Installation of Oracle Linux Virtualization Manager (OLVM)
This post shows the commands to install and configure a Oracle Linux Virtualization Manager 4.5 system on Linux.
Table of Contents
Overview
OLVM is a software that can be used to install and manage Virtual Machines (Linux or Windows). For testing purposes we will setup two Virtualbox VMs. One will run the OLVM Engine that is used to manage the OLVM system, and one VM will be the KVM Host that is used to run the (OLVM managed) Virtual Machines. In a real world setup the Engine and the KVM host will be (of course) running on dedicated hardware.
Installation of the two VMs
For the Engine and the KVM host we need two Virtualbox VMs with a minimal Oracle Linux 8.10 installation. The installation process is described here. After the two VMs are running we perform the following tasks on each of them:
dnf -y install oracle-ovirt-release-45-el8
dnf config-manager --enable ol8_kvm_appstream
dnf config-manager --enable ovirt-4.5
dnf config-manager --enable ovirt-4.5-extra
dnf config-manager --enable ol8_gluster_appstream
OLVM Engine Installation
These steps need to be run on the first VM:
Setup OLVM Engine
You might need to adjust the FQDN of the Engine VM.
# run on the first (the Engine or Manager) host
dnf -y install ovirt-engine
# OLVM Engine setup
cat > ~/answer.txt << EOF
# OTOPI answer file, generated by human dialog
[environment:default]
QUESTION/1/GRAFANA_USE_ENGINE_ADMIN_PASSWORD=str:yes
QUESTION/1/KEYCLOAK_USE_ENGINE_ADMIN_PASSWORD=str:yes
QUESTION/1/OVESETUP_APACHE_CONFIG_ROOT_REDIRECTION=str:yes
QUESTION/1/OVESETUP_APACHE_CONFIG_SSL=str:automatic
QUESTION/1/OVESETUP_CONFIG_ADMIN_SETUP=str:changeme
QUESTION/1/OVESETUP_CONFIG_APPLICATION_MODE=str:both
QUESTION/1/OVESETUP_CONFIG_FIREWALL_MANAGER=str:firewalld
QUESTION/1/OVESETUP_CONFIG_SAN_WIPE_AFTER_DELETE=str:no
QUESTION/1/OVESETUP_CONFIG_VMCONSOLE_PROXY=str:yes
QUESTION/1/OVESETUP_CONFIG_WEAK_ENGINE_PASSWORD=str:yes
QUESTION/1/OVESETUP_CONFIG_WEBSOCKET_PROXY=str:yes
QUESTION/1/OVESETUP_DIALOG_CONFIRM_SETTINGS=str:ok
QUESTION/1/OVESETUP_DWH_ENABLE=str:yes
QUESTION/1/OVESETUP_DWH_PROVISIONING_POSTGRES_ENABLED=str:automatic
QUESTION/1/OVESETUP_DWH_PROVISIONING_POSTGRES_LOCATION=str:local
QUESTION/1/OVESETUP_DWH_SCALE=str:1
QUESTION/1/OVESETUP_ENGINE_ENABLE=str:yes
QUESTION/1/OVESETUP_GRAFANA_ENABLE=str:yes
QUESTION/1/OVESETUP_KEYCLOAK_ENABLE=str:yes
QUESTION/1/OVESETUP_KEYCLOAK_PROVISIONING_POSTGRES_ENABLED=str:automatic
QUESTION/1/OVESETUP_KEYCLOAK_PROVISIONING_POSTGRES_LOCATION=str:local
QUESTION/1/OVESETUP_NETWORK_FQDN_this=str:lin5.fritz.box
QUESTION/1/OVESETUP_PKI_ORG=str:fritz.box
QUESTION/1/OVESETUP_PROVISIONING_POSTGRES_ENABLED=str:automatic
QUESTION/1/OVESETUP_PROVISIONING_POSTGRES_LOCATION=str:local
QUESTION/1/OVESETUP_UPDATE_FIREWALL=str:yes
QUESTION/1/ovirt-cinderlib-enable=str:no
QUESTION/1/ovirt-provider-ovn=str:yes
QUESTION/2/OVESETUP_CONFIG_ADMIN_SETUP=str:changeme
EOF
engine-setup --config=~/answer.txt
Sample Output of the engine setup (click):
[root@lin5 ~]# engine-setup --config=~/answer.txt
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files: /root/answer.txt
Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20250628093056-emrxc5.log
Version: otopi-1.10.4 (otopi-1.10.4-1.el8)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment setup (late)
[ INFO ] Stage: Environment customization
--== PRODUCT OPTIONS ==--
Configure Cinderlib integration (Currently in tech preview) (Yes, No) [No]:
provided answer: no
Configure Engine on this host (Yes, No) [Yes]:
provided answer: yes
Configuring ovirt-provider-ovn also sets the Default cluster's default network provider to ovirt-provider-ovn.
Non-Default clusters may be configured with an OVN after installation.
Configure ovirt-provider-ovn (Yes, No) [Yes]:
provided answer: yes
Configure WebSocket Proxy on this host (Yes, No) [Yes]:
provided answer: yes
* Please note * : Data Warehouse is required for the engine.
If you choose to not configure it on this host, you have to configure
it on a remote host, and then configure the engine on this host so
that it can access the database of the remote Data Warehouse host.
Configure Data Warehouse on this host (Yes, No) [Yes]:
provided answer: yes
* Please note * : Keycloak is now deprecating AAA/JDBC authentication module.
It is highly recommended to install Keycloak based authentication.
Configure Keycloak on this host (Yes, No) [Yes]:
provided answer: yes
Configure VM Console Proxy on this host (Yes, No) [Yes]:
provided answer: yes
Configure Grafana on this host (Yes, No) [Yes]:
provided answer: yes
--== PACKAGES ==--
[ INFO ] Checking for product updates...
[ INFO ] DNF Package grafana-postgres available, but not installed.
[ INFO ] No product updates found
--== NETWORK CONFIGURATION ==--
Host fully qualified DNS name of this server [lin5.fritz.box]:
provided answer: lin5.fritz.box
Setup can automatically configure the firewall on this system.
Note: automatic configuration of the firewall may overwrite current settings.
Do you want Setup to configure the firewall? (Yes, No) [Yes]:
provided answer: yes
The following firewall managers were detected on this system: firewalld
Firewall manager to configure (firewalld):
provided answer: firewalld
[ INFO ] firewalld will be configured as firewall manager.
--== DATABASE CONFIGURATION ==--
Where is the DWH database located? (Local, Remote) [Local]:
provided answer: local
Setup can configure the local postgresql server automatically for the DWH to run. This may conflict with existing applications.
Would you like Setup to automatically configure postgresql and create DWH database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
provided answer: automatic
Where is the Keycloak database located? (Local, Remote) [Local]:
provided answer: local
Setup can configure the local postgresql server automatically for the Keycloak to run. This may conflict with existing applications.
Would you like Setup to automatically configure postgresql and create Keycloak database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
provided answer: automatic
Where is the Engine database located? (Local, Remote) [Local]:
provided answer: local
Setup can configure the local postgresql server automatically for the engine to run. This may conflict with existing applications.
Would you like Setup to automatically configure postgresql and create Engine database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
provided answer: automatic
--== OVIRT ENGINE CONFIGURATION ==--
Engine admin password:
provided answer: (hidden)
Confirm engine admin password:
provided answer: (hidden)
[WARNING] Password is weak: The password fails the dictionary check - it is based on a dictionary word
Use weak password? (Yes, No) [No]:
provided answer: yes
Application mode (Virt, Gluster, Both) [Both]:
provided answer: both
Use Engine admin password as initial keycloak admin password (Yes, No) [Yes]:
provided answer: yes
--== STORAGE CONFIGURATION ==--
Default SAN wipe after delete (Yes, No) [No]:
provided answer: no
--== PKI CONFIGURATION ==--
Organization name for certificate [fritz.box]:
provided answer: fritz.box
--== APACHE CONFIGURATION ==--
Setup can configure the default page of the web server to present the application home page. This may conflict with existing applications.
Do you wish to set the application as the default page of the web server? (Yes, No) [No]:
provided answer: yes
Setup can configure apache to use SSL using a certificate issued from the internal CA.
Do you wish Setup to configure that, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
provided answer: automatic
--== SYSTEM CONFIGURATION ==--
--== MISC CONFIGURATION ==--
Please choose Data Warehouse sampling scale:
(1) Basic
(2) Full
(1, 2)[1]:
provided answer: 1
Use Engine admin password as initial Grafana admin password (Yes, No) [Yes]:
provided answer: yes
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation
[WARNING] Less than 16384MB of memory is available
--== CONFIGURATION PREVIEW ==--
Application mode : both
Default SAN wipe after delete : False
Host FQDN : lin5.fritz.box
Firewall manager : firewalld
Update Firewall : True
Set up Cinderlib integration : False
Configure local Engine database : True
Set application as default page : True
Configure Apache SSL : True
Keycloak installation : True
Engine database host : localhost
Engine database port : 5432
Engine database secured connection : False
Engine database host name validation : False
Engine database name : engine
Engine database user name : engine
Engine installation : True
PKI organization : fritz.box
Set up ovirt-provider-ovn : True
DWH installation : True
DWH database host : localhost
DWH database port : 5432
DWH database secured connection : False
DWH database host name validation : False
DWH database name : ovirt_engine_history
Configure local DWH database : True
Grafana integration : True
Grafana database user name : ovirt_engine_history_grafana
Keycloak database host : localhost
Keycloak database port : 5432
Keycloak database secured connection : False
Keycloak database host name validation : False
Keycloak database name : ovirt_engine_keycloak
Keycloak database user name : ovirt_engine_keycloak
Configure local Keycloak database : True
Configure VMConsole Proxy : True
Configure WebSocket Proxy : True
Please confirm installation settings (OK, Cancel) [OK]:
provided answer: ok
[ INFO ] Stage: Transaction setup
[ INFO ] Stopping engine service
[ INFO ] Stopping ovirt-fence-kdump-listener service
[ INFO ] Stopping dwh service
[ INFO ] Stopping vmconsole-proxy service
[ INFO ] Stopping websocket-proxy service
[ INFO ] Stage: Misc configuration (early)
[ INFO ] Stage: Package installation
[ INFO ] Stage: Misc configuration
[ INFO ] Upgrading CA
[ INFO ] Initializing PostgreSQL
[ INFO ] Creating PostgreSQL 'engine' database
[ INFO ] Configuring PostgreSQL
[ INFO ] Creating PostgreSQL 'ovirt_engine_history' database
[ INFO ] Configuring PostgreSQL
[ INFO ] Creating PostgreSQL 'ovirt_engine_keycloak' database
[ INFO ] Configuring PostgreSQL
[ INFO ] Creating CA: /etc/pki/ovirt-engine/ca.pem
[ INFO ] Creating CA: /etc/pki/ovirt-engine/qemu-ca.pem
[ INFO ] Creating a user for Grafana
[ INFO ] Allowing ovirt_engine_history_grafana to read data on ovirt_engine_history
[ INFO ] Setting up ovirt-vmconsole proxy helper PKI artifacts
[ INFO ] Setting up ovirt-vmconsole SSH PKI artifacts
[ INFO ] Configuring WebSocket Proxy
[ INFO ] Creating/refreshing Engine database schema
[ INFO ] Creating/refreshing DWH database schema
[ INFO ] Updating OVN SSL configuration
[ INFO ] Updating OVN timeout configuration
[ INFO ] Creating/refreshing Engine 'internal' domain database schema
[ INFO ] Creating default mac pool range
[ INFO ] Adding default OVN provider to database
[ INFO ] Adding OVN provider secret to database
[ INFO ] Setting a password for internal user admin
[ INFO ] Creating initial Keycloak admin user
[ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'
[ INFO ] Stage: Transaction commit
[ INFO ] Stage: Closing up
--== SUMMARY ==--
[ INFO ] No need to restart fapolicyd because it is not running.
[ INFO ] Starting dwh service
[ INFO ] Starting Grafana service
[ INFO ] Restarting ovirt-vmconsole proxy service
To login to oVirt using Keycloak SSO, enter 'admin@ovirt' as username and the password provided during Setup
To login to Keycloak Administration Console enter 'admin' as username and the password provided during Setup
Web access for Keycloak Administration Console is enabled at:
https://lin5.fritz.box/ovirt-engine-auth/admin
Web access is enabled at:
http://lin5.fritz.box:80/ovirt-engine
https://lin5.fritz.box:443/ovirt-engine
Internal CA fingerprint: SHA256: 0A:D8:1B:BB:2E:9C:DC:AD:30:C3:2A:09:ED:B5:C6:EE:5D:43:01:CF:5B:CB:7C:93:E3:26:29:FC:AD:79:84:06
SSH fingerprint: SHA256:48iK5k/NfLTxHpU25aiSpTBDcANFHeZWdvg/UQ0TGNo
[ INFO ] Starting engine service
[WARNING] Less than 16384MB of memory is available
Web access for grafana is enabled at:
https://lin5.fritz.box/ovirt-engine-grafana/
Please run the following command on the engine machine lin5.fritz.box, for SSO to work:
systemctl restart ovirt-engine
--== END OF SUMMARY ==--
[ INFO ] Restarting httpd
[ INFO ] Start with setting up Keycloak for Ovirt Engine
[ INFO ] Done with setting up Keycloak for Ovirt Engine
[ INFO ] Stage: Clean up
Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20250628093056-emrxc5.log
[ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20250628093535-setup.conf'
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ INFO ] Execution of setup completed successfully
[root@lin5 ~]#Setup the NFS Server
The NFS server contains (among other files) the data of the ISO install images and the virtual machine data and enables (for example) live migrations of VMs. We will setup the NFS server on the first VM.
# run on the first (the Engine or Manager) host
firewall-cmd --permanent --add-service=nfs --add-service=rpc-bind --add-service=mountd
firewall-cmd --reload
mkdir -p /nfs/olv_ovirt/data
chown -R 36:36 /nfs/olv_ovirt
chmod -R 0755 /nfs/olv_ovirt
echo "/nfs/olv_ovirt/data *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)" >> /etc/exports
systemctl enable --now nfs-server
showmount -e
Add the OLVM Engine CA certificate to the Browser
This step is required if we want to upload iso images later. We download the Engine CA Certificate from the OLVM Overview Page page and save it with the extension .pem (e.g. pki-resource.pem). Then in firefox in my case we can go to Settings, search for Certificates and select View Certificates. Then we select Authorities and click on Import choosing our .pem file. Then we choose to trust the file and click on OK. Lastly we Clear cookies and site data (next to the address bar in firefox) and reload the page.
KVM Host Installation
First I need to enable Nested VT-x/AMD-V and reduce the amount of Virtual CPUs from 4 to 1 to avoid a so called Guru Meditation error on the VirtualBox VM:
rem run in a command prompt for the second (KVM host) VM
set "VHOST="
(set /p VHOST=Enter VM name ^(e.g. lin1^):
call vboxmanage controlvm %VHOST% shutdown &rem Power down the VM and wait
timeout /T 10 /NOBREAK
call vboxmanage modifyvm %VHOST% --cpus=1 &rem Set the number of Virtual CPUs to 1
call vboxmanage modifyvm %VHOST% --nested-hw-virt=on &rem Enable Nested VT-x/AMD-V
call vboxmanage startvm %VHOST%) &rem Power up the Virtual Machine
This step will be done via the OLVM Administration Portal. See here for the login details. We go to Compute and Hosts and click on New to add the KVM host:
We click OK and confirm that we haven’t configured Power Management for the host. The host will now be configured and added to the OLVM system. This will take some time and at the end, the host will be rebootet. The process can be seen in the messages file:
# run on the host to be added
tail -f /var/log/messages
After waiting some more time after the reboot, the host is added to the OLVM system:
If we check the state of our default OLVM Data Center, we can see that it still is in the Uninitialized state. This is because we have not added storage (in our case NFS storage) yet:
To add storage we go in the Admin Portal to Storage, then Domains and clock on New Domain. We enter the data of our NFS server (e.g. lin5.fritz.box:/nfs/olv_ovirt/data ) and click OK:
Now we can see that the NFS share has become Active:
and that the state of the Data Center has been changed to Up:
The OLVM system is now up and running. In the next steps we will upload an ISO image and create a OLVM Virtual Machine.
Uploading .iso images
To upload an .iso image that can be used to install OLVM Virtual Machines we select Storage, Disks, Upload and then Start in the Admin Portal. We select the .iso image and click on Test Connection and then OK:
After some time we can see the uploaded image in the Disk Overview:
If more performance is required to upload images, there are also scripts provided by Oracle to upload the files circumventing the browser (see also Oracle Doc ID 2830534.1 and Doc ID 2586471.1).
Creating a OLVM virtual machine
Now after all this setup work, we can finally create a new OLVM VM that will run on the KVM host. For this task we go in the Admin Portal to Compute, Virtual Machines and select New. By selecting Create Disk we will create a new (boot) disk for the VM:
And next we create the VM itself:
We select Run Once from the Run menue and select the uploaded .iso file in the Boot Options:
After confirming with OK, the VM will boot from the .iso image. We can access the VM console by clicking on Console and starting the downloaded file (Make sure that you have installed the latest Virt Viewer from here):
After the VM has been installed we can see the running VM in the OLVM system:
Important URLs
| Application | URL | Username | Password |
| OLVM Overview Page | https://FQDN_of_VM1/ovirt-engine/ | admin@ovirt | changeme |
| OLVM Administration Portal | https://FQDN_of_VM1/ovirt-engine/webadmin | admin@ovirt | changeme |
| OLVM VM Portal | https://FQDN_of_VM1/ovirt-engine/web-ui | admin@ovirt | changeme |
| Grafana Monitoring | https://FQDN_of_VM1/ovirt-engine-grafana/ | admin | changeme |
| Keycloak Administration Console | https://FQDN_of_VM1/ovirt-engine-auth/admin | admin | changeme |
Further Information
Some useful Links:
