Difference between revisions of "Libvirt"

From ArchWiki
Jump to: navigation, search
m (Stopping / resuming guest at host shutdown / startup: add template)
(40 intermediate revisions by 13 users not shown)
Line 1: Line 1:
[[Category:Emulators (English)]]
+
[[Category:Virtualization]]{{DISPLAYTITLE:libvirt}}
{{i18n|Libvirt}}{{DISPLAYTITLE:libvirt}}
+
{{Article summary start}}
 
+
{{Article summary text|This article does not try to cover everything about libvirt, just the things that were not intuitive at first or not well documented.}}
libvirt is an abstraction layer and a daemon for managing virtual machines -- remote or locally, using multiple virtualization backends (QEMU/KVM, VirtualBox, Xen, etc).
+
{{Article summary heading|Related}}
 
+
{{Article summary wiki|QEMU}}
This entry doesn't try to cover everything about libvirt, just the things that were not intuitive at first or not well documented.
+
{{Article summary wiki|KVM}}
 +
{{Article summary wiki|VirtualBox}}
 +
{{Article summary wiki|Xen}}
 +
{{Article summary wiki|VMware}}
 +
{{Article summary end}}
 +
libvirt is a virtualization API and a daemon for managing virtual machines (VMs) -- remote or locally, using multiple virtualization back-ends ([[QEMU]]/[[KVM]], [[VirtualBox]], [[Xen]], etc).
  
 
==Installing==
 
==Installing==
For servers you need the following packages from the Arch repositories:
+
For servers you need the following packages from the [[Official Repositories|official Arch Linux repositories]]:  
 +
* {{Pkg|libvirt}}
 +
* {{Pkg|urlgrabber}} (required by {{Pkg|virtinst}})
 +
* {{Pkg|qemu}} (optional if not using [[KVM]])
 +
* {{Pkg|dnsmasq}} (optional)
 +
* {{Pkg|bridge-utils}} (optional)
  
{{cli|# pacman -S libvirt urlgrabber qemu-kvm dnsmasq bridge-utils}}
+
For GUI management tools, you also need all of the following from the official Arch Linux repositories:
 
+
* {{Pkg|virtviewer}}
For GUI management tools you also need all of the following from Arch repositories:
+
* {{Pkg|virtinst}}
{{cli|# pacman -S virtviewer virtinst virt-manager}}
+
* {{Pkg|virt-manager}}
  
 
===Building libvirt for Xen===
 
===Building libvirt for Xen===
The PKGBUILD for {{codeline|libvirt-git}} in the repositories currently disables xen with the "--with-out xen" flag during the make process. If you want to use libvirt for managing xen, you'll need [https://projects.archlinux.org/svntogit/community.git/tree/libvirt/repos/community-x86_64/ grab the whole fileset] to re-enable it. Furthermore you need to make sure you have [http://aur.archlinux.org/packages.php?ID=36346 libxenctrl] installed.
+
The [[PKGBUILD]] for both {{AUR|libvirt-git}} in the [[Arch User Repository|AUR]] and {{Pkg|libvirt}} in the [[Official Repositories|official repositories]] currently disables [[Xen]] support with the {{ic|--without-xen}} flag during the make process. If you want to use libvirt for managing Xen, you will need to [https://projects.archlinux.org/svntogit/community.git/tree/libvirt/repos/community-x86_64/ grab the whole file set] to enable Xen support and build your own libvirt package using the [[Arch Build System]]. Furthermore, you need to make sure you have {{AUR|libxenctrl}} installed. If {{AUR|xen}} is installed, you don't need to install {{AUR|libxenctrl}}.
  
The alternative XenAPI driver is lacking a package atm?? (23.5.2010, friesoft)
+
The alternative XenAPI driver is lacking a package at the moment? (2010-05-23, friesoft)
  
 
==Configuration==
 
==Configuration==
  
 
===Run daemon===
 
===Run daemon===
[[Daemon#Performing daemon actions manually|Start the libvirtd daemon]] and add libvirtd to your [[Daemons#Starting on Boot|DAEMONS array]] so it starts automatically on boot.
 
  
Seems that you have to start ''dbus'' and ''avahi-daemon'' before starting '''''libvirtd'''''.
+
Change default user and group in {{ic|/etc/libvirt/qemu.conf}}. QEMU defaults to nobody:nobody.
 
+
===Polkit authentication===
+
To allow yourself to manage VMs as non-root, run this on the server:
+
 
+
{{cli|# polkit-auth --user $USERNAME --grant org.libvirt.unix.manage}}
+
 
+
{{Note| As {{codeline|polkit-auth}} is deprecated, you have to create the following file.}}
+
{{file|/etc/polkit-1/localauthority/50-local.d/org.libvirt.unix.manage.pkla|content=<nowiki>
+
[Allow a user to manage virtual machines]
+
Identity=unix-user:<replace with your username>
+
Action=org.libvirt.unix.manage
+
ResultAny=yes
+
ResultInactive=yes
+
ResultActive=yes
+
</nowiki>}}
+
  
Try to re-login if it doesn't work right away.
+
[[Daemons#Starting_manually|Start the libvirtd daemon]] and enable the libvirt systemd service so it starts automatically on boot.
  
Alternatively you can only grant the monitoring rights with {{Codeline|org.libvirt.unix.monitor}}
+
{{Note|The Avahi daemon is used for local discovery of libvirt hosts via multicast-DNS. To disable this functionality, set {{ic|1=mdns_adv = 0}} in {{ic|/etc/libvirt/libvirtd.conf}}.}}
  
If logging in through ssh you will need to make sure ConsoleKit is used. Place the following in {{filename|/etc/pam.d/sshd}}:
+
===PolicyKit authorization===
 +
To allow a non-root user to manage virtual machines, you need to create the following file (for polkit >= 0.107 only):
  
{{file|/etc/pam.d/sshd|content=<nowiki>
+
{{hc|/etc/polkit-1/rules.d/50-org.libvirt.unix.manage.rules|<nowiki>
session  optional  pam_ck_connector.so
+
polkit.addRule(function(action, subject) {
 +
    if (action.id == "org.libvirt.unix.manage" &&
 +
        subject.user == "<replace with user name>") {
 +
            return polkit.Result.YES;
 +
    }
 +
});
 
</nowiki>}}
 
</nowiki>}}
  
===Unix File-based Permissions===
+
Alternatively, you can grant only the monitoring rights with {{ic|org.libvirt.unix.monitor}}.
{{Note | This is an alternative to Polkit authentication.}}
+
If you wish to use unix file-based permissions to allow some non-root users to use {{codeline|libvirt}}, you can modify the config files.
+
  
First you will need to create the libvirt group and add any users you want to have access to libvirt to that group.
+
For more information, see [http://wiki.libvirt.org/page/SSHPolicyKitSetup#Configuring_management_access_via_PolicyKit the libvirt wiki].
  
{{cli|# groupadd libvirt}}
+
===Unix file-based permissions===
{{cli|# gpasswd -a ''user'' libvirt}}
+
{{Note|This is an alternative to [[#PolicyKit authentication|PolicyKit authentication]].}}
 +
If you wish to use Unix file-based permissions to allow some non-root users to use libvirt, you can modify the configuration files.
  
Any users that are currently logged in will need to log out and back in to update their groups.  Alternately the user can use the following command in the shell they will be launching libvirt from to update the group:
+
First, you will need to create the {{ic|libvirt}} [[Users and Groups|group]] and add any users you want to have access to libvirt to that group.
 +
# groupadd libvirt
 +
# gpasswd -a ''[username]'' libvirt
  
{{cli|$ newgrp libvirt}}
+
Any users that are currently logged in will need to log out and log back in to update their groups. Alternatively, the user can use the following command in the shell they will be launching libvirt from to update the group:
 +
$ newgrp libvirt
  
Then you can either enable permissions-based access by uncommenting the following line on the PKGBUILD for libvirt before running makepkg:
+
Uncomment the following lines in {{ic|/etc/libvirt/libvirtd.conf}} (they are not all in the same location in the file):
  
#  patch -Np1 -i "$srcdir"/unixperms.patch || return 1
+
{{hc|/etc/libvirt/libvirtd.conf|<nowiki>
 
+
Alternatively, you can make the changes to your permissions and config files by hand.  Uncomment the following lines in {{filename|/etc/libvirt/libvirtd.conf}} (they are not all in the same location in the file):
+
 
+
{{file|/etc/libvirt/libvirtd.conf|content=<nowiki>
+
 
  #unix_sock_group = "libvirt"
 
  #unix_sock_group = "libvirt"
 
  #unix_sock_ro_perms = "0777"
 
  #unix_sock_ro_perms = "0777"
Line 78: Line 76:
 
</nowiki>}}
 
</nowiki>}}
  
{{Note| You may also wish to change '''unix_sock_ro_perms''' from "0777" to "0770" to disallow read-only access to people who are not members of the libvirt group.}}
+
{{Note|You may also wish to change {{ic|unix_sock_ro_perms}} from {{ic|0777}} to {{ic|0770}} to disallow read-only access to people who are not members of the {{ic|libvirt}} group.}}
  
 
===Enable KVM acceleration for QEMU===
 
===Enable KVM acceleration for QEMU===
{{Note | KVM will conflict with VirtualBox. You cannot use KVM and VirtualBox at the same time.}}
+
{{Note|[[KVM]] will conflict with [[VirtualBox]]. You cannot use KVM and VirtualBox at the same time.}}
  
Running virtual machines with the usual QEMU emulation, without KVM, will be '''painfully slow'''. You definitely want to enable KVM support if your CPU supports it. To find out, run the following:
+
Running virtual machines with the usual [[QEMU]] emulation (i.e. without KVM)), will be '''painfully slow'''. You definitely want to enable KVM support if your CPU supports it. To find out, run the following command:
 +
egrep --color "vmx|svm" /proc/cpuinfo
  
egrep '^flags.*(vmx|svm)' /proc/cpuinfo
+
If that command generates output, then your CPU supports hardware acceleration via KVM; if that command does ''not'' generate output, then you ''cannot use KVM''.
  
To enable KVM, you need to load the {{Codeline|kvm-amd}} or {{Codeline|kvm-intel}} kernel module depending on your CPU. Run modprobe:
+
If KVM is ''not'' working, you will find the following message in your {{ic|/var/log/libvirt/qemu/VIRTNAME.log}}:
 
+
{{hc|/var/log/libvirt/qemu/VIRTNAME.log|<nowiki>
{{cli|# modprobe kvm-amd}}
+
 
+
Usually you would also add it to the {{Codeline|1=MODULES=}} line in "{{filename|/etc/rc.conf}}"
+
{{file|/ect/rc.conf|content=<nowiki>
+
Modules=(... kvm-amd ...)
+
</nowiki>}}<br>
+
 
+
If KVM is '''not''' working, you will find the following message in your "{{filename|/var/log/libvirt/qemu/VIRTNAME.log}}"
+
{{file|/var/log/libvirt/qemu/VIRTNAME.log|content=<nowiki>
+
 
  Could not initialize KVM, will disable KVM support
 
  Could not initialize KVM, will disable KVM support
 
</nowiki>}}
 
</nowiki>}}
  
 
More info is available from the [http://www.linux-kvm.org/page/FAQ official KVM FAQ]
 
More info is available from the [http://www.linux-kvm.org/page/FAQ official KVM FAQ]
 +
 +
===Stopping / resuming guest at host shutdown / startup ===
 +
Running guests may be suspended (or shutdown) at host shutdown automatically using the libvirt-guests service. On the other hand, at host startup, this same daemon will resume (startup) the suspended (shutdown) guests automatically.
 +
Check {{ic|/etc/conf.d/libvirtd-guests}} for libvirt-guests options.
  
 
==Usage==
 
==Usage==
  
 
===Installing a new VM===
 
===Installing a new VM===
To create a new VM, you need some sort of installation media, which is usually a plain {{Codeline|.iso}} file. Copy it to the "{{Codeline|/var/lib/libvirt/images}}" directory (alternatively you can create a new ''storage pool'' directory in virt-manager and copy it there)
+
To create a new VM, you need some sort of installation media, which is usually a standard {{ic|.iso}} file. Copy it to the {{ic|/var/lib/libvirt/images/}} directory (alternatively, you can create a new ''storage pool'' directory in virt-manager and copy it there).
  
Then run virt-manager, connect to the server, right click on the connection and choose '''New'''. Choose a name, and select '''Local install media'''. Just continue with the wizard.
+
{{Note|[[SELinux]] requires that virtual machines be stored in {{ic|/var/lib/libvirt/images/}} by default. If you use SELinux and are having issues with virtual machines, ensure that your VMs are in that directory or ensure that you have added the correct labeling to the non-default directory that you used.}}
  
On the '''4th step''', you may want to uncheck ''Allocate entire disk now'' -- this way you will save space when your VM isn't using all of its disk. However, this can cause increased fragmentation of the disk.
+
Then run {{ic|virt-manager}}, connect to the server, right click on the connection and choose '''New'''. Choose a name, and select '''Local install media'''. Just continue with the wizard.
 +
 
 +
On the '''4th step''', you may want to uncheck ''Allocate entire disk now'' -- this way you will save space when your VM is not using all of its disk. However, this can cause increased fragmentation of the disk, and you ''must'' pay attention to the total available disk space on the VM host because it is much easier to over-allocate disk space to VMs.
  
 
On the '''5th step''', open '''Advanced options''' and make sure that ''Virt Type'' is set to '''kvm'''. If the kvm choice is not available, see section [[#Enable KVM acceleration for QEMU|Enable KVM acceleration for QEMU]] above.
 
On the '''5th step''', open '''Advanced options''' and make sure that ''Virt Type'' is set to '''kvm'''. If the kvm choice is not available, see section [[#Enable KVM acceleration for QEMU|Enable KVM acceleration for QEMU]] above.
  
 
===Creating a storage pool in virt-manager===
 
===Creating a storage pool in virt-manager===
First, connect to an existing server. Once you're there, right click and choose '''Details'''. Go to '''Storage''' and press the '''+''' icon at the lower left. Then just follow the wizard. :)
+
First, connect to an existing server. Once you are there, right click and choose '''Details'''. Go to '''Storage''' and press the '''+''' icon at the lower left. Then just follow the wizard. :)
  
 
===Using VirtualBox with virt-manager===
 
===Using VirtualBox with virt-manager===
{{Note | VirtualBox support in libvirt is not quite stable yet and may cause your libvirtd to crash. Usually this is harmless and everything will be back once you restart the daemon. }}
+
{{Note|[[VirtualBox]] support in libvirt is not quite stable yet and may cause your libvirtd to crash. Usually this is harmless and everything will be back once you restart the daemon.}}
  
 
virt-manager does not let you to add any VirtualBox connections from the GUI. However, you can launch it from the command line:
 
virt-manager does not let you to add any VirtualBox connections from the GUI. However, you can launch it from the command line:
 
 
  virt-manager -c vbox:///system
 
  virt-manager -c vbox:///system
  
 
Or if you want to manage a remote system over SSH:
 
Or if you want to manage a remote system over SSH:
 
 
  virt-manager -c vbox+ssh://username@host/system
 
  virt-manager -c vbox+ssh://username@host/system
  
Line 131: Line 125:
  
 
===Using unencrypted TCP/IP socket (most simple, least secure)===
 
===Using unencrypted TCP/IP socket (most simple, least secure)===
{{Note | Only for testing or use over a trusted network}}
+
{{Warning|This should ''only'' be used for testing or use over a secure, private, and trusted network.}}
  
Edit {{filename|/etc/libvirt/libvirtd.conf}}:
+
Edit {{ic|/etc/libvirt/libvirtd.conf}}:
{{file|/etc/libvirt/libvirtd.conf|content=<nowiki>
+
{{hc|/etc/libvirt/libvirtd.conf|<nowiki>
 
listen_tls = 0
 
listen_tls = 0
 
listen_tcp = 1
 
listen_tcp = 1
Line 140: Line 134:
 
</nowiki>}}
 
</nowiki>}}
  
{{Warning| We don't enable SASL here, all TCP traffic is cleartext! For real world use, always enable SASL.}}
+
{{Warning|We do not enable SASL here, so all TCP traffic is cleartext! For real world use, ''always'' enable SASL.}}
  
It is also necessary to start the server in listening mode by editing {{filename|/etc/conf.d/libvirtd}}  
+
It is also necessary to start the server in listening mode by editing {{ic|/etc/conf.d/libvirtd}}  
{{file|/etc/conf.d/libvirtd|content=
+
{{hc|/etc/conf.d/libvirtd|2=LIBVIRTD_ARGS="--listen"}}
LIBVIRTD_ARGS="--listen"}}
+
  
 
===Using SSH===
 
===Using SSH===
The {{codeline|nc}} utility is needed for remote management over SSH
+
The {{Pkg|openbsd-netcat}} package is needed for remote management over [[SSH]].
{{cli|# pacman -S openbsd-netcat}}
+
  
To connect to the remote system using {{codeline|virsh}}:
+
To connect to the remote system using {{ic|virsh}}:
{{cli|$ virsh -c qemu+ssh://username@host/system}}
+
$ virsh -c qemu+ssh://''username''@''host/IP address''/system
  
 
If something goes wrong, you can get some logs using:
 
If something goes wrong, you can get some logs using:
  $ LIBVIRT_DEBUG=1 virsh -c qemu+ssh://username@host/system
+
  $ LIBVIRT_DEBUG=1 virsh -c qemu+ssh://''username''@''host/IP address''/system
  
 
To display the graphical console for a virtual machine:
 
To display the graphical console for a virtual machine:
{{cli|$ virt-viewer --connect qemu+ssh://username@host/system myvm}}
+
$ virt-viewer --connect qemu+ssh://''username''@''host/IP address''/system myvirtualmachine
  
 
To display the virtual machine desktop management tool:
 
To display the virtual machine desktop management tool:
{{cli|$ virt-manager -c qemu+ssh://username@host/system}}
+
$ virt-manager -c qemu+ssh://''username''@''host/IP address''/system
 +
 
 +
{{Note|If you are having problems connecting to a remote RHEL server (or anything other than Arch, really), try the two workarounds mentioned in {{bug|30748}} and {{bug|22068}}.}}
  
 
===Using Python===
 
===Using Python===
The {{codeline|libvirt}} package comes with a python2 api in {{filename|/usr/lib/python2.7/site-packages/libvirt.py}}
+
The {{Pkg|libvirt}} package comes with a {{Pkg|python2}} API in {{ic|/usr/lib/python2.7/site-packages/libvirt.py}}
  
General examples are given in {{filename|/usr/share/doc/libvirt-python-0.8.4/examples/}}
+
General examples are given in {{ic|/usr/share/doc/libvirt-python-''your_libvirt_version''/examples/}}
  
Unofficial example using {{codeline|qemu}} and {{codeline|ssh}}:
+
Unofficial example using {{Pkg|qemu}} and {{Pkg|openssh}}:
  
 
  #! /usr/bin/env python2
 
  #! /usr/bin/env python2
Line 185: Line 179:
 
             break
 
             break
  
==Bridge Networking==
+
==Bridged Networking==
To use '''phisical ethernet''' from your virtual machines you have to create a '''bridge''' with your phisical ethernet (here '''''eth0''''').
+
To use ''physical Ethernet'' from your virtual machines, you have to create a ''bridge'' between your physical Ethernet device (here ''eth0'') and the virtual Ethernet device the VM is using.
  
 
===Host configuration===
 
===Host configuration===
Llibvirt creates the bridge ''virbr0'' for NAT networking so use another name such as ''virbr1''.
+
libvirt creates the bridge ''virbr0'' for NAT networking, so use another name such as ''br0'' or ''virbr1''.
You have to create a new [https://wiki.archlinux.org/index.php/Netcfg#net-profiles Network Profile] to configure the bridge, for example (with DHCP configuration):
+
You have to create a new [https://wiki.archlinux.org/index.php/Netcfg#net-profiles Netcfg Profile] to configure the bridge, for example (with DHCP configuration):
  
{{file|/etc/network.d/virbr1|content=
+
{{hc|/etc/network.d/br0|<nowiki>
INTERFACE="virbr1"
+
INTERFACE="br0"
 
CONNECTION="bridge"
 
CONNECTION="bridge"
 
DESCRIPTION="KVM Bridge connection"
 
DESCRIPTION="KVM Bridge connection"
Line 202: Line 196:
 
## sets max age of hello message
 
## sets max age of hello message
 
#MAX_AGE=10
 
#MAX_AGE=10
}}
+
</nowiki>}}
 +
 
 +
{{Tip|It is recommended that you enable [[Wikipedia:Spanning_Tree_Protocol|Spanning Tree Protocol]] (STP) on the virtual bridge (e.g. ''br0'') that you create to avoid any potential bridging loops. You can automatically enable STP by appending {{ic|1=POST_UP="brctl stp $INTERFACE on"}} to the netcfg profile.}}
  
 
===Guest configuration===
 
===Guest configuration===
 
Now we have to activate the ''bridge interface'' in our ''VMs''.
 
Now we have to activate the ''bridge interface'' in our ''VMs''.
If have a recent Linux machine we can use this code in the ''.xml'' file:
+
If have a recent Linux machine, you can use this code in the ''.xml'' file:
  
 
   [...]
 
   [...]
 
   <interface type='bridge'>
 
   <interface type='bridge'>
     <source bridge='virbr1'/>
+
     <source bridge='br0'/>
 
     <mac address='24:42:53:21:52:49'/>
 
     <mac address='24:42:53:21:52:49'/>
 
     <model type='virtio' />
 
     <model type='virtio' />
Line 216: Line 212:
 
   [...]
 
   [...]
  
This code activates a ''virtio'' device on the machine so, in Windows you will have to install an additional driver (you can find it here [http://www.linux-kvm.org/page/WindowsGuestDrivers/Download_Drivers Windows KVM VirtIO drivers]) or remove the line ''<model type='virtio' />'':
+
This code activates a ''virtio'' device on the machine so, in Windows you will have to install an additional driver (you can find it here [http://www.linux-kvm.org/page/WindowsGuestDrivers/Download_Drivers Windows KVM VirtIO drivers]) or remove the line {{ic|<model type<nowiki>=</nowiki>'virtio' />}}:
  
 
   [...]
 
   [...]
 
   <interface type='bridge'>
 
   <interface type='bridge'>
     <source bridge='virbr1'/>
+
     <source bridge='br0'/>
 
     <mac address='24:42:53:21:52:49'/>
 
     <mac address='24:42:53:21:52:49'/>
 
   </interface>
 
   </interface>
 
   [...]
 
   [...]

Revision as of 07:58, 7 March 2013

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary end libvirt is a virtualization API and a daemon for managing virtual machines (VMs) -- remote or locally, using multiple virtualization back-ends (QEMU/KVM, VirtualBox, Xen, etc).

Installing

For servers you need the following packages from the official Arch Linux repositories:

For GUI management tools, you also need all of the following from the official Arch Linux repositories:

Building libvirt for Xen

The PKGBUILD for both libvirt-gitAUR in the AUR and libvirt in the official repositories currently disables Xen support with the --without-xen flag during the make process. If you want to use libvirt for managing Xen, you will need to grab the whole file set to enable Xen support and build your own libvirt package using the Arch Build System. Furthermore, you need to make sure you have libxenctrlAUR installed. If xenAUR is installed, you don't need to install libxenctrlAUR.

The alternative XenAPI driver is lacking a package at the moment? (2010-05-23, friesoft)

Configuration

Run daemon

Change default user and group in /etc/libvirt/qemu.conf. QEMU defaults to nobody:nobody.

Start the libvirtd daemon and enable the libvirt systemd service so it starts automatically on boot.

Note: The Avahi daemon is used for local discovery of libvirt hosts via multicast-DNS. To disable this functionality, set mdns_adv = 0 in /etc/libvirt/libvirtd.conf.

PolicyKit authorization

To allow a non-root user to manage virtual machines, you need to create the following file (for polkit >= 0.107 only):

/etc/polkit-1/rules.d/50-org.libvirt.unix.manage.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" &&
        subject.user == "<replace with user name>") {
            return polkit.Result.YES;
    }
});

Alternatively, you can grant only the monitoring rights with org.libvirt.unix.monitor.

For more information, see the libvirt wiki.

Unix file-based permissions

Note: This is an alternative to PolicyKit authentication.

If you wish to use Unix file-based permissions to allow some non-root users to use libvirt, you can modify the configuration files.

First, you will need to create the libvirt group and add any users you want to have access to libvirt to that group.

# groupadd libvirt
# gpasswd -a [username] libvirt

Any users that are currently logged in will need to log out and log back in to update their groups. Alternatively, the user can use the following command in the shell they will be launching libvirt from to update the group:

$ newgrp libvirt

Uncomment the following lines in /etc/libvirt/libvirtd.conf (they are not all in the same location in the file):

/etc/libvirt/libvirtd.conf
 #unix_sock_group = "libvirt"
 #unix_sock_ro_perms = "0777"
 #unix_sock_rw_perms = "0770"
 #auth_unix_ro = "none"
 #auth_unix_rw = "none"
Note: You may also wish to change unix_sock_ro_perms from 0777 to 0770 to disallow read-only access to people who are not members of the libvirt group.

Enable KVM acceleration for QEMU

Note: KVM will conflict with VirtualBox. You cannot use KVM and VirtualBox at the same time.

Running virtual machines with the usual QEMU emulation (i.e. without KVM)), will be painfully slow. You definitely want to enable KVM support if your CPU supports it. To find out, run the following command:

egrep --color "vmx|svm" /proc/cpuinfo

If that command generates output, then your CPU supports hardware acceleration via KVM; if that command does not generate output, then you cannot use KVM.

If KVM is not working, you will find the following message in your /var/log/libvirt/qemu/VIRTNAME.log:

/var/log/libvirt/qemu/VIRTNAME.log
 Could not initialize KVM, will disable KVM support

More info is available from the official KVM FAQ

Stopping / resuming guest at host shutdown / startup

Running guests may be suspended (or shutdown) at host shutdown automatically using the libvirt-guests service. On the other hand, at host startup, this same daemon will resume (startup) the suspended (shutdown) guests automatically. Check /etc/conf.d/libvirtd-guests for libvirt-guests options.

Usage

Installing a new VM

To create a new VM, you need some sort of installation media, which is usually a standard .iso file. Copy it to the /var/lib/libvirt/images/ directory (alternatively, you can create a new storage pool directory in virt-manager and copy it there).

Note: SELinux requires that virtual machines be stored in /var/lib/libvirt/images/ by default. If you use SELinux and are having issues with virtual machines, ensure that your VMs are in that directory or ensure that you have added the correct labeling to the non-default directory that you used.

Then run virt-manager, connect to the server, right click on the connection and choose New. Choose a name, and select Local install media. Just continue with the wizard.

On the 4th step, you may want to uncheck Allocate entire disk now -- this way you will save space when your VM is not using all of its disk. However, this can cause increased fragmentation of the disk, and you must pay attention to the total available disk space on the VM host because it is much easier to over-allocate disk space to VMs.

On the 5th step, open Advanced options and make sure that Virt Type is set to kvm. If the kvm choice is not available, see section Enable KVM acceleration for QEMU above.

Creating a storage pool in virt-manager

First, connect to an existing server. Once you are there, right click and choose Details. Go to Storage and press the + icon at the lower left. Then just follow the wizard. :)

Using VirtualBox with virt-manager

Note: VirtualBox support in libvirt is not quite stable yet and may cause your libvirtd to crash. Usually this is harmless and everything will be back once you restart the daemon.

virt-manager does not let you to add any VirtualBox connections from the GUI. However, you can launch it from the command line:

virt-manager -c vbox:///system

Or if you want to manage a remote system over SSH:

virt-manager -c vbox+ssh://username@host/system

Remote access to libvirt

Using unencrypted TCP/IP socket (most simple, least secure)

Warning: This should only be used for testing or use over a secure, private, and trusted network.

Edit /etc/libvirt/libvirtd.conf:

/etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
auth_tcp=none
Warning: We do not enable SASL here, so all TCP traffic is cleartext! For real world use, always enable SASL.

It is also necessary to start the server in listening mode by editing /etc/conf.d/libvirtd

/etc/conf.d/libvirtd
LIBVIRTD_ARGS="--listen"

Using SSH

The openbsd-netcat package is needed for remote management over SSH.

To connect to the remote system using virsh:

$ virsh -c qemu+ssh://username@host/IP address/system

If something goes wrong, you can get some logs using:

$ LIBVIRT_DEBUG=1 virsh -c qemu+ssh://username@host/IP address/system

To display the graphical console for a virtual machine:

$ virt-viewer --connect qemu+ssh://username@host/IP address/system myvirtualmachine

To display the virtual machine desktop management tool:

$ virt-manager -c qemu+ssh://username@host/IP address/system
Note: If you are having problems connecting to a remote RHEL server (or anything other than Arch, really), try the two workarounds mentioned in FS#30748 and FS#22068.

Using Python

The libvirt package comes with a python2 API in /usr/lib/python2.7/site-packages/libvirt.py

General examples are given in /usr/share/doc/libvirt-python-your_libvirt_version/examples/

Unofficial example using qemu and openssh:

#! /usr/bin/env python2
# -*- coding: utf-8 -*-
import socket
import sys
import libvirt
if (__name__ == "__main__"):
   conn = libvirt.open("qemu+ssh://xxx/system")
   print "Trying to find node on xxx"
   domains = conn.listDomainsID()
   for domainID in domains:
       domConnect = conn.lookupByID(domainID)
       if domConnect.name() == 'xxx-node':
           print "Found shared node on xxx with ID " + str(domainID)
           domServ = domConnect
           break

Bridged Networking

To use physical Ethernet from your virtual machines, you have to create a bridge between your physical Ethernet device (here eth0) and the virtual Ethernet device the VM is using.

Host configuration

libvirt creates the bridge virbr0 for NAT networking, so use another name such as br0 or virbr1. You have to create a new Netcfg Profile to configure the bridge, for example (with DHCP configuration):

/etc/network.d/br0
INTERFACE="br0"
CONNECTION="bridge"
DESCRIPTION="KVM Bridge connection"
BRIDGE_INTERFACES="eth0"
IP="dhcp"
## sets forward delay time
#FWD_DELAY=0
## sets max age of hello message
#MAX_AGE=10
Tip: It is recommended that you enable Spanning Tree Protocol (STP) on the virtual bridge (e.g. br0) that you create to avoid any potential bridging loops. You can automatically enable STP by appending POST_UP="brctl stp $INTERFACE on" to the netcfg profile.

Guest configuration

Now we have to activate the bridge interface in our VMs. If have a recent Linux machine, you can use this code in the .xml file:

 [...]
 <interface type='bridge'>
   <source bridge='br0'/>
   <mac address='24:42:53:21:52:49'/>
   <model type='virtio' />
 </interface>
 [...]

This code activates a virtio device on the machine so, in Windows you will have to install an additional driver (you can find it here Windows KVM VirtIO drivers) or remove the line <model type='virtio' />:

 [...]
 <interface type='bridge'>
   <source bridge='br0'/>
   <mac address='24:42:53:21:52:49'/>
 </interface>
 [...]