https://wiki.archlinux.org/api.php?action=feedcontributions&user=Kozzi11&feedformat=atomArchWiki - User contributions [en]2024-03-29T07:08:36ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Libvirt&diff=228969Libvirt2012-10-16T07:55:54Z<p>Kozzi11: </p>
<hr />
<div>[[Category:Virtualization]]<br />
{{DISPLAYTITLE:libvirt}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|This article does not try to cover everything about libvirt, just the things that were not intuitive at first or not well documented.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|QEMU}}<br />
{{Article summary wiki|KVM}}<br />
{{Article summary wiki|VirtualBox}}<br />
{{Article summary wiki|Xen}}<br />
{{Article summary wiki|VMware}}<br />
{{Article summary end}}<br />
<br />
libvirt is a virtualization API and a daemon for managing virtual machines (VMs) -- remote or locally, using multiple virtualization back-ends ([[QEMU]]/[[KVM]], [[VirtualBox]], [[Xen]], etc).<br />
<br />
==Installing==<br />
For servers you need the following packages from the [[Official Repositories|official Arch Linux repositories]]: <br />
* {{Pkg|libvirt}}<br />
* {{Pkg|urlgrabber}} (required by {{Pkg|virtinst}})<br />
* {{Pkg|qemu-kvm}} (optional if not using [[KVM]])<br />
* {{Pkg|dnsmasq}} (optional)<br />
* {{Pkg|bridge-utils}} (optional)<br />
<br />
For GUI management tools, you also need all of the following from the official Arch Linux repositories:<br />
* {{Pkg|virtviewer}}<br />
* {{Pkg|virtinst}}<br />
* {{Pkg|virt-manager}}<br />
<br />
===Building libvirt for Xen===<br />
The [[PKGBUILD]] for both {{AUR|libvirt-git}} in the [[Arch User Repository|AUR]] and {{Pkg|libvirt}} in the [[Official Repositories|official repositories]] currently disables [[Xen]] support with the {{ic|--without-xen}} flag during the make process. If you want to use libvirt for managing Xen, you will need to [https://projects.archlinux.org/svntogit/community.git/tree/libvirt/repos/community-x86_64/ grab the whole file set] to enable Xen support and build your own libvirt package using the [[Arch Build System]]. Furthermore, you need to make sure you have {{AUR|libxenctrl}} installed. If {{AUR|xen}} is installed, you don't need to install {{AUR|libxenctrl}}.<br />
<br />
The alternative XenAPI driver is lacking a package at the moment? (2010-05-23, friesoft)<br />
<br />
==Configuration==<br />
<br />
===Run daemon===<br />
[[Daemon#Performing daemon actions manually|Start the libvirtd daemon]] and add {{ic|libvirtd}} to your [[Daemon#Starting on Boot|DAEMONS array]] so it starts automatically on boot.<br />
<br />
It seems like you have to start {{ic|dbus}} and {{ic|avahi-daemon}} before starting {{ic|libvirtd}}.<br />
<br />
{{Note|The Avahi daemon is used for local discovery of libvirt hosts via multicast-DNS. To disable this functionality, set {{ic|1=mdns_adv = 0}} in {{ic|/etc/libvirt/libvirtd.conf}}.}}<br />
<br />
===PolicyKit authentication===<br />
To allow a non-root user to manage virtual machines, you need to create the following file:<br />
====PolicyKit authentication (version < 0.107)====<br />
{{hc|/etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage.pkla|<nowiki><br />
[Allow a user to manage virtual machines]<br />
Identity=unix-user:<replace with your username><br />
Action=org.libvirt.unix.manage<br />
ResultAny=yes<br />
ResultInactive=yes<br />
ResultActive=yes<br />
</nowiki>}}<br />
<br />
====PolicyKit authentication (version >= 0.107)====<br />
{{hc|/etc/polkit-1/rules.d/50-org.libvirt.unix.manage.rules|<nowiki><br />
polkit.addRule(function(action, subject) {<br />
if (action.id == "org.libvirt.unix.manage" && subject.user == "<replace with user name>") {<br />
return polkit.Result.YES;<br />
}<br />
});<br />
</nowiki>}}<br />
<br />
Try to log in again if it does not work right away.<br />
<br />
Alternatively, you can grant only the monitoring rights with {{ic|org.libvirt.unix.monitor}}<br />
<br />
When logging in via [[Secure Shell|SSH]], you will need to make sure ConsoleKit is used. Place the following in {{ic|/etc/pam.d/sshd}}:<br />
<br />
{{hc|/etc/pam.d/sshd|<br />
...<br />
session optional pam_ck_connector.so<br />
...<br />
}}<br />
<br />
For more information, see [http://wiki.libvirt.org/page/SSHPolicyKitSetup#Configuring_management_access_via_PolicyKit the libvirt wiki].<br />
<br />
===Unix file-based permissions===<br />
{{Note|This is an alternative to [[#PolicyKit authentication|PolicyKit authentication]].}}<br />
If you wish to use Unix file-based permissions to allow some non-root users to use libvirt, you can modify the configuration files.<br />
<br />
First, you will need to create the {{ic|libvirt}} [[Users and Groups|group]] and add any users you want to have access to libvirt to that group.<br />
# groupadd libvirt<br />
# gpasswd -a ''[username]'' libvirt<br />
<br />
Any users that are currently logged in will need to log out and log back in to update their groups. Alternatively, the user can use the following command in the shell they will be launching libvirt from to update the group:<br />
$ newgrp libvirt<br />
<br />
{{Note|1=The line to uncomment for unixperms has been removed from [[PKGBUILD]] into this [https://projects.archlinux.org/svntogit/community.git/commit/trunk/PKGBUILD?h=packages/libvirt&id=dc58307bab41b98b5114c5535aaa944da3801ef8 patch]}}<br />
Then you can either enable permissions-based access by uncommenting the following line in the [[PKGBUILD]] for libvirt before running {{ic|makepkg -s}}:<br />
# patch -Np1 -i "$srcdir"/unixperms.patch<br />
<br />
Alternatively, you can make the changes to your permissions and configuration files by hand. Uncomment the following lines in {{ic|/etc/libvirt/libvirtd.conf}} (they are not all in the same location in the file):<br />
<br />
{{hc|/etc/libvirt/libvirtd.conf|<nowiki><br />
#unix_sock_group = "libvirt"<br />
#unix_sock_ro_perms = "0777"<br />
#unix_sock_rw_perms = "0770"<br />
#auth_unix_ro = "none"<br />
#auth_unix_rw = "none"<br />
</nowiki>}}<br />
<br />
{{Note|You may also wish to change {{ic|unix_sock_ro_perms}} from {{ic|0777}} to {{ic|0770}} to disallow read-only access to people who are not members of the {{ic|libvirt}} group.}}<br />
<br />
===Enable KVM acceleration for QEMU===<br />
{{Note|[[KVM]] will conflict with [[VirtualBox]]. You cannot use KVM and VirtualBox at the same time.}}<br />
<br />
Running virtual machines with the usual [[QEMU]] emulation (i.e. without KVM)), will be '''painfully slow'''. You definitely want to enable KVM support if your CPU supports it. To find out, run the following command:<br />
grep -E "(vmx|svm)" --color=always /proc/cpuinfo<br />
<br />
If that command generates output, then your CPU supports hardware acceleration via KVM; if that command does ''not'' generate output, then you ''cannot use KVM''.<br />
<br />
To enable KVM, you need to load the {{ic|kvm-amd}} or {{ic|kvm-intel}} kernel module depending on your CPU.<br />
# modprobe kvm-amd<br />
<br />
Usually you would also add it to the {{ic|1=MODULES=}} line in {{ic|/etc/rc.conf}}<br />
{{hc|/etc/rc.conf|<nowiki><br />
Modules=(... kvm-amd ...)<br />
</nowiki>}}<br />
<br />
If KVM is ''not'' working, you will find the following message in your {{ic|/var/log/libvirt/qemu/VIRTNAME.log}}:<br />
{{hc|/var/log/libvirt/qemu/VIRTNAME.log|<nowiki><br />
Could not initialize KVM, will disable KVM support<br />
</nowiki>}}<br />
<br />
More info is available from the [http://www.linux-kvm.org/page/FAQ official KVM FAQ]<br />
<br />
===Stopping / resuming guest at host shutdown / startup ===<br />
Running guests may be suspended (or shutdown) at host shutdown automatically using the libvirtd-guests daemon. On the other hand, at host startup, this same daemon will resume (startup) the suspended (shutdown) guests automatically.<br />
<br />
==Usage==<br />
<br />
===Installing a new VM===<br />
To create a new VM, you need some sort of installation media, which is usually a standard {{ic|.iso}} file. Copy it to the {{ic|/var/lib/libvirt/images/}} directory (alternatively, you can create a new ''storage pool'' directory in virt-manager and copy it there).<br />
<br />
{{Note|[[SELinux]] requires that virtual machines be stored in {{ic|/var/lib/libvirt/images/}} by default. If you use SELinux and are having issues with virtual machines, ensure that your VMs are in that directory or ensure that you have added the correct labeling to the non-default directory that you used.}}<br />
<br />
Then run {{ic|virt-manager}}, connect to the server, right click on the connection and choose '''New'''. Choose a name, and select '''Local install media'''. Just continue with the wizard.<br />
<br />
On the '''4th step''', you may want to uncheck ''Allocate entire disk now'' -- this way you will save space when your VM is not using all of its disk. However, this can cause increased fragmentation of the disk, and you ''must'' pay attention to the total available disk space on the VM host because it is much easier to over-allocate disk space to VMs.<br />
<br />
On the '''5th step''', open '''Advanced options''' and make sure that ''Virt Type'' is set to '''kvm'''. If the kvm choice is not available, see section [[#Enable KVM acceleration for QEMU|Enable KVM acceleration for QEMU]] above.<br />
<br />
===Creating a storage pool in virt-manager===<br />
First, connect to an existing server. Once you are there, right click and choose '''Details'''. Go to '''Storage''' and press the '''+''' icon at the lower left. Then just follow the wizard. :)<br />
<br />
===Using VirtualBox with virt-manager===<br />
{{Note|[[VirtualBox]] support in libvirt is not quite stable yet and may cause your libvirtd to crash. Usually this is harmless and everything will be back once you restart the daemon.}}<br />
<br />
virt-manager does not let you to add any VirtualBox connections from the GUI. However, you can launch it from the command line:<br />
virt-manager -c vbox:///system<br />
<br />
Or if you want to manage a remote system over SSH:<br />
virt-manager -c vbox+ssh://username@host/system<br />
<br />
==Remote access to libvirt==<br />
<br />
===Using unencrypted TCP/IP socket (most simple, least secure)===<br />
{{Warning|This should ''only'' be used for testing or use over a secure, private, and trusted network.}}<br />
<br />
Edit {{ic|/etc/libvirt/libvirtd.conf}}:<br />
{{hc|/etc/libvirt/libvirtd.conf|<nowiki><br />
listen_tls = 0<br />
listen_tcp = 1<br />
auth_tcp=none<br />
</nowiki>}}<br />
<br />
{{Warning|We do not enable SASL here, so all TCP traffic is cleartext! For real world use, ''always'' enable SASL.}}<br />
<br />
It is also necessary to start the server in listening mode by editing {{ic|/etc/conf.d/libvirtd}} <br />
{{hc|/etc/conf.d/libvirtd|2=LIBVIRTD_ARGS="--listen"}}<br />
<br />
===Using SSH===<br />
The {{Pkg|openbsd-netcat}} package is needed for remote management over [[SSH]].<br />
<br />
To connect to the remote system using {{ic|virsh}}:<br />
$ virsh -c qemu+ssh://''username''@''host/IP address''/system<br />
<br />
If something goes wrong, you can get some logs using:<br />
$ LIBVIRT_DEBUG=1 virsh -c qemu+ssh://''username''@''host/IP address''/system<br />
<br />
To display the graphical console for a virtual machine:<br />
$ virt-viewer --connect qemu+ssh://''username''@''host/IP address''/system myvirtualmachine<br />
<br />
To display the virtual machine desktop management tool:<br />
$ virt-manager -c qemu+ssh://''username''@''host/IP address''/system<br />
<br />
{{Note|If you are having problems connecting to a remote RHEL server (or anything other than Arch, really), try the two workarounds mentioned in {{bug|30748}} and {{bug|22068}}.}}<br />
<br />
===Using Python===<br />
The {{Pkg|libvirt}} package comes with a {{Pkg|python2}} API in {{ic|/usr/lib/python2.7/site-packages/libvirt.py}}<br />
<br />
General examples are given in {{ic|/usr/share/doc/libvirt-python-''your_libvirt_version''/examples/}}<br />
<br />
Unofficial example using {{Pkg|qemu}} and {{Pkg|openssh}}:<br />
<br />
#! /usr/bin/env python2<br />
# -*- coding: utf-8 -*-<br />
import socket<br />
import sys<br />
import libvirt<br />
if (__name__ == "__main__"):<br />
conn = libvirt.open("qemu+ssh://xxx/system")<br />
print "Trying to find node on xxx"<br />
domains = conn.listDomainsID()<br />
for domainID in domains:<br />
domConnect = conn.lookupByID(domainID)<br />
if domConnect.name() == 'xxx-node':<br />
print "Found shared node on xxx with ID " + str(domainID)<br />
domServ = domConnect<br />
break<br />
<br />
==Bridged Networking==<br />
To use ''physical Ethernet'' from your virtual machines, you have to create a ''bridge'' between your physical Ethernet device (here ''eth0'') and the virtual Ethernet device the VM is using.<br />
<br />
===Host configuration===<br />
libvirt creates the bridge ''virbr0'' for NAT networking, so use another name such as ''br0'' or ''virbr1''.<br />
You have to create a new [https://wiki.archlinux.org/index.php/Netcfg#net-profiles Netcfg Profile] to configure the bridge, for example (with DHCP configuration):<br />
<br />
{{hc|/etc/network.d/br0|<nowiki><br />
INTERFACE="br0"<br />
CONNECTION="bridge"<br />
DESCRIPTION="KVM Bridge connection"<br />
BRIDGE_INTERFACES="eth0"<br />
IP="dhcp"<br />
## sets forward delay time<br />
#FWD_DELAY=0<br />
## sets max age of hello message<br />
#MAX_AGE=10<br />
</nowiki>}}<br />
<br />
{{Tip|It is recommended that you enable [[Wikipedia:Spanning_Tree_Protocol|Spanning Tree Protocol]] (STP) on the virtual bridge (e.g. ''br0'') that you create to avoid any potential bridging loops. You can automatically enable STP on the bridge at start-up by appending {{ic|brctl stp br0 on}} to {{ic|/etc/rc.local}}.}}<br />
<br />
===Guest configuration===<br />
Now we have to activate the ''bridge interface'' in our ''VMs''.<br />
If have a recent Linux machine, you can use this code in the ''.xml'' file:<br />
<br />
[...]<br />
<interface type='bridge'><br />
<source bridge='br0'/><br />
<mac address='24:42:53:21:52:49'/><br />
<model type='virtio' /><br />
</interface><br />
[...]<br />
<br />
This code activates a ''virtio'' device on the machine so, in Windows you will have to install an additional driver (you can find it here [http://www.linux-kvm.org/page/WindowsGuestDrivers/Download_Drivers Windows KVM VirtIO drivers]) or remove the line {{ic|<model type<nowiki>=</nowiki>'virtio' />}}:<br />
<br />
[...]<br />
<interface type='bridge'><br />
<source bridge='br0'/><br />
<mac address='24:42:53:21:52:49'/><br />
</interface><br />
[...]</div>Kozzi11