Codebase list libvirt / debian/0.8.7-3 debian / README.Debian
debian/0.8.7-3

Tree @debian/0.8.7-3 (Download .tar.gz)

README.Debian @debian/0.8.7-3raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Xen
===
To manage xen domains with libvirt you have to set:

(xend-unix-server yes)

in /etc/xen/xend-config.sxp.

For xend HTTP access (not recommended) you also have to set:

(xend-http-server yes)
# only allow access from localhost:
(xend-address localhost)

Note that *every* user on the system has access to xend then. Better use
libvirtd to access xen with unprivileged users and add the users to the
"libvirt" group (see "Access Control" below).

Debugging
=========
Use LIBVIRT_DEBUG=1 to enable libvirt's debugging output, e.g.:

LIBVIRT_DEBUG=1
export LIBVIRT_DEBUG
virt-manager

The default NAT network
=======================
To ease network configuration libvirt defines a NATed network named "default".
VMs using this network end up in 192.168.122.1/24 and DHCP is provided to them
via dnsmasq. This network is not automatically started. To start it use:

 virsh net-start default

To make the default network start automatically use:

 virsh net-autostart default

In order for things to work this way you need to have the recommended packages
dnsmasq-base, bridge-utils and iptables installed.

You don't need the package dnsmasq. However, if you install it, Debian's
default dnsmasq needs to be adjusted slightly to interoperate with libvirtd:

cat <<EOF >/etc/dnsmasq.d/00_libvirtd.conf
# only bind to loopback by default
interface=lo
bind-interfaces
EOF

This makes dnsmasq only bind to the loopback interface by default so libvirtd
can handle the virtual bridges.

Access Control
==============
Access to the libvirt socket is controlled by membership in the "libvirt" group.
If you want to manage VMs as non root you need to add a user to that group.

QEMU/KVM: Dropping Capabilties
==============================
Network interfaces of type "ethernet" use a script like /etc/qemu-ifup to set up
the network device. In order to make this work you need to set
"clear_emulator_capabilities" to "0" in /etc/libvirt/qemu.conf since you need
CAP_NET_ADMIN.
This used to be the default prior to 0.8.1 in the Debian package.

 -- Guido Günther <agx@sigxcpu.org>  Mon, 12 Jul 2010 19:58:35 +0200