[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
howtos:general_admin:kvm_libvirt [2014/01/02 13:33 (UTC)] – Section no longer applies in latest version fdonkershowtos:general_admin:kvm_libvirt [2014/01/02 13:34 (UTC)] – [PolicyKit setup] fdonkers
Line 14: Line 14:
 ===== Configuration ===== ===== Configuration =====
  
-==== libvirtd daemon ==== 
-First, configure the libvirt daemon. This is done by editing the ''/etc/libvirt/libvirtd.conf'' file. Fix the default CA certificate path by editing the ''ca-file'' option:  
-<code> 
-ca_file = "/etc/ssl/certs/cacert.org.pem" 
-</code> 
  
-If you want to manage virtual machines as a regular user, uncomment the following options:  
-<code> 
-unix_sock_group = "libvirt" 
-unix_sock_ro_perms = "0777" 
-unix_sock_rw_perms = "0770" 
-</code> 
-This will assume a group ''libvirt''. Create this new group and add your user to it, or use a different group. 
- 
-==== PolicyKit setup ==== 
-Libvirt is built by default with PolicyKit support. If you want to disable this, edit ''/etc/libvirt/libvirtd.conf''. Uncomment the following options and change them to ''none'' : 
-<code> 
-auth_unix_ro = "none" 
-auth_unix_rw = "none" 
-</code> 
- 
-To use PolicyKit, a new file containing policy rules needs to be created in the ''/etc/polkit-1/localauthority/50-local.d'' directory. The file needs to start with a 2-digit number and have a ''pkla'' extension. For example: ''50-libvirt-authorization.pkla''. The following authorization can be issued:  
-  * Full management access: rule = org.libvirt.unix.manage. 
-  * Read-only, or monitoring access: rule = org.libvirt.unix.monitor. 
- 
-Example to give management access to all users of a given group:  
-<code> 
-[libvirt Management Access] 
-Identity=unix-group:libvirt 
-Action=org.libvirt.unix.manage 
-ResultAny=yes 
-ResultInactive=yes 
-ResultActive=yes 
-</code> 
-This allows all users of the ''libvirt'' group to manage virtual machines. The //libvirt Management Access// name is an arbitrary text you can change to fit your needs.  
- 
-To allow access on a per-user basis, use the //Identity=unix-user// option :  
-<code> 
-[libvirt Management Access] 
-Identity=unix-user:frank 
-Action=org.libvirt.unix.manage 
-ResultAny=yes 
-ResultInactive=yes 
-ResultActive=yes 
-</code> 
-This will grant user //frank// management access to libvirt.  
  
 ==== Automatic startup ==== ==== Automatic startup ====

Trace:

howtos:general_admin:kvm_libvirt ()