc/qvd/node.conf
root@qvdnode:~# chmod 0640 /etc/qvd/node.conf

Edit the /etc/qvd/node.conf file and modify/include the following entries:

nodename = qvdnode
database.host=qvdnode
database.name=qvddb
database.user=qvd
database.password=passw0rd

path.log = /var/log/qvd
log.filename = ${path.log}/qvd.log
log.level = INFO

Where
- nodename: Name of the node, normally it is the same name of the server
- database.host: Server where the QVD database resides
- database.name: Name of the QVD database
- database.user: User account required to connect
- database.password: Password of the previously specified user
You could also add a log level for debugging purposes.
The entries related to the log must be established here because the relevant QVD components are started before connecting to the database.

You must ensure that the nodename, database.host, database.name, database.user and database.password contain values that coincide with the ones that you have configured. Once these settings are in place, any utility that requires access to the database will have the correct configuration to do so.

Once the configurations are finished, you must Start/Enable the HKD service:
root@qvdnode:~# systemctl enable --now qvd-hkd

4.2. Deploy schema QVD database

root@qvdnode:~# /usr/lib/qvd/bin/qvd-deploy-db.pl

5. Administration tools installation

5.1. SSL Configuration

If you already have a certificate signed by a third party, you can skip the auto signed certificate creation and use your signed certificate instead.

Auto signed certificate creation

root@qvdnode:~# apt-get install openssl
root@qvdnode:~# mkdir /etc/qvd/certs
root@qvdnode:~# cd /etc/qvd/certs

Generate a private key.

root@qvdnode:/etc/qvd/certs# openssl genrsa 2048 > key.pem

Create an auto signed certificate.

root@qvdnode:/etc/qvd/certs# openssl req -new -x509 -nodes -sha256 -days 3650 -key key.pem > cert.pem

OpenSSL will prompt you to enter the various fields that it requires for the certificate. In the field Common Name you must insert the fully qualified domain name of the host that will be running your QVD node.

5.2. API

root@qvdnode:~# apt-get install perl-qvd-api

Create the file /etc/qvd/api.conf with the following content:

database.host=qvdnode
database.name=qvddb
database.user=qvd
database.password=passw0rd

api.user=root
api.group=root

path.api.ssl=/etc/qvd/certs

To execute either the CLI or the WAT we must start the API.

root@qvdnode:̣~:# systemctl enable --now qvd-api

Calling to the endpoint info from the browser or using the following command, we will check that the API is working.

root@qvdnode:~# curl -k https://localhost:443/api/info

It should return a JSON with system information.

5.3. CLI

root@qvdnode:~# apt-get install perl-qvd-admin4

Create the file /etc/qvd/qa.conf with the following content:

qa.url = https://localhost:443/
qa.tenant = *
qa.login = superadmin
qa.password = superadmin
qa.format = TABLE
qa.insecure = 1

This is just a testing installation guide. Never for be using in production environment. The parameter qa.insecure must be replaced by the parameter qa.ca with your Authority certification path.

With the following command we will check that QA4 is working.

root@qvdnode:~# qa4 admin get

It should return the two administrators of the system: admin and superadmin.

5.4. WAT

root@qvdnode:~# apt-get install qvd-wat

Executing the WAT

Visit https://localhost:443

Credentials:

username: superadmin@*
password: superadmin

6. Basic and indispensable configuration

6.1. Network configuration

6.1.1. Establish dnsmasq to be controlled by QVD

Check dnsmasq status service:

root@qvdnode:~# systemctl is-enabled dnsmasq

If its active, you should disable it:

root@qvdnode:~# systemctl stop dnsmasq
root@qvdnode:~# systemctl disable dnsmasq

6.1.2. Configure IP forwarding

Edit the file /etc/sysctl.conf and uncomment the line:
net.ipv4.ip_forward=1
Execute:
root@qvdnode:~# sysctl -p

6.1.3. Configure a network bridge

Edit the file /etc/network/interfaces and add the following lines:

auto qvdnet0
iface qvdnet0 inet static
  pre-up brctl addbr qvdnet0
  pre-up iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.0.2
  pre-up iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp --dport 8443 -j DNAT --to-destination 10.3.15.1
  post-down brctl delbr qvdnet0
  address 10.3.15.1
  netmask 255.255.255.0

You will need to change the IP address 192.168.0.2 to the IP address of the network interface that you intend your clients to connect to.

The range 10.3.15.0/24 should be unique within your infrastructure.

Bring up the network bridge

root@qvdnode:~# ifup qvdnet0

6.1.4. Configure QVD for your network

root@qvdnode:~# qa4 config set tenant_id=-1,key=vm.network.use_dhcp,value=0
root@qvdnode:~# qa4 config set tenant_id=-1,key=vm.network.ip.start,value=10.3.15.50
root@qvdnode:~# qa4 config set tenant_id=-1,key=vm.network.netmask,value=24
root@qvdnode:~# qa4 config set tenant_id=-1,key=vm.network.gateway,value=10.3.15.1
root@qvdnode:~# qa4 config set tenant_id=-1,key=vm.network.dns_server,value=10.3.15.254
root@qvdnode:~# qa4 config set tenant_id=-1,key=vm.network.bridge,value=qvdnet0

6.2. Configure QVD to use the SSL certificates

root@qvdnode:~# qa4 config ssl key=/etc/qvd/certs/key.pem, cert=/etc/qvd/certs/cert.pem
root@qvdnode:~# openssl version -d

The previous command may return the following response by default:

OPENSSLDIR: "/usr/lib/ssl"

If other directory is returned, use it instead /usr/lib/ssl for the following steps.

The trusted certificates are stored in /usr/lib/ssl/certs.

root@qvdnode:~# trusted_ssl_path=/usr/lib/ssl/certs
root@qvdnode:~# cert_path=/etc/qvd/certs/cert.pem
root@qvdnode:~# cert_name=`openssl x509 -noout -hash -in $cert_path`.0
root@qvdnode:~# cp $cert_path $trusted_ssl_path/QVD-L7R-cert.pem
root@qvdnode:~# ln -s $trusted_ssl_path/QVD-L7R-cert.pem $trusted_ssl_path/$cert_name

6.3. HKD node configuration

Add the node to the solution by running:

root@qvdnode:~# qa4 host new name=qvdnode,address=10.3.15.1

And restart HKD service:

root@qvdnode:~# systemctl restart qvd-hkd

And now, what?

Should you have any issue, please check the full QVD installation guide.

If you have already done all the steps of this guide, congratulations, you already have a solution QVD installed. Now you should:

Configure your first OSF
Install your first image
Add your first user
Add a VM for your user

We recommend to you to continue with the Web Administration Tool (WAT) Manual to do these steps.

Once finished, you will only have to:

Connect and try the solution
Check the Quick Installation Guides to choose your client and install it on your system.

If you have any questions or need additional support, visit our Web Site or contact us.

Main Menu