[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:general_admin:kvm_libvirt [2012/12/19 14:01 (UTC)] – fdonkers | howtos:general_admin:kvm_libvirt [2015/06/27 06:45 (UTC)] (current) – [Guest configuration]Tiny invisible change for syntax rightness. didierspaier | ||
---|---|---|---|
Line 6: | Line 6: | ||
[[http:// | [[http:// | ||
- | < | + | ===== Installation ===== |
- | ====== Installation ====== | + | |
Libvirt can be installed using a slackbuild script from [[http:// | Libvirt can be installed using a slackbuild script from [[http:// | ||
- | The slackware kernel has the KVM module enabled. The libvirt startup script will check the CPU and modprobe the correct driver. User-space tools are supplied | + | The slackware kernel has the KVM module enabled. The libvirt startup script will check the CPU and modprobe the correct driver. User-space tools are supplied |
A graphical desktop management tool, // | A graphical desktop management tool, // | ||
+ | ===== Configuration ===== | ||
- | ====== Configuration ====== | ||
- | |||
- | ===== libvirtd daemon ===== | ||
- | |||
- | First, configure the libvirt daemon. This is done by editing the ''/ | ||
- | < | ||
- | ca_file = "/ | ||
- | </ | ||
- | |||
- | If you want to manage virtual machines as a regular user, uncomment the following options: | ||
- | < | ||
- | unix_sock_group = " | ||
- | unix_sock_ro_perms = " | ||
- | unix_sock_rw_perms = " | ||
- | </ | ||
- | This will assume a group '' | ||
- | ===== PolicyKit setup ===== | ||
- | |||
- | Libvirt is built by default with PolicyKit support. If you want to disable this, edit ''/ | ||
- | < | ||
- | auth_unix_ro = " | ||
- | auth_unix_rw = " | ||
- | </ | ||
- | |||
- | To use PolicyKit, a new file containing policy rules needs to be created in the ''/ | ||
- | * Full management access: rule = org.libvirt.unix.manage. | ||
- | * Read-only, or monitoring access: rule = org.libvirt.unix.monitor. | ||
- | |||
- | Example to give management access to all users of a given group: | ||
- | < | ||
- | [libvirt Management Access] | ||
- | Identity=unix-group: | ||
- | Action=org.libvirt.unix.manage | ||
- | ResultAny=yes | ||
- | ResultInactive=yes | ||
- | ResultActive=yes | ||
- | </ | ||
- | This allows all users of the '' | ||
- | |||
- | To allow access on a per-user basis, use the // | ||
- | < | ||
- | [libvirt Management Access] | ||
- | Identity=unix-user: | ||
- | Action=org.libvirt.unix.manage | ||
- | ResultAny=yes | ||
- | ResultInactive=yes | ||
- | ResultActive=yes | ||
- | </ | ||
- | This will grant user //frank// management access to libvirt. | ||
- | ===== Automatic startup ===== | ||
+ | ==== Automatic startup ==== | ||
If you want to have the libvirt daemon started automatically, | If you want to have the libvirt daemon started automatically, | ||
<code bash> | <code bash> | ||
Line 77: | Line 27: | ||
Make sure ''/ | Make sure ''/ | ||
- | ====== Managing storage pools ====== | + | ===== Managing storage pools ===== |
Storage in libvirt is handled in terms of //storage pools// and //storage volumes//. A //pool// is a generic container for various storage objects. It can be a local directory, physical partition, or a network share. A storage //volume// is the virtual representation of a disk for a guest system. On the guest, this volume is seen as a local disk. An iso image of an installation cd or dvd is also considered a volume. | Storage in libvirt is handled in terms of //storage pools// and //storage volumes//. A //pool// is a generic container for various storage objects. It can be a local directory, physical partition, or a network share. A storage //volume// is the virtual representation of a disk for a guest system. On the guest, this volume is seen as a local disk. An iso image of an installation cd or dvd is also considered a volume. | ||
When libvirt is installed, a default storage pool (called // | When libvirt is installed, a default storage pool (called // | ||
- | ===== Create a new directory-based storage pool using virsh ===== | + | ==== Create a new directory-based storage pool using virsh ==== |
Virsh commands can be passed as parameters to //virsh// on the command line, or you can start an interactive virsh shell by calling '' | Virsh commands can be passed as parameters to //virsh// on the command line, or you can start an interactive virsh shell by calling '' | ||
< | < | ||
Line 142: | Line 90: | ||
</ | </ | ||
- | ===== Create a new directory-based storage pool using virt-manager ===== | + | ==== Create a new directory-based storage pool using virt-manager ==== |
First, make sure the target directory exists. Then start // | First, make sure the target directory exists. Then start // | ||
Line 158: | Line 105: | ||
Enter the name of the new pool. The default type is //dir//, which is the correct type. Press < | Enter the name of the new pool. The default type is //dir//, which is the correct type. Press < | ||
- | ====== Creating a new virtual machine | + | ===== Creating a new virtual machine ===== |
- | ====== Networking ====== | + | ==== Creating a new virtual machine using virt-manager |
+ | Select the host on which you want to create the new virtual machine. This will be // | ||
- | ====== Remote access ====== | + | {{: |
- | ====== Troubleshooting ====== | + | Step 1: Name the new machine and select the method of OS installation and press < |
- | ===== Remove password prompt in virt-manager | + | {{: |
- | When you start virt-manager as a regular user, you may still be asked for the root password, even when you have setup the correct unix socket permissions (notification: | + | Step 2: Depending on the method of installation, |
+ | |||
+ | Also choose the OS type and version. When choosing //Linux//, choose //Show all OS options// at the Version prompt to get more options. When Choosing //Generic 2.6.x kernel//, the wizard will assume an IDE type hard disk. You can change this at step 5. | ||
+ | |||
+ | <note warning> | ||
+ | |||
+ | Step 3: Select the amount of RAM and CPUs. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Step 4: Set up storage for the new machine. This option is checked by default. If you deselect this option, you will have a diskless machine that can still boot live distros. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | You can let the wizard create a new disk image on the fly. Enter the size and a new disk image (type //raw//) will be created in the default storage pool. If you select //Allocate entire disk now//, the full size of the new disk is allocated in advance. Otherwise, a smaller image is created that will grow when data is written to the disk. | ||
+ | |||
+ | Alternatively, | ||
+ | |||
+ | Step 5: This will give an overview of the new machine | ||
+ | |||
+ | {{: | ||
+ | |||
+ | If you check //Customize configuration before install//, you will be presented with the hardware configuration page of virt-manager. Here you can make changes to the machine before installing. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | The default network option on step 5 is //Virtual network ' | ||
+ | |||
+ | Finally, you can change the type of virtual machine (KVM or QEMU) and the architecture (x86_64, i686, arm, etc.). Press < | ||
+ | |||
+ | |||
+ | ===== Networking ===== | ||
+ | A virtual machine can be set up in one of two ways: connected to a virtual network or connected to a shared physical device (bridged). | ||
+ | |||
+ | ==== Virtual networks ==== | ||
+ | Virtual networks are implemented by libvirt in the form of virtual switches. A virtual machine will have it's network card plugged into this virtual switch. The virtual switch appears on the host as a network interface. | ||
+ | |||
+ | The virtual network can operate in 3 different configurations: | ||
+ | - NAT: the virtual switch is connected to the host LAN in NAT mode. The host can connect to the VM's but other machines on the host network cannot. This is the default configuration. | ||
+ | - Routed: the virtual switch is connected to the host LAN without NAT. | ||
+ | - Isolated: the virtual switch is not connected to the host. Virtual machines can see each other and the host, but network traffic does not pass outside the host. | ||
+ | |||
+ | ==== Dnsmasq and iptables ==== | ||
+ | DHCP and DNS on the virtual networks is handled by Dnsmasq. For every virtual network that is started, a separate instance of Dnsmasq is started by libvirt. | ||
+ | |||
+ | When starting a virtual network, libvirt will also add iptables rules to handle routing and NAT between the host and the virtual network. It will also enable ip_forward. | ||
+ | |||
+ | ==== Default network ==== | ||
+ | After installation, | ||
+ | |||
+ | The network is visible on the host as bridge virbr0. | ||
+ | <note warning> | ||
+ | |||
+ | ==== Creation and maintenance ==== | ||
+ | Virtual networks are visible on the //Virtual Networks// tab of the //Host Connection Details// window in Virtual Machine Manager. The < | ||
+ | |||
+ | Once the virtual network is created, it can be used in the virtual machine maintenance screens. | ||
+ | |||
+ | ===== Shared folders using VirtFS ===== | ||
+ | It is possible to share folders between the guest and host system using VirtFS (Plan 9 folder sharing over Virtio). This is available from kernel version 2.6.36 onwards. VirtFS is a passthrough filesystem, which means that a directory on the host can be directly accessed from the guest through the virtualization layer. | ||
+ | |||
+ | ==== Prepare host kernel ==== | ||
+ | Make sure the following options are set in the host kernel: | ||
+ | < | ||
+ | CONFIG_NET_9P=y | ||
+ | CONFIG_NET_9P_VIRTIO=y | ||
+ | CONFIG_NET_9P_DEBUG=y (Optional) | ||
+ | CONFIG_9P_FS=y | ||
+ | CONFIG_9P_FS_POSIX_ACL=y | ||
+ | </ | ||
+ | On the guest system, modules '' | ||
+ | |||
+ | ==== Guest configuration ==== | ||
+ | In virt-manager, | ||
+ | |||
+ | {{: | ||
+ | |||
+ | * Mode. Select one of the following: | ||
+ | * Passthrough: | ||
+ | * Mapped: the host share is accessed with the permissions of the hypervisor (QEMU process). | ||
+ | * Squash: Similar to // | ||
+ | * Driver: use //Path//. | ||
+ | * Write Policy (only available for '' | ||
+ | * Source path = directory on the host which is shared. | ||
+ | * Target path = mount tag that is made available on the guest system. This doesn' | ||
+ | Option //Export filesystem as readonly mount// does what it suggests. | ||
+ | |||
+ | ==== Mounting the share ==== | ||
+ | To mount the filesystem with tag '' | ||
+ | < | ||
+ | # mount -t 9p -o trans=virtio, | ||
+ | </ | ||
+ | Now the /mnt/share folder is available and changes are visible on the host and the guest. When permission errors occur, try sharing the host directory with a different mode. | ||
+ | ===== Remote access ===== | ||
+ | |||
+ | < | ||
+ | |||
+ | ===== Advanced topics ===== | ||
+ | |||
+ | ==== Mount qcow image using nbd ==== | ||
+ | Raw disk images can be mounted outside the virtual machine using a loopback device. To mount other image types like qcow, the '' | ||
+ | |||
+ | Start by loading the kernel module. The only parameter is the maximum partitions to be accessed. If this parameter is omitted, the default value is 0, which means no partitions will be mapped. | ||
+ | < | ||
+ | # modprobe nbd max_part=8 | ||
+ | </ | ||
+ | This will create various new devices ''/ | ||
+ | < | ||
+ | # qemu-nbd -c /dev/ndb0 slackware.img | ||
+ | </ | ||
+ | This will create additional devices ''/ | ||
+ | < | ||
+ | # fdisk /dev/nbd0 | ||
+ | # mount /dev/nbd0p1 /mnt/hd | ||
+ | </ | ||
+ | <note important> | ||
+ | To remove the connection: | ||
+ | < | ||
+ | # qemu-nbd -d /dev/nbd0 | ||
+ | </ | ||
+ | |||
+ | ==== Setup PXE boot in libvirt ==== | ||
+ | To enable PXE booting for the guest machines, a PXE boot server and a TFTP server are needed. Libvirt can be configured to handle both internally. These configuration options are not available in virt-manager, | ||
+ | |||
+ | - Create a directory ''/ | ||
+ | - Stop the default network and edit the network definition: < | ||
+ | # virsh net-destroy default | ||
+ | # virsh net-edit default | ||
+ | </ | ||
+ | - This will open the network configuration in a vi session. Add the //tftp// and //bootp// parameters in the //ip// section and save the file: < | ||
+ | <ip address=' | ||
+ | <tftp root='/ | ||
+ | < | ||
+ | <range start=' | ||
+ | <bootp file=' | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | - Now restart the network: < | ||
+ | # virsh net-start default | ||
+ | </ | ||
+ | |||
+ | Now the libvirt DHCP server will allow guests to PXE boot. | ||
+ | ===== Troubleshooting ===== | ||
+ | |||
+ | ==== Remove password prompt in virt-manager ==== | ||
+ | When you start virt-manager as a regular user, you may still be asked for the root password, even when you have setup the correct unix socket permissions (notification: | ||
+ | < | ||
+ | auth_unix_ro = " | ||
+ | auth_unix_rw = " | ||
+ | </ | ||
+ | ==== Improve mouse movement ==== | ||
+ | In graphics mode, the mouse movement can be erratic and difficult to change in the settings of your VM. To solve this, add a virtual tablet. | ||
+ | |||
+ | In // | ||
+ | |||
+ | ==== Change screen resolution to higher than 1024x768 ==== | ||
+ | The default emulated video card is of type Cirrus. This has a maximum resolution of 1024x768. The //vga// type can achieve a higher resolution, but for that to work, the X configuration in the guest OS needs to be changed as well. | ||
+ | |||
+ | To change this, open the VM and select the hardware info screen. Select the Video card and change the type to //vga//. | ||
+ | |||
+ | Start the VM. If a file ''/ | ||
+ | |||
+ | Add or change the following sections: | ||
+ | < | ||
+ | Section " | ||
+ | Identifier " | ||
+ | HorizSync | ||
+ | VertRefresh 40 - 90 | ||
+ | EndSection | ||
+ | |||
+ | Section " | ||
+ | Identifier " | ||
+ | Driver | ||
+ | Endsection | ||
+ | |||
+ | Section " | ||
+ | Identifier " | ||
+ | Device | ||
+ | Monitor | ||
+ | SubSection " | ||
+ | Viewport 0 0 | ||
+ | Modes " | ||
+ | EndSubSection | ||
+ | EndSection | ||
+ | </ | ||
+ | You can change the screen resolution (the //Modes// line) depending on your needs. | ||
- | ====== Resources | + | ===== Resources ===== |
* Official pages for [[http:// | * Official pages for [[http:// | ||
- | * Red Hat [[https:// | + | * Red Hat [[https:// |
- | ====== Sources | + | ===== Sources ===== |
<!-- If you are copying information from another source, then specify that source --> | <!-- If you are copying information from another source, then specify that source --> | ||
<!-- * Original source: [[http:// | <!-- * Original source: [[http:// | ||
Line 185: | Line 319: | ||
<!-- Please do not modify anything below, except adding new tags.--> | <!-- Please do not modify anything below, except adding new tags.--> | ||
<!-- You must remove the tag-word " | <!-- You must remove the tag-word " | ||
- | {{tag> | + | {{tag> |