| blob | a7a6ec32a5ee418afb50b035a445047855d71283 |
4 <body>
9 <p>
10 This section describes the XML format used to represent domains, there are
11 variations on the format based on the kind of domains run and the options
12 used to launch them. For hypervisor specific details consult the
14 </p>
19 <p>
20 The root element required for all virtual machines is
23 specifies the hypervisor used for running
24 the domain. The allowed values are driver specific, but
27 integer identifier for the running guest machine. Inactive
28 machines have no id value.
29 </p>
34 <pre>
45 ...</pre>
47 <dl>
50 a short name for the virtual machine. This name should
51 consist only of alpha-numeric characters and is required
52 to be unique within the scope of a single host. It is
53 often used to form the filename for storing the persistent
57 a globally unique identifier for the virtual machine.
58 The format must be RFC 4122 compliant,
60 If omitted when defining/creating a new machine, a random
61 UUID is generated. It is also possible to provide the UUID
68 element can be used to add a Virtual Machine Generation ID which
69 exposes a 128-bit, cryptographically random, integer value identifier,
70 referred to as a Globally Unique Identifier (GUID) using the same
72 the guest operating system when the virtual machine is re-executing
73 something that has already executed before, such as:
75 <ul>
80 </ul>
82 The guest operating system notices the change and is then able to
83 react as appropriate by marking its copies of distributed databases
84 as dirty, re-initializing its random number generator, etc.
86 <p>
87 The libvirt XML parser will accept both a provided GUID value
89 and saved in the XML. For the transitions such as above, libvirt
90 will change the GUID before re-executing.</p></dd>
94 short description of the domain. The title should not contain
99 human readable description of the virtual machine. This data is not
100 used by libvirt in any way, it can contain any information the user
105 to store custom metadata in the form of XML
106 nodes/trees. Applications must use custom namespaces on their
107 XML nodes/trees, with only one top-level element per namespace
108 (if the application needs structure, they should have
109 sub-elements to their namespace
111 </dl>
115 <p>
116 There are a number of different ways to boot virtual machines
117 each with their own pros and cons.
118 </p>
122 <p>
123 Booting via the BIOS is available for hypervisors supporting
124 full virtualization. In this case the BIOS has a boot order
125 priority (floppy, harddisk, cdrom, network) determining where
126 to obtain/find the boot image.
127 </p>
129 <pre>
130 ...
134 <nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/nvram/guest_VARS.fd</nvram>
141 ...</pre>
143 <dl>
148 some features required by selected firmware. Accepted values are
150 The selection process scans for files describing installed
151 firmware images in specified location and uses the most specific
152 one which fulfils domain requirements. The locations in order of
153 preference (from generic to most specific one) are:
154 <ul>
158 </ul>
159 For more information refer to firmware metadata specification as
161 repository. Regular users do not need to bother.
164 uses UEFI, and it is not set when using BIOS.
166 </dd>
169 type of operating system to be booted in the virtual machine.
172 (badly named!) refers to an OS that supports the Xen 3 hypervisor
174 specifying the CPU architecture to virtualization,
177 provides details on allowed values for
181 which is specified by absolute path,
182 used to assist the domain creation process. It is used by Xen
183 fully virtualized domains as well as setting the QEMU BIOS file
189 image should be writable or read-only. The second attribute
192 memory the file should be mapped. For instance, if the loader
195 implement the Secure boot feature. Attribute
199 <dd>Some UEFI firmwares may want to use a non-volatile memory to store
200 some variables. In the host, this is represented as a file and the
201 absolute path to the file is stored in this element. Moreover, when the
202 domain is started up libvirt copies so called master NVRAM store file
204 attribute can be used to per domain override map of master NVRAM stores
205 from the config file. Note, that for transient domains if the NVRAM file
206 has been created by libvirt it is left behind and it is management
207 application's responsibility to save and remove file (if needed to be
213 times to setup a priority list of boot devices to try in turn.
214 Multiple devices of the same type are sorted according to their
215 targets while preserving the order of buses. After defining the
216 domain, its XML configuration returned by libvirt (through
217 virDomainGetXMLDesc) lists devices in the sorted order. Once sorted,
218 the first device is marked as bootable. Thus, e.g., a domain
219 configured to boot from "hd" with vdb, hda, vda, and hdc disks
220 assigned to it will boot from vda (the sorted list is vda, vdb, hda,
221 hdc). Similar domain with hdc, vda, vdb, and hda disks will boot from
222 hda (sorted disks are: hda, hdc, vda, vdb). It can be tricky to
223 configure in the desired way, which is why per-device boot elements
227 introduced and they are the preferred way providing full control over
231 </dd>
233 <dd>How to populate SMBIOS information visible in the guest.
237 SMBIOS values;
240 used to see what values are copied), or "sysinfo" (use the values in
244 </dd>
245 </dl>
246 <p>Up till here the BIOS/UEFI configuration knobs are generic enough to
247 be implemented by majority (if not all) firmwares out there. However,
248 from now on not every single setting makes sense to all firmwares. For
251 doesn't produce any output onto serial line, etc. Moreover, firmwares
252 don't usually export their capabilities for libvirt (or users) to check.
253 And the set of their capabilities can change with every new release.
254 Hence users are advised to try the settings they use before relying on
255 them in production.</p>
256 <dl>
258 <dd> Whether or not to enable an interactive boot menu prompt on guest
263 the boot menu should wait until it times out. Allowed values are numbers
266 </dd>
270 Serial Graphics Adapter which allows users to see BIOS messages
271 on a serial port. Therefore, one needs to have
276 whether and after how long the guest should start booting
277 again in case the boot fails (according to BIOS). The value is
280 </dd>
281 </dl>
285 <p>
286 Hypervisors employing paravirtualization do not usually emulate
287 a BIOS, and instead the host is responsible to kicking off the
288 operating system boot. This may use a pseudo-bootloader in the
289 host to provide an interface to choose a kernel for the guest.
293 </p>
295 <pre>
296 ...
299 ...</pre>
301 <dl>
304 a fully qualified path to the bootloader executable in the
305 host OS. This bootloader will be run to choose which kernel
306 to boot. The required output of the bootloader is dependent
310 command line arguments to be passed to the bootloader.
312 </dd>
314 </dl>
318 <p>
319 When installing a new guest OS it is often useful to boot directly
320 from a kernel and initrd stored in the host OS, allowing command
321 line arguments to be passed directly to the installer. This capability
322 is usually available for both para and full virtualized guests.
323 </p>
325 <pre>
326 ...
338 ...</pre>
340 <dl>
342 <dd>This element has the same semantics as described earlier in the
345 <dd>This element has the same semantics as described earlier in the
348 <dd>The contents of this element specify the fully-qualified path
349 to the kernel image in the host OS.</dd>
351 <dd>The contents of this element specify the fully-qualified path
352 to the (optional) ramdisk image in the host OS.</dd>
354 <dd>The contents of this element specify arguments to be passed to
355 the kernel (or installer) at boot time. This is often used to
356 specify an alternate primary console (eg serial port), or the
357 installation media source / kickstart file</dd>
359 <dd>The contents of this element specify the fully-qualified path
360 to the (optional) device tree binary (dtb) image in the host OS.
367 </dl>
371 <p>
372 When booting a domain using container based virtualization, instead
373 of a kernel / boot image, a path to the init binary is required, using
378 but will not affect init argv.
379 </p>
380 <p>
382 for each variable.
383 </p>
384 <p>
386 element.
387 </p>
388 <p>
391 either a user (resp. group) id or a name. Prefixing the user or group id with
393 this, it will be first tried as a user or group name.
394 </p>
396 <pre>
407 </pre>
410 <p>
413 </p>
415 <dl>
419 <dd>The first user ID in container will be mapped to this target user
420 ID in host.</dd>
423 </dl>
425 <pre>
430 </pre>
435 <p>
436 Some hypervisors allow control over what system information is
437 presented to the guest (for example, SMBIOS fields can be
438 populated by a hypervisor and inspected via
442 </p>
444 <pre>
445 ...
448 ...
477 ...</pre>
479 <p>
482 sub-elements, with supported values of:
483 </p>
485 <dl>
487 <dd>Sub-elements call out specific SMBIOS values, which will
488 affect the guest if used in conjunction with
493 elements that describe a field within the block. The following
494 blocks and entries are recognized:
495 <dl>
497 <dd>
498 This is block 0 of SMBIOS, with entry names drawn from:
499 <dl>
505 <dd>BIOS release date. If supplied, is in either mm/dd/yy or
506 mm/dd/yyyy format. If the year portion of the string is
509 <dd>System BIOS Major and Minor release number values
510 concatenated together as one string separated by
512 </dl>
513 </dd>
515 <dd>
516 This is block 1 of SMBIOS, with entry names drawn from:
517 <dl>
527 <dd>Universal Unique ID number. If this entry is provided
528 alongside a top-level
530 then the two values must match.</dd>
535 </dl>
536 </dd>
538 <dd>
539 This is block 2 of SMBIOS. This element can be repeated multiple
540 times to describe all the base boards; however, not all
541 hypervisors necessarily support the repetition. The element can
542 have the following children:
543 <dl>
556 </dl>
557 NB: Incorrectly supplied entries for the
561 passed as strings to the hypervisor driver.
562 </dd>
564 <dd>
566 SMBIOS, with entry names drawn from:
567 <dl>
578 </dl>
579 </dd>
581 <dd>
582 This is block 11 of SMBIOS. This element should appear once and
584 arbitrary string data. There are no restrictions on what data can
585 be provided in the entries, however, if the data is intended to be
586 consumed by an application in the guest, it is recommended to use
588 </dd>
589 </dl>
590 </dd>
591 </dl>
595 <pre>
597 ...
603 ...
605 </pre>
607 <dl>
609 <dd>The content of this element defines the maximum number of virtual
610 CPUs allocated for the guest OS, which must be between 1 and
611 the maximum supported by the hypervisor.
612 <dl>
614 <dd>
616 list of physical CPU numbers that domain process and virtual CPUs
617 can be pinned to by default. (NB: The pinning policy of domain
618 process and virtual CPUs can be specified separately by
624 will be ignored. For virtual CPUs which don't have
627 Each element in that list is either a single CPU number,
628 a range of CPU numbers, or a caret followed by a CPU number to
629 be excluded from a previous range.
631 </dd>
633 <dd>
635 be used to specify whether fewer than the maximum number of
636 virtual CPUs should be enabled.
638 </dd>
640 <dd>
642 indicate the CPU placement mode for domain process. The value can
645 specified. Using "auto" indicates the domain process will be pinned
646 to the advisory nodeset from querying numad and the value of
651 pinned to all the available physical CPUs.
653 </dd>
654 </dl>
655 </dd>
657 <dd>
658 The vcpus element allows to control state of individual vCPUs.
661 in other places such as vCPU pinning, scheduler information and NUMA
662 assignment. Note that the vCPU ID as seen in the guest may differ from
663 libvirt ID in certain cases. Valid IDs are from 0 to the maximum vCPU
670 and hotunplugged in cases when the CPU is enabled at boot. Note that
671 all disabled vCPUs must be hotpluggable. Valid values are
675 For hypervisors/platforms that require to insert multiple vCPUs at once
676 the order may be duplicated across all vCPUs that need to be
677 enabled at once. Specifying order is not necessary, vCPUs are then
678 added in an arbitrary order. If order info is used, it must be used for
679 all online vCPUs. Hypervisors may clear or update ordering information
680 during certain operations to assure valid configuration.
682 Note that hypervisors may create hotpluggable vCPUs differently from
683 boot vCPUs thus special initialization may be necessary.
685 Hypervisors may require that vCPUs enabled on boot which are not
686 hotpluggable are clustered at the beginning starting with ID 0. It may
687 be also required that vCPU 0 is always present and non-hotpluggable.
689 Note that providing state for individual CPUs may be necessary to enable
690 support of addressable vCPU hotplug and this feature may not be
691 supported by all hypervisors.
693 For QEMU the following conditions are required. vCPU 0 needs to be
694 enabled and non-hotpluggable. On PPC64 along with it vCPUs that are in
695 the same core need to be enabled as well. All non-hotpluggable CPUs
696 present at boot need to be grouped after vCPU 0.
698 </dd>
699 </dl>
702 <p>
703 IOThreads are dedicated event loop threads for supported disk
704 devices to perform block I/O requests in order to improve
705 scalability especially on an SMP host/guest with many LUNs.
707 </p>
709 <pre>
711 ...
713 ...
715 </pre>
716 <pre>
718 ...
725 ...
727 </pre>
729 <dl>
731 <dd>
732 The content of this optional element defines the number
733 of IOThreads to be assigned to the domain for use by
734 supported target storage devices. There
736 than one supported device assigned to each IOThread.
738 </dd>
740 <dd>
742 to specifically define the IOThread ID's for the domain. By default,
743 IOThread ID's are sequentially numbered starting from 1 through the
753 will be adjusted accordingly.
755 </dd>
756 </dl>
760 <pre>
762 ...
797 ...
799 </pre>
801 <dl>
803 <dd>
805 regarding the CPU tunable parameters for the domain.
807 </dd>
809 <dd>
811 physical CPUs the domain vCPU will be pinned to. If this is omitted,
813 not specified, the vCPU is pinned to all the physical CPUs by default.
817 (NB: Only qemu driver support)
819 </dd>
821 <dd>
823 physical CPUs the "emulator", a subset of a domain not including vCPU
824 or iothreads will be pinned to. If this is omitted, and attribute
826 "emulator" is pinned to all the physical CPUs by default. It contains
828 CPUs to pin to.
829 </dd>
831 <dd>
833 physical CPUs the IOThreads will be pinned to. If this is omitted
835 not specified, the IOThreads are pinned to all the physical CPUs
836 by default. There are two required attributes, the attribute
843 </dd>
845 <dd>
847 weighted share for the domain. If this is omitted, it defaults to
848 the OS provided defaults. NB, There is no unit for the value,
849 it's a relative measure based on the setting of other VM,
850 e.g. A VM configured with value
853 </dd>
855 <dd>
860 with value 0 means no value.
863 </dd>
865 <dd>
868 negative value indicates that the domain has infinite bandwidth for
869 vCPU threads, which means that it is not bandwidth controlled. The value
871 with value 0 means no value. You can use this feature to ensure that all
872 vCPUs run at the same speed.
875 </dd>
877 <dd>
879 enforcement CFS scheduler interval (unit: microseconds) for the whole
884 </dd>
886 <dd>
888 allowed bandwidth (unit: microseconds) within a period for the whole
890 value indicates that the domain has infinite bandwidth, which means that
891 it is not bandwidth controlled. The value should be in range
893 with value 0 means no value.
895 </dd>
898 <dd>
901 threads (those excluding vCPUs) of the domain will not be allowed to consume
905 </dd>
907 <dd>
909 allowed bandwidth (unit: microseconds) for domain's emulator threads (those
911 value indicates that the domain has infinite bandwidth for emulator threads
912 (those excluding vCPUs), which means that it is not bandwidth controlled.
914 quota with value 0 means no value.
916 </dd>
919 <dd>
921 enforcement interval (unit: microseconds) for IOThreads. Within
925 An iothread_period with value 0 means no value.
927 </dd>
929 <dd>
931 allowed bandwidth (unit: microseconds) for IOThreads. A domain with
933 domain IOThreads have infinite bandwidth, which means that it is
934 not bandwidth controlled. The value should be in range
936 with value 0 means no value. You can use this feature to ensure that
937 all IOThreads run at the same speed.
939 </dd>
943 <dd>
944 The optional
951 which vCPUs/IOThreads this setting applies to, leaving them out sets the
954 than the number of vCPU's defined for the
962 well (and is ignored for non-real-time ones). The value range
966 </dd>
969 <dd>
971 caches using the resctrl on the host. Whether or not is this supported
972 can be gathered from capabilities where some limitations like minimum
973 size and required granularity are reported as well. The required
976 allocation. The vCPUs specified by cachetune can be identical with those
977 in memorytune, however they are not allowed to overlap.
978 Supported subelements are:
979 <dl>
981 <dd>
982 This optional element controls the allocation of CPU cache and has
983 the following attributes:
984 <dl>
986 <dd>
987 Host cache level from which to allocate.
988 </dd>
990 <dd>
991 Host cache id from which to allocate.
992 </dd>
994 <dd>
997 for both code and data (unified). Currently the allocation can
998 be done only with the same type as the host supports, meaning
1000 (code/data prioritization) enabled.
1001 </dd>
1003 <dd>
1004 The size of the region to allocate. The value by default is in
1006 the value.
1007 </dd>
1009 <dd>
1010 If specified it is the unit such as KiB, MiB, GiB, or TiB
1014 </dd>
1015 </dl>
1016 </dd>
1018 <dd>
1020 monitor(s) for current cache allocation and has the following
1021 required attributes:
1022 <dl>
1024 <dd>
1025 Host cache level the monitor belongs to.
1026 </dd>
1028 <dd>
1029 vCPU list the monitor applies to. A monitor's vCPU list
1030 can only be the member(s) of the vCPU list of the associated
1031 allocation. The default monitor has the same vCPU list as the
1032 associated allocation. For non-default monitors, overlapping
1033 vCPUs are not permitted.
1034 </dd>
1035 </dl>
1036 </dd>
1037 </dl>
1038 </dd>
1041 <dd>
1043 memory bandwidth using the resctrl on the host. Whether or not is this
1044 supported can be gathered from capabilities where some limitations like
1045 minimum bandwidth and required granularity are reported as well. The
1047 allocation applies. A vCPU can only be member of one
1051 Supported subelements are:
1052 <dl>
1054 <dd>
1055 This element controls the allocation of CPU memory bandwidth and has the
1056 following attributes:
1057 <dl>
1059 <dd>
1060 Host node id from which to allocate memory bandwidth.
1061 </dd>
1063 <dd>
1064 The memory bandwidth to allocate from this node. The value by default
1065 is in percentage.
1066 </dd>
1067 </dl>
1068 </dd>
1069 </dl>
1070 </dd>
1071 </dl>
1076 <pre>
1078 ...
1082 ...
1084 </pre>
1086 <dl>
1088 <dd>The maximum allocation of memory for the guest at boot time. The
1089 memory allocation includes possible additional memory devices specified
1090 at start or hotplugged later.
1091 The units for this value are determined by the optional
1103 However, the value will be rounded up to the nearest kibibyte
1104 by libvirt, and may be further rounded to the granularity
1105 supported by the hypervisor. Some hypervisors also enforce a
1106 minimum, such as 4000KiB.
1112 can be used to control whether the guest memory should be
1117 (QEMU only)</span></dd>
1119 <dd>The run time maximum memory allocation of the guest. The initial
1121 the NUMA cell size configuration can be increased by hot-plugging of
1122 memory to the limit specified by this element.
1128 available for adding memory to the guest. The bounds are hypervisor
1129 specific.
1131 Note that due to alignment of the memory chunks added via memory
1132 hotplug the full size allocation specified by this element may be
1133 impossible to achieve.
1135 </dd>
1138 <dd>The actual allocation of memory for the guest. This value can
1139 be less than the maximum allocation, to allow for ballooning
1140 up the guests memory on the fly. If this is omitted, it defaults
1144 </dl>
1149 <pre>
1151 ...
1164 ...
1166 </pre>
1169 elements that influence how virtual memory pages are backed by host
1170 pages.</p>
1172 <dl>
1174 <dd>This tells the hypervisor that the guest should have its memory
1175 allocated using hugepages instead of the normal native page size.
1179 specifies which hugepages should be used (especially useful on systems
1180 supporting hugepages of different sizes). The default unit for the
1184 come handy as it ties given guest's NUMA nodes to certain hugepage
1185 sizes. From the example snippet, one gigabyte hugepages are used for
1186 every NUMA node except node number four. For the correct syntax see
1189 <dd>Instructs hypervisor to disable shared pages (memory merge, KSM) for
1192 <dd>When set and supported by the hypervisor, memory pages belonging
1193 to the domain will be locked in host's memory and the host will not
1194 be allowed to swap them out, which might be required for some
1195 workloads such as real-time. For QEMU/KVM guests, the memory used by
1196 the QEMU process itself will be locked too: unlike guest memory, this
1197 is an amount libvirt has no way of figuring out in advance, so it has
1198 to remove the limit on locked memory altogether. Thus, enabling this
1199 option opens up to a potential security risk: the host will be unable
1200 to reclaim the locked memory back from the guest when it's running out
1201 of memory, which means a malicious guest allocating large amounts of
1202 locked memory could cause a denial-of-service attack on the host.
1203 Because of this, using this option is discouraged unless your workload
1204 demands it; even then, it's highly recommended to set a
1207 suitable for the specific environment at the same time to mitigate
1211 provide "file" to utilize file memorybacking or keep the
1222 <dd>When set and supported by hypervisor the memory
1223 content is discarded just before guest shuts down (or
1224 when DIMM module is unplugged). Please note that this is
1225 just an optimization and is not guaranteed to work in
1226 all cases (e.g. when hypervisor crashes).
1228 </dd>
1229 </dl>
1234 <pre>
1236 ...
1243 ...
1245 </pre>
1247 <dl>
1250 regarding the memory tunable parameters for the domain. If this is
1251 omitted, it defaults to the OS provided defaults. For QEMU/KVM, the
1252 parameters are applied to the QEMU process as a whole. Thus, when
1253 counting them, one needs to add up guest RAM, guest video RAM, and
1254 some memory overhead of QEMU itself. The last piece is hard to
1255 determine so one needs guess and try. For each tunable, it
1256 is possible to designate which unit the number is in on
1257 input, using the same values as
1259 compatibility, output is always in
1262 Possible values for all *_limit parameters are in range from 0 to
1263 VIR_DOMAIN_MEMORY_PARAM_UNLIMITED.</dd>
1266 the guest can use. The units for this value are kibibytes (i.e. blocks
1267 of 1024 bytes). Users of QEMU and KVM are strongly advised not to set
1268 this limit as domain may get killed by the kernel if the guess is too
1269 low, and determining the memory needed for a process to run is an
1271 undecidable problem</a>; that said, if you already set
1274 workload demands it, you'll have to take into account the specifics of
1276 is large enough to support the memory requirements of your guest, but
1277 small enough to protect your host against a malicious guest locking all
1278 memory.</dd>
1281 enforce during memory contention. The units for this value are
1285 memory plus swap the guest can use. The units for this value are
1286 kibibytes (i.e. blocks of 1024 bytes). This has to be more than
1287 hard_limit value provided</dd>
1290 minimum memory allocation for the guest. The units for this value are
1291 kibibytes (i.e. blocks of 1024 bytes). This element is only supported
1292 by VMware ESX and OpenVZ drivers.</dd>
1293 </dl>
1298 <pre>
1300 ...
1306 ...
1308 </pre>
1310 <dl>
1312 <dd>
1314 how to tune the performance of a NUMA host via controlling NUMA policy
1315 for domain process. NB, only supported by QEMU driver.
1317 </dd>
1319 <dd>
1321 for the domain process on a NUMA host. It contains several optional
1323 'strict', or 'preferred', defaults to 'strict'. Attribute
1327 used to indicate the memory placement mode for domain process, its value
1330 "auto" indicates the domain process will only allocate memory from the
1331 advisory nodeset returned from querying numad, and the value of attribute
1337 be added implicitly.
1340 </dd>
1342 <dd>
1344 policies per each guest NUMA node. For those nodes having no
1347 addresses guest NUMA node for which the settings are applied.
1351 This setting is not compatible with automatic placement.
1353 </dd>
1354 </dl>
1358 <pre>
1360 ...
1376 ...
1378 </pre>
1380 <dl>
1383 to tune Blkio cgroup tunable parameters for the domain. If this is
1384 omitted, it defaults to the OS provided
1388 weight of the guest. The value should be in the range [100,
1393 that further tune the weights for each host block device in
1394 use by the domain. Note that
1396 single host block device, if they are backed by files within
1397 the same host file system, which is why this tuning parameter
1398 is at the global domain level rather than associated with each
1399 guest disk device (contrast this to
1401 element which can apply to an
1406 the relative weight of that device, in the range [100,
1409 Additionally, the following optional sub-elements can be used:
1410 <dl>
1412 <dd>Read throughput limit in bytes per second.
1415 <dd>Write throughput limit in bytes per second.
1418 <dd>Read I/O operations per second limit.
1421 <dd>Write I/O operations per second limit.
1423 </dl></dd></dl>
1428 <p>
1429 Hypervisors may allow for virtual machines to be placed into
1430 resource partitions, potentially with nesting of said partitions.
1432 related to resource partitioning. It currently supports a child
1434 of the resource partition in which to place the domain. If no
1435 partition is listed, then the domain will be placed in a default
1436 partition. It is the responsibility of the app/admin to ensure
1437 that the partition exists prior to starting the guest. Only the
1438 (hypervisor specific) default partition can be assumed to exist
1439 by default.
1440 </p>
1441 <pre>
1442 ...
1446 ...
1447 </pre>
1449 <p>
1450 Resource partitions are currently supported by the QEMU and
1451 LXC drivers, which map partition paths to cgroups directories,
1453 </p>
1457 <p>
1458 Requirements for CPU model, its features and topology can be specified
1459 using the following collection of elements.
1461 </p>
1463 <pre>
1464 ...
1472 ...</pre>
1474 <pre>
1479 ...</pre>
1481 <pre>
1485 ...</pre>
1487 <p>
1488 In case no restrictions need to be put on CPU model and its features, a
1491 </p>
1493 <pre>
1494 ...
1498 ...</pre>
1500 <dl>
1504 strictly the virtual CPU provided to the guest matches these
1510 <dl>
1512 <dd>The specified CPU model and features describes the minimum
1513 requested CPU. A better CPU will be provided to the guest if it
1514 is possible with the requested hypervisor on the current host.
1516 will not be created if the provided virtual CPU does not meet
1517 the requirements.</dd>
1520 <dd>The virtual CPU provided to the guest should exactly match the
1521 specification. If such CPU is not supported, libvirt will refuse
1522 to start the domain.</dd>
1525 <dd>The domain will not be created unless the host CPU exactly
1526 matches the specification. This is not very useful in practice
1527 and should only be used if there is a real reason.</dd>
1528 </dl>
1533 Sometimes the hypervisor is not able to create a virtual CPU exactly
1534 matching the specification passed by libvirt.
1536 attribute can be used to request a specific way of checking whether
1537 the virtual CPU matches the specification. It is usually safe to omit
1538 this attribute when starting a domain and stick with the default
1539 value. Once the domain starts, libvirt will automatically change the
1541 virtual CPU does not change when the domain is migrated to another
1542 host. The following values can be used:
1544 <dl>
1546 <dd>Libvirt does no checking and it is up to the hypervisor to
1547 refuse to start the domain if it cannot provide the requested CPU.
1548 With QEMU this means no checking is done at all since the default
1549 behavior of QEMU is to emit warnings, but start the domain anyway.
1550 </dd>
1553 <dd>Libvirt will check the guest CPU specification before starting
1554 a domain, but the rest is left on the hypervisor. It can still
1555 provide a different virtual CPU.</dd>
1558 <dd>The virtual CPU created by the hypervisor will be checked
1559 against the CPU specification and the domain will not be started
1560 unless the two CPUs match.</dd>
1561 </dl>
1564 attribute may be used to make it easier to configure a guest CPU to be
1565 as close to host CPU as possible. Possible values for the
1568 <dl>
1571 that should be presented to the guest. This is the default when no
1573 a persistent guest will see the same hardware no matter what host
1574 the guest is booted on.</dd>
1577 copying host CPU definition from capabilities XML into domain XML.
1578 Since the CPU definition is copied just before starting a domain,
1579 exactly the same XML can be used on different hosts while still
1580 providing the best guest CPU each host supports. The
1585 disabled specifically in addition to the host model. This may be
1586 used to fine tune features that can be emulated.
1588 Libvirt does not model every aspect of each CPU so
1589 the guest CPU will not match the host CPU exactly. On the other
1590 hand, the ABI provided to the guest is reproducible. During
1591 migration, complete CPU model definition is transferred to the
1592 destination host so the migrated guest will see exactly the same CPU
1593 model even if the destination host contains more capable CPUs for
1594 the running instance of the guest; but shutting down and restarting
1595 the guest may present different hardware to the guest according to
1596 the capabilities of the new host. Prior to libvirt 3.2.0 and QEMU
1597 2.9.0 detection of the host CPU model via QEMU is not supported.
1599 may not work as expected.
1601 works the way it was designed and it is indicated by the
1603 host-model CPU definition advertised in
1606 in the domain capabilities XML, it is recommended to use
1609 allows processors to run VMs in binary compatibility mode supporting
1610 an older version of ISA. Libvirt on PowerPC architecture uses the
1612 binary compatibility mode. Example:
1613 When a user needs a power7 VM to run in compatibility mode
1614 on a Power8 host, this can be described in XML as follows :
1615 <pre>
1619 ...</pre>
1620 </dd>
1622 <dd>With this mode, the CPU visible to the guest should be exactly
1623 the same as the host CPU even in the aspects that libvirt does not
1624 understand. Though the downside of this mode is that the guest
1625 environment cannot be reproduced on different hardware. Thus, if you
1626 hit any bugs, you are on your own. Further details of that CPU can
1628 using host-passthrough is dangerous if the source and destination
1629 hosts are not identical in both hardware and configuration. If such
1630 a migration is attempted then the guest may hang or crash upon
1631 resuming execution on the destination host.</dd>
1632 </dl>
1635 make sense when a domain can run directly on the host CPUs (for
1637 irrelevant for domains with emulated virtual CPUs (such as domains with
1640 emulated CPUs in which case the best CPU the hypervisor is able to
1641 emulate may be used rather then trying to mimic the host CPU model.
1642 </dd>
1646 requested by the guest. The list of available CPU models and their
1648 in libvirt's data directory. If a hypervisor is not able to use the
1649 exact CPU model, libvirt automatically falls back to a closest model
1650 supported by the hypervisor while maintaining the list of CPU
1653 in which case an attempt to start a domain requesting an unsupported
1658 vendor id seen by the guest. It must be exactly 12 characters long.
1659 If not set the vendor id of the host is used. Typical possible
1665 guest. If this element is missing, the guest can be run on a CPU
1666 matching given features regardless on its vendor. The list of
1671 virtual CPU provided to the guest. Three non-zero values have to be
1674 socket, and number of threads per core, respectively. Hypervisors may
1675 require that the maximum number of vCPUs specified by the
1677 from the topology.</dd>
1682 selected CPU model. The list of known feature names can be found in
1685 set to one of the following values:
1687 <dl>
1689 <dd>The virtual CPU will claim the feature is supported regardless
1690 of it being supported by host CPU.</dd>
1692 <dd>Guest creation will fail unless the feature is supported by the
1693 host CPU or the hypervisor is able to emulate it.</dd>
1695 <dd>The feature will be supported by virtual CPU if and only if it
1696 is supported by host CPU.</dd>
1700 <dd>Guest creation will fail if the feature is supported by host
1701 CPU.</dd>
1702 </dl>
1707 <p> Individual CPU feature names are specified as part of the
1709 the 'pcid' feature with Intel IvyBridge CPU model:
1710 </p>
1712 <pre>
1713 ...
1719 ...</pre>
1721 </dd>
1725 element describes the virtual CPU cache. If the element is missing,
1726 the hypervisor will use a sensible default.
1728 <dl>
1730 <dd>This optional attribute specifies which cache level is described
1731 by the element. Missing attribute means the element describes all
1734 attribute is forbidden.</dd>
1737 <dd>
1738 The following values are supported:
1739 <dl>
1744 <dd>The real CPU cache data reported by the host CPU will be
1745 passed through to the virtual CPU.</dd>
1748 <dd>The virtual CPU will report no CPU cache of the specified
1750 is missing).</dd>
1751 </dl>
1752 </dd>
1753 </dl>
1754 </dd>
1755 </dl>
1757 <p>
1760 </p>
1762 <pre>
1763 ...
1765 ...
1770 ...
1772 ...</pre>
1774 <p>
1778 in kibibytes (i.e. blocks of 1024 bytes).
1784 necessary in the code, otherwise the cells are
1787 is not recommended as it may result in unwanted behaviour.
1792 hugepages-backed memory and nvdimm modules.
1796 feature for given numa node as described under
1800 </p>
1802 <p>
1803 This guest NUMA specification is currently available only for
1804 QEMU/KVM and Xen.
1805 </p>
1807 <p>
1808 A NUMA hardware architecture supports the notion of distances
1810 is possible to define the distance between NUMA cells using the
1813 specify the distance value between sibling NUMA cells. For more
1814 details, see the chapter explaining the system's SLIT (System
1815 Locality Information Table) within the ACPI (Advanced
1816 Configuration and Power Interface) specification.
1817 </p>
1819 <pre>
1820 ...
1822 ...
1857 ...
1859 ...</pre>
1861 <p>
1862 Describing distances between NUMA cells is currently only supported
1864 the SLIT data between different cells, it will default to a scheme
1866 </p>
1870 <p>
1871 It is sometimes necessary to override the default actions taken
1872 on various events. Not all hypervisors support all events and actions.
1873 The actions may be taken as a result of calls to libvirt APIs
1876 </a>,
1879 </a>,
1880 or
1883 </a>.
1885 also trigger the event.
1886 </p>
1888 <pre>
1889 ...
1894 ...</pre>
1896 <p>
1897 The following collections of elements allow the actions to be
1898 specified when a guest OS triggers a lifecycle operation. A
1899 common use case is to force a reboot to be treated as a poweroff
1900 when doing the initial OS installation. This allows the VM to be
1901 re-configured for the first post-install bootup.
1902 </p>
1903 <dl>
1905 <dd>The content of this element specifies the action to take when
1906 the guest requests a poweroff.</dd>
1908 <dd>The content of this element specifies the action to take when
1909 the guest requests a reboot.</dd>
1911 <dd>The content of this element specifies the action to take when
1912 the guest crashes.</dd>
1913 </dl>
1915 <p>
1916 Each of these states allow for the same four possible actions.
1917 </p>
1919 <dl>
1921 <dd>The domain will be terminated completely and all resources
1922 released.</dd>
1924 <dd>The domain will be terminated and then restarted with
1925 the same configuration.</dd>
1927 <dd>The domain will be terminated and its resource preserved
1928 to allow analysis.</dd>
1930 <dd>The domain will be terminated and then restarted with
1931 a new name.</dd>
1932 </dl>
1934 <p>
1941 </p>
1943 <p>
1946 </p>
1948 <dl>
1950 <dd>The crashed domain's core will be dumped, and then the
1951 domain will be terminated completely and all resources
1952 released</dd>
1954 <dd>The crashed domain's core will be dumped, and then the
1955 domain will be restarted with the same configuration</dd>
1956 </dl>
1958 <p>
1960 be configured via the
1963 </p>
1965 <p>
1968 taken when a lock manager loses resource locks. The following
1969 actions are recognized by libvirt, although not all of them need
1970 to be supported by individual lock managers. When no action is
1971 specified, each lock manager will take its default action.
1972 </p>
1973 <dl>
1977 <dd>The domain will be powered off and started up again to
1978 reacquire its locks.</dd>
1980 <dd>The domain will be paused so that it can be manually resumed
1981 when lock issues are solved.</dd>
1984 </dl>
1988 <p>
1990 forcibly enable or disable BIOS advertisements to the guest
1991 OS. (NB: Only qemu driver support)
1992 </p>
1994 <pre>
1995 ...
2000 ...</pre>
2002 <dl>
2004 <dd>These elements enable ('yes') or disable ('no') BIOS support
2005 for S3 (suspend-to-mem) and S4 (suspend-to-disk) ACPI sleep
2006 states. If nothing is specified, then the hypervisor will be
2007 left with its default value.<br/>
2008 Note: This setting cannot prevent the guest OS from performing
2009 a suspend as the guest OS itself can choose to circumvent the
2010 unavailability of the sleep states (e.g. S4 by turning off
2011 completely).</dd>
2012 </dl>
2016 <p>
2017 Hypervisors may allow certain CPU / machine features to be
2018 toggled on/off.
2019 </p>
2021 <pre>
2022 ...
2060 ...</pre>
2062 <p>
2064 element, omitting a togglable feature tag turns it off.
2065 The available features can be found by asking
2068 but a common set for fully virtualized domains are:
2069 </p>
2071 <dl>
2076 <dd>ACPI is useful for power management, for example, with
2077 KVM guests it is required for graceful shutdown to work.
2078 </dd>
2080 <dd>APIC allows the use of programmable IRQ
2084 Interrupt) for the guest.
2085 </dd>
2090 of Hardware Assisted Paging.
2091 </dd>
2093 <dd>Enable Viridian hypervisor extensions for paravirtualizing
2094 guest operating systems
2095 </dd>
2097 <dd>Always create a private network namespace. This is
2098 automatically set if any interface devices are defined.
2099 This feature is only relevant for container based
2100 virtualization drivers, such as LXC.
2101 </dd>
2103 <dd>Enable various features improving behavior of guests
2104 running Microsoft Windows.
2106 <tr>
2111 </tr>
2112 <tr>
2117 </tr>
2118 <tr>
2123 </tr>
2124 <tr>
2129 </tr>
2130 <tr>
2135 </tr>
2136 <tr>
2141 </tr>
2142 <tr>
2147 </tr>
2148 <tr>
2153 </tr>
2154 <tr>
2159 </tr>
2160 <tr>
2165 </tr>
2166 <tr>
2171 </tr>
2172 <tr>
2177 </tr>
2178 <tr>
2183 </tr>
2184 <tr>
2189 </tr>
2190 <tr>
2195 </tr>
2196 </table>
2197 </dd>
2199 <dd>Notify the guest that the host supports paravirtual spinlocks
2200 for example by exposing the pvticketlocks mechanism. This feature
2202 attribute.
2203 </dd>
2205 <dd>Various features to change the behavior of the KVM hypervisor.
2207 <tr>
2212 </tr>
2213 <tr>
2218 </tr>
2219 </table>
2220 </dd>
2224 performance monitoring unit for the guest.
2226 </dd>
2230 the emulation of VMware IO port, for vmmouse etc.
2232 </dd>
2234 <dd>Enable for architectures using a General Interrupt
2235 Controller instead of APIC in order to handle interrupts.
2236 For example, the 'aarch64' architecture uses
2239 however, it may not be supported by all hypervisors. Accepted
2242 </dd>
2244 <dd>
2245 <p>
2248 System Management Mode.
2251 the amount of memory dedicated to SMM's extended TSEG. That offers a
2253 MiB) that the guest OS (or rather loader) can choose from. The size
2254 can be specified as a value of that element, optional attribute
2256 aforementioned value (defaults to 'MiB'). If set to 0 the extended
2257 size is not advertised and only the default ones (see above) are
2258 available.
2259 </p><p>
2260 <b>If the VM is booting you should leave this option alone, unless you
2261 are very certain you know what you are doing.</b>
2262 </p><p>
2263 This value is configurable due to the fact that the calculation cannot
2264 be done right with the guarantee that it will work correctly. In
2265 QEMU, the user-configurable extended TSEG feature was unavailable up
2272 based on the loader the VM is using.
2273 </p><p>
2274 Additional size might be needed for significantly higher vCPU counts
2275 or increased address space (that can be memory, maxMemory, 64-bit PCI
2277 which can also be rounded up.
2278 </p><p>
2279 Due to the nature of this setting being similar to "how much RAM
2280 should the guest have" users are advised to either consult the
2281 documentation of the guest OS or loader (if there is any), or test
2282 this by trial-and-error changing the value until the VM boots
2283 successfully. Yet another guiding value for users might be the fact
2286 unavailable RAM might be too much for small guests (e.g. with 512 MiB
2287 of RAM).
2288 </p><p>
2292 </p>
2293 </dd>
2295 <dd>Tune the I/O APIC. Possible values for the
2299 which is also known as a split I/O APIC mode.
2301 </dd>
2303 <dd>Configure the HPT (Hash Page Table) of a pSeries guest. Possible
2307 causes HPT resizing to be disabled regardless of guest and host
2309 starting unless both the guest and the host support HPT resizing. If
2310 the attribute is not defined, the hypervisor default will be used.
2314 limit the usable page size for HPT guests. Common values are 64 KiB,
2317 </dd>
2319 <dd>Enable QEMU vmcoreinfo device to let the guest kernel save debug
2321 </dd>
2323 <dd>Configure HTM (Hardware Transational Memory) availability for
2326 defined, the hypervisor default will be used.
2328 </dd>
2330 <dd>Configure nested HV availability for pSeries guests. This needs to
2331 be enabled from the host (L0) in order to be effective; having HV
2332 support in the (L1) guest is very desiderable if it's planned to
2333 run nested (L2) guests inside it, because it will result in those
2334 nested guests having much better performance than they would when
2335 using KVM PR or TCG.
2338 defined, the hypervisor default will be used.
2340 </dd>
2342 <dd>Some guests might require ignoring unknown
2343 Model Specific Registers (MSRs) reads and writes. It's possible
2347 will not be ignored.
2349 </dd>
2350 </dl>
2354 <p>
2355 The guest clock is typically initialized from the host clock.
2356 Most operating systems expect the hardware clock to be kept
2357 in UTC, and this is the default. Windows, however, expects
2358 it to be in so called 'localtime'.
2359 </p>
2361 <pre>
2362 ...
2369 ...</pre>
2371 <dl>
2373 <dd>
2375 values, allowing fine grained control over how the guest
2376 clock is synchronized to the host. NB, not all hypervisors
2377 support all modes.</p>
2378 <dl>
2380 <dd>
2381 The guest clock will always be synchronized to UTC when
2382 booted.
2384 to 'variable' mode, which can be controlled by using the
2386 conversion is never done (not all hypervisors can
2387 synchronize to UTC on each boot; use of 'reset' will cause
2388 an error on those hypervisors). A numeric value
2389 forces the conversion to 'variable' mode using the value as the
2391 hypervisor specific.
2392 </dd>
2394 <dd>
2395 The guest clock will be synchronized to the host's configured
2396 timezone when booted, if any.
2398 attribute behaves the same as in 'utc' mode.
2399 </dd>
2401 <dd>
2402 The guest clock will be synchronized to the requested timezone
2405 </dd>
2407 <dd>
2408 The guest clock will have an arbitrary offset applied
2410 attribute. The delta relative to UTC (or localtime) is specified
2412 The guest is free to adjust the RTC over time and expect
2413 that it will be honored at next reboot. This is in
2414 contrast to 'utc' and 'localtime' mode (with the optional
2415 attribute adjustment='reset'), where the RTC adjustments are
2418 attribute can be either 'utc' (default) or 'localtime'.
2419 </dd>
2420 </dl>
2421 <p>
2425 </p>
2426 </dd>
2428 <dd>
2429 <p>
2431 and has other optional attributes that depend on
2433 support different combinations of attributes.
2434 </p>
2435 <dl>
2437 <dd>
2439 being modified, and can be one of
2440 "platform" (currently unsupported),
2446 reference time counter and the reference page for iTSC
2447 feature for guests running the Microsoft Windows
2448 operating system.
2449 </dd>
2451 <dd>
2456 </dd>
2458 <dd>
2459 <p>
2461 happens when QEMU misses a deadline for injecting a
2462 tick to the guest:
2463 </p>
2464 <dl>
2466 <dd>Continue to deliver ticks at the normal rate.
2467 The guest time will be delayed due to the late
2468 tick</dd>
2470 <dd>Deliver ticks at a higher rate to catch up
2471 with the missed tick. The guest time should
2472 not be delayed once catchup is complete.</dd>
2474 <dd>Merge the missed tick(s) into one tick and
2475 inject. The guest time may be delayed, depending
2476 on how the OS reacts to the merging of ticks</dd>
2478 <dd>Throw away the missed tick(s) and continue
2479 with future injection normally. The guest time
2480 may be delayed, unless the OS has explicit
2481 handling of lost ticks</dd>
2482 </dl>
2485 <dl>
2487 <dd>
2489 attributes, each a positive integer. The attributes
2492 </dd>
2493 </dl>
2494 <p>
2495 Note that hypervisors are not required to support all policies across all time sources
2496 </p>
2497 </dd>
2499 <dd>
2501 integer specifying the frequency at
2503 </dd>
2505 <dd>
2509 Other timers are always emulated.
2510 </dd>
2512 <dd>
2514 specify whether a particular timer is available to the guest.
2515 </dd>
2516 </dl>
2517 </dd>
2518 </dl>
2522 <p>
2523 Some platforms allow monitoring of performance of the virtual machine and
2524 the code executed inside. To enable the performance monitoring events
2527 are then retrieved using the virConnectGetAllDomainStats API.
2529 </p>
2531 <pre>
2532 ...
2557 ...
2558 </pre>
2561 <tr>
2565 </tr>
2566 <tr>
2570 </tr>
2571 <tr>
2575 </tr>
2576 <tr>
2580 </tr>
2581 <tr>
2585 </tr>
2586 <tr>
2590 </tr>
2591 <tr>
2595 </tr>
2596 <tr>
2600 </tr>
2601 <tr>
2605 </tr>
2606 <tr>
2610 </tr>
2611 <tr>
2615 </tr>
2616 <tr>
2618 <td>the count of stalled CPU cycles in the frontend of the instruction
2619 processor pipeline by applications running on the platform</td>
2621 </tr>
2622 <tr>
2624 <td>the count of stalled CPU cycles in the backend of the instruction
2625 processor pipeline by applications running on the platform</td>
2627 </tr>
2628 <tr>
2630 <td>the count of total CPU cycles not affected by CPU frequency scaling
2631 by applications running on the platform</td>
2633 </tr>
2634 <tr>
2636 <td>the count of CPU clock time, as measured by a monotonic
2637 high-resolution per-CPU timer, by applications running on
2638 the platform</td>
2640 </tr>
2641 <tr>
2643 <td>the count of task clock time, as measured by a monotonic
2644 high-resolution CPU timer, specific to the task that
2645 is run by applications running on the platform</td>
2647 </tr>
2648 <tr>
2650 <td>the count of page faults by applications running on the
2651 platform. This includes minor, major, invalid and other
2652 types of page faults</td>
2654 </tr>
2655 <tr>
2657 <td>the count of context switches by applications running on
2658 the platform</td>
2660 </tr>
2661 <tr>
2663 <td>the count of CPU migrations, that is, where the process
2664 moved from one logical processor to another, by
2665 applications running on the platform</td>
2667 </tr>
2668 <tr>
2670 <td>the count of minor page faults, that is, where the
2671 page was present in the page cache, and therefore
2672 the fault avoided loading it from storage, by
2673 applications running on the platform</td>
2675 </tr>
2676 <tr>
2678 <td>the count of major page faults, that is, where the
2679 page was not present in the page cache, and
2680 therefore had to be fetched from storage, by
2681 applications running on the platform</td>
2683 </tr>
2684 <tr>
2686 <td>the count of alignment faults, that is when
2687 the load or store is not aligned properly, by
2688 applications running on the platform</td>
2690 </tr>
2691 <tr>
2693 <td>the count of emulation faults, that is when
2694 the kernel traps on unimplemented instrucions
2695 and emulates them for user space, by
2696 applications running on the platform</td>
2698 </tr>
2699 </table>
2703 <p>
2704 The final set of XML elements are all used to describe devices
2705 provided to the guest domain. All devices occur as children
2708 </p>
2710 <pre>
2711 ...
2715 ...</pre>
2717 <dl>
2719 <dd>
2721 the fully qualified path to the device model emulator binary.
2723 the recommended default emulator to use for each particular
2724 domain type / architecture combination.
2725 </dd>
2726 </dl>
2728 <p>
2729 To help users identifying devices they care about, every
2732 store identifier for the device. The identifier has to have
2733 "ua-" prefix and must be unique within the domain. Additionally, the
2734 identifier must consist only of the following characters:
2737 </p>
2739 <pre>
2747 ...
2749 </pre>
2753 <p>
2754 Any device that looks like a disk, be it a floppy, harddisk,
2756 element.
2757 </p>
2759 <pre>
2760 ...
2775 ...
2779 ...
2782 ...
2926 ...</pre>
2928 <dl>
2931 describing disks and supports the following attributes:
2932 <dl>
2934 <dd>
2939 and refer to the underlying source for the disk.
2941 </dd>
2943 <dd>
2944 Indicates how the disk is to be exposed to the guest OS. Possible
2946 defaulting to "disk".
2947 <p>
2954 virtual Host Bus Adapter (vHBA) using a Fibre Channel storage pool.
2955 Configured in this manner, the LUN behaves identically to "disk",
2956 except that generic SCSI commands from the guest are accepted
2957 and passed through to the physical device. Also note that
2958 device='lun' will only be recognized for actual raw devices,
2959 but never for individual partitions or LVM partitions (in those
2960 cases, the kernel will reject the generic SCSI commands, making
2961 it identical to device='disk').
2963 </p>
2964 </dd>
2966 <dd>
2967 Indicates the emulated device model of the disk. Typically
2971 "virtio". See
2973 for more details.
2975 </dd>
2977 <dd>
2978 Indicates whether the disk needs rawio capability. Valid
2980 in a domain has rawio='yes', rawio capability will be enabled
2981 for all disks in the domain (because, in the case of QEMU, this
2982 capability can only be set on a per-process basis). This attribute
2984 to confine the capability per-device, however, current QEMU
2985 implementation gives the domain process broader capability
2986 than that (per-process basis, affects all the domain disks).
2987 To confine the capability as much as possible for QEMU driver
2991 </dd>
2993 <dd>
2994 If supported by the hypervisor and OS, indicates whether
2995 unprivileged SG_IO commands are filtered for the disk. Valid
2999 </dd>
3001 <dd>
3002 Indicates the default behavior of the disk during disk snapshots:
3003 "<code>internal</code>" requires a file format such as qcow2 that
3004 can store both the snapshot and the data changes since the snapshot;
3005 "<code>external</code>" will separate the snapshot from the live
3006 data; and "<code>no</code>" means the disk will not participate in
3007 snapshots. Read-only disks default to "<code>no</code>", while the
3008 default for other disks depends on the hypervisor's capabilities.
3009 Some hypervisors allow a per-snapshot choice as well, during
3011 Not all snapshot modes are supported; for example, enabling
3012 snapshots with a transient disk generally does not make sense.
3014 </dd>
3015 </dl>
3016 </dd>
3020 <dl>
3022 <dd>
3024 path to the file holding the disk.
3026 </dd>
3028 <dd>
3030 to the host device to serve as the disk.
3032 </dd>
3034 <dd>
3036 to the directory to use as the disk.
3038 </dd>
3040 <dd>
3042 access to the requested image. Possible values are "nbd",
3047 is mandatory to specify which volume/image will be used.
3048 </p>
3053 a TLS environment can also be globally controlled on the host by
3055 /etc/libvirt/qemu.conf.
3057 </p>
3061 separated from the target's name by a slash (e.g.,
3063 specified, the default LUN is zero.
3064 </p>
3068 HyperScale server. Additionally, an optional attribute
3070 VxHS block device would utilize a hypervisor configured TLS
3071 X.509 certificate environment in order to encrypt the data
3072 channel. For the QEMU hypervisor, usage of a TLS environment can
3073 also be globally controlled on the host by the
3078 libvirt will use the host configured TLS environment. If the
3080 the qemu.conf setting, TLS authentication will be attempted.
3081 </p>
3083 </dd>
3085 <dd>
3086 The underlying disk source is represented by attributes
3090 by libvirt) where the disk source resides. Attribute
3092 by libvirt) used as the disk source. The value for the
3095 <p>
3098 represent the LUN as the disk source. Valid values are
3100 the default is to use "host".
3105 the disk source to generate the libiscsi URI (e.g.
3109 LUN's path as it shows up on host (e.g.
3112 Using a LUN from an iSCSI source pool provides the same
3115 of 'lun' with respect to how the LUN is presented to and
3116 may be used by the guest.
3119 </p>
3120 </dd>
3121 </dl>
3125 used to override the domain security labeling policy for just
3127 is only valid when the specified storage volume is of 'file' or
3128 'block' type).
3129 <p>
3133 </p>
3134 <p>
3136 </p>
3138 <dl>
3140 <dd>
3141 <p>
3144 specify the hosts to connect.
3148 the port number, transport type and path to socket, respectively.
3149 The meaning of this element and the number of the elements depend
3150 on the protocol attribute.
3151 </p>
3153 <tr>
3158 </tr>
3159 <tr>
3164 </tr>
3165 <tr>
3170 </tr>
3171 <tr>
3176 </tr>
3177 <tr>
3182 </tr>
3183 <tr>
3188 </tr>
3189 <tr>
3194 </tr>
3195 </table>
3196 <p>
3200 transport is "unix", the socket attribute specifies the path to an
3201 AF_UNIX socket.
3202 </p>
3203 </dd>
3205 <dd>
3207 optionally specify an internal snapshot name to be used as the
3208 source for storage protocols.
3210 </dd>
3212 <dd>
3214 provides a fully qualified path to a configuration file to be
3215 provided as a parameter to the client of a networked storage
3217 (QEMU only).</span>
3218 </dd>
3225 authentication credentials needed to access the source. It
3227 identifies the username to use during authentication, as well
3231 holds the actual password or other credentials (the domain XML
3232 intentionally does not expose the password, only the reference
3233 to the object that does manage the password).
3234 Known secret types are "ceph" for Ceph RBD network sources and
3235 "iscsi" for CHAP authentication of iSCSI targets.
3238 attribute matching the key that was specified in the
3239 secret object.
3240 </dd>
3245 If present, specifies how the storage source is encrypted
3246 See the
3248 page for more information.
3249 <p/>
3250 Note that the 'qcow' format of encryption is broken and thus is no
3251 longer supported for use with disk images.
3253 </dd>
3258 If present it enables persistent reservations for SCSI
3259 based disks. The element has one mandatory attribute
3262 and manages any resources needed. When the persistent reservations
3263 are unmanaged, then the hypervisor acts as a client and the path to
3264 the server socket must be provided in the child element
3266 attributes:
3271 It's recommended to allow libvirt manage the persistent
3272 reservations.
3273 </dd>
3280 initiator IQN needed to access the source via mandatory
3282 </dd>
3283 </dl>
3285 <p>
3288 policy what to do with the disk if the source file is not accessible.
3290 the specified storage volume is of "file" type). This is done by the
3293 accepting these values:
3294 </p>
3296 <tr>
3299 </tr>
3300 <tr>
3302 <td> fail if missing on boot up,
3303 drop if missing on migrate/restore/revert </td>
3304 </tr>
3305 <tr>
3308 </tr>
3309 </table>
3310 <p>
3312 is extended to support hard disks besides cdrom and floppy. On guest
3313 cold bootup, if a certain disk is not accessible or its disk chain is
3314 broken, with startupPolicy 'optional' the guest will drop this disk.
3315 This feature doesn't support migration currently.
3316 </p>
3317 </dd>
3319 <dd>
3320 This element describes the backing store used by the disk
3322 currently ignored on input and only used for output to
3323 describe the detected backing chains of running
3325 future version of libvirt may start accepting chains on input,
3326 or output information for offline domains). An
3328 source is self-contained and is not based on any backing
3329 store. For backing chain information to be accurate, the
3330 backing format must be correctly specified in the metadata of
3331 each file of the chain (files created by libvirt satisfy this
3332 property, but using existing external files for snapshot or
3333 block copy operations requires the end user to pre-create the
3334 file correctly). The following attributes are
3336 <dl>
3338 <dd>
3340 by the backing store, see disk type attribute above for more
3341 details and possible values.
3342 </dd>
3344 <dd>
3345 This attribute is only valid in output (and ignored on input) and
3346 it can be used to refer to a specific part of the disk chain when
3347 doing block operations (such as via the
3351 </dd>
3352 </dl>
3354 <dl>
3356 <dd>
3358 attribute which specifies the internal format of the backing
3360 </dd>
3362 <dd>
3365 or network location contains the data of the described backing
3366 store.
3367 </dd>
3369 <dd>
3370 If the backing store is not self-contained, the next element
3372 element.
3373 </dd>
3374 </dl>
3375 </dd>
3377 <dd>
3378 This element is present if the hypervisor has started a
3379 long-running block job operation, where the mirror location in
3381 same contents as the source, and with the file format in the
3385 of the mirror, similar to what is done for the
3387 attribute mentions which API started the operation ("copy" for
3396 not present, the disk is probably still
3397 copying. For now, this element only valid in output; it is
3400 Older libvirt supported only block copy to a
3402 compatibility with older clients, such jobs include redundant
3405 </dd>
3408 under which the disk is exposed to the guest
3410 device name. The actual device name specified is not
3411 guaranteed to map to the device name in the guest OS. Treat it
3413 attribute specifies the type of disk device to emulate;
3414 possible values are driver specific, with typical values being
3417 type is inferred from the style of the device name (e.g. a device named
3418 'sda' will typically be exported using a SCSI bus). The optional
3420 removable disks (i.e. CDROM or Floppy disk), the value can be either
3424 removable flag for USB disks, and its value can be either "on"
3430 </dd>
3433 ability to provide additional per-device I/O tuning, with
3434 values that can vary for each device (contrast this to
3436 element, which applies globally to the domain). Currently,
3437 the only tuning available is Block I/O throttling for qemu.
3438 This element has optional sub-elements; any sub-element not
3439 specified or given with a value of 0 implies no
3441 <dl>
3444 total throughput limit in bytes per second. This cannot
3449 read throughput limit in bytes per second.</dd>
3452 write throughput limit in bytes per second.</dd>
3455 total I/O operations per second. This cannot
3460 read I/O operations per second.</dd>
3463 write I/O operations per second.</dd>
3466 maximum total throughput limit in bytes per second. This cannot
3471 maximum read throughput limit in bytes per second.</dd>
3474 maximum write throughput limit in bytes per second.</dd>
3477 maximum total I/O operations per second. This cannot
3482 maximum read I/O operations per second.</dd>
3485 maximum write I/O operations per second.</dd>
3488 size of I/O operations per second.
3489 <p>
3491 </p>
3492 </dd>
3495 to share I/O throttling quota between multiple drives. This
3496 prevents end-users from circumventing a hosting provider's
3497 throttling policy by splitting 1 large drive in N small drives
3498 and getting N times the normal throttling quota. Any name may
3499 be used.
3500 <p>
3502 </p>
3503 </dd>
3506 element is the maximum duration in seconds for the
3511 element is the maximum duration in seconds for the
3516 element is the maximum duration in seconds for the
3521 element is the maximum duration in seconds for the
3526 element is the maximum duration in seconds for the
3531 element is the maximum duration in seconds for the
3534 <p>
3536 </p>
3537 </dd>
3538 </dl>
3539 </dd>
3541 <dd>
3542 The optional driver element allows specifying further details
3543 related to the hypervisor driver used to provide the disk.
3545 <ul>
3546 <li>
3547 If the hypervisor supports multiple backend drivers, then
3550 attribute provides the sub-type. For example, xen
3554 "qed".
3555 </li>
3556 <li>
3560 "writethrough", but it bypasses the host page cache) and
3561 "unsafe" (host may cache all disk io, and sync requests from
3562 guest are ignored).
3564 Since 0.6.0,
3567 </span>
3568 </li>
3569 <li>
3571 how the hypervisor will behave on a disk read or write
3575 hypervisor. There is also an
3579 is used for both read and write errors. If rerror_policy
3581 read errors. Also note that "enospace" is not a valid
3584 given, the read error policy will be left at its default.
3585 </li>
3586 <li>
3588 policies on I/O; qemu guests support "threads" and
3590 </li>
3591 <li>
3594 domain I/O asynchronous handling</a> for disk device.
3595 The default is left to the discretion of the hypervisor.
3597 qemu to execute VM while a separate thread handles I/O.
3598 Typically guests experiencing high system CPU utilization
3599 during I/O will benefit from this. On the other hand,
3600 on overloaded host it could increase guest I/O latency.
3602 <b>In general you should leave this option alone, unless you
3603 are very certain you know what you are doing.</b>
3604 </li>
3605 <li>
3607 some aspects of device event processing. The value can be
3608 either 'on' or 'off' - if it is on, it will reduce the
3609 number of interrupts and exits for the guest. The default
3610 is determined by QEMU; usually if the feature is
3611 supported, default is on. In case there is a situation
3612 where this behavior is suboptimal, this attribute provides
3613 a way to force the feature off.
3615 <b>In general you should leave this option alone, unless you
3616 are very certain you know what you are doing.</b>
3617 </li>
3618 <li>
3620 whether to copy read backing file into the image file. The
3622 Copy-on-read avoids accessing the same backing file sectors
3623 repeatedly and is useful when the backing file is over a slow
3624 network. By default copy-on-read is off.
3626 </li>
3627 <li>
3630 ignored or passed to the filesystem. The value can be either
3632 (ignore the discard request).
3634 </li>
3635 <li>
3638 "unmap". First two values turn the detection off and on,
3639 respectively. The third value ("unmap") turns the detection on
3640 and additionally tries to discard such areas from the image based
3643 detection is a compute intensive operation, but can save file
3644 space and/or time on slow media.
3646 </li>
3647 <li>
3649 disk to an IOThread as defined by the range for the domain
3651 value. Multiple disks may be assigned to the same IOThread and
3652 are numbered from 1 to the domain iothreads value. Available
3656 </li>
3657 <li>
3660 </li>
3661 <li>
3662 For virtio disks,
3665 </li>
3666 </ul>
3667 </dd>
3670 backend domain (aka driver domain) hosting the disk. Use the
3673 </dd>
3676 attribute determines the order in which devices will be tried during
3677 boot sequence. On the S390 architecture only the first boot device is
3679 string which can be queried by guests on S390 via sclp or diag 308.
3683 with general boot elements in
3686 </dd>
3691 volume is encrypted using "qcow". See the
3693 for more information.
3694 </dd>
3696 <dd>If present, this indicates the device cannot be modified by
3697 the guest. For now, this is the default for disks with
3699 </dd>
3701 <dd>If present, this indicates the device is expected to be shared
3702 between domains (assuming the hypervisor and OS support this),
3703 which means that caching should be deactivated for that device.
3704 </dd>
3706 <dd>If present, this indicates that changes to the device
3707 contents should be reverted automatically when the guest
3708 exits. With some hypervisors, marking a disk transient
3709 prevents the domain from participating in migration or
3711 </dd>
3713 <dd>If present, this specify serial number of virtual hard drive.
3714 For example, it may look
3716 Not supported for scsi-block devices, that is those using
3720 </dd>
3722 <dd>If present, this element specifies the WWN (World Wide Name)
3723 of a virtual hard disk or CD-ROM drive. It must be composed
3724 of 16 hexadecimal digits.
3726 </dd>
3728 <dd>If present, this element specifies the vendor of a virtual hard
3729 disk or CD-ROM device. It must not be longer than 8 printable
3730 characters.
3732 </dd>
3734 <dd>If present, this element specifies the product of a virtual hard
3735 disk or CD-ROM device. It must not be longer than 16 printable
3736 characters.
3738 </dd>
3741 to a given slot of a controller (the
3743 inferred by libvirt, although it can
3750 Multifunction defaults to 'off'; any other value requires
3752 "drive" controller, additional attributes
3755 are available, each defaulting to 0.
3756 </dd>
3766 </dd>
3769 ability to override geometry settings. This mostly useful for
3771 <dl>
3774 number of cylinders. </dd>
3777 number of heads. </dd>
3780 number of sectors per track. </dd>
3783 BIOS-Translation-Modus (none, lba or auto)</dd>
3784 </dl>
3785 </dd>
3788 to override any of the block device properties listed below.
3790 <dl>
3792 <dd>The logical block size the disk will report to the guest
3793 OS. For Linux this would be the value returned by the
3794 BLKSSZGET ioctl and describes the smallest units for disk
3795 I/O.
3796 </dd>
3798 <dd>The physical block size the disk will report to the guest
3799 OS. For Linux this would be the value returned by the
3800 BLKPBSZGET ioctl and describes the disk's hardware sector
3801 size which can be relevant for the alignment of disk data.
3802 </dd>
3803 </dl>
3804 </dd>
3805 </dl>
3809 <p>
3810 A directory on the host that can be accessed directly from the guest.
3812 </p>
3814 <pre>
3815 ...
3834 ...
3836 ...</pre>
3838 <dl>
3840 <dd>
3845 <dl>
3847 <dd>
3848 A host directory to mount in the guest. Used by LXC,
3852 This mode also has an optional
3858 the host page cache; omitting the attribute gives default behavior,
3860 is immediately triggered for all pages touched during a guest file
3862 </dd>
3864 <dd>
3865 OpenVZ filesystem template. Only used by OpenVZ driver.
3866 </dd>
3868 <dd>
3869 A host file will be treated as an image and mounted in
3870 the guest. The filesystem format will be autodetected.
3871 Only used by LXC driver.
3872 </dd>
3874 <dd>
3875 A host block device to mount in the guest. The filesystem
3876 format will be autodetected. Only used by LXC driver
3878 </dd>
3880 <dd>
3881 An in-memory filesystem, using memory from the host OS.
3883 which gives the memory usage limit in KiB, unless units
3885 by LXC driver.
3888 <dd>
3889 A directory inside the guest will be bound to another
3890 directory inside the guest. Only used by LXC driver
3892 </dl>
3895 which specifies the security mode for accessing the source
3898 values are:
3900 <dl>
3902 <dd>
3905 one is not specified.
3907 </dd>
3909 <dd>
3911 hypervisor (QEMU process).
3913 </dd>
3915 <dd>
3916 Similar to 'passthrough', the exception is that failure of
3917 privileged operations like 'chown' are ignored. This makes a
3918 passthrough-like mode usable for people who run the hypervisor
3919 as non-root.
3921 </dd>
3922 </dl>
3928 for more details.
3929 </dd>
3932 <dd>
3933 The optional driver element allows specifying further details
3934 related to the hypervisor driver used to provide the filesystem.
3936 <ul>
3937 <li>
3938 If the hypervisor supports multiple backend drivers, then
3941 attribute provides the format type. For example, LXC
3944 or "handle", but no formats. Virtuozzo driver supports
3946 </li>
3947 <li>
3948 For virtio-backed devices,
3951 </li>
3952 </ul>
3953 </dd>
3956 <dd>
3957 The resource on the host that is being accessed in the guest. The
3963 </dd>
3966 <dd>
3968 most drivers this is an automatic mount point, but for QEMU/KVM
3969 this is merely an arbitrary string tag that is exported to the
3970 guest as a hint for where to mount.
3971 </dd>
3974 <dd>
3975 Enables exporting filesystem as a readonly mount for guest, by
3976 default read-write access is given (currently only works for
3977 QEMU/KVM driver).
3978 </dd>
3981 <dd>
3982 Maximum space available to this guest's filesystem.
3984 </dd>
3987 <dd>
3988 Maximum space available to this guest's filesystem. The container is
3989 permitted to exceed its soft limits for a grace period of time. Afterwards the
3990 hard limit is enforced.
3992 </dd>
3993 </dl>
3997 <p>
3999 sub-element to describe where the device is placed on the
4000 virtual bus presented to the guest. If an address (or any
4001 optional attribute within an address) is omitted on
4002 input, libvirt will generate an appropriate address; but an
4003 explicit address is required if more control over layout is
4004 required. See below for device examples including an address
4005 element.
4006 </p>
4008 <p>
4010 describes which bus the device is on. The choice of which
4011 address to use for a given device is constrained in part by the
4012 device and the architecture of the guest. For example,
4018 Each address type has further optional attributes that control
4019 where on the bus the device will be placed:
4020 </p>
4022 <dl>
4024 <dd>PCI addresses have the following additional
4031 turning on the multifunction bit for a particular
4032 slot/function in the PCI control register
4035 but should be set to 'on' for function 0 of a slot that will
4036 have multiple functions used.
4038 depending on the architecture are supported. For example, PCI
4043 PCI devices on S390 for User-defined Identifiers and Function
4044 Identifiers.<br/>
4047 element with no other attributes as an explicit request to
4048 assign a PCI address for the device rather than some other
4049 type of address that may also be appropriate for that same
4050 device (e.g. virtio-mmio).
4051 </dd>
4053 <dd>Drive addresses have the following additional
4058 </dd>
4060 <dd>Each virtio-serial address has the following additional
4064 </dd>
4066 <dd>A CCID address, for smart-cards, has the following
4070 </dd>
4072 <dd>USB addresses have the following additional
4076 </dd>
4078 <dd>On PowerPC pseries guests, devices can be assigned to the
4079 SPAPR-VIO bus. It has a flat 32-bit address space; by
4080 convention, devices are generally assigned at a non-zero
4081 multiple of 0x00001000, but other addresses are valid and
4082 permitted by libvirt. Each address has the following
4086 </dd>
4089 s390-ccw-virtio use the native CCW bus for I/O devices.
4090 CCW bus addresses have the following additional attributes:
4094 Partially specified bus addresses are not allowed.
4095 If omitted, libvirt will assign a free bus address with
4097 set to 0xfe.
4099 </dd>
4101 <dd>This places the device on the virtio-mmio transport, which is
4104 do not have any additional attributes.
4108 addresses to devices; however, the presence of a single device
4109 with virtio-mmio address in the guest configuration will cause
4110 libvirt to assign virtio-mmio addresses to all further devices.
4112 </dd>
4114 <dd>ISA addresses have the following additional
4117 </dd>
4118 </dl>
4122 <p>
4123 QEMU's virtio devices have some attributes related to the virtio transport under
4127 Translation Service support for PCIe devices. This is needed to make use
4131 </p>
4135 <p>
4137 when used with PCI/PCIe machine types, accept the following
4139 </p>
4141 <dl>
4144 drivers, so it's the best choice when compatibility with older
4145 guest operating systems is desired. libvirt will plug the device
4146 into a conventional PCI slot.
4147 </dd>
4150 the recommended option unless compatibility with older guest
4151 operating systems is necessary. libvirt will plug the device into
4152 either a PCI Express slot or a conventional PCI slot based on the
4153 machine type, resulting in a more optimized PCI topology.
4154 </dd>
4157 device when plugged into a PCI Express slot, and like a
4159 pick one or the other based on the machine type. This is the best
4160 choice when compatibility with libvirt versions older than 5.2.0
4161 is necessary, but it's otherwise not recommended to use it.
4162 </dd>
4163 </dl>
4165 <p>
4166 While the information outlined above applies to most virtio devices,
4167 there are a few exceptions:
4168 </p>
4170 <ul>
4171 <li>
4174 </li>
4175 <li>
4176 some devices, such as GPUs and input devices (keyboard, tablet and
4177 mouse), are only defined in the virtio 1.0 spec and as such don't
4178 have a transitional variant: the only accepted model is
4180 </li>
4181 </ul>
4183 <p>
4184 For more details see the
4185 <a href="https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00923.html">qemu patch posting</a> and the
4187 </p>
4192 <p>
4193 Depending on the guest architecture, some device buses can
4194 appear more than once, with a group of virtual devices tied to a
4195 virtual controller. Normally, libvirt can automatically infer such
4196 controllers without requiring explicit XML markup, but sometimes
4197 it is necessary to provide an explicit controller element, notably
4199 for guests where device hotplug is expected.
4200 </p>
4202 <pre>
4203 ...
4215 ...
4217 ...</pre>
4219 <p>
4221 which must be one of 'ide', 'fdc', 'scsi', 'sata', 'usb',
4222 'ccid', 'virtio-serial' or 'pci', and a mandatory
4224 describing in which order the bus controller is encountered (for
4228 not specified, it will be auto-assigned to be the lowest unused
4229 index for the given controller type. Some controller types have
4230 additional attributes that control specific features, such as:
4231 </p>
4233 <dl>
4237 which control how many devices can be connected through the
4240 be 'virtio', 'virtio-transitional', or 'virtio-non-transitional'. See
4242 for more details.
4243 </dd>
4247 'lsilogic', 'lsisas1068', 'lsisas1078', 'virtio-scsi',
4248 'vmpvscsi', 'virtio-transitional', 'virtio-non-transitional'. See
4250 for more details.
4251 </dd>
4262 USB controller will be built on s390.
4265 connected to the controller.</dd>
4273 which specifies the maximum number of grant frames the controller
4274 makes available for connected devices.</dd>
4275 </dl>
4277 <p>
4278 Note: The PowerPC64 "spapr-vio" addresses do not have an
4279 associated controller.
4280 </p>
4282 <p>
4283 For controllers that are themselves devices on a PCI or USB bus,
4285 the exact relationship of the controller to its master bus, with
4287 </p>
4289 <p>
4291 specific options:
4292 </p>
4293 <dl>
4295 <dd>
4297 queues for the controller. For best performance, it's recommended to
4298 specify a value matching the number of vCPUs.
4300 </dd>
4302 <dd>
4304 number of commands that can be queued on devices controlled by the
4305 host.
4307 </dd>
4309 <dd>
4311 amount of data in bytes that will be transferred to or from the device
4312 in a single command. The transfer length is measured in sectors, where
4313 a sector is 512 bytes.
4315 </dd>
4317 <dd>
4319 whether the controller should use
4321 I/O asynchronous handling</a> or not. Accepted values are
4323 </dd>
4325 <dd>
4332 to an IOThread as defined by the range for the domain
4337 multiple controllers must be defined each having a specific
4339 must be within the range 1 to the domain iothreads value.
4340 </dd>
4342 <dd>
4343 For virtio controllers,
4346 </dd>
4347 </dl>
4348 <p>
4349 USB companion controllers have an optional
4351 relationship of the companion to its master controller.
4352 A companion controller is on the same bus as its master, so
4354 Not all controller models can be used as companion controllers
4355 and libvirt might provide some sensible defaults (settings
4357 address) for some particular models.
4359 </p>
4361 <pre>
4362 ...
4371 ...
4373 ...</pre>
4375 <p>
4377 values for this attribute are
4378 </p>
4379 <ul>
4380 <li>
4383 </li>
4384 <li>
4387 </li>
4388 <li>
4392 </li>
4393 <li>
4396 </li>
4397 <li>
4400 </li>
4401 </ul>
4402 <p>
4408 Windows XP or Windows Server 2003) might crash when QEMU and Seabios
4409 are recent enough to support 64-bit PCI holes, unless this is disabled
4411 </p>
4412 <p>
4413 PCI controllers also have an optional
4416 specific device that qemu is emulating (e.g. "i82801b11-bridge")
4417 rather than simply the class of device ("pcie-to-pci-bridge",
4418 "pci-bridge"), which is set in the controller element's
4421 controller, nor should you modify one that is automatically
4423 only).</span>
4424 </p>
4425 <p>
4426 PCI controllers also have an optional
4428 subelements listed below. These are configurable items that 1)
4429 are visible to the guest OS so must be preserved for guest ABI
4430 compatibility, and 2) are usually left to default values or
4431 derived automatically by libvirt. In almost all cases, you
4433 to a controller, nor should you modify the values in the those
4434 that are automatically generated by
4436 </p>
4437 <dl>
4439 <dd>
4443 control QEMU's "chassis_nr" option for the pci-bridge device
4444 (normally libvirt automatically sets this to the same value as
4445 the index attribute of the pci controller). If set, chassisNr
4447 </dd>
4449 <dd>
4450 pcie-root-port and pcie-switch-downstream-port controllers can
4453 set the controller's "chassis" configuration value, which is
4454 visible to the virtual machine. If set, chassis must be
4456 </dd>
4458 <dd>
4459 pcie-root-port and pcie-switch-downstream-port controllers can
4462 is used to set the controller's "port" configuration value,
4463 which is visible to the virtual machine. If set, port must be
4465 </dd>
4467 <dd>
4468 pci-expander-bus and pcie-expander-bus controllers can have an
4470 the bus number of the new bus; All bus numbers between that
4471 specified and 255 will be available only for assignment to
4472 PCI/PCIe controllers plugged into the hierarchy starting with
4473 this expander bus, and bus numbers less than the specified
4474 value will be available to the next lower expander-bus (or the
4475 root-bus if there are no lower expander buses). If you do not
4476 specify a busNumber, libvirt will find the lowest existing
4477 busNumber in all other expander buses (or use 256 if there are
4478 no others) and auto-assign the busNr of that found bus - 2,
4479 which provides one bus number for the pci-expander-bus and one
4480 for the pci-bridge that is automatically attached to it (if
4481 you plan on adding more pci-bridges to the hierarchy of the
4482 bus, you should manually set busNr to a lower value).
4483 <p>
4484 A similar algorithm is used for automatically determining
4485 the busNr attribute for pcie-expander-bus, but since the
4486 pcie-expander-bus doesn't have any built-in pci-bridge, the
4487 2nd bus-number is just being reserved for the pcie-root-port
4488 that must necessarily be connected to the bus in order to
4489 actually plug in an endpoint device. If you intend to plug
4490 multiple devices into a pcie-expander-bus, you must connect
4491 a pcie-switch-upstream-port to the pcie-root-port that is
4492 plugged into the pcie-expander-bus, and multiple
4493 pcie-switch-downstream-ports to the
4494 pcie-switch-upstream-port, and of course for this to work
4495 properly, you will need to decrease the pcie-expander-bus'
4496 busNr accordingly so that there are enough unused bus
4497 numbers above it to accommodate giving out one bus number for
4498 the upstream-port and one for each downstream-port (in
4499 addition to the pcie-root-port and the pcie-expander-bus
4500 itself).
4501 </p>
4502 </dd>
4504 <dd>
4511 set the NUMA node reported to the guest OS for that bus - the
4512 guest OS will then know that all devices on that bus are a
4513 part of the specified NUMA node (it is up to the user of the
4514 libvirt API to attach host devices to the correct
4515 pci-expander-bus when assigning them to the domain).
4516 </dd>
4518 <dd>
4519 pci-root controllers for pSeries guests use this attribute to
4520 record the order they will show up in the guest.
4522 </dd>
4523 </dl>
4524 <p>
4525 For machine types which provide an implicit PCI bus, the pci-root
4526 controller with index=0 is auto-added and required to use PCI devices.
4527 pci-root has no address.
4528 PCI bridges are auto-added if there are too many devices to fit on
4529 the one bus provided by pci-root, or a PCI bus number greater than zero
4530 was specified.
4531 PCI bridges can also be specified manually, but their addresses should
4532 only refer to PCI buses provided by already specified PCI controllers.
4533 Leaving gaps in the PCI controller indexes might lead to an invalid
4534 configuration.
4535 </p>
4536 <pre>
4537 ...
4544 ...</pre>
4546 <p>
4547 For machine types which provide an implicit PCI Express (PCIe)
4548 bus (for example, the machine types based on the Q35 chipset),
4549 the pcie-root controller with index=0 is auto-added to the
4550 domain's configuration. pcie-root has also no address, provides
4552 devices (although libvirt will never auto-assign a PCI device to
4553 a PCIe slot, it will allow manual specification of such an
4554 assignment). Devices connected to pcie-root cannot be
4555 hotplugged. If traditional PCI devices are present in the guest
4557 automatically be added: this controller, which plugs into a
4560 binary doesn't support the corresponding device, then a
4562 usually at the defacto standard location of slot=0x1e. A
4563 dmi-to-pci-bridge controller plugs into a PCIe slot (as provided
4564 by pcie-root), and itself provides 31 standard PCI slots (which
4565 also do not support device hotplug). In order to have
4566 hot-pluggable PCI slots in the guest system, a pci-bridge
4567 controller will also be automatically created and connected to
4568 one of the slots of the auto-created dmi-to-pci-bridge
4569 controller; all guest PCI devices with addresses that are
4570 auto-determined by libvirt will be placed on this pci-bridge
4572 </p>
4573 <p>
4574 Domains with an implicit pcie-root can also add controllers
4578 is a simple type of bridge device that can connect only to one
4579 of the 31 slots on the pcie-root bus on its upstream side, and
4580 makes a single (PCIe, hotpluggable) port available on the
4581 downstream side (at slot='0'). pcie-root-port can be used to
4582 provide a single slot to later hotplug a PCIe device (but is not
4583 itself hotpluggable - it must be in the configuration when the
4584 domain is started).
4586 </p>
4587 <p>
4588 pcie-switch-upstream-port is a more flexible (but also more
4589 complex) device that can only plug into a pcie-root-port or
4590 pcie-switch-downstream-port on the upstream side (and only
4591 before the domain is started - it is not hot-pluggable), and
4593 that accept only pcie-switch-downstream-port devices; each
4594 pcie-switch-downstream-port device can only plug into a
4595 pcie-switch-upstream-port on its upstream side (again, not
4596 hot-pluggable), and on its downstream side provides a single
4597 hotpluggable pcie port that can accept any standard pci or pcie
4598 device (or another pcie-switch-upstream-port), i.e. identical in
4601 </p>
4602 <pre>
4603 ...
4613 ...</pre>
4617 <p>
4618 When using a lock manager, it may be desirable to record device leases
4619 against a VM. The lock manager will ensure the VM won't start unless
4620 the leases can be acquired.
4621 </p>
4623 <pre>
4624 ...
4626 ...
4632 ...
4634 ...</pre>
4636 <dl>
4638 <dd>This is an arbitrary string, identifying the lockspace
4639 within which the key is held. Lock managers may impose
4640 extra restrictions on the format, or length of the lockspace
4641 name.</dd>
4643 <dd>This is an arbitrary string, uniquely identifying the
4644 lease to be acquired. Lock managers may impose extra
4645 restrictions on the format, or length of the key.
4646 </dd>
4648 <dd>This is the fully qualified path of the file associated
4649 with the lockspace. The offset specifies where the lease
4650 is stored within the file. If the lock manager does not
4651 require an offset, just pass 0.
4652 </dd>
4653 </dl>
4659 <p>
4660 USB, PCI and SCSI devices attached to the host can be passed through
4664 </p>
4666 <pre>
4667 ...
4677 ...</pre>
4681 <pre>
4682 ...
4692 ...</pre>
4696 <pre>
4697 ...
4708 ...</pre>
4713 <pre>
4714 ...
4726 ...</pre>
4730 <pre>
4731 ...
4737 ...</pre>
4741 <pre>
4742 ...
4756 ...</pre>
4758 <dl>
4763 with additional attributes noted.
4764 <dl>
4766 <dd>USB devices are detached from the host on guest startup
4767 and reattached after the guest exits or the device is
4768 hot-unplugged.
4769 </dd>
4772 detached from the host before being passed on to the guest
4773 and reattached to the host after the guest exits. If
4779 stopping the guest.
4780 </dd>
4782 <dd>For SCSI devices, user is responsible to make sure the device
4783 is not used by host. If supported by the hypervisor and OS, the
4785 attribute indicates whether unprivileged SG_IO commands are
4786 filtered for the disk. Valid settings are "filtered" or
4790 whether the lun needs the rawio capability. Valid settings are
4793 If a disk lun in the domain already has the rawio capability,
4794 then this setting not required.
4795 </dd>
4798 is responsible to make sure the device is not used by host. This
4803 "virtio". See
4805 for more details.
4806 </dd>
4810 determines how the host's vfio driver will expose the device to the
4815 provides more information about mediated devices as well as how to
4816 create mediated devices on the host.
4819 support for an accelerated remote desktop backed by a mediated
4820 device (such as NVIDIA vGPU or Intel GVT-g) as an alternative to
4824 It is required to use a
4826 use this attribute, currently only supported with VNC, Spice and
4827 egl-headless graphics devices.
4828 <p>
4829 Note: There are also some implications on the usage of guest's
4832 </p>
4833 </dd>
4834 </dl>
4835 <p>
4839 device has the same effect as omitting it. Similarly,
4841 ignored by all other device types.
4842 </p>
4843 </dd>
4845 <dd>The source element describes the device as seen from the host using
4846 the following mechanism to describe:
4847 <dl>
4849 <dd>The USB device can either be addressed by vendor / product id
4851 or by the device's address on the host using the
4853 <p>
4856 attribute which can be used to define policy what to do if the
4857 specified host USB device is not found. The attribute accepts
4858 the following values:
4859 </p>
4861 <tr>
4864 </tr>
4865 <tr>
4867 <td> fail if missing on boot up,
4868 drop if missing on migrate/restore/revert </td>
4869 </tr>
4870 <tr>
4873 </tr>
4874 </table>
4875 </dd>
4878 </dd>
4885 number on the bus). Not all hypervisors support larger
4887 to each hypervisor to determine the maximum value supported
4888 for the adapter.
4889 <p>
4892 attribute. When the attribute is set to "iscsi", the host
4896 credentials to the iSCSI server.
4897 </p>
4898 </dd>
4903 is the vhost_scsi wwpn (16 hexadecimal digits with a prefix of
4904 "naa.") established in the host configfs.
4905 </dd>
4911 </dd>
4912 </dl>
4913 </dd>
4917 The ids can be given in decimal, hexadecimal (starting with 0x) or
4921 attribute determines the order in which devices will be tried during
4923 used together with general boot elements in
4927 </dd>
4932 or not the device's ROM will be visible in the guest's memory
4933 map. (In PCI documentation, the "rombar" setting controls the
4934 presence of the Base Address Register for the ROM). If no rom
4935 bar is specified, the qemu default will be used (older
4936 versions of qemu used a default of "off", while newer qemus
4940 to be presented to the guest as the device's ROM BIOS. This
4941 can be useful, for example, to provide a PXE boot ROM for a
4942 virtual function of an sr-iov capable ethernet device (which
4943 has no boot ROMs for the VFs).
4947 if PCI ROM loading is disabled through this attribute, attempts to
4951 </dd>
4955 USB bus and device number the device appears at on the host.
4956 The values of these attributes can be given in decimal, hexadecimal
4958 For PCI devices the element carries 4 attributes allowing to designate
4961 address type must be used. For mediated devices, which are software-only
4962 devices defining an allocation of resources on the physical parent device,
4968 element.</dd>
4970 <dd>
4972 subelement that specifies which backend driver to use for PCI
4974 select either "vfio" (for the new VFIO device assignment
4975 backend, which is compatible with UEFI SecureBoot) or "kvm"
4976 (the legacy device assignment handled directly by the KVM
4979 device assignment will fail if the requested method of device
4980 assignment isn't available on the host. When not specified,
4981 the default is "vfio" on systems where the VFIO driver is
4982 available and loaded, and "kvm" on older systems, or those
4983 where the VFIO driver hasn't been
4985 the default was always "kvm").
4986 </dd>
4988 <dd>Indicates that the device is readonly, only supported by SCSI host
4990 </dd>
4992 <dd>If present, this indicates the device is expected to be shared
4993 between domains (assuming the hypervisor and OS support this).
4994 Only supported by SCSI host device.
4996 <p>
5000 </p>
5001 </dd>
5002 </dl>
5007 <p>
5008 Block / character devices from the host can be passed through
5010 only possible with container based virtualization. Devices are specified
5011 by a fully qualified path.
5013 </p>
5015 <pre>
5016 ...
5022 ...
5023 </pre>
5025 <pre>
5026 ...
5032 ...
5033 </pre>
5035 <pre>
5036 ...
5042 ...
5043 </pre>
5045 <dl>
5051 interface.
5052 </dd>
5054 <dd>The source element describes the device as seen from the host.
5055 For block devices, the path to the block device in the host
5056 OS is provided in the nested "block" element, while for character
5057 devices the "char" element is used. For network interfaces, the
5058 name of the interface is provided in the "interface" element.
5059 </dd>
5060 </dl>
5064 <p>
5065 USB device redirection through a character device is
5067 only)</span>:
5068 </p>
5070 <pre>
5071 ...
5082 ...</pre>
5084 <dl>
5088 for a USB device.
5091 matching one of the
5093 to describe the host side of the
5097 device</a>) are typical. The redirdev element has an optional
5099 device to a particular controller. Further sub-elements,
5102 is not required (since the consumer of the character device is
5103 the hypervisor itself, rather than a device visible in the guest).
5104 </dd>
5107 <dd>Specifies that the device is bootable.
5109 devices will be tried during boot sequence. The per-device
5113 </dd>
5116 filter rule to filter out certain devices from redirection.
5119 0x08 represents mass storage devices. The USB device can be addressed by
5122 the version of the USB protocol).
5125 'yes' means allow, 'no' for deny.
5126 </dd>
5127 </dl>
5131 <p>
5132 A virtual smartcard device can be supplied to the guest via the
5134 the host cannot be used on a guest with simple device
5135 passthrough, since it will then not be available on the host,
5136 possibly locking the host computer when it is "removed".
5137 Therefore, some hypervisors provide a specialized virtual device
5138 that can present a smartcard interface to the guest, with
5139 several modes for describing how credentials are obtained from
5140 the host or even a from a channel created to a third-party
5142 </p>
5144 <pre>
5145 ...
5161 ...
5162 </pre>
5164 <p>
5167 in each mode, the guest sees a device on its USB bus that
5168 behaves like a physical USB CCID (Chip/Smart Card Interface
5169 Device) card.
5170 </p>
5172 <dl>
5174 <dd>The simplest operation, where the hypervisor relays all
5175 requests from the guest into direct access to the host's
5176 smartcard via NSS. No other attributes or sub-elements are
5177 required. See below about the use of an
5181 <dd>Rather than requiring a smartcard to be plugged into the
5182 host, it is possible to provide three NSS certificate names
5183 residing in a database on the host. These certificates can be
5184 generated via the command <code>certutil -d /etc/pki/nssdb -x -t
5185 CT,CT,CT -S -s CN=cert1 -n cert1</code>, and the resulting three
5186 certificate names must be supplied as the content of each of
5189 the absolute path to an alternate directory (matching
5191 when creating the certificates); if not present, it defaults to
5192 /etc/pki/nssdb.</dd>
5195 <dd>Rather than having the hypervisor directly communicate with
5196 the host, it is possible to tunnel all requests through a
5197 secondary character device to a third-party provider (which may
5198 in turn be talking to a smartcard or using three certificate
5199 files). In this mode of operation, an additional
5205 device</a>) are typical. Further sub-elements, such
5208 is not required (since the consumer of the character device is
5209 the hypervisor itself, rather than a device visible in the
5210 guest).</dd>
5211 </dl>
5213 <p>
5214 Each mode supports an optional
5216 correlation between the smartcard and a ccid bus
5218 For now, qemu only supports at most one
5220 </p>
5224 <pre>
5225 ...
5234 ...</pre>
5236 <p>
5237 There are several possibilities for specifying a network
5238 interface visible to the guest. Each subsection below provides
5239 more details about common setup options.
5240 </p>
5241 <p>
5245 capability for the host to detect and trust reports from the
5246 guest regarding changes to the interface mac address and receive
5249 reasons and support depends on the guest network device model as
5250 well as the type of connection on the host - currently it is
5251 only supported for the virtio device model and for macvtap
5252 connections on the host.
5253 </p>
5254 <p>
5257 the interface to a particular pci slot, with
5260 </p>
5264 <p>
5265 <strong><em>
5266 This is the recommended config for general guest connectivity on
5267 hosts with dynamic / wireless networking configs (or multi-host
5268 environments where the host hardware details are described
5271 </em></strong>
5272 </p>
5274 <p>
5276 Provides a connection whose details are described by the named
5277 network definition. Depending on the virtual network's "forward
5278 mode" configuration, the network may be totally isolated
5280 explicit network device or to the default route
5283 directly to one of the host's network interfaces (via macvtap)
5287 </p>
5288 <p>
5289 For networks with a forward mode of bridge, private, vepa, and
5290 passthrough, it is assumed that the host has any necessary DNS
5291 and DHCP services already setup outside the scope of libvirt. In
5292 the case of isolated, nat, and routed networks, DHCP and DNS are
5293 provided on the virtual network by libvirt, and the IP range can
5294 be determined by examining the virtual network config with
5296 virtual network called 'default' setup out of the box which does
5297 NAT'ing to the default route and has an IP range
5299 have an associated tun device created with a name of vnetN,
5301 (see
5303 </p>
5304 <p>
5305 When the source of an interface is a network,
5307 the network; one network may have multiple portgroups defined,
5308 with each portgroup containing slightly different configuration
5309 information for different classes of network
5311 </p>
5312 <p>
5315 of an associated virNetworkPortPtr object that records the association
5316 between the domain interface and the network. This attribute is
5317 read-only since port objects are create and deleted automatically
5319 </p>
5320 <p>
5328 </p>
5329 <p>
5330 Since the actual type of switch may vary depending on the
5333 attribute, and specify attributes from multiple different
5334 virtualport types (and also to leave out certain attributes); at
5336 element will be constructed by merging together the type and
5337 attributes defined in the network and the portgroup referenced
5338 by the interface. The newly-constructed virtualport is a combination
5339 of them. The attributes from lower virtualport can't make change
5340 on the ones defined in higher virtualport.
5341 Interface takes the highest priority, portgroup is lowest priority.
5343 to work properly with both an 802.1Qbh switch and an Open vSwitch
5344 switch, you may choose to specify no type, but both
5347 (you may also omit the other attributes, such as managerid,
5348 typeid, or profileid, to be filled in from the
5350 limit a guest to connecting only to certain types of switches,
5351 you can specify the virtualport type, but still omit some/all of
5352 the parameters - in this case if the host's network has a
5353 different type of virtualport, connection of the interface will
5354 fail.
5355 </p>
5357 <pre>
5358 ...
5363 ...
5373 ...</pre>
5377 <p>
5378 <strong><em>
5379 This is the recommended config for general guest connectivity on
5380 hosts with static wired networking configs.
5381 </em></strong>
5382 </p>
5384 <p>
5385 Provides a bridge from the VM directly to the LAN. This assumes
5386 there is a bridge device on the host which has one or more of the hosts
5387 physical NICs enslaved. The guest VM will have an associated tun device
5388 created with a name of vnetN, which can also be overridden with the
5391 The tun device will be enslaved to the bridge. The IP range / network
5392 configuration is whatever is used on the LAN. This provides the guest VM
5393 full incoming & outgoing net access just like a physical machine.
5394 </p>
5395 <p>
5396 On Linux systems, the bridge device is normally a standard Linux
5397 host bridge. On hosts that support Open vSwitch, it is also
5398 possible to connect to an Open vSwitch bridge device by adding
5404 uniquely identify this particular interface to Open vSwitch (if
5405 you do not specify one, a random interfaceid will be generated
5406 for you when you first define the interface), and an
5408 the interfaces "port-profile".
5409 </p>
5410 <pre>
5411 ...
5413 ...
5428 ...
5430 ...</pre>
5432 <p>
5433 On hosts that support Open vSwitch on the kernel side and have the
5434 Midonet Host Agent configured, it is also possible to connect to the
5435 'midonet' bridge device by adding a
5441 that specifies which port in the virtual network topology will be bound
5442 to the interface.
5443 </p>
5444 <pre>
5445 ...
5447 ...
5462 ...
5464 ...</pre>
5468 <p>
5469 Provides a virtual LAN with NAT to the outside world. The virtual
5470 network has DHCP & DNS services and will give the guest VM addresses
5473 This networking is the only option for unprivileged users who need their
5475 it is possible to override the default network address by
5480 specified to add an IPv6 address to the interface.
5483 </p>
5485 <pre>
5486 ...
5489 ...
5496 ...</pre>
5501 <p>
5502 Provides a means for the administrator to execute an arbitrary script
5503 to connect the guest's network to the LAN. The guest will have a tun
5504 device created with a name of vnetN, which can also be overridden with the
5506 be run which is expected to do whatever host network integration is
5507 required. By default this script is called /etc/qemu-ifup but can be
5508 overridden.
5509 </p>
5511 <pre>
5512 ...
5515 ...
5521 ...</pre>
5525 <p>
5526 Provides direct attachment of the virtual machine's NIC to the given
5527 physical interface of the host.
5529 This setup requires the Linux macvtap
5531 One of the modes 'vepa'
5532 ( <a href="http://www.ieee802.org/1/files/public/docs2009/new-evb-congdon-vepa-modular-0709-v01.pdf">
5533 'Virtual Ethernet Port Aggregator'</a>), 'bridge' or 'private'
5534 can be chosen for the operation mode of the macvtap device, 'vepa'
5535 being the default mode. The individual modes cause the delivery of
5536 packets to behave as follows:
5537 </p>
5538 <p>
5542 unicast/multicast receive filters, and vlan settings in the
5543 guest will be monitored and propagated to the associated macvtap
5546 or is not supported for the device model in use, an attempted
5547 change to the mac address originating from the guest side will
5548 result in a non-working network connection.
5549 </p>
5551 <dl>
5553 <dd>All VMs' packets are sent to the external bridge. Packets
5554 whose destination is a VM on the same host as where the
5555 packet originates from are sent back to the host by the VEPA
5556 capable bridge (today's bridges are typically not VEPA capable).</dd>
5558 <dd>Packets whose destination is on the same host as where they
5559 originate from are directly delivered to the target macvtap device.
5560 Both origin and destination devices need to be in bridge mode
5562 a VEPA capable bridge is required.</dd>
5564 <dd>All packets are sent to the external bridge and will only be
5565 delivered to a target VM on the same host if they are sent through an
5566 external router or gateway and that device sends them back to the
5567 host. This procedure is followed if either the source or destination
5570 <dd>This feature attaches a virtual function of a SRIOV capable
5571 NIC directly to a VM without losing the migration capability.
5572 All packets are sent to the VF/IF of the configured network device.
5573 Depending on the capabilities of the device additional prerequisites or
5574 limitations may apply; for example, on Linux this requires
5576 </dl>
5578 <pre>
5579 ...
5581 ...
5586 ...</pre>
5588 <p>
5589 The network access of direct attached virtual machines can be
5590 managed by the hardware switch to which the physical interface
5591 of the host machine is connected to.
5592 </p>
5593 <p>
5594 The interface can have additional parameters as shown below,
5595 if the switch is conforming to the IEEE 802.1Qbg standard.
5596 The parameters of the virtualport element are documented in more detail
5597 in the IEEE 802.1Qbg standard. The values are network specific and
5598 should be provided by the network administrator. In 802.1Qbg terms,
5599 the Virtual Station Interface (VSI) represents the virtual interface
5601 </p>
5602 <p>
5603 Please note that IEEE 802.1Qbg requires a non-zero value for the
5604 VLAN ID.
5605 </p>
5606 <dl>
5608 <dd>The VSI Manager ID identifies the database containing the VSI type
5609 and instance definitions. This is an integer value and the
5612 <dd>The VSI Type ID identifies a VSI type characterizing the network
5613 access. VSI types are typically managed by network administrator.
5614 This is an integer value.
5615 </dd>
5617 <dd>The VSI Type Version allows multiple versions of a VSI Type.
5618 This is an integer value.
5619 </dd>
5621 <dd>The VSI Instance ID Identifier is generated when a VSI instance
5622 (i.e. a virtual interface of a virtual machine) is created.
5623 This is a globally unique identifier.
5624 </dd>
5625 </dl>
5626 <pre>
5627 ...
5629 ...
5633 <parameters managerid="11" typeid="1193047" typeidversion="2" instanceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"/>
5637 ...</pre>
5639 <p>
5640 The interface can have additional parameters as shown below
5641 if the switch is conforming to the IEEE 802.1Qbh standard.
5642 The values are network specific and should be provided by the
5644 </p>
5645 <dl>
5647 <dd>The profile ID contains the name of the port profile that is to
5648 be applied to this interface. This name is resolved by the port
5649 profile database into the network parameters from the port profile,
5650 and those network parameters will be applied to this interface.
5651 </dd>
5652 </dl>
5653 <pre>
5654 ...
5656 ...
5664 ...
5665 </pre>
5670 <p>
5672 is directly assigned to the guest using generic device
5673 passthrough, after first optionally setting the device's MAC
5674 address to the configured value, and associating the device with
5675 an 802.1Qbh capable switch using an optionally specified
5677 given above for type='direct' network devices). Note that - due
5678 to limitations in standard single-port PCI ethernet card driver
5679 design - only SR-IOV (Single Root I/O Virtualization) virtual
5680 function (VF) devices can be assigned in this manner; to assign
5681 a standard single-port PCI or PCIe ethernet card to a guest, use
5684 </p>
5686 <p>
5687 To use VFIO device assignment rather than traditional/legacy KVM
5688 device assignment (VFIO is a new method of device assignment
5689 that is compatible with UEFI Secure Boot), a type='hostdev'
5694 is currently the default).
5696 </p>
5698 <p>
5699 Note that this "intelligent passthrough" of network devices is
5701 device, the difference being that this method allows specifying
5703 device. If these capabilities are not required, if you have a
5704 standard single-port PCI, PCIe, or USB network card that doesn't
5705 support SR-IOV (and hence would anyway lose the configured MAC
5706 address during reset after being assigned to the guest domain),
5707 or if you are using a version of libvirt older than 0.9.11, you
5710 </p>
5712 <p>
5715 before being passed on to the guest, and reattached to the host
5721 stopping the guest.
5722 </p>
5724 <pre>
5725 ...
5738 ...</pre>
5743 <p>
5744 A multicast group is setup to represent a virtual network. Any VMs
5745 whose network devices are in the same multicast group can talk to each
5746 other even across hosts. This mode is also available to unprivileged
5747 users. There is no default DNS or DHCP support and no outgoing network
5748 access. To provide outgoing network access, one of the VMs should have a
5750 appropriate routing. The multicast protocol is compatible with that used
5751 by user mode linux guests too. The source address used must be from the
5752 multicast address block.
5753 </p>
5755 <pre>
5756 ...
5763 ...</pre>
5767 <p>
5768 A TCP client/server architecture provides a virtual network. One VM
5769 provides the server end of the network, all other VMS are configured as
5770 clients. All network traffic is routed between the VMs via the server.
5771 This mode is also available to unprivileged users. There is no default
5772 DNS or DHCP support and no outgoing network access. To provide outgoing
5773 network access, one of the VMs should have a 2nd NIC which is connected
5776 <pre>
5777 ...
5783 ...
5789 ...</pre>
5793 <p>
5794 A UDP unicast architecture provides a virtual network which enables
5795 connections between QEMU instances using QEMU's UDP infrastructure.
5797 The xml "source" address is the endpoint address to which the UDP socket
5798 packets will be sent from the host running QEMU.
5799 The xml "local" address is the address of the interface from which the
5800 UDP socket packets will originate from the QEMU host.
5803 <pre>
5804 ...
5813 ...</pre>
5817 <pre>
5818 ...
5826 ...</pre>
5828 <p>
5829 For hypervisors which support this, you can set the model of
5830 emulated network interface card.
5831 </p>
5833 <p>
5835 libvirt, but by what the underlying hypervisor supports (if
5836 any). For QEMU and KVM you can get a list of supported models
5837 with these commands:
5838 </p>
5840 <pre>
5841 qemu -net nic,model=? /dev/null
5842 qemu-kvm -net nic,model=? /dev/null
5843 </pre>
5845 <p>
5846 Typical values for QEMU and KVM include:
5847 ne2k_isa i82551 i82557b i82559er ne2k_pci pcnet rtl8139 e1000 virtio.
5851 for more details.
5852 </p>
5856 <pre>
5857 ...
5863 <b><driver name='vhost' txmode='iothread' ioeventfd='on' event_idx='off' queues='5' rx_queue_size='256' tx_queue_size='256'>
5869 ...</pre>
5871 <p>
5872 Some NICs may have tunable driver-specific options. These are
5874 interface definition. Currently the following attributes are
5876 </p>
5878 <dl>
5880 <dd>
5882 backend driver to use. The value can be either 'qemu' (a
5883 user-space backend) or 'vhost' (a kernel backend, which
5884 requires the vhost module to be provided by the kernel); an
5885 attempt to require the vhost driver without kernel support
5886 will be rejected. If this attribute is not present, then the
5887 domain defaults to 'vhost' if present, but silently falls back
5888 to 'qemu' without error.
5890 </dd>
5891 <dd>
5892 For interfaces of type='hostdev' (PCI passthrough devices)
5895 assignment rather than traditional KVM device assignment (VFIO
5896 is a new method of device assignment that is compatible with
5897 UEFI Secure Boot), and "kvm" tells libvirt to use the legacy
5898 device assignment performed directly by the kvm kernel module
5899 (the default is currently "kvm", but is subject to change).
5902 </dd>
5903 <dd>
5905 attribute is ignored. The backend driver used is always
5906 vhost-user.
5907 </dd>
5910 <dd>
5912 transmission of packets when the transmit buffer is full. The
5913 value can be either 'iothread' or 'timer'.
5916 If set to 'iothread', packet tx is all done in an iothread in
5917 the bottom half of the driver (this option translates into
5918 adding "tx=bh" to the qemu commandline -device virtio-net-pci
5919 option).<br/><br/>
5921 If set to 'timer', tx work is done in qemu, and if there is
5922 more tx data than can be sent at the present time, a timer is
5923 set before qemu moves on to do other things; when the timer
5924 fires, another attempt is made to send more data.<br/><br/>
5926 The resulting difference, according to the qemu developer who
5927 added the option is: "bh makes tx more asynchronous and reduces
5928 latency, but potentially causes more processor bandwidth
5929 contention since the CPU doing the tx isn't necessarily the
5932 <b>In general you should leave this option alone, unless you
5933 are very certain you know what you are doing.</b>
5934 </dd>
5936 <dd>
5937 This optional attribute allows users to set
5939 domain I/O asynchronous handling</a> for interface device.
5940 The default is left to the discretion of the hypervisor.
5942 qemu to execute VM while a separate thread handles I/O.
5943 Typically guests experiencing high system CPU utilization
5944 during I/O will benefit from this. On the other hand,
5945 on overloaded host it could increase guest I/O latency.
5948 <b>In general you should leave this option alone, unless you
5949 are very certain you know what you are doing.</b>
5950 </dd>
5952 <dd>
5954 device event processing. The value can be either 'on' or 'off'
5955 - if it is on, it will reduce the number of interrupts and
5956 exits for the guest. The default is determined by QEMU;
5957 usually if the feature is supported, default is on. In case
5958 there is a situation where this behavior is suboptimal, this
5959 attribute provides a way to force the feature off.
5962 <b>In general you should leave this option alone, unless you
5963 are very certain you know what you are doing.</b>
5964 </dd>
5966 <dd>
5968 of queues to be used for either
5971 interfaces. Use of multiple packet processing queues requires the
5973 element. Each queue will potentially be handled by a different
5974 processor, resulting in much higher throughput.
5977 </dd>
5979 <dd>
5981 the size of virtio ring for each queue as described above.
5982 The default value is hypervisor dependent and may change
5983 across its releases. Moreover, some hypervisors may pose
5984 some restrictions on actual value. For instance, latest
5989 <b>In general you should leave this option alone, unless you
5990 are very certain you know what you are doing.</b>
5991 </dd>
5993 <dd>
5995 the size of virtio ring for each queue as described above.
5996 The default value is hypervisor dependent and may change
5997 across its releases. Moreover, some hypervisors may pose
5998 some restrictions on actual value. For instance, QEMU
6000 range. In addition to that, this may work only for a subset of
6001 interface types, e.g. aforementioned QEMU enables this option
6005 <b>In general you should leave this option alone, unless you
6006 are very certain you know what you are doing.</b>
6007 </dd>
6009 <dd>
6010 For virtio interfaces,
6013 </dd>
6014 </dl>
6015 <p>
6016 Offloading options for the host and guest can be configured using
6017 the following sub-elements:
6018 </p>
6019 <dl>
6021 <dd>
6026 By default, the supported offloads are enabled by QEMU.
6029 mergeable rx buffers on the host side. Possible values are
6032 </dd>
6034 <dd>
6039 By default, the supported offloads are enabled by QEMU.
6041 </dd>
6042 </dl>
6046 <pre>
6047 ...
6060 ...</pre>
6062 <p>
6069 </p>
6070 <p>
6074 </p>
6077 <pre>
6078 ...
6085 ...</pre>
6087 <p>
6088 If no target is specified, certain hypervisors will
6089 automatically generate a name for the created tun device. This
6090 name can be manually specified, however the name <i>should not
6091 start with either 'vnet', 'vif', 'macvtap', or 'macvlan'</i>,
6092 which are prefixes reserved by libvirt and certain hypervisors.
6093 Manually specified targets using these prefixes may be ignored.
6094 </p>
6096 <p>
6097 Note that for LXC containers, this defines the name of the interface
6100 element should be used, as in the following snippet:
6101 </p>
6103 <pre>
6104 ...
6111 ...</pre>
6115 <pre>
6116 ...
6124 ...</pre>
6126 <p>
6127 For hypervisors which support this, you can set a specific NIC to
6129 the order in which devices will be tried during boot sequence. The
6131 general boot elements in
6134 </p>
6138 <pre>
6139 ...
6147 ...</pre>
6149 <p>
6150 For hypervisors which support this, you can change how a PCI Network
6153 or not the device's ROM will be visible in the guest's memory
6154 map. (In PCI documentation, the "rombar" setting controls the
6155 presence of the Base Address Register for the ROM). If no rom
6156 bar is specified, the qemu default will be used (older
6157 versions of qemu used a default of "off", while newer qemus
6158 have a default of "on").
6160 binary file to be presented to the guest as the device's ROM
6161 BIOS. This can be useful to provide an alternative boot ROM for a
6162 network device.
6164 </p>
6166 <pre>
6167 ...
6169 ...
6174 ...
6176 ...</pre>
6178 <p>
6180 backend domain (aka driver domain) for the interface. Use the
6182 can use it to create a direct network link between domains (so data
6183 will not go through host system). Use with type 'ethernet' to create
6184 plain network link, or with type 'bridge' to connect to a bridge inside
6185 the backend domain.
6187 </p>
6191 <pre>
6192 ...
6203 ...</pre>
6205 <p>
6206 This part of interface XML provides setting quality of service. Incoming
6207 and outgoing traffic can be shaped independently.
6210 the Network XML.
6211 </p>
6215 <pre>
6216 ...
6232 ...
6235 ...</pre>
6237 <p>
6238 If (and only if) the network connection used by the guest
6239 supports VLAN tagging transparent to the guest, an
6241 more VLAN tags to apply to the guest's network
6243 connections that support guest-transparent VLAN tagging include
6244 1) type='bridge' interfaces connected to an Open vSwitch bridge
6246 Functions (VF) used via type='hostdev' (direct device
6248 SRIOV VFs used via type='direct' with mode='passthrough'
6253 provide their own way (outside of libvirt) to tag guest traffic
6254 onto a specific VLAN. Each tag is given in a
6258 is supported only on Open vSwitch connections),
6260 which implies that the user wants to do VLAN trunking on the
6261 interface for all the specified tags. In the case that VLAN
6262 trunking of a single tag is desired, the optional
6265 single tag from normal tagging.
6266 </p>
6267 <p>
6268 For network connections using Open vSwitch it is also possible
6269 to configure 'native-tagged' and 'native-untagged' VLAN modes
6276 to be the "native" VLAN for this interface, and
6278 traffic for that VLAN will be tagged.
6279 </p>
6282 <pre>
6283 ...
6291 ...</pre>
6293 <p>
6294 This element provides means of setting state of the virtual network link.
6297 behaves as if it had the network cable disconnected. Default behavior if this
6300 </p>
6303 <pre>
6304 ...
6312 ...</pre>
6314 <p>
6315 This element provides means of setting MTU of the virtual network link.
6317 non-negative integer which specifies the MTU size for the interface.
6319 </p>
6322 <pre>
6323 ...
6335 ...</pre>
6337 <p>
6338 This element provides means of setting coalesce settings for
6343 that specifies the maximum number of packets that will be
6344 received before an interrupt.
6346 </p>
6349 <pre>
6350 ...
6357 <b><route family='ipv4' address='192.168.122.0' prefix='24' gateway='192.168.122.1'/></b>
6360 ...
6366 <b><route family='ipv4' address='192.168.122.0' prefix='24' gateway='192.168.122.1'/></b>
6369 ...
6371 ...
6372 </pre>
6374 <p>
6376 hostdev devices with network capabilities can optionally be provided
6377 one or more IP addresses to set on the network device in the
6378 guest. Note that some hypervisors or network device types will
6379 simply ignore them or only use the first one.
6384 netmask, and will be automatically set if not specified - for
6385 IPv4 the default prefix is determined according to the network
6386 "class" (A, B, or C - see RFC870), and for IPv6 the default
6388 IP address of the other end of a point-to-point network
6390 </p>
6392 <p>
6394 added to define IP routes to add in the guest. The attributes of
6395 this element are described in the documentation for
6398 definitions</a>. This is used by the LXC driver.
6399 </p>
6401 <pre>
6402 ...
6410 ...
6412 ...
6414 ...
6415 </pre>
6417 <p>
6419 "ethernet" can optionally be provided one or more IP addresses
6421 network device. These are configured as subelements of
6423 have the same attributes as the similarly named elements used to
6424 configure the guest side of the interface (described above).
6425 </p>
6429 <p>
6431 communication between a QEMU virtual machine and other userspace process
6432 using the Virtio transport protocol. A char dev (e.g. Unix socket) is used
6433 for the control plane, while the data plane is based on shared memory.
6434 </p>
6436 <pre>
6437 ...
6453 ...</pre>
6455 <p>
6457 along with the type of char device.
6458 Currently, only type='unix' is supported, where the path (the
6459 directory path of the socket) and mode attributes are required.
6461 are supported.
6462 vhost-user requires the virtio model type, thus the
6466 configures reconnect timeout if the connection is lost. It
6470 after which hypervisor tries to reconnect.
6471 </p>
6475 <p>
6477 can be assigned to a domain interface, which allows configuring
6478 traffic filter rules for the virtual machine.
6481 complete details.
6482 </p>
6484 <pre>
6485 ...
6488 ...
6492 ...
6497 ...
6501 ...</pre>
6503 <p>
6506 specified for passing additional info to the nwfilter via the
6509 docs for info on parameters.
6510 </p>
6515 <p>
6516 Input devices allow interaction with the graphical framebuffer
6517 in the guest virtual machine. When enabling the framebuffer, an
6518 input device is automatically provided. It may be possible to
6519 add additional devices explicitly, for example,
6520 to provide a graphics tablet for absolute cursor movement.
6521 </p>
6523 <pre>
6524 ...
6535 ...</pre>
6537 <dl>
6543 The tablet provides absolute cursor movement,
6544 while the mouse uses relative movement. The optional
6548 </dl>
6550 <p>
6553 device to a particular PCI
6560 event device passed through to guests. (KVM only)
6564 'virtio-transitional' and 'virtio-non-transitional'. See
6566 for more details.
6567 </p>
6569 <p>
6571 options of the device:
6574 </p>
6578 <p>
6579 A hub is a device that expands a single port into several so
6580 that there are more ports available to connect devices to a host
6581 system.
6582 </p>
6584 <pre>
6585 ...
6589 ...</pre>
6591 <dl>
6595 </dl>
6597 <p>
6602 above</a>.
6603 </p>
6607 <p>
6608 A graphics device allows for graphical interaction with the
6609 guest OS. A guest will typically have either a framebuffer
6610 or a text console configured to allow interaction with the
6611 admin.
6612 </p>
6614 <pre>
6615 ...
6627 ...</pre>
6629 <dl>
6631 <dd>
6632 <p>
6637 </p>
6638 <dl>
6640 <dd>
6641 <p>
6642 This displays a window on the host desktop, it can take 3 optional
6647 </p>
6649 <p>
6651 property to enable OpenGL support in SDL. Likewise you can
6653 </p>
6654 </dd>
6656 <dd>
6657 <p>
6659 the TCP port number (with -1 as legacy syntax indicating that it
6661 the new preferred syntax for indicating auto-allocation of the TCP
6664 set to an empty string, then VNC access is disabled. The
6666 possible to set a limit on the validity of the password by giving
6669 control of connected client during password changes. VNC accepts
6671 NB, this may not be supported by all hypervisors.
6672 </p>
6673 <p>
6676 clients to ask for exclusive access by dropping other connections.
6677 Connecting multiple clients in parallel requires all clients asking
6678 for a shared session (vncviewer: -Shared switch). This is
6680 client access, every connection has to specify -Shared switch for
6683 </p>
6684 <p>
6686 attribute for listening on a unix domain socket path
6688 </p>
6689 <p>
6691 may be used to specify port to listen on (with -1 meaning
6694 </p>
6695 <p>
6696 Although VNC doesn't support OpenGL natively, it can be paired
6698 will instruct QEMU to open and use drm nodes for OpenGL rendering.
6699 </p>
6700 </dd>
6702 <dd>
6703 <p>
6705 the TCP port number (with -1 as legacy syntax indicating that it
6708 attribute is the new preferred syntax for indicating
6710 attribute provides a SPICE password in clear text. If the
6713 specifies the keymap to use. It is possible to set a limit on
6714 the validity of the password by giving a timestamp
6716 in UTC.
6717 </p>
6718 <p>
6723 be supported by all hypervisors.
6725 </p>
6726 <p>
6730 secure if possible, but falls back to insecure rather than erroring
6731 out if no secure path is available).
6733 </p>
6734 <p>
6735 When SPICE has both a normal and TLS secured TCP port configured,
6736 it can be desirable to restrict what channels can be run on each
6741 attribute overrides the default value as set by
6744 inherit the default mode anyways.) Valid channel names include
6750 </p>
6751 <pre>
6762 <p>
6763 Spice supports variable compression settings for audio, images and
6764 streaming. These settings are accessible via the <code>compression
6775 </p>
6776 <p>
6781 </p>
6782 <p>
6783 Copy & Paste functionality (via Spice agent) is set by the
6787 </p>
6788 <p>
6793 </p>
6794 <p>
6795 File transfer functionality (via Spice agent) is set using the
6799 </p>
6800 <p>
6801 Spice may provide accelerated server-side rendering with OpenGL.
6802 You can enable or disable OpenGL support explicitly with
6805 Note that this only works locally, since this requires usage of
6807 'none'. For accelerated OpenGL with remote support, consider
6809 (see below). However, this will deliver weaker performance
6810 compared to native Spice OpenGL support.
6811 </p>
6812 <p>
6813 By default, QEMU will pick the first available GPU DRM render node.
6814 You may specify a DRM render node path to use instead. (QEMU only,
6816 </p>
6817 </dd>
6819 <dd>
6820 <p>
6822 TCP port number (with -1 as legacy syntax indicating that it should
6824 preferred syntax for indicating auto-allocation of the TCP port to
6829 whether multiple simultaneous connections to the VM are permitted.
6831 the existing connection must be dropped and a new connection must
6832 be established by the VRDP server, when a new client connects in
6833 single connection mode.
6834 </p>
6835 </dd>
6837 <dd>
6838 <p>
6839 This value is reserved for VirtualBox domains for the moment. It
6840 displays a window on the host desktop, similarly to "sdl", but
6841 using the VirtualBox viewer. Just like "sdl", it accepts
6844 </p>
6845 </dd>
6847 <dd>
6848 <p>
6849 This display type provides support for an OpenGL accelerated
6850 display accessible both locally and remotely (for comparison,
6851 Spice's native OpenGL support only works locally using UNIX
6852 sockets at the moment, but has better performance). Since this
6853 display type doesn't provide any window or graphical console like
6854 the other types, for practical reasons it should be paired with
6856 This display type is only supported by QEMU domains
6861 path to a host's DRI device to be used for OpenGL rendering.
6862 </p>
6863 <pre>
6868 </pre>
6869 </dd>
6870 </dl>
6871 </dd>
6872 </dl>
6874 <p>
6876 the device should listen for clients. It has a mandatory attribute
6880 Available types are:
6881 </p>
6882 <dl>
6884 <dd>
6885 <p>
6886 Tells a graphics device to use an address specified in the
6888 or hostname (which will be resolved to an IP address via a DNS query)
6889 to listen on.
6890 </p>
6891 <p>
6894 </p>
6895 <p>
6898 If both are provided they must be equal.
6899 </p>
6900 </dd>
6902 <dd>
6903 <p>
6905 attribute from libvirt's list of configured networks. The named network
6906 configuration will be examined to determine an appropriate listen
6907 address and the address will be stored in live XML in <code>address
6908 </code> attribute. For example, if the network has an IPv4 address in
6911 address listed in the network's configuration will be used.
6912 If the network is describing a host bridge, the first IPv4 address
6913 associated with that bridge device will be used, and if the network is
6914 describing one of the 'direct' (macvtap) modes, the first IPv4 address
6915 of the first forward dev will be used.
6916 </p>
6917 </dd>
6919 <dd>
6920 <p>
6921 This listen type tells a graphics server to listen on unix socket.
6923 attribute is omitted libvirt will generate this path for you.
6925 </p>
6926 <p>
6932 </p>
6933 </dd>
6935 <dd>
6936 <p>
6937 This listen type doesn't have any other attribute. Libvirt supports
6938 passing a file descriptor through our APIs virDomainOpenGraphics() and
6939 virDomainOpenGraphicsFD(). No other listen types are allowed if this
6940 one is used and the graphics device doesn't listen anywhere. You need
6941 to use one of the two APIs to pass a FD to QEMU in order to connect to
6944 </p>
6945 </dd>
6946 </dl>
6949 <p>
6950 A video device.
6951 </p>
6953 <pre>
6954 ...
6962 ...</pre>
6964 <dl>
6966 <dd>
6967 <p>
6972 type.
6973 </p>
6974 <p>
6978 video device in domain xml is the primary one, but the optional
6980 with value 'yes' can be used to mark the primary in cases of multiple
6981 video device. The non-primary must be type of "qxl" or
6983 </p>
6984 </dd>
6987 <dd>
6988 <p>
6995 depending on the hypervisor features available.
6997 to add a default video device in the guest (see the paragraph above).
6998 This legacy behaviour can be inconvenient in cases where GPU mediated
6999 devices are meant to be the only rendering device within a guest and
7003 how to add a mediated device into a guest.
7004 </p>
7005 <p>
7006 You can provide the amount of video memory in kibibytes (blocks of
7009 value is provided the default is used. If the size is not a power of
7010 two it will be rounded to closest one.
7011 </p>
7012 <p>
7015 </p>
7016 <p>
7025 the size of VGA framebuffer for fallback mode of QXL device.
7027 extends secondary bar and makes it addressable as 64bit memory.
7028 </p>
7029 </dd>
7032 <dd>
7033 Configure if video acceleration should be enabled.
7034 <dl>
7043 </dl>
7044 </dd>
7047 <dd>
7049 tie the video device to a particular PCI slot.
7053 </dd>
7056 <dd>
7058 <dl>
7060 <dd>
7063 </dd>
7065 <dd>
7066 Control how the video devices exposed to the guest using the
7068 At present, it's only applicable to the bhyve's "gop" video model type
7070 </dd>
7071 </dl>
7072 </dd>
7073 </dl>
7077 <p>
7078 A character device provides a way to interact with the virtual machine.
7079 Paravirtualized consoles, serial ports, parallel ports and channels are
7080 all classed as character devices and so represented using the same syntax.
7081 </p>
7083 <pre>
7084 ...
7109 ...</pre>
7111 <p>
7112 In each of these directives, the top-level element name (parallel, serial,
7113 console, channel) describes how the device is presented to the guest. The
7115 </p>
7117 <p>
7119 attribute of the top-level element. The host interface is
7121 </p>
7123 <p>
7126 is done on the socket path. If this element is not present,
7128 the per-domain setting</a>.
7129 </p>
7131 <p>
7135 the file should be preserved on domain restart. Allowed values are
7137 </p>
7139 <p>
7141 have an optional log file associated with them. This is
7144 attribute which takes the same values described above.
7146 </p>
7148 <pre>
7149 ...
7151 ...</pre>
7153 <p>
7154 Each character device element has an optional
7156 device to a
7158 slot.
7159 </p>
7161 <p>
7164 which configures reconnect timeout if the connection is lost.
7170 </p>
7174 <p>
7175 A character device presents itself to the guest as one of the following
7176 types.
7177 </p>
7181 <pre>
7182 ...
7189 ...</pre>
7191 <p>
7193 specifies the port number. Ports are numbered starting from 0. There are
7195 </p>
7199 <pre>
7200 ...
7208 ...</pre>
7210 <pre>
7211 ...
7221 ...</pre>
7223 <p>
7225 attribute, which specifies the port number (starting from 0), and an
7235 available as well.
7236 </p>
7238 <p>
7252 </p>
7254 <p>
7255 If any of the attributes is not specified by the user, libvirt will
7256 choose a value suitable for most users.
7257 </p>
7259 <p>
7260 Most target types support configuring the guest-visible device
7267 address.
7268 </p>
7270 <p>
7271 For the relationship between serial ports and consoles,
7273 </p>
7277 <pre>
7278 ...
7286 ...</pre>
7288 <pre>
7289 ...
7297 ...</pre>
7299 <p>
7301 serial consoles. Depending on the type of guest in use and the specifics
7304 device.
7305 </p>
7307 <p>
7315 (available when the corresponding hypervisor is in use).
7317 s390x QEMU guests) are supported for compatibility reasons but should
7321 </p>
7323 <p>
7325 that it doesn't represents a separate device, but rather the same
7329 </p>
7331 <p>
7333 from inside the guest; for more information, see
7334 <a href="http://fedoraproject.org/wiki/Features/VirtioSerial">http://fedoraproject.org/wiki/Features/VirtioSerial</a>.
7336 </p>
7338 <p>
7339 For the relationship between serial ports and consoles,
7341 </p>
7343 <h6><a id="elementCharSerialAndConsole">Relationship between serial ports and consoles</a></h6>
7345 <p>
7348 </p>
7350 <p>
7351 In general, both elements are used to configure one or more serial
7352 consoles to be used for interacting with the guest. The main difference
7355 for paravirtualized ones.
7356 </p>
7358 <p>
7359 Both emulated and paravirtualized serial consoles have advantages and
7360 disadvantages:
7361 </p>
7363 <ul>
7364 <li>
7365 emulated serial consoles are usually initialized much earlier than
7366 paravirtualized ones, so they can be used to control the bootloader
7367 and display both firmware and early boot messages;
7368 </li>
7369 <li>
7370 on several platforms, there can only be a single emulated serial
7371 console per guest but paravirtualized consoles don't suffer from the
7372 same limitation.
7373 </li>
7374 </ul>
7376 <p>
7377 A configuration such as:
7378 </p>
7380 <pre>
7381 ...
7390 ...</pre>
7392 <p>
7393 will work on any platform and will result in one emulated serial console
7394 for early boot logging / interactive / recovery use, and one
7395 paravirtualized serial console to be used eg. as a side channel. Most
7397 element in their configuration.
7398 </p>
7400 <p>
7401 Note that, due to the compatibility concerns mentioned earlier, all the
7402 following configurations:
7403 </p>
7405 <pre>
7406 ...
7410 ...</pre>
7412 <pre>
7413 ...
7417 ...</pre>
7419 <pre>
7420 ...
7425 ...</pre>
7427 <p>
7428 will be treated the same and will result in a single emulated serial
7429 console being available to the guest.
7430 </p>
7434 <p>
7435 This represents a private communication channel between the host and the
7436 guest.
7437 </p>
7439 <pre>
7440 ...
7459 ...</pre>
7461 <p>
7462 This can be implemented in a variety of ways. The specific type of
7466 </p>
7468 <dl>
7470 <dd>TCP traffic sent by the guest to a given IP address and port is
7476 <dd>Paravirtualized virtio channel. Channel is exposed in the guest under
7478 /dev/virtio-ports/$name (for more info, please see
7479 <a href="http://fedoraproject.org/wiki/Features/VirtioSerial">http://fedoraproject.org/wiki/Features/VirtioSerial</a>). The
7484 then libvirt can interact with a guest agent installed in the
7485 guest, for actions such as guest shutdown or file system quiescing.
7488 it is possible to have source path auto generated for virtio unix channels.
7489 This is very useful in case of a qemu guest agent, where users don't
7490 usually care about the source path since it's libvirt who talks to
7491 the guest agent. In case users want to utilize this feature, they should
7495 guest is active on the channel. This is an output-only attribute.
7498 </dd>
7500 <dd> Paravirtualized Xen channel. Channel is exposed in the guest as a
7501 Xen console but identified with a name. Setup and consumption of a Xen
7502 channel depends on software and configuration in the guest
7503 (for more info, please see <a href="http://xenbits.xen.org/docs/unstable/misc/channel.txt">http://xenbits.xen.org/docs/unstable/misc/channel.txt</a>).
7504 Channel source path semantics are the same as the virtio target type.
7506 lack the necessary probing mechanism.
7508 </dd>
7510 <dd>Paravirtualized SPICE channel. The domain must also have a
7512 device</a>, at which point the host piggy-backs messages
7514 element must be present, with
7517 access to the channel, and defaults
7522 </dl>
7526 <p>
7527 A character device presents itself to the host as one of the following
7528 types.
7529 </p>
7533 <p>
7534 This disables all input on the character device, and sends output
7535 into the virtual machine's logfile
7536 </p>
7538 <pre>
7539 ...
7545 ...</pre>
7550 <p>
7551 A file is opened and all data sent to the character
7552 device is written to the file.
7553 </p>
7555 <pre>
7556 ...
7563 ...</pre>
7567 <p>
7568 Connects the character device to the graphical framebuffer in
7569 a virtual console. This is typically accessed via a special
7570 hotkey sequence such as "ctrl+alt+3"
7571 </p>
7573 <pre>
7574 ...
7580 ...</pre>
7584 <p>
7585 Connects the character device to the void. No data is ever
7586 provided to the input. All data written is discarded.
7587 </p>
7589 <pre>
7590 ...
7596 ...</pre>
7600 <p>
7601 A Pseudo TTY is allocated using /dev/ptmx. A suitable client
7602 such as 'virsh console' can connect to interact with the
7603 serial port locally.
7604 </p>
7606 <pre>
7607 ...
7614 ...</pre>
7616 <p>
7618 path is also duplicated as an attribute tty='/dev/pts/3'
7621 </p>
7625 <p>
7626 The character device is passed through to the underlying
7627 physical character device. The device types must match,
7628 eg the emulated serial port should only be connected to
7629 a host serial port - don't connect a serial port to a parallel
7630 port.
7631 </p>
7633 <pre>
7634 ...
7641 ...</pre>
7645 <p>
7646 The character device writes output to a named pipe. See pipe(7) for
7647 more info.
7648 </p>
7650 <pre>
7651 ...
7658 ...</pre>
7662 <p>
7663 The character device acts as a TCP client connecting to a
7664 remote server.
7665 </p>
7667 <pre>
7668 ...
7676 ...</pre>
7678 <p>
7679 Or as a TCP server waiting for a client connection.
7680 </p>
7682 <pre>
7683 ...
7691 ...</pre>
7693 <p>
7696 for the connection.
7697 </p>
7698 <p>
7701 (via secure sockets layer) as the transport protocol for connections.
7702 </p>
7704 <pre>
7705 ...
7712 ...
7719 ...</pre>
7721 <p>
7724 TCP communication channel would utilize a hypervisor configured
7725 TLS X.509 certificate environment in order to encrypt the data
7726 channel. For the QEMU hypervisor, usage of a TLS environment can
7732 will use the host configured TLS environment.
7734 attribute is set to "yes", then libvirt will attempt to use the
7737 </p>
7738 <pre>
7739 ...
7747 ...</pre>
7751 <p>
7752 The character device acts as a UDP netconsole service,
7753 sending and receiving packets. This is a lossy service.
7754 </p>
7756 <pre>
7757 ...
7765 ...</pre>
7769 <p>
7770 The character device acts as a UNIX domain socket server,
7771 accepting connections from local clients.
7772 </p>
7774 <pre>
7775 ...
7782 ...</pre>
7786 <p>
7787 The character device is accessible through spice connection
7790 </p>
7791 <p>
7792 Note: depending on the hypervisor, spiceports might (or might not)
7794 graphics</a>.
7795 </p>
7797 <pre>
7798 ...
7805 ...</pre>
7809 <p>
7810 The nmdm device driver, available on FreeBSD, provides two
7811 tty devices connected together by a virtual null modem cable.
7813 </p>
7815 <pre>
7816 ...
7822 ...</pre>
7824 <p>
7826 </p>
7828 <dl>
7830 <dd>Master device of the pair, that is passed to the hypervisor.
7831 Device is specified by a fully qualified path.</dd>
7834 <dd>Slave device of the pair, that is passed to the clients for connection
7835 to the guest console. Device is specified by a fully qualified path.</dd>
7836 </dl>
7840 <p>
7841 A virtual sound card can be attached to the host via the
7843 </p>
7845 <pre>
7846 ...
7850 ...</pre>
7852 <dl>
7854 <dd>
7857 Valid values are specific to the underlying hypervisor, though typical
7858 choices are 'es1370', 'sb16', 'ac97', 'ich6' and 'usb'.
7862 </dd>
7863 </dl>
7865 <p>
7869 codecs to the audio device. If not specified, a default codec
7870 will be attached to allow playback and recording.
7871 </p>
7872 <p>
7873 Valid values are:
7874 </p>
7875 <p>
7876 <ul>
7879 <li>'output' - advertise a line-out
7881 </ul>
7882 </p>
7884 <pre>
7885 ...
7891 ...</pre>
7893 <p>
7896 device to a particular PCI
7898 </p>
7902 <p>
7903 A virtual hardware watchdog device can be added to the guest via
7906 </p>
7908 <p>
7909 The watchdog device requires an additional driver and management
7910 daemon in the guest. Just enabling the watchdog in the libvirt
7911 configuration does not do anything useful on its own.
7912 </p>
7914 <p>
7915 Currently libvirt does not support notification when the
7916 watchdog fires. This feature is planned for a future version of
7917 libvirt.
7918 </p>
7920 <pre>
7921 ...
7925 ...</pre>
7927 <pre>
7928 ...
7934 <dl>
7936 <dd>
7937 <p>
7939 watchdog device is emulated. Valid values are specific to the
7940 underlying hypervisor.
7941 </p>
7942 <p>
7943 QEMU and KVM support:
7944 </p>
7945 <ul>
7946 <li>'i6300esb' - the recommended device,
7949 <li>'diag288' - emulating an S390 DIAG288 device
7951 </ul>
7952 </dd>
7954 <dd>
7955 <p>
7957 action to take when the watchdog expires. Valid values are
7958 specific to the underlying hypervisor.
7959 </p>
7960 <p>
7961 QEMU and KVM support:
7962 </p>
7963 <ul>
7965 <li>'shutdown' - gracefully shutdown the guest
7966 (not recommended) </li>
7970 <li>'dump' - automatically dump the guest
7972 <li>'inject-nmi' - inject a non-maskable interrupt
7973 into the guest
7975 </ul>
7976 <p>
7977 Note 1: the 'shutdown' action requires that the guest
7978 is responsive to ACPI signals. In the sort of situations
7979 where the watchdog has expired, guests are usually unable
7980 to respond to ACPI signals. Therefore using 'shutdown'
7981 is not recommended.
7982 </p>
7983 <p>
7984 Note 2: the directory to save dump files can be configured
7986 </p>
7987 </dd>
7988 </dl>
7992 <p>
7993 A virtual memory balloon device is added to all Xen and KVM/QEMU
7995 It will be automatically added when appropriate, so there is no
7996 need to explicitly add this element in the guest XML unless a
7997 specific PCI slot needs to be assigned.
8000 memballoon device needs to be explicitly disabled,
8002 </p>
8004 <p>
8005 Example: automatically added device with KVM
8006 </p>
8007 <pre>
8008 ...
8012 ...</pre>
8014 <p>
8015 Example: manually added device with static PCI slot 2 requested
8016 </p>
8017 <pre>
8018 ...
8028 <dl>
8030 <dd>
8031 <p>
8033 of balloon device is provided. Valid values are specific to
8034 the virtualization platform
8035 </p>
8036 <ul>
8041 </ul>
8043 for more details.
8044 </dd>
8046 <dd>
8047 <p>
8050 QEMU virtio memory balloon to release some memory at the last moment
8051 before a guest's process get killed by Out of Memory killer.
8053 </p>
8054 </dd>
8056 <dd>
8057 <p>
8059 driver to provide statistics through the <code>virsh dommemstat
8060 [domain]</code> command. By default, collection is not enabled. In
8061 order to enable, use the <code>virsh dommemstat [domain] --period
8066 for a running domain will only be made to the active guest. If the
8067 QEMU driver is not at the right revision, the attempt to set the
8068 period will fail. Large values (e.g. many years) might be ignored.
8070 </p>
8071 </dd>
8073 <dd>
8077 </dd>
8078 </dl>
8081 <p>
8082 The virtual random number generator device allows the host to pass
8083 through entropy to guest operating systems.
8085 </p>
8087 <p>
8088 Example: usage of the RNG device:
8089 </p>
8090 <pre>
8091 ...
8103 ...
8104 </pre>
8105 <dl>
8107 <dd>
8108 <p>
8110 of RNG device is provided. Valid values are specific to
8111 the virtualization platform:
8112 </p>
8113 <ul>
8117 </ul>
8119 for more details.
8120 </dd>
8122 <dd>
8123 <p>
8125 which entropy can be consumed from the source. The mandatory
8128 specifies the duration of a period in milliseconds; if omitted, the
8131 </p>
8132 </dd>
8134 <dd>
8135 <p>
8137 to be used for the domain. The source model is configured using the
8139 </p>
8140 <dl>
8142 <dd>
8143 <p>
8144 This backend type expects a non-blocking character device
8145 as input. The file name is specified as contents of the
8149 the only accepted paths. When no file name is specified,
8150 the hypervisor default is used. For QEMU, the default is
8154 </p>
8155 </dd>
8157 <dd>
8158 <p>
8159 This backend connects to a source using the EGD protocol.
8160 The source is specified as a character device. Refer to
8162 for more information.
8163 </p>
8164 </dd>
8165 </dl>
8166 </dd>
8168 <dd>
8170 <dl>
8172 <dd>
8175 </dd>
8176 </dl>
8177 </dd>
8179 </dl>
8183 <p>
8184 The TPM device enables a QEMU guest to have access to TPM
8185 functionality. The TPM device may either be a TPM 1.2 or
8186 a TPM 2.0.
8187 </p>
8188 <p>
8189 The TPM passthrough device type provides access to the host's TPM
8190 for one QEMU guest. No other software may be using the TPM device,
8191 typically /dev/tpm0, at the time the QEMU guest is started.
8193 </p>
8195 <p>
8196 Example: usage of the TPM passthrough device
8197 </p>
8198 <pre>
8199 ...
8207 ...
8208 </pre>
8210 <p>
8211 The emulator device type gives access to a TPM emulator providing
8212 TPM functionality for each VM. QEMU talks to it over a Unix socket. With
8213 the emulator device type each guest gets its own private TPM.
8215 </p>
8216 <p>
8217 Example: usage of the TPM Emulator
8218 </p>
8219 <pre>
8220 ...
8227 ...
8228 </pre>
8229 <dl>
8231 <dd>
8232 <p>
8234 model QEMU provides to the guest. If no model name is provided,
8238 backend device is a TPM 2.0.
8239 </p>
8240 </dd>
8242 <dd>
8243 <p>
8245 TPM device. The following types are supported:
8246 </p>
8247 <dl>
8249 <dd>
8250 <p>
8251 Use the host's TPM device.
8252 </p>
8253 <p>
8254 This backend type requires exclusive access to a TPM device on
8255 the host. An example for such a device is /dev/tpm0. The fully
8256 qualified file name is specified by path attribute of the
8258 /dev/tpm0 is automatically used.
8259 </p>
8260 </dd>
8261 </dl>
8262 <dl>
8264 <dd>
8265 <p>
8266 For this backend type the 'swtpm' TPM Emulator must be installed on the
8267 host. Libvirt will automatically start an independent TPM emulator
8268 for each QEMU guest requesting access to it.
8269 </p>
8270 </dd>
8271 </dl>
8272 </dd>
8274 <dd>
8275 <p>
8277 of the TPM. By default a TPM 1.2 is created. This attribute
8279 versions are supported:
8280 </p>
8281 <ul>
8284 </ul>
8285 </dd>
8286 </dl>
8289 <p>
8290 nvram device is always added to pSeries guest on PPC64, and its address
8293 enable the address setting.
8294 </p>
8295 <p>
8296 Example: usage of NVRAM configuration
8297 </p>
8298 <pre>
8299 ...
8305 ...
8306 </pre>
8307 <dl>
8309 <dd>
8310 <p>
8311 VIO device address type, only valid for PPC64.
8312 </p>
8313 </dd>
8315 <dd>
8316 <p>
8317 Device address
8318 </p>
8319 </dd>
8320 </dl>
8323 <p>
8324 panic device enables libvirt to receive panic notification from a QEMU
8325 guest.
8327 </p>
8328 <p>
8329 This feature is always enabled for:
8330 </p>
8331 <ul>
8334 </ul>
8335 <p>
8336 For the guest types listed above, libvirt automatically adds a
8338 </p>
8339 <p>
8340 Example: usage of panic configuration
8341 </p>
8342 <pre>
8343 ...
8350 ...
8351 </pre>
8352 <dl>
8354 <dd>
8355 <p>
8357 of panic device is provided. The panic model used when this attribute
8358 is missing depends on the hypervisor and guest arch.
8359 </p>
8360 <ul>
8363 <li>'hyperv' - for Hyper-V crash CPU feature.
8365 <li>'s390' - default for S390 guests.
8367 </ul>
8368 </dd>
8370 <dd>
8371 <p>
8372 address of panic. The default ioport is 0x505. Most users
8373 don't need to specify an address, and doing so is forbidden
8374 altogether for s390, pseries and hyperv models.
8375 </p>
8376 </dd>
8377 </dl>
8381 <p>
8382 A shared memory device allows to share a memory region between
8383 different virtual machines and the host.
8385 </p>
8387 <pre>
8388 ...
8401 ...
8402 </pre>
8404 <dl>
8406 <dd>
8411 </dd>
8413 <dd>
8415 specifies the model of the underlying device providing the
8418 deprecated by newer QEMU in favour of the -plain and -doorbell variants),
8421 </dd>
8423 <dd>
8426 </dd>
8428 <dd>
8430 socket the device is supposed to connect to. The optional
8433 </dd>
8435 <dd>
8437 respectively) MSI interrupts. This option can currently be used only
8439 attribute can be used to specify the number of interrupt
8442 </dd>
8443 </dl>
8447 <p>
8448 In addition to the initial memory assigned to the guest, memory devices
8449 allow additional memory to be assigned to the guest in the form of
8450 memory modules.
8452 A memory device can be hot-plugged or hot-unplugged depending on the
8453 guests' memory resource needs.
8455 Some hypervisors may require NUMA configured for the guest.
8456 </p>
8458 <p>
8459 Example: usage of the memory devices
8460 </p>
8461 <pre>
8462 ...
8508 ...
8509 </pre>
8510 <dl>
8512 <dd>
8513 <p>
8518 </p>
8519 </dd>
8522 <dd>
8523 <p>
8526 capability to fine tune mapping of the memory on per
8527 module basis. Values are the same as
8530 </p>
8531 </dd>
8534 <dd>
8535 <p>
8538 capability to fine tune discard of data on per module
8542 This attribute is allowed only for
8544 </p>
8545 </dd>
8548 <dd>
8549 <p>
8551 fine tune the source of the memory used for the given memory device.
8552 If the element is not provided defaults configured via
8554 then the following optional elements can be provided as well:
8555 </p>
8557 <dl>
8559 <dd>
8560 <p>
8561 This element can be used to override the default
8562 host page size used for backing the memory device.
8563 The configured value must correspond to a page size
8564 supported by the host.
8565 </p>
8566 </dd>
8569 <dd>
8570 <p>
8571 This element can be used to override the default
8572 set of NUMA nodes where the memory would be
8573 allocated.
8574 </p>
8575 </dd>
8576 </dl>
8578 <p>
8581 the host that backs the nvdimm module in the guest. The following
8582 optional elements may be used:
8583 </p>
8585 <dl>
8587 <dd>
8588 <p>
8590 alignment used to mmap the address range for the backend
8592 For example, to mmap a real NVDIMM device a 2M-aligned page may
8593 be required.
8595 </p>
8596 </dd>
8599 <dd>
8600 <p>
8601 If persistent memory is supported and enabled by the hypervisor
8602 in order to guarantee the persistence of writes to the vNVDIMM
8604 utilize the feature.
8606 </p>
8607 </dd>
8608 </dl>
8609 </dd>
8612 <dd>
8613 <p>
8615 sizing of the added memory from the perspective of the guest.
8616 </p>
8617 <p>
8619 added memory as a scaled integer.
8620 </p>
8621 <p>
8623 attach the memory to. The element shall be used only if the guest has
8624 NUMA nodes configured.
8625 </p>
8626 <p>
8627 The following optional elements may be used:
8628 </p>
8630 <dl>
8632 <dd>
8633 <p>
8634 For NVDIMM type devices one can optionally use
8636 to configure the size of namespaces label storage
8638 has usual meaning described
8640 For QEMU domains the following restrictions apply:
8641 </p>
8642 <ol>
8644 <li>the remaining size (total-size - label-size) will be aligned
8646 </ol>
8647 </dd>
8650 <dd>
8651 <p>
8653 as read-only. Only the real NVDIMM device backend can guarantee
8654 the guest write persistence, so other backend types should use
8657 </p>
8658 </dd>
8659 </dl>
8660 </dd>
8661 </dl>
8665 <p>
8668 </p>
8670 <p>
8671 Example:
8672 </p>
8673 <pre>
8674 ...
8680 ...
8681 </pre>
8682 <dl>
8684 <dd>
8685 <p>
8688 ARM virt guests).
8689 </p>
8690 </dd>
8692 <dd>
8693 <p>
8695 additional options, some of which might only be available for
8696 certain IOMMU models:
8697 </p>
8698 <dl>
8700 <dd>
8701 <p>
8704 turn on interrupt remapping, a part of the VT-d functionality.
8705 Currently this requires split I/O APIC
8708 </p>
8709 </dd>
8711 <dd>
8712 <p>
8715 turn on the VT-d caching mode (useful for assigned devices).
8717 </p>
8718 </dd>
8720 <dd>
8721 <p>
8724 configure Extended Interrupt Mode. A q35 domain with
8725 split I/O APIC (as described in
8727 and both interrupt remapping and EIM turned on for
8728 the IOMMU, will be able to use more than 255 vCPUs.
8730 </p>
8731 </dd>
8733 <dd>
8734 <p>
8737 turn on the IOTLB used to cache address translation
8738 requests from devices.
8740 </p>
8741 </dd>
8742 </dl>
8743 </dd>
8744 </dl>
8751 'virtio-non-transitional', see
8753 for more details.
8755 element specifies the CID assigned to the guest. If the attribute
8757 will assign a free CID automatically on domain startup.
8760 <pre>
8761 ...
8767 ...</pre>
8772 <p>
8774 operation of the security drivers. There are three basic
8775 modes of operation, 'dynamic' where libvirt automatically
8776 generates a unique security label, 'static' where the
8777 application/administrator chooses the labels, or 'none'
8778 where confinement is disabled. With dynamic
8779 label generation, libvirt will always automatically
8780 relabel any resources associated with the virtual machine.
8781 With static label assignment, by default, the administrator
8782 or application must ensure labels are set correctly on any
8783 resources, however, automatic relabeling can be enabled
8786 </p>
8788 <p>
8789 If more than one security driver is used by libvirt, multiple
8791 the security driver referenced by each tag can be defined using
8793 </p>
8795 <p>
8796 Valid input XML configurations for the top-level security label
8797 are:
8798 </p>
8800 <pre>
8816 </pre>
8818 <p>
8819 If no 'type' attribute is provided in the input XML, then
8820 the security driver default setting will be used, which
8821 may be either 'none' or 'dynamic'. If a 'baselabel' is set
8822 but no 'type' is set, then the type is presumed to be 'dynamic'
8823 </p>
8825 <p>
8826 When viewing the XML for a running guest with automatic
8827 resource relabeling active, an additional XML element,
8829 output-only element, so will be ignored in user supplied
8830 XML documents
8831 </p>
8832 <dl>
8835 to determine whether libvirt automatically generates a unique security
8836 label or not.
8837 </dd>
8839 <dd>A valid security model name, matching the currently
8840 activated security model
8841 </dd>
8846 </dd>
8848 <dd>If static labelling is used, this must specify the full
8849 security label to assign to the virtual domain. The format
8850 of the content depends on the security driver in use:
8851 <ul>
8854 <li>
8855 DAC: owner and group separated by colon. They can be
8856 defined both as user/group names or uid/gid. The driver will first
8857 try to parse these values as names, but a leading plus sign can
8858 used to force the driver to parse them as uid or gid.
8859 </li>
8860 </ul>
8861 </dd>
8863 <dd>If dynamic labelling is used, this can optionally be
8864 used to specify the base security label that will be used to generate
8865 the actual label. The format of the content depends on the security
8866 driver in use.
8869 baselabel in the generated label. Other fields are inherited from
8870 the parent process when using SELinux baselabels.
8874 </dd>
8876 <dd>This is an output only element, which shows the
8877 security label used on resources associated with the virtual domain.
8878 The format of the content depends on the security driver in use
8879 </dd>
8880 </dl>
8882 <p>When relabeling is in effect, it is also possible to fine-tune
8883 the labeling done for specific source file names, by either
8884 disabling the labeling (useful if the file lives on NFS or other
8885 file system that lacks security labeling) or requesting an
8886 alternate label (useful when a management application creates a
8887 special label to allow sharing of some, but not all, resources
8890 rather than the top-level domain assignment, only the
8895 domains on disks where labeling was skipped due to the image
8896 being on a file system that lacks security labeling.
8897 </p>
8902 whether the guest will be allowed to perform the S390 cryptographic key
8903 management operations. A clear key can be protected by encrypting it
8904 under a unique wrapping key that is generated for each guest VM running
8905 on the host. Two variations of wrapping keys are generated: one version
8906 for encrypting protected keys using the DEA/TDEA algorithm, and another
8907 version for keys encrypted using the AES algorithm. If a
8909 access to both AES and DEA/TDEA key wrapping by default.</p>
8911 <pre>
8913 ...
8917 ...
8919 </pre>
8920 <p>
8923 </p>
8924 <dl>
8927 for encrypting a protected key. The values supported for this attribute
8931 management operations should be turned on for the specified encryption
8933 </dd>
8934 </dl>
8940 <p>
8942 is used to provide the guest owners input used for creating an encrypted
8943 VM using the AMD SEV feature (Secure Encrypted Virtualization).
8945 SEV is an extension to the AMD-V architecture which supports running
8946 encrypted virtual machine (VMs) under the control of KVM. Encrypted
8947 VMs have their pages (code and data) secured such that only the guest
8948 itself has access to the unencrypted version. Each encrypted VM is
8949 associated with a unique encryption key; if its data is accessed to a
8950 different entity using a different key the encrypted guests data will
8951 be incorrectly decrypted, leading to unintelligible data.
8953 For more information see various input parameters and its format see the
8956 </p>
8957 <pre>
8959 ...
8967 ...
8969 </pre>
8971 <dl>
8976 from the domain capabilities.
8977 </dd>
8981 reduced-phys-bit</code> is hypervisor dependent and can be obtained
8983 </dd>
8986 which must be maintained by the SEV firmware. This policy is enforced by
8987 the firmware and restricts what configuration and operational commands
8988 can be performed on this guest by the hypervisor. The guest policy
8989 provided during guest launch is bound to the guest and cannot be changed
8990 throughout the lifetime of the guest. The policy is also transmitted
8991 during snapshot and migration flows and enforced on the destination platform.
8993 The guest policy is a 4 unsigned byte with the fields shown in Table:
8996 <tr>
8999 </tr>
9000 <tr>
9003 </tr>
9004 <tr>
9007 </tr>
9008 <tr>
9011 </tr>
9012 <tr>
9015 </tr>
9016 <tr>
9018 <td> The guest must not be transmitted to another platform that is
9019 not in the domain when set. </td>
9020 </tr>
9021 <tr>
9023 <td> The guest must not be transmitted to another platform that is
9024 not SEV capable when set. </td>
9025 </tr>
9026 <tr>
9029 </tr>
9030 <tr>
9032 <td> The guest must not be transmitted to another platform with a
9033 lower firmware version. </td>
9034 </tr>
9035 </table>
9037 </dd>
9040 base64 encoded Diffie-Hellman (DH) key. The key is used to negotiate a
9041 master secret key between the SEV firmware and guest owner. This master
9042 secret key is then used to establish a trusted channel between SEV
9043 firmware and guest owner.
9044 </dd>
9047 base64 encoded session blob defined in the SEV API spec.
9049 See SEV spec LAUNCH_START section for the session blob format.
9050 </dd>
9051 </dl>
9055 <p>
9056 Example configurations for each driver are provide on the
9057 driver specific pages listed below
9058 </p>
9060 <ul>
9063 </ul>
9064 </body>
9065 </html>