[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:general_admin:kvm_libvirt [2013/09/20 10:08 (UTC)] – Add section on qemu-nbd fdonkershowtos:general_admin:kvm_libvirt [2015/06/27 06:45 (UTC)] (current) – [Guest configuration]Tiny invisible change for syntax rightness. didierspaier
Line 14: Line 14:
 ===== Configuration ===== ===== Configuration =====
  
-==== libvirtd daemon ==== 
-First, configure the libvirt daemon. This is done by editing the ''/etc/libvirt/libvirtd.conf'' file. Fix the default CA certificate path by editing the ''ca-file'' option:  
-<code> 
-ca_file = "/etc/ssl/certs/cacert.org.pem" 
-</code> 
  
-If you want to manage virtual machines as a regular user, uncomment the following options:  
-<code> 
-unix_sock_group = "libvirt" 
-unix_sock_ro_perms = "0777" 
-unix_sock_rw_perms = "0770" 
-</code> 
-This will assume a group ''libvirt''. Create this new group and add your user to it, or use a different group. 
- 
-==== PolicyKit setup ==== 
-Libvirt is built by default with PolicyKit support. If you want to disable this, edit ''/etc/libvirt/libvirtd.conf''. Uncomment the following options and change them to ''none'' : 
-<code> 
-auth_unix_ro = "none" 
-auth_unix_rw = "none" 
-</code> 
- 
-To use PolicyKit, a new file containing policy rules needs to be created in the ''/etc/polkit-1/localauthority/50-local.d'' directory. The file needs to start with a 2-digit number and have a ''pkla'' extension. For example: ''50-libvirt-authorization.pkla''. The following authorization can be issued:  
-  * Full management access: rule = org.libvirt.unix.manage. 
-  * Read-only, or monitoring access: rule = org.libvirt.unix.monitor. 
- 
-Example to give management access to all users of a given group:  
-<code> 
-[libvirt Management Access] 
-Identity=unix-group:libvirt 
-Action=org.libvirt.unix.manage 
-ResultAny=yes 
-ResultInactive=yes 
-ResultActive=yes 
-</code> 
-This allows all users of the ''libvirt'' group to manage virtual machines. The //libvirt Management Access// name is an arbitrary text you can change to fit your needs.  
- 
-To allow access on a per-user basis, use the //Identity=unix-user// option :  
-<code> 
-[libvirt Management Access] 
-Identity=unix-user:frank 
-Action=org.libvirt.unix.manage 
-ResultAny=yes 
-ResultInactive=yes 
-ResultActive=yes 
-</code> 
-This will grant user //frank// management access to libvirt.  
  
 ==== Automatic startup ==== ==== Automatic startup ====
Line 246: Line 201:
   * Source path = directory on the host which is shared.   * Source path = directory on the host which is shared.
   * Target path = mount tag that is made available on the guest system. This doesn't have to be an existing path.   * Target path = mount tag that is made available on the guest system. This doesn't have to be an existing path.
-  Option //Export filesystem as readonly mount// does what it suggests. +Option //Export filesystem as readonly mount// does what it suggests. 
  
 ==== Mounting the share ==== ==== Mounting the share ====
Line 282: Line 237:
 </code> </code>
  
 +==== Setup PXE boot in libvirt ====
 +To enable PXE booting for the guest machines, a PXE boot server and a TFTP server are needed. Libvirt can be configured to handle both internally. These configuration options are not available in virt-manager, so virsh must be used to set this up. 
 +
 +  - Create a directory ''/tftpboot'' and fill with the required files for the tftp boot service. See the article [[http://alien.slackbook.org/dokuwiki/doku.php?id=slackware:pxe|PXE: Installing Slackware over the network]] by AlienBOB for more details. 
 +  - Stop the default network and edit the network definition: <code>
 +# virsh net-destroy default
 +# virsh net-edit default
 +</code>
 +  - This will open the network configuration in a vi session. Add the //tftp// and //bootp// parameters in the //ip// section and save the file: <code>
 +  <ip address='192.168.122.1' netmask='255.255.255.0'>
 +    <tftp root='/tftpboot' />
 +    <dhcp>
 +      <range start='192.168.122.2' end='192.168.122.254' />
 +      <bootp file='pxelinux.0' />
 +    </dhcp>
 +  </ip>
 +</code> 
 +  - Now restart the network: <code>
 +# virsh net-start default
 +</code>
 +
 +Now the libvirt DHCP server will allow guests to PXE boot.
 ===== Troubleshooting ===== ===== Troubleshooting =====
  
 ==== Remove password prompt in virt-manager ==== ==== Remove password prompt in virt-manager ====
-When you start virt-manager as a regular user, you may still be asked for the root password, even when you have setup the correct unix socket permissions (notification: "system policy prevents management of local virtualized systems"). This is the result of libvirt using PolicyKit. Either disable the use of PolicyKit or create a correct PolicyKit file. See //PolicyKit/section above+When you start virt-manager as a regular user, you may still be asked for the root password, even when you have setup the correct unix socket permissions (notification: "system policy prevents management of local virtualized systems"). This is because older versions of libvirt were using PolicyKit by defaultDisable the use of PolicyKit by editing ''/etc/libvirt/libvirtd.conf''. Uncomment the following options and change them to ''none'' : 
 +<code> 
 +auth_unix_ro = "none" 
 +auth_unix_rw = "none" 
 +</code>
 ==== Improve mouse movement ==== ==== Improve mouse movement ====
 In graphics mode, the mouse movement can be erratic and difficult to change in the settings of your VM. To solve this, add a virtual tablet.  In graphics mode, the mouse movement can be erratic and difficult to change in the settings of your VM. To solve this, add a virtual tablet. 
 howtos:general_admin:kvm_libvirt ()