[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:general_admin:kvm_libvirt [2013/08/06 10:52 (UTC)] – qemu-kvm depricated fdonkershowtos:general_admin:kvm_libvirt [2015/06/27 06:45 (UTC)] (current) – [Guest configuration]Tiny invisible change for syntax rightness. didierspaier
Line 14: Line 14:
 ===== Configuration ===== ===== Configuration =====
  
-==== libvirtd daemon ==== 
-First, configure the libvirt daemon. This is done by editing the ''/etc/libvirt/libvirtd.conf'' file. Fix the default CA certificate path by editing the ''ca-file'' option:  
-<code> 
-ca_file = "/etc/ssl/certs/cacert.org.pem" 
-</code> 
  
-If you want to manage virtual machines as a regular user, uncomment the following options:  
-<code> 
-unix_sock_group = "libvirt" 
-unix_sock_ro_perms = "0777" 
-unix_sock_rw_perms = "0770" 
-</code> 
-This will assume a group ''libvirt''. Create this new group and add your user to it, or use a different group. 
- 
-==== PolicyKit setup ==== 
-Libvirt is built by default with PolicyKit support. If you want to disable this, edit ''/etc/libvirt/libvirtd.conf''. Uncomment the following options and change them to ''none'' : 
-<code> 
-auth_unix_ro = "none" 
-auth_unix_rw = "none" 
-</code> 
- 
-To use PolicyKit, a new file containing policy rules needs to be created in the ''/etc/polkit-1/localauthority/50-local.d'' directory. The file needs to start with a 2-digit number and have a ''pkla'' extension. For example: ''50-libvirt-authorization.pkla''. The following authorization can be issued:  
-  * Full management access: rule = org.libvirt.unix.manage. 
-  * Read-only, or monitoring access: rule = org.libvirt.unix.monitor. 
- 
-Example to give management access to all users of a given group:  
-<code> 
-[libvirt Management Access] 
-Identity=unix-group:libvirt 
-Action=org.libvirt.unix.manage 
-ResultAny=yes 
-ResultInactive=yes 
-ResultActive=yes 
-</code> 
-This allows all users of the ''libvirt'' group to manage virtual machines. The //libvirt Management Access// name is an arbitrary text you can change to fit your needs.  
- 
-To allow access on a per-user basis, use the //Identity=unix-user// option :  
-<code> 
-[libvirt Management Access] 
-Identity=unix-user:frank 
-Action=org.libvirt.unix.manage 
-ResultAny=yes 
-ResultInactive=yes 
-ResultActive=yes 
-</code> 
-This will grant user //frank// management access to libvirt.  
  
 ==== Automatic startup ==== ==== Automatic startup ====
Line 246: Line 201:
   * Source path = directory on the host which is shared.   * Source path = directory on the host which is shared.
   * Target path = mount tag that is made available on the guest system. This doesn't have to be an existing path.   * Target path = mount tag that is made available on the guest system. This doesn't have to be an existing path.
-  Option //Export filesystem as readonly mount// does what it suggests. +Option //Export filesystem as readonly mount// does what it suggests. 
  
 ==== Mounting the share ==== ==== Mounting the share ====
Line 258: Line 213:
 <note>Work in progress</note> <note>Work in progress</note>
  
 +===== Advanced topics ===== 
 +
 +==== Mount qcow image using nbd ====
 +Raw disk images can be mounted outside the virtual machine using a loopback device. To mount other image types like qcow, the ''qemu-nbd'' command can be used, which comes with qemu-kvm. It relies on the nbd (network block device) kernel module. 
 +
 +Start by loading the kernel module. The only parameter is the maximum partitions to be accessed. If this parameter is omitted, the default value is 0, which means no partitions will be mapped. 
 +<code>
 +# modprobe nbd max_part=8
 +</code>
 +This will create various new devices ''/dev/nbdxx''. Now the disk image can be connected to one of them:  
 +<code>
 +# qemu-nbd -c /dev/ndb0 slackware.img
 +</code>
 +This will create additional devices ''/dev/nbd0pxx'' for the partitions on the disk. Partitions are numbered sequentially starting with 1. You can use the nbd0 device to access the whole disk, or the nbd0pxx devices to access the partitions:   
 +<code>
 +# fdisk /dev/nbd0
 +# mount /dev/nbd0p1 /mnt/hd
 +</code>
 +<note important>Make sure the virtual machine is not running when you mount the disk image. Mounting the disk of a running machine will damage it.</note>
 +To remove the connection:  
 +<code>
 +# qemu-nbd -d /dev/nbd0
 +</code>
 +
 +==== Setup PXE boot in libvirt ====
 +To enable PXE booting for the guest machines, a PXE boot server and a TFTP server are needed. Libvirt can be configured to handle both internally. These configuration options are not available in virt-manager, so virsh must be used to set this up. 
 +
 +  - Create a directory ''/tftpboot'' and fill with the required files for the tftp boot service. See the article [[http://alien.slackbook.org/dokuwiki/doku.php?id=slackware:pxe|PXE: Installing Slackware over the network]] by AlienBOB for more details. 
 +  - Stop the default network and edit the network definition: <code>
 +# virsh net-destroy default
 +# virsh net-edit default
 +</code>
 +  - This will open the network configuration in a vi session. Add the //tftp// and //bootp// parameters in the //ip// section and save the file: <code>
 +  <ip address='192.168.122.1' netmask='255.255.255.0'>
 +    <tftp root='/tftpboot' />
 +    <dhcp>
 +      <range start='192.168.122.2' end='192.168.122.254' />
 +      <bootp file='pxelinux.0' />
 +    </dhcp>
 +  </ip>
 +</code> 
 +  - Now restart the network: <code>
 +# virsh net-start default
 +</code>
 +
 +Now the libvirt DHCP server will allow guests to PXE boot.
 ===== Troubleshooting ===== ===== Troubleshooting =====
  
 ==== Remove password prompt in virt-manager ==== ==== Remove password prompt in virt-manager ====
-When you start virt-manager as a regular user, you may still be asked for the root password, even when you have setup the correct unix socket permissions (notification: "system policy prevents management of local virtualized systems"). This is the result of libvirt using PolicyKit. Either disable the use of PolicyKit or create a correct PolicyKit file. See //PolicyKit/section above+When you start virt-manager as a regular user, you may still be asked for the root password, even when you have setup the correct unix socket permissions (notification: "system policy prevents management of local virtualized systems"). This is because older versions of libvirt were using PolicyKit by defaultDisable the use of PolicyKit by editing ''/etc/libvirt/libvirtd.conf''. Uncomment the following options and change them to ''none'' : 
 +<code> 
 +auth_unix_ro = "none" 
 +auth_unix_rw = "none" 
 +</code>
 ==== Improve mouse movement ==== ==== Improve mouse movement ====
 In graphics mode, the mouse movement can be erratic and difficult to change in the settings of your VM. To solve this, add a virtual tablet.  In graphics mode, the mouse movement can be erratic and difficult to change in the settings of your VM. To solve this, add a virtual tablet. 
 howtos:general_admin:kvm_libvirt ()