Your First Tenant: The Ultimate Guide to Creating an Ubuntu Server VM (KVM & Virt-Manager)

For the past ten chapters, we have been architects and engineers. We have laid a rock-solid foundation of enterprise-grade networking with pfSense. We have built a powerful, headless server. We have meticulously wired a virtual network bridge and constructed a remote “command center” with virt-manager. Our kingdom is built, but it is empty.

This post is the moment that all changes. This is where we create our first “tenant”—a digital fortress that will house our first sovereign service.

We are not just “installing a program.” We are following our strategic choice to its logical conclusion. By creating a dedicated Virtual Machine for our file-syncing service, we are ensuring:

1. Total Isolation: If this service ever crashes or is compromised, it is contained within its own “house,” unable to affect our host server or any other future VMs.
2. Ultimate Portability: The entire server—OS, application, and all configurations—will exist as a single file on our host.
3. “Idiotproof” Backups: We will be able to back up this entire service by simply copying that one file, a concept we will prove at the end of this guide.

Today, we use the virt-manager dashboard to build our first house with Ubuntu Server. We will move with precision, optimizing every choice for performance and security. Let’s begin.

Preparation – Acquiring the Building Materials

Before we can build, we need the “blueprints” and “lumber.” In our case, this is the Ubuntu Server Installation ISO. An ISO file is a “virtual CD-ROM,” a disk image containing the operating system installer.

We will download it directly to our host server.

1. Log into your host server via your standard SSH session (the non-X11 one is fine for this).
2. We need a place to store our ISOs. Let’s create a dedicated directory in our home folder. mkdir ~/iso
3. Navigate into that directory: cd ~/iso
4. Go to the official Ubuntu Server website and find the download link for the latest LTS (Long Term Support) release. As of this writing, that is 22.04.3 LTS. We will use the wget command to download it directly to our server. wget https://releases.ubuntu.com/22.04.3/ubuntu-22.04.3-live-server-amd64.iso(This link may change. Always verify you have the latest LTS version.)

This will download the file, which is several gigabytes, to the ~/iso directory. We are now ready to build.

Launching the Command Center

Now, we need to access our graphical “throne room.” As we learned in the last guide:

1. On your local desktop (Linux/macOS): Open a new terminal and connect to your server using the -X flag. ssh -X your_username@10.0.0.50 (Or, on Windows: Launch VcXsrv and then connect using your pre-configured PuTTY profile.)
2. Once logged in, launch Virtual Machine Manager: virt-manager

After a brief pause, the “Virtual Machine Manager” window will appear on your desktop. It is running on the server but displayed on your screen. This is our control center.

The New Virtual Machine Wizard

This wizard will guide us through the initial creation. We will walk through every single screen.

1. Click the “Create a new virtual machine” icon in the top-left corner of the toolbar.

2. Choose Installation Method. We are installing from an ISO file we just downloaded. The default choice, “Local install media (ISO image or CDROM),” is correct. Click Forward.

3. Locate Install Media.
   • Click the “Browse…” button. A new “Locate media” window will pop up. In the virt-manager world, ISOs are often stored in “Pools.” We haven’t set one up, so we’ll just browse to the file manually. Click “Browse Local”. This will open a file browser on your server. Navigate to your home directory, then into the iso folder you created. Select the ubuntu-22.04.3-live-server-amd64.iso file and click Open. The “Locate media” window will now show your ISO path (e.g., /home/your_username/iso/ubuntu...).virt-manager is smart. It will automatically detect the operating system from the ISO. Ensure the box “Automatically detect OS based on install media” is checked. You should see “ubuntu 22.04” appear. Click Forward.

4. Choose Memory and CPU Settings. This is your first resource allocation.
   • Memory (RAM): For a simple file-syncing server, 2048 MB (2 GB) is a very comfortable start. CPUs: 2 vCPUs is also a great starting point. You can always change these settings later, so don’t overthink it. Click Forward.

5. Enable Storage for this Virtual Machine. This is a critical step. We are creating the VM’s “virtual hard drive.”
   • Ensure “Create a disk image for the virtual machine” is selected. Enter a size. For a file-sync server, the metadata won’t take up much space (the files themselves will be stored on the ZFS array we build later). Let’s start with 25.0 GB. This is more than enough for the OS and the Syncthing application. Click Forward.

6. Ready to Begin Installation. This is the final confirmation screen and the most important one.
   • Name: Give your VM a simple, descriptive, lowercase name. Per the FUTO plan, this VM will be for file syncing, so let’s call it sync-server. CRITICAL: Customize configuration before install. You MUST check this box. This is what separates a default install from a professional one. It will allow us to make crucial performance and security optimizations before the VM is even turned on for the first time. Network selection: Here is our first major payoff! Click the dropdown menu. You should see your default “NAT” network, and you should also see “Bridge br0: Host device enp3s0” (your interface name may vary). SELECT YOUR br0 BRIDGE. This connects your VM directly to your home LAN, just like a physical computer. It will get its own IP address from pfSense. Review your settings one last time. Click Finish.

The Pro Setup (Customizing Before First Boot)

Because we checked the “Customize” box, you will not see the VM boot. Instead, a new window will appear, showing a detailed dashboard of every single piece of virtual hardware. This is where we optimize.

We will now go down this list, section by section.

1. CPU:
   • Click the “CPU” section.
   • Check the box at the bottom: “Copy host CPU configuration”.
   • Why? This passes your host CPU’s specific features (known as “flags”) directly to the guest VM. This dramatically improves performance for any task that can use modern CPU instructions (like encryption).
   • Click Apply.
2. Storage (Disk 1):
   • Click the “Disk 1” section.
   • Expand the “Advanced options” disclosure triangle.
   • Disk bus: The default is often SATA. Change this to VirtIO.
   • Why? VirtIO is a “paravirtualized” driver. Instead of emulating a slow, physical SATA controller, VirtIO is a high-speed, software-only driver that communicates directly with the hypervisor (KVM). It is dramatically faster.
   • Storage format: Confirm it says qcow2.
   • Why qcow2? This is a modern disk format. Its key feature is “thin provisioning.” This means our 32GB disk will only take up a few megabytes of space on the host at first, and will grow as we add data, up to a maximum of 32GB. It also enables a powerful feature called “snapshots” which we will use later.
   • Click Apply.
3. Network (NIC):
   • Click the “NIC” section.
   • Source: Confirm it says “Bridge br0”.
   • Device model: The default may be e1000 (an emulated Intel card). Change this to virtio-net.
   • Why? This is the other half of the VirtIO optimization. Just like the disk, virtio-net is a paravirtualized network driver that is an order of magnitude faster than emulating a physical card.
   • Click Apply.
4. Remove Unnecessary Hardware: A server doesn’t need a mouse, tablet, or sound card. Removing them reduces complexity and the potential “attack surface.”
   • Click on “Tablet” (it may be called EvTouch USB Graphics Tablet). Click the “Remove” button at the bottom.
   • Click on “Sound” (if it’s present). Click “Remove”.
   • Click on “USB” (if you don’t plan on passing USB devices through). Click “Remove”.
5. Boot Options:
   • Click the “Boot Options” section.
   • Ensure “Enable boot menu” is checked.
   • In the list, make sure “CDROM” is first, and “VirtIO Disk” is second. This tells the VM to boot from our installer ISO first.
   • Click Apply.

With all our optimizations in place, click the “Begin Installation” button in the top-left corner.

Phase 5: Installing Ubuntu Server (Inside the VM)

A new “VNC” console window will pop up. This is your virtual monitor. The VM will boot, and the Ubuntu Server installer will load.

Now, we are just performing a standard Ubuntu install inside this window. Use your keyboard (and your mouse to click, though arrow keys are better) to navigate.

1. Language: Select “English.”
2. Keyboard: Select your preferred layout.
3. Network: This is our second payoff! The installer will pause, and you will see it successfully get an IP address from your network. It should show something like ens3: 10.0.0.123/24 (the IP will vary). This is proof that your br0 bridge is working. The VM is a full-fledged citizen of your LAN, just as if you’d plugged a physical computer into your switch. Press Done.[Image Description]: The Ubuntu installer’s “Network connections” screen, clearly showing the ens3 interface has successfully leased a 10.0.0.x IP address from the pfSense router.
4. Proxy: Leave blank. Done.
5. Mirror: Use the default. Done.
6. Storage:
   • Select “Use an entire disk”. It will show your 32GB VirtIO disk.Uncheck “Set up this disk as an LVM group.” We don’t need this complexity inside a VM.Press Done. It will show you a summary. Press Done again.A “Confirm destructive action” pop-up will appear. Select Continue.
7. Profile setup:
   • Your name: Sync Admin
   • Your server’s name: sync-server (to match the VM name)
   • Pick a username: syncadmin (or another non-root username)
   • Choose a password: Enter a strong, unique password.
   • Press Done.
8. SSH Setup:
   • CRITICAL: Check the box “Install OpenSSH server”. This is essential for us to manage the server remotely without the console.Do not import any SSH keys yet. Press Done.
9. Featured Server Snaps: This is a list of optional software. Do not select any of them. Scroll to the bottom and press Done.
10. Installation: The installer will now run. This will take 5-15 minutes.
11. Reboot: Once you see “Installation complete!”, select “Reboot Now”.

Post-Installation and Verification

The VM will try to reboot. It will likely get stuck, booting back into the installer. Why? Because the “virtual CD-ROM” is still in the drive.

1. Eject the Virtual CD:
   • In the console window, do not shut down the VM yet.
   • Go back to your main “Virtual Machine Manager” window.
   • Go to View > Details (or click the “i” icon) to get back to the hardware dashboard.
   • Click on the “Storage” section (or “SATA CDROM”).
   • On the right, click the “Disconnect” button.
   • This virtually “ejects” the ISO file.
2. Force Reboot:
   • Go back to the console window. It might be stuck.
   • In the virt-manager menu, go to Virtual Machine > Shutdown > Force Off.
   • Go back to the main virt-manager window. sync-server will show as “Shutoff”.
   • Double-click it to open its console, then click the “Play” button to start it.
   • The VM will now boot from its VirtIO hard drive.
3. First Login:
   • In the console, you will see the sync-server login: prompt.
   • Log in with the syncadmin username and password you created.
4. Find Your IP:
   • Run ip a.
   • Look for the IP address under the ens3 interface. Let’s assume it’s 10.0.0.123.
5. The Real Test: SSH Access
   • Now, open a brand new terminal on your local desktop.SSH directly into your new VM, just like a real server: ssh syncadmin@10.0.0.123Accept the fingerprint and enter your password.Congratulations! You are now remotely connected to a virtual machine running on your host server. This is the workflow you will use from now on. You can close the VNC console window.
6. Update Your New Server:
   • Inside your new VM’s SSH session, run a full update: sudo apt update && sudo apt upgrade -y
   • Once it’s all up to date, shut it down. sudo shutdown now

The Final Payoff – The “Idiotproof” Backup

Your VM is now shut off. It is a “Golden Master”—a perfect, clean, fully-updated template. Let’s prove our backup philosophy.

1. Go to the terminal for your Host Server (the 10.0.0.50 machine).
2. Navigate to the directory where Libvirt stores its disk images: cd /var/lib/libvirt/images
3. List the contents: ls -lh You will see a file named sync-server.qcow2. Its size will be small, not 32GB, because it’s thin-provisioned.
4. This file is your entire server.
5. Let’s back it up. (You’ll need sudo because this directory is owned by root). sudo cp sync-server.qcow2 /mnt/your-backup-drive/sync-server_golden_master_backup.qcow2

That’s it. You have just created a complete, byte-for-byte, perfect backup of your entire server. If you ever break this VM, you can simply shut it down, delete the sync-server.qcow2 file, and copy your backup file in its place. When you start it, it will be restored to this exact, pristine moment in time.

This is the power of the fortress.

What’s Next?

We have built our first house. It is secure, optimized, and backed up. It is a perfect, empty home.

In the next chapter, we will finally move in. We will install and configure Syncthing, the file-synchronization service, inside this VM. We will expose it to our network, connect our devices, and for the first time, watch our sovereign cloud do work—liberating our files from the likes of Google Drive and Dropbox forever.