WIXLIB

VMANAGING VIRTUAL MACHINES WITH QEMU 26029QEMU Overview 26130Setting Up a KVM VM Host Server 26230.1CPU Support for Virtualization 26230.2Required Software 26230.3KVM Host-Specific Features 264Using the Host Storage with virtio-scsi 264 Accelerated Networkingwith vhost-net 265 Scaling Network Performance with Multiqueue virtionet 266 VFIO: Secure Direct Access to Devices 267 VirtFS: SharingDirectories between Host and Guests 269 KSM: Sharing Memory Pagesbetween Guests 27031Guest Installation 27231.1Basic Installation with qemu-system-ARCH 27231.2Managing Disk Images with qemu-img 273General Information on qemu-img Invocation 274 Creating, Converting andChecking Disk Images 275 Managing Snapshots of Virtual Machines withqemu-img 280 Manipulate Disk Images Effectively 28332Running Virtual Machines with qemu-systemARCH 28832.1Basic qemu-system-ARCH Invocation 28832.2General qemu-system-ARCH Options 289Basic Virtual Hardware 290 Storing and Reading Configuration of VirtualDevices 292 Guest Real-Time Clock 29332.3Using Devices in QEMU 293Block Devices 294 Graphic Devices and Display Options 299 USBDevices 301 Character Devices 30332.4Networking in QEMU 305Defining a Network Interface Card 305 User-ModeNetworking 306 Bridged Networking 308xivVirtualization Guide

32.5Viewing a VM Guest with VNC 311Secure VNC Connections 31333Virtual Machine Administration Using QEMUMonitor 31633.1Accessing Monitor Console 31633.2Getting Information about the Guest System 31733.3Changing VNC Password 31933.4Managing Devices 32033.5Controlling Keyboard and Mouse 32133.6Changing Available Memory 32133.7Dumping Virtual Machine Memory 32233.8Managing Virtual Machine Snapshots 32333.9Suspending and Resuming Virtual Machine Execution 32433.10Live Migration 32433.11QMP - QEMU Machine Protocol 326Access QMP via Standard Input/Output 326 Access QMP viaTelnet 327 Access QMP via Unix Socket 328 Access QMP via libvirt'svirsh Command 329VI3434.1xvMANAGING VIRTUAL MACHINES WITH LXC 330Linux Containers 331Setting Up LXC Distribution Containers 33134.2Setting Up LXC Application Containers 33434.3Securing a Container Using AppArmor 33534.4Differences between the libvirt LXC Driver and LXC 33534.5Sharing Namespaces across Containers 337Virtualization Guide

34.635For More Information 337Migration from LXC to libvirt-lxc 33835.1Host Migration 33835.2Container Migration 33835.3Starting the Container 340Glossary 341AVirtual Machine Drivers 351BAppendix 352B.1Installing Paravirtualized Drivers 352Installing virtio Drivers for Microsoft Windows* 352CC.1XM, XL Toolstacks and Libvirt framework 353Xen Toolstacks 353Upgrading from xend/xm to xl/libxl 353 XL design 354 Checklist beforeUpgrade 355C.2Import Xen Domain Configuration into libvirt 355C.3Differences between the xm and xl Applications 357Notation Conventions 357 New Global Options 358 UnchangedOptions 358 Removed Options 362 Changed Options 365 NewOptions 379C.4External links 380C.5Saving a Xen Guest Configuration in an xm Compatible Format 381DxviGNU Licenses 382Virtualization Guide

About This ManualThis manual offers an introduction to setting up and managing virtualization with KVM (Kernel-based Virtual Machine) and Xen on SUSE Linux Enterprise Server. The rst part introducesthe different virtualization solutions by describing their requirements, their installations andSUSE's support status. The second part deals with managing VM Guests and VM Host Serverswith libvirt . The following parts describe topics that are both hypervisor independent, orrelate directly KVM and Xen solutions.1 Available DocumentationNote: Online Documentation and Latest UpdatesDocumentation for our products is available at https://documentation.suse.com/ , whereyou can also nd the latest updates, and browse or download the documentation in various formats. The latest documentation updates are usually available in the English version of the documentation.Note: Manual PagesMany commands are described in detail in their manual pages. You can view manualpages by running the man command followed by a specific command name. If the mancommand is not installed on your system, install it by running zypper install man .The following documentation is available for this product:Article “Installation Quick Start”This Quick Start guides you step-by-step through the installation of SUSE Linux Enterprise Server 15 SP2.Book “Deployment Guide”This guide details how to install single or multiple systems, and how to exploit the prod-uct-inherent capabilities for a deployment infrastructure. Choose from various approach-es: local installation from physical installation media, customizing the standard installa-tion images, network installation server, mass deployment using a remote-controlled, highly-customized, automated installation process, and initial system configuration.xviiAvailable DocumentationSLES 15 SP2

Book “Administration Guide”Covers system administration tasks like maintaining, monitoring and customizing an initially installed system.Book “Virtualization Guide”Describes virtualization technology in general, and introduces libvirt—the unified interface to virtualization—and detailed information on specific hypervisors.Book “Storage Administration Guide”Provides information about how to manage storage devices on a SUSE Linux EnterpriseServer.Book “AutoYaST Guide”AutoYaST is a system for unattended mass deployment of SUSE Linux Enterprise Serversystems using an AutoYaST profile containing installation and configuration data. Themanual guides you through the basic steps of auto-installation: preparation, installation,and configuration.Book “Security and Hardening Guide”Introduces basic concepts of system security, covering both local and network securityaspects. Shows how to use the product inherent security software like AppArmor, SELinux,or the auditing system that reliably collects information about any security-relevant events.Supports the administrator with security-related choices and decisions in installing andsetting up a secure SUSE Linux Enterprise Server and additional processes to further secureand harden that installation.Book “System Analysis and Tuning Guide”An administrator's guide for problem detection, resolution and optimization. Find how toinspect and optimize your system by means of monitoring tools and how to efficientlymanage resources. Also contains an overview of common problems and solutions and ofadditional help and documentation resources.Book “Repository Mirroring Tool Guide”An administrator's guide to Subscription Management Tool—a proxy system for SUSE Cus-tomer Center with repository and registration targets. Learn how to install and configure alocal SMT server, mirror and manage repositories, manage client machines, and configureclients to use SMT.Book “GNOME User Guide”xviiiAvailable DocumentationSLES 15 SP2

Introduces the GNOME desktop of SUSE Linux Enterprise Server. It guides you throughusing and configuring the desktop and helps you perform key tasks. It is intended mainlyfor end users who want to make efficient use of GNOME as their default desktop.The release notes for this product are available at https://www.suse.com/releasenotes/ .2 Improving the DocumentationYour feedback and contributions to this documentation are welcome. The following channelsfor giving feedback are available:Service Requests and SupportFor services and support options available for your product, see https://www.suse.com/support/.To open a service request, you need a SUSE subscription registered at SUSE CustomerCenter. Go to https://scc.suse.com/support/requests , log in, and click Create New.Bug ReportsReport issues with the documentation at https://bugzilla.suse.com/ . To simplify thisprocess, you can use the Report Documentation Bug links next to headlines in the HTML ver-sion of this document. These preselect the right product and category in Bugzilla and adda link to the current section. You can start typing your bug report right away. A Bugzillaaccount is required.ContributionsTo contribute to this documentation, use the Edit Source links next to headlines in theHTML version of this document. They take you to the source code on GitHub, where youcan open a pull request. A GitHub account is required.Note: Edit Source only available for EnglishThe Edit Source links are only available for the English version of each document.For all other languages, use the Report Documentation Bug links instead.For more information about the documentation environment used for this documentation,see the repository's README at docMailxixImproving the DocumentationSLES 15 SP2

You can also report errors and send feedback concerning the documentation to doc-team@suse.com . Include the document title, the product version, and the publication dateof the document. Additionally, include the relevant section number and title (or providethe URL) and provide a concise description of the problem.3 Documentation ConventionsThe following notices and typographical conventions are used in this documentation:/etc/passwd : directory names and le namesPLACEHOLDER : replace PLACEHOLDER with the actual valuePATH : the environment variable PATHls , --help : commands, options, and parametersuser : users or groupspackage name : name of a packageAlt,Alt– F1 : a key to press or a key combination; keys are shown in uppercase as ona keyboardFile, File Save As: menu items, buttonsAMD/IntelThis paragraph is only relevant for the AMD64/Intel 64 architecture. The ar-rows mark the beginning and the end of the text block.IBM Z, POWERThis paragraph is only relevant for the architectures IBM Z and POWER .The arrows mark the beginning and the end of the text block.Dancing Penguins (Chapter Penguins, Another Manual): This is a reference to a chapter inanother manual.Commands that must be run with root privileges. Often you can also prefix these commands with the sudo command to run them as non-privileged user.# command sudo commandCommands that can be run by non-privileged users.xxDocumentation ConventionsSLES 15 SP2

commandNoticesWarning: Warning NoticeVital information you must be aware of before proceeding. Warns you about securityissues, potential loss of data, damage to hardware, or physical hazards.Important: Important NoticeImportant information you should be aware of before proceeding.Note: Note NoticeAdditional information, for example about differences in software versions.Tip: Tip NoticeHelpful information, like a guideline or a piece of practical advice.4 Product Life Cycle and SupportSUSE products are supported for up to 13 years. To check the life cycle dates for your product,see https://www.suse.com/lifecycle/ .For SUSE Linux Enterprise, the following life cycles and release cycles apply:SUSE Linux Enterprise Server has a 13-year life cycle: 10 years of general support andthree years of extended support.SUSE Linux Enterprise Desktop has a 10-year life cycle: seven years of general support andthree years of extended support.xxiProduct Life Cycle and SupportSLES 15 SP2

Major releases are published every four years. Service packs are published every 12-14months.SUSE supports previous SUSE Linux Enterprise service packs for six months after the releaseof a new service pack.For some products, Long Term Service Pack Support (LTSS) is available. Find informationabout our support policy and options at .html.and https://Modules have a different life cycle, update policy, and update timeline than their base products. Modules contain software packages and are fully supported parts of SUSE Linux EnterpriseServer. For more information, see the Article “Modules and Extensions Quick Start”.4.1Support Statement for SUSE Linux Enterprise ServerTo receive support, you need an appropriate subscription with SUSE. To view the specific supportofferings available to you, go to https://www.suse.com/support/and select your product.The support levels are defined as follows:L1Problem determination, which means technical support designed to provide compatibilityinformation, usage support, ongoing maintenance, information gathering and basic troubleshooting using available documentation.L2Problem isolation, which means technical support designed to analyze data, reproducecustomer problems, isolate problem area and provide a resolution for problems not resolved by Level 1 or prepare for Level 3.L3Problem resolution, which means technical support designed to resolve problems by en-gaging engineering to resolve product defects which have been identified by Level 2 Support.For contracted customers and partners, SUSE Linux Enterprise Server is delivered with L3 support for all packages, except for the following:technology previews.sound, graphics, fonts, and artwork.xxiiSupport Statement for SUSE Linux Enterprise ServerSLES 15 SP2

packages that require an additional customer contract.some packages shipped as part of the module Workstation Extension are L2-supported only.packages with names ending in -devel (containing header les and similar developerresources) will only be supported together with their main packages.SUSE will only support the usage of original packages. That is, packages that are unchangedand not recompiled.4.2Technology PreviewsTechnology previews are packages, stacks, or features delivered by SUSE to provide glimpsesinto upcoming innovations. The previews are included for your convenience to give you thechance to test new technologies within your environment. We would appreciate your feedback!If you test a technology preview, please contact your SUSE representative and let them knowabout your experience and use cases. Your input is helpful for future development.However, technology previews come with the following limitations:Technology previews are still in development. Therefore, they may be functionally incomplete, unstable, or in other ways not suitable for production use.Technology previews are not supported.Technology previews may only be available for specific hardware architectures.Details and functionality of technology previews are subject to change. As a result, upgrading to subsequent releases of a technology preview may be impossible and require afresh installation.Technology previews can be dropped at any time. For example, if SUSE discovers that apreview does not meet the customer or market needs, or does not prove to comply withenterprise standards. SUSE does not commit to providing a supported version of such technologies in the future.For an overview of technology previews shipped with your product, see the release notes gy PreviewsSLES 15 SP2

I Introduction1Virtualization Technology 22Introduction to Xen Virtualization 73Introduction to KVM Virtualization 104Virtualization Tools 125Installation of Virtualization Components 176Supported Hosts, Guests, and Features 23

1 Virtualization TechnologyVirtualization is a technology that provides a way for a machine (Host) to run an-other operating system (guest virtual machines) on top of the host operating system.1.1 OverviewSUSE Linux Enterprise Server includes the latest open source virtualization technologies, Xenand KVM. With these hypervisors, SUSE Linux Enterprise Server can be used to provision, de-provision, install, monitor and manage multiple virtual machines (VM Guests) on a single physical system (for more information see Hypervisor). SUSE Linux Enterprise Server can create vir-tual machines running both modified, highly tuned, paravirtualized operating systems and fullyvirtualized unmodified operating systems.The primary component of the operating system that enables virtualization is a hypervisor (orvirtual machine manager), which is a layer of software that runs directly on server hardware.It controls platform resources, sharing them among multiple VM Guests and their operatingsystems by presenting virtualized hardware interfaces to each VM Guest.SUSE Linux Enterprise is an enterprise-class Linux server operating system that offers two typesof hypervisors: Xen and KVM.SUSE Linux Enterprise Server with Xen or KVM acts as a virtualization host server (VHS) thatsupports VM Guests with its own guest operating systems. The SUSE VM Guest architectureconsists of a hypervisor and management components that constitute the VHS, which runs manyapplication-hosting VM Guests.In Xen, the management components run in a privileged VM Guest often called Dom0. In KVM,where the Linux kernel acts as the hypervisor, the management components run directly onthe VHS.2OverviewSLES 15 SP2

1.2 Virtualization CapabilitiesVirtualization design provides many capabilities to your organization. Virtualization of operating systems is used in many computing areas:Server consolidation: Many servers can be replaced by one big physical server, so hardwareis consolidated, and Guest Operating Systems are converted to virtual machine. It providesthe ability to run legacy software on new hardware.Isolation: guest operating system can be fully isolated from the Host running it. So if thevirtual machine is corrupted, the Host system is not harmed.Migration: A process to move a running virtual machine to another physical machine. Livemigration is an extended feature that allows this move without disconnection of the clientor the application.Disaster recovery: Virtualized guests are less dependent on the hardware, and the Hostserver provides snapshot features to be able to restore a known running system withoutany corruption.Dynamic load balancing: A migration feature that brings a simple way to load-balanceyour service across your infrastructure.1.3 Virtualization BenefitsVirtualization brings a lot of advantages while providing the same service as a hardware server.First, it reduces the cost of your infrastructure. Servers are mainly used to provide a service toa customer, and a virtualized operating system can provide the same service, with:Less hardware: You can run several operating system on one host, so all hardware maintenance will be reduced.Less power/cooling: Less hardware means you do not need to invest more in electric power,backup power, and cooling if you need more service.Save

9.8 Monitoring 62 Monitoring with Virtual Machine Manager 62 Monitoring with virt-top 63 Monitoring with kvm_stat 64 10 Connecting and Authorizing66 10.1 Authentication 66 libvirtd Authentication 67 VNC Authentication 71 10.2 Connecting to a VM Host Server 75 "system" Access for Non-Privileged Users 76 Managing Connections with