libvirt is an abstraction layer and a daemon for managing virtual machines -- remote or locally, using multiple virtualization backends (QEMU/KVM, VirtualBox, Xen, etc).
This entry doesn't try to cover everything about libvirt, just the things that were not intuitive at first or not well documented.
- 1 Installing
- 2 Configuration
- 3 Usage
- 4 Remote access to libvirt
Currently libvirt and tools are only available from AUR. If you are unfamiliar with how to install AUR packages, see: Arch User Repository.
For servers you need the libvirt package from AUR and urlgrabber, qemu-kvm, dnsmasq and bridge-utils from Arch repositories:
pacman -S urlgrabber qemu-kvm dnsmasq bridge-utils
To run the libvirt daemon:
sudo /etc/rc.d/libvirtd start
If you want to start it at boot, edit "/etc/rc.conf" and add libvirtd to the DAEMONS= line.
To allow yourself to manage VMs as non-root, run this on the server:
sudo polkit-auth --user $USERNAME --grant org.libvirt.unix.manage
Alternatively you can only grant the monitoring rights with org.libvirt.unix.monitor
Unix File-based Permissions
If you wish to use unix file-based permissions to allow some non-root users to use libvirt, you can modify the config files.
First you will need to create the libvirt group and add any users you want to have access to libvirt to that group.
sudo groupadd libvirt sudo gpasswd -a [user] libvirt
Any users that are currently logged in will need to log out and back in to update their groups. Alternately the user can use the following command in the shell they will be launching libvirt from to update the group:
Then you can either enable permissions-based access by uncommenting the following line on the PKGBUILD for libvirt before running makepkg:
# patch -Np1 -i "$srcdir"/unixperms.patch || return 1
or you can make the changes to your permissions and config files by hand. Uncomment the following lines in the file /etc/libvirt/libvirtd.conf (they are not all in the same location in the file):
#unix_sock_group = "libvirt" #unix_sock_ro_perms = "0777" #unix_sock_rw_perms = "0770" #auth_unix_ro = "none" #auth_unix_rw = "none"
You may also wish to change unix_sock_ro_perms from "0777" to "0770" to disallow read-only access to people who are not members of the libvirt group.
Enable KVM acceleration for QEMU
Running virtual machines with the usual QEMU emulation, without KVM, will be painfully slow. You definitely want to enable KVM support if your CPU supports it. To find out, run the following:
egrep '^flags.*(vmx|svm)' /proc/cpuinfo
To enable KVM, you need to load the kvm-amd or kvm-intel kernel module depending on your CPU. Run modprobe:
sudo modprobe kvm-amd
Usually you would also add it to the MODULES= line in "/etc/rc.conf"
If KVM is not working, you will find the following message in your "/var/log/libvirt/qemu/VIRTNAME.log"
Could not initialize KVM, will disable KVM support
More info is available from the official KVM FAQ
Installing new VM
To create a new VM, you need some sort of installation media, which is usually a plain .iso file. Copy it to the "/var/lib/libvirt/images" directory (alternatively you can create a new storage pool directory in virt-manager and copy it there)
Then run virt-manager, connect to the server, right click on the connection and choose New. Choose a name, and select Local install media. Just continue with the wizard.
On the 4th step, you may want to uncheck Allocate entire disk now -- this way you will save space when your VM isn't using all of its disk. However, this can cause increased fragmentation of the disk.
On the 5th step, open Advanced options and make sure that Virt Type is set to kvm. If the kvm choice is not available, see section Enable KVM acceleration for QEMU above.
Creating a storage pool in virt-manager
First, connect to an existing server. Once you're there, right click and choose Details. Go to Storage and press the + icon at the lower left. Then just follow the wizard. :)
Using VirtualBox with virt-manager
virt-manager does not let you to add any VirtualBox connections from the GUI. However, you can launch it from the command line:
virt-manager -c vbox:///system
Or if you want to manage a remote system over SSH:
virt-manager -c vbox+ssh://username@host/system
Remote access to libvirt
Using unencrypted TCP/IP socket (most simple, least secure)
Edit /etc/libvirt/libvirtd.conf :
listen_tcp = 1 auth_tcp=none
It is also necessary to start the server in listening mode by editing /etc/conf.d/libvirtd
The nc utility is needed for remote management over SSH
pacman -S openbsd-netcat ln -s /usr/bin/nc.openbsd /usr/bin/nc
To connect to the remote system using virsh :
virsh -c qemu+ssh://username@host/system
If something goes wrong, you can get some logs using :
LIBVIRT_DEBUG=1 virsh -c qemu+ssh://username@host/system
To display the graphical console for a virtual machine :
virt-viewer --connect qemu+ssh://username@host/system myvm
To display the virtual machine desktop management tool :
virt-manager -c qemu+ssh://username@host/system