转-Libvirt FAQ

为什么80%的码农都做不了架构师？>>>   

from: http://wiki.libvirt.org/page/FAQ
1. General
1.1 What is libvirt?
Libvirt is collection of software(Libvirt是个软件包) that provides a convenient way to manage virtual machines and other virtualization functionality, such as storage and network interface management. These software pieces include an API library, a daemon (libvirtd), and a command line utility (virsh). (libvirt也可以管理存储和网络)
An primary goal of libvirt is to provide a single way to manage multiple different virtualization hypervisors. For example, the command 'virsh list --all' can be used to list the existing virtual machines for any supported hypervisor (KVM, Xen, VMWare ESX, etc.) No need to learn the hypervisor specific tools! (libvirt为不同的hypervisor提供统一的接口)
1.2 I heard someone say they 'use libvirt'. What do they mean?
When people say they 'use libvirt', this usually means that they manage virtual machines using tools such as 'virsh', 'virt-manager', or 'virt-install', which are all built around libvirt functionality. They likely DO NOT directly use tools like 'xm' for Xen, or the qemu/qemu-kvm binary. (用libvirt的命令行工具，就不在需要掌握各hypervisor特定的命令行工具了)
1.3 How do I know if I am using libvirt?
You are using libvirt if you manage virtual machines using virsh, virt-manager, or virt-install (pretty much any virtualization tool that starts with virt-*).
If you are using hypervisor specific tools like 'xm', 'qemu-kvm', etc. directly, you probably are not using libvirt.
If you have virtual machines on your existing machine and you are using libvirt, 'virsh list --all' (usually run as root) should show something. (最常用: virsh list --all)
1.4 What is some of the major functionality provided by libvirt?
Some of the major libvirt features are:
VM management(虚机生命周期管理): Various domain lifecycle operations such as start, stop, pause, save, restore, and migrate. Hotplug(热插拔) operations for many device types including disk and network interfaces, memory, and cpus.
Remote machine support(远程支持): All libvirt functionality is accessible on any machine running the libvirt daemon, including remote machines. A variety of network transports are supported for connecting remotely, with the simplest being SSH, which requires no extra explicit configuration. If example.com is running libvirtd and SSH access is allowed, the following command will provide access to all virsh commands on the remote host for qemu/kvm: virsh --connect qemu+ssh://root@example.com/system(libvirtd是server端，virsh是client端，ssh是协议)
For more info, see: http://libvirt.org/remote.html
Storage management(存储管理): Any host running the libvirt daemon can be used to manage various types of storage: create file images of various formats (qcow2, vmdk, raw, ...), mount NFS shares, enumerate existing LVM volume groups, create new LVM volume groups and logical volumes, partition raw disk devices, mount iSCSI shares, and much more. Since libvirt works remotely as well, all these options are available for remote hosts as well. For more info, see: http://libvirt.org/storage.html (通过libvirtd支持)
Network interface management(网络接口管理): Any host running the libvirt daemon can be used to manage physical and logical network interfaces. Enumerate existing interfaces, as well as configure (and create) interfaces, bridges, vlans, and bond devices. This is with the help of netcf, For more info, see: https://fedorahosted.org/netcf/ (通过libvirtd+netcf支持)
Virtual NAT and Route based networking(虚拟网络支持): Any host running the libvirt daemon can manage and create virtual networks. Libvirt virtual networks use firewall rules to act as a router(用防火墙规则作为路由), providing VMs transparent access to the host machines network. For more info, see: http://libvirt.org/archnetwork.html
1.5 What hypervisors does libvirt support?
A complete list can be found here: http://libvirt.org/drivers.html (KVM/Xen/ESX etc.)
1.6 How can I check my libvirt version?
For the installed virsh version: virsh --version
For the libvirt daemon version:libvirtd --version
For the library and default hypervisor version: virsh --version
1.7 What are the libvirt mailing lists/IRC?
See: http://libvirt.org/contact.html
1.8 Where should I report libvirt bugs?
For bug reporting, see: http://libvirt.org/bugs.html
1.9 Is libvirt the 'lowest common denominator' of hypervisor features?
Short answer: ABSOLUTELY NOT.
Libvirt's goal is to expose all useful hypervisor features. Period. (只有用的，不是所有)
The only caveat is that this feature needs to be exposed in a general way that is compatible with the libvirt architecture. Even if only a single supported hypervisor implements feature FOO, the API and XML changes need to be made sufficiently general in case any other hypervisor eventually supports FOO.
2. Common VM Configuration
2.1 What is the 'virsh edit' command and how do I use it?
'virsh edit' is the recommended way to make changes to an existing VM configuration. The command looks like:
virsh edit $your-vm-name
This command will open a text editor containing the existing VM XML(虚机的配置文件是个xml文件): any changes that are made and saved will be checked for errors when the editor exits. If no errors are found, the changes are made permanent.
The text editor used is whatever is specified by the EDITOR environment variable. By default, this is usually 'vi'. You can override this with: EDITOR=$your-favorite-editor virsh edit $your-vm-name'.
For example, on a gnome system 'EDITOR=gedit virsh edit myvm' will edit myvm's XML in a graphical text editor.
2.2 Where are VM config files stored? How do I edit a VM's XML config?
If you want to edit a VMs XML, use 'virsh edit $vmname'. If you want to backup the XML, use 'virsh dumpxml $vmname'.
Where VM confuration is stored depends on the hypervisor(虚机xml配置的位置不同). For example, Xen and VMWare store their own configs, and libvirt just translates this to XML when 'virsh dumpxml' is called.. For qemu and lxc, libvirt stores the XML on disk and in memory.
libvirt is often configured to store qemu VM and other XML descriptions in /etc, but editing those files is not a valid way to change configuration. While editing those files and restarting libvirtd may work some (or even much) of the time, it's very possible that libvirtd will overwrite the changes and they will be lost. Equally importantly, using virsh edit or other API to edit the XML allows libvirt to validate your changes. A common problem seen when people edit the on-disk XML is a VM that simply vanishes the next time libvirtd is restarted after the edit. The VM disappears from libvirt because the XML has become invalid, after which libvirt can't do anything with it. (不要直接修改xml文件)
This advice applies for ALL libvirt XML. The equivalent virsh commands for other libvirt XML types are:
Virtual Networks: net-edit, net-dumpxml
Storage Pools: pool-edit, pool-dumpxml
Storage Volumes: vol-edit, vol-dumpxml
Interfaces: iface-edit, iface-dumpxml
2.3 If I change the XML of running machine, do the changes take immediate effect?
NO. Redefining the XML of a running machine will not change anything, the changes will take effect after the next VM start up. Libvirt has a set of commands for making live changes to running guests, which have varying support depending on the hypervisor, ex virsh attach-*. virsh detach-*, virsh setmem, virsh setvcpus. (改xml配置需要libvirtd重启，但是virsh有些命令支持动态修改虚机配置) 
2.4 How do I shutdown my VMs?
There are two shutdown operations via virsh:
virsh shutdown $vm-name : Request a soft shutdown(软关机), akin to pressing the power button on a physical machine.
virsh destroy $vm-name : Hard poweroff(硬关机) a physical machine. Akin to ripping the power cord from a running machine.
The other option it to shut down your VM normally from inside the guest operating system, like you would for a physical machine. Note: At least for the qemu/kvm guests, shutdown requires ACPI enabled in the guest. See the QEMU/KVM shutdown FAQ entry. (qemu/kvm + ACPI enabled ?)
2.5 Will restarting the libvirt daemon stop my virtual machines?
NO, as of version 0.6.0 (Jan 2009)(从0.6.0开始，重启libvirtd时不需要停vm了). Versions older than this will kill VMs if the libvirtd daemon is stopped, so beware.
3. Common Errors
3.1 My VM doesn't show up with 'virsh list'
First, make sure you are passing the --all flag: virsh list --all
'virsh list' only shows running VMs: --all is required to see every VM.  (virsh list只列出running的vm)
If your VM is still not listed, determine which URI virsh is defaulting to with: virsh uri
If the default URI is not as expected, you can manually specify a URI with: virsh --connect URI
If you are using QEMU/KVM and you created your VM with virt-manager, the URI you probably want is qemu:///system. If that doesn't work, read the FAQ entry for qemu:///system VS. qemu:///session
3.2 Error: Failed to add tap interface 'vnet%d' to bridge 'virbr0' No such file or directory
This is commonly caused by 2 things: The 'tun' module is not loaded. Try running: modprobe tun . The virtual network used by your VM is not running. This is usually the 'default' network, which can be started with: virsh net-start default
3.3 Error: unable to connect to '/var/run/libvirt/libvirt-sock'
This is usually caused by one of the following:
libvirtd is not running. On fedora systems, this can be fixed with: service libvirtd restart
You manually installed from source, and something is screwy(怪异). virsh may be looking for the socket in '/usr/local/var', but your installed libvirtd isn't creating it correctly.
It's recommended that you configure a manual libvirt install with --prefix=/usr to correct these issues.
3.4 Why doesn't 'shutdown' doesn't seem to work? (shutdown需要guestOS支持acpi)
If you are using Xen HVM or QEMU/KVM, ACPI must be enabled in the guest for a graceful shutdown to work. To check if ACPI is enabled, run:  virsh dumpxml $your-vm-name | grep acpi
If nothing is printed, ACPI is not enabled for your machine. Use 'virsh edit' to add the following XML under <domain>:
<features><acpi/></features>
If your VM is running Linux, the VM additionally needs to be running acpid to receive the ACPI events.
HOWEVER, if your VM is running Windows, this won't be enough. If windows does not detect ACPI at install time, it disables the necessary support. The recommended way to remedy this seems to be a 'repair install' using windows install media. More info can be found here: http://support.microsoft.com/kb/314088/EN-US/ http://support.microsoft.com/?kbid=309283
3.5 Error: domain did not show up
For a while, this was a kind of catch all error for qemu/kvm guest start up failures. See 'My VM fails to start'
3.6 Error: monitor socket did not show up.: Connection refused
This message usually masks a more specific error at domain start up. See 'My VM fails to start'
3.7 My VM fails to start. What should I do?
If your VM is failing to start, and libvirt isn't returning a helpful error message, you can find more info in the log files. For qemu/kvm, this is /var/log/libvirt/qemu/$your-vm-name.log(libvirt的log). This will show generated qemu command line, and any error output qemu throws. Certain versions of libvirt weren't good at returning this info to the user, so there may be a fixable error here, like a missing storage file.
If you can't determine anything to fix, please report a bug (see the bug reporting FAQ).
3.8 error: Unknown Failure
This is caused by faulty error reporting in libvirt. Whenever you encounter this error, please file a bug. You can typically get more information by running: tail -f /var/log/messages(这里或许有更多信息) and reproducing the failure. If you encounter this during VM migration, you will want to run that command on both the source and destination host. You will also want to make sure your hosts are properly configured for migration (see the migration section of this FAQ).
3.9 internal error: canonical hostname pointed to localhost, but this is not allowed
This is an error often encountered when trying to migrate with QEMU/KVM. What this means is that 'virsh hostname' on the destination host returns 'localhost', which can cause problems with plain migration. The easiest way to work around this is to manually specify a migration hostname/IP address. This can be done with: virsh migrate with the option '--migrateuri tcp://hostname:port'
3.10 error: operation failed: migration to '...' failed: migration failed
This is an error often encountered when trying to migrate with QEMU/KVM. This typically happens with plain migration, when the source VM cannot connect to the destination host. You will want to make sure your hosts are properly configured for migration (see the migration section of this FAQ)
4. Migration
4.1 What are the different migration methods?
There are two primary types of migration with QEMU/KVM and libvirt:
Plain migration: The source host VM opens a direct unencryptyed TCP connection to the destination host for sending the migration data. Unless a port is manually specified, libvirt will choose a migration port in the range 49152-49215, which will need to be open in the firewall on the remote host. (源host和目标host链接)
Tunneled migration: The source host libvirtd opens a direct connection to the destination host libvirtd for sending migration data. This allows the option of encrypting the data stream. This mode doesn't require any extra firewall configuration, but is only supported with qemu 0.12.0 or later, and libvirt 0.7.2. (源host的libvirtd和目标host的libvirtd链接)
4.2 What setup is required for QEMU/KVM migration?
For all QEMU/KVM migrations, libvirtd must be running on the source and destination host. You must be able to open a valid connection to the remote libvirt host. For tunneled migration, no extra configuration should be required, you simply need to pass the --tunnelled flag to virsh migrate. (libvirtd是必须的)
For plain unencrypted migration, the TCP port range 49152-49215 must be opened in the firewall on the destination host. If you would like to use a specific port rather than have libvirt choose, you can pass a manual URI to virsh:
 virsh migrate $VMNAME $REMOTE_HOST_URI --migrateuri tcp://$REMOTE_HOST:$PORT
5. QEMU/KVM
5.1 Can I connect to the QEMU monitor with libvirt?
No. Libvirt deliberately does not enable user access to the QEMU monitor(Libvirt不允许直接操作qemu monitor). Interacting with the monitor behind libvirt's back can cause reported virtual machine state to be out of sync, which will likely end with errors. The only way to interact with the monitor is through libvirt APIs (see the following question for a complete list of support)
5.2 What monitor commands does libvirt support? What QEMU/KVM command line flags does libvirt support?
For a complete list, please see: http://wiki.libvirt.org/page/QEMUSwitchToLibvirt
5.3 What is the difference between qemu:///system and qemu:///session? Which one should I use?
All 'system' URIs (be it qemu, lxc, uml, ...) connect to the libvirtd daemon running as root which is launched at system startup. Virtual machines created and run using 'system' are usually launched as root, unless configured otherwise (for example in /etc/libvirt/qemu.conf). All 'session' URIs launch a libvirtd instance as your local user, and all VMs are run with local user permissions. You will definitely want to use qemu:///system if your VMs are acting as servers. VM autostart on host boot only works for 'system', and the root libvirtd instance has necessary permissions to use proper networkings via bridges or virtual networks. qemu:///system is generally what tools like virt-manager default to.
qemu:///session has a serious drawback: since the libvirtd instance does not have sufficient privileges, the only out of the box network option is qemu's usermode networking, which has nonobvious limitations, so its usage is discouraged. More info on qemu networking options: http://people.gnome.org/~markmc/qemu-networking.html
The benefit of qemu:///system is that permission issues vanish: disk images can easily be stored in $HOME, serial PTYs are owned by the user, etc. (qemu:///system对应root，qemu:///session对应localUser)
6. Networking
6.1 What is libvirt doing with iptables?
By default, libvirt provides a virtual network named 'default' which acts as a NAT router for virtual machines, routing traffic to the network connected to your host machine. This functionality uses iptables. (libvirt default是NAT路由)
For more info, see: http://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.29
6.2 How can I make libvirt stop using iptables?
WARNING: Any VMs already configured to use these virtual networks will need to be edited: simply removing the <interface> devices via 'virsh edit' should be sufficient. Not doing this step will cause starting to fail, and even after the editing step the VMs will not have network access.
You can remove all libvirt virtual networks on the machine:
Use 'virsh net-list --all' to see a list of all virtual networks
Use 'virsh net-destroy $net-name' to shutdown each running network
Use 'virsh net-undefine $net-name' to permanently remove the network
6.3 Why doesn't libvirt just auto configure a regular network bridge?
While this would be nice, it is difficult/impossible to do in a safe way that won't hit a lot of trouble with non trivial networking configurations. A static bridge(静态桥) is also not compatible with a laptop mode of networking, switching between wireless and wired. Static bridges also do not play well with NetworkManager as of this writing (Feb 2010).
You can find more info about the motivation virtual networks here: http://www.gnome.org/~markmc/virtual-networking.html
6.4 How do I manually configure a network bridge?
See: http://wiki.libvirt.org/page/Networking#Host_configuration_2
6.5 How do I get my VM to use an existing network bridge?
See: http://wiki.libvirt.org/page/Networking#Guest_configuration_2
7. Developing with libvirt
7.1 What is libvirt's license?
libvirt is released under the GNU Lesser General Public License, see the file COPYING.LIB in the distribution for the precise wording.
7.2 Where can I get the source code? How do I compile and install?
See http://libvirt.org/downloads.html
If you are using Fedora, the following packages are pre-requisites to a minimal build that will pass 'make check':
cyrus-sasl-devel
device-mapper-devel
gnutls-devel
libxml2-devel
The following packages are also useful for building all optional features:
avahi-devel
e2fsprogs-devel
hal-devel
libcap-ng-devel
libpciaccess-devel
libselinux-devel
libssh2-devel
libudev-devel
netcf-devel
numactl-devel
parted-devel
python-devel
readline-devel
xen-devel
xhtml1-dtds
xmlrpc-c-devel
yajl-devel
7.3 Is libvirt thread safe?
Yes, libvirt is thread safe as of version 0.6.0. This means that multiple threads can act on a single virConnect instance without issue. (从0.6.0开始，libvirt是线程安全的)
Previous libvirt versions required opening a separate connection for each thread: this method has several major drawbacks and is not recommended.

 

补充：

From: http://qinlong.blog.51cto.com/1130504/335112
Libvirt是一个软件集合，便于使用者管理虚拟机和其他虚拟化功能，比如存储和网络接口管理等等。这些软件包括一个API库、一个daemon(libvirtd)和一个命令行工具(virsh)。Libvirt的主要目标是：提供一种单一的方式管理多种不同的虚拟化提供方式和hypervisor。比如，命令行“virsh list -- all”可以列出所有任何支持的、基于hypervisor的虚拟机，这就避免学习、使用不同hypervisor的特定工具。使用libvirt，意味着使用virsh、virt-manager、virt-install等工具管理虚拟机，这些工具都是围绕着libvirt开发的。人们不再直接使用基于XEN的xm、或是qemu【注1】/qemu-kvm【注2】等二进制工具。

主要功能包括：
1.虚拟机管理：包括不同的领域生命周期操作，比如：启动、停止、暂停、保存、恢复和迁移。支持多种设备类型的热插拔操作，包括：磁盘、网卡、内存和CPU。
2.远程机器支持：只要机器上运行了libvirt daemon，包括远程机器，所有的libvirt功能就都可以访问和使用。支持多种网络远程传输，使用最简单的SSH，不需要额外配置工作。比如：example.com运行了libvirt，而且允许SSH访问，下面的命令行就可以在远程的主机上使用virsh命令行。 virsh --connect qemu+ssh://root@example.com/system
3.存储管理：任何运行了libvirt daemon的主机都可以用来管理不同类型的存储：创建不同格式的文件映像(qcow2、vmdk、raw等)、挂接NFS共享、列出现有的LVM卷组、创建新的LVM卷组和逻辑卷、对未处理过的磁盘设备分区、挂接iSCSI共享，等等等等。因为libvirt可以远程工作，所有这些都可以通过远程主机使用。
4.网络接口管理：任何运行了libvirt daemon的主机都可以用来管理物理和逻辑的网络接口。可以列出现有的接口卡，配置、创建接口，以及桥接、vlan和关联设备等，通过netcf都可以支持。
5.虚拟NAT和基于路由的网络：任何运行了libvirt daemon的主机都可以用来管理和创建虚拟网络。Libvirt虚拟网络使用防火墙规则作为路由器，让虚拟机可以透明访问主机的网络。

注1: QEMU 是一种处理器模拟器，依赖于动态二进制翻译机制，在易于移植至新的主机CPU架构的同时，还要获得合理的速度响应。除提供CPU模拟之外，它还提供了一系列设备模型，允许它运行多种未经修改的客户操作系统；因此QEMU可以被看做一个宿主虚拟机监控软件。它还提供了加速模式，以支持(供kernel code的)二进制翻译和原生执行(供user code)的混合方式，这与VMware Workstation和Microsoft VirtualPC相同。
QEMU也可以用作纯用户级处理的CPU模拟，在这种运作模式下，它类似于Valgrind。
QEMU有一个特有的可移植性功能，虚拟机可以运行在任何PC之上，即使用户只有有限的权限，而且没有管理员访问权限也没有关系，这让“USB优盘上的PC”这一概念变得可行。也有类似的应用，比如MojoPac，但是它们需要管理员权限才能运行。
注2: KVM，Kernel－based Virtual machine 。KVM是一种Linux下的kernel虚拟化基础结构，它自身无法进行任何模拟。需要用户空间的程序使用/dev/kvm接口来设置客户虚拟机的地址空间，向其输入数据，并将其视频显示映射至主机。QEMU自0.10.0之后可以使用KVM。

转载于:https://my.oschina.net/kuafu/blog/16298