| blob | fcb7c59c00d8aa815ff30a7a931bfb32f89d5858 |
4 <body>
9 <p>
10 This section describes the XML format used to represent domains, there are
11 variations on the format based on the kind of domains run and the options
12 used to launch them. For hypervisor specific details consult the
14 </p>
19 <p>
20 The root element required for all virtual machines is
23 specifies the hypervisor used for running
24 the domain. The allowed values are driver specific, but
27 integer identifier for the running guest machine. Inactive
28 machines have no id value.
29 </p>
34 <pre>
45 ...</pre>
47 <dl>
50 a short name for the virtual machine. This name should
51 consist only of alpha-numeric characters and is required
52 to be unique within the scope of a single host. It is
53 often used to form the filename for storing the persistent
57 a globally unique identifier for the virtual machine.
58 The format must be RFC 4122 compliant,
60 If omitted when defining/creating a new machine, a random
61 UUID is generated. It is also possible to provide the UUID
68 element can be used to add a Virtual Machine Generation ID which
69 exposes a 128-bit, cryptographically random, integer value identifier,
70 referred to as a Globally Unique Identifier (GUID) using the same
72 the guest operating system when the virtual machine is re-executing
73 something that has already executed before, such as:
75 <ul>
80 </ul>
82 The guest operating system notices the change and is then able to
83 react as appropriate by marking its copies of distributed databases
84 as dirty, re-initializing its random number generator, etc.
86 <p>
87 The libvirt XML parser will accept both a provided GUID value
89 and saved in the XML. For the transitions such as above, libvirt
90 will change the GUID before re-executing.</p></dd>
94 short description of the domain. The title should not contain
99 human readable description of the virtual machine. This data is not
100 used by libvirt in any way, it can contain any information the user
105 to store custom metadata in the form of XML
106 nodes/trees. Applications must use custom namespaces on their
107 XML nodes/trees, with only one top-level element per namespace
108 (if the application needs structure, they should have
109 sub-elements to their namespace
111 </dl>
115 <p>
116 There are a number of different ways to boot virtual machines
117 each with their own pros and cons.
118 </p>
122 <p>
123 Booting via the BIOS is available for hypervisors supporting
124 full virtualization. In this case the BIOS has a boot order
125 priority (floppy, harddisk, cdrom, network) determining where
126 to obtain/find the boot image.
127 </p>
129 <pre>
130 ...
134 <nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/nvram/guest_VARS.fd</nvram>
141 ...</pre>
143 <dl>
148 some features required by selected firmware. Accepted values are
150 The selection process scans for files describing installed
151 firmware images in specified location and uses the most specific
152 one which fulfils domain requirements. The locations in order of
153 preference (from generic to most specific one) are:
154 <ul>
158 </ul>
159 For more information refer to firmware metadata specification as
161 repository. Regular users do not need to bother.
164 uses UEFI, and it is not set when using BIOS.
166 </dd>
169 type of operating system to be booted in the virtual machine.
172 (badly named!) refers to an OS that supports the Xen 3 hypervisor
174 specifying the CPU architecture to virtualization,
177 provides details on allowed values for
181 which is specified by absolute path,
182 used to assist the domain creation process. It is used by Xen
183 fully virtualized domains as well as setting the QEMU BIOS file
189 image should be writable or read-only. The second attribute
192 memory the file should be mapped. For instance, if the loader
195 implement the Secure boot feature. Attribute
199 <dd>Some UEFI firmwares may want to use a non-volatile memory to store
200 some variables. In the host, this is represented as a file and the
201 absolute path to the file is stored in this element. Moreover, when the
202 domain is started up libvirt copies so called master NVRAM store file
204 attribute can be used to per domain override map of master NVRAM stores
205 from the config file. Note, that for transient domains if the NVRAM file
206 has been created by libvirt it is left behind and it is management
207 application's responsibility to save and remove file (if needed to be
213 times to setup a priority list of boot devices to try in turn.
214 Multiple devices of the same type are sorted according to their
215 targets while preserving the order of buses. After defining the
216 domain, its XML configuration returned by libvirt (through
217 virDomainGetXMLDesc) lists devices in the sorted order. Once sorted,
218 the first device is marked as bootable. Thus, e.g., a domain
219 configured to boot from "hd" with vdb, hda, vda, and hdc disks
220 assigned to it will boot from vda (the sorted list is vda, vdb, hda,
221 hdc). Similar domain with hdc, vda, vdb, and hda disks will boot from
222 hda (sorted disks are: hda, hdc, vda, vdb). It can be tricky to
223 configure in the desired way, which is why per-device boot elements
227 introduced and they are the preferred way providing full control over
231 </dd>
233 <dd>How to populate SMBIOS information visible in the guest.
237 SMBIOS values;
240 used to see what values are copied), or "sysinfo" (use the values in
244 </dd>
245 </dl>
246 <p>Up till here the BIOS/UEFI configuration knobs are generic enough to
247 be implemented by majority (if not all) firmwares out there. However,
248 from now on not every single setting makes sense to all firmwares. For
251 doesn't produce any output onto serial line, etc. Moreover, firmwares
252 don't usually export their capabilities for libvirt (or users) to check.
253 And the set of their capabilities can change with every new release.
254 Hence users are advised to try the settings they use before relying on
255 them in production.</p>
256 <dl>
258 <dd> Whether or not to enable an interactive boot menu prompt on guest
263 the boot menu should wait until it times out. Allowed values are numbers
266 </dd>
270 Serial Graphics Adapter which allows users to see BIOS messages
271 on a serial port. Therefore, one needs to have
276 whether and after how long the guest should start booting
277 again in case the boot fails (according to BIOS). The value is
280 </dd>
281 </dl>
285 <p>
286 Hypervisors employing paravirtualization do not usually emulate
287 a BIOS, and instead the host is responsible to kicking off the
288 operating system boot. This may use a pseudo-bootloader in the
289 host to provide an interface to choose a kernel for the guest.
293 </p>
295 <pre>
296 ...
299 ...</pre>
301 <dl>
304 a fully qualified path to the bootloader executable in the
305 host OS. This bootloader will be run to choose which kernel
306 to boot. The required output of the bootloader is dependent
310 command line arguments to be passed to the bootloader.
312 </dd>
314 </dl>
318 <p>
319 When installing a new guest OS it is often useful to boot directly
320 from a kernel and initrd stored in the host OS, allowing command
321 line arguments to be passed directly to the installer. This capability
322 is usually available for both para and full virtualized guests.
323 </p>
325 <pre>
326 ...
338 ...</pre>
340 <dl>
342 <dd>This element has the same semantics as described earlier in the
345 <dd>This element has the same semantics as described earlier in the
348 <dd>The contents of this element specify the fully-qualified path
349 to the kernel image in the host OS.</dd>
351 <dd>The contents of this element specify the fully-qualified path
352 to the (optional) ramdisk image in the host OS.</dd>
354 <dd>The contents of this element specify arguments to be passed to
355 the kernel (or installer) at boot time. This is often used to
356 specify an alternate primary console (eg serial port), or the
357 installation media source / kickstart file</dd>
359 <dd>The contents of this element specify the fully-qualified path
360 to the (optional) device tree binary (dtb) image in the host OS.
367 </dl>
371 <p>
372 When booting a domain using container based virtualization, instead
373 of a kernel / boot image, a path to the init binary is required, using
378 but will not affect init argv.
379 </p>
380 <p>
382 for each variable.
383 </p>
384 <p>
386 element.
387 </p>
388 <p>
391 either a user (resp. group) id or a name. Prefixing the user or group id with
393 this, it will be first tried as a user or group name.
394 </p>
396 <pre>
407 </pre>
410 <p>
413 </p>
415 <dl>
419 <dd>The first user ID in container will be mapped to this target user
420 ID in host.</dd>
423 </dl>
425 <pre>
430 </pre>
435 <p>
436 Some hypervisors allow control over what system information is
437 presented to the guest (for example, SMBIOS fields can be
438 populated by a hypervisor and inspected via
442 </p>
444 <pre>
445 ...
448 ...
477 ...</pre>
479 <p>
482 sub-elements, with supported values of:
483 </p>
485 <dl>
487 <dd>Sub-elements call out specific SMBIOS values, which will
488 affect the guest if used in conjunction with
493 elements that describe a field within the block. The following
494 blocks and entries are recognized:
495 <dl>
497 <dd>
498 This is block 0 of SMBIOS, with entry names drawn from:
499 <dl>
505 <dd>BIOS release date. If supplied, is in either mm/dd/yy or
506 mm/dd/yyyy format. If the year portion of the string is
509 <dd>System BIOS Major and Minor release number values
510 concatenated together as one string separated by
512 </dl>
513 </dd>
515 <dd>
516 This is block 1 of SMBIOS, with entry names drawn from:
517 <dl>
527 <dd>Universal Unique ID number. If this entry is provided
528 alongside a top-level
530 then the two values must match.</dd>
535 </dl>
536 </dd>
538 <dd>
539 This is block 2 of SMBIOS. This element can be repeated multiple
540 times to describe all the base boards; however, not all
541 hypervisors necessarily support the repetition. The element can
542 have the following children:
543 <dl>
556 </dl>
557 NB: Incorrectly supplied entries for the
561 passed as strings to the hypervisor driver.
562 </dd>
564 <dd>
566 SMBIOS, with entry names drawn from:
567 <dl>
578 </dl>
579 </dd>
581 <dd>
582 This is block 11 of SMBIOS. This element should appear once and
584 arbitrary string data. There are no restrictions on what data can
585 be provided in the entries, however, if the data is intended to be
586 consumed by an application in the guest, it is recommended to use
588 </dd>
589 </dl>
590 </dd>
591 </dl>
595 <pre>
597 ...
603 ...
605 </pre>
607 <dl>
609 <dd>The content of this element defines the maximum number of virtual
610 CPUs allocated for the guest OS, which must be between 1 and
611 the maximum supported by the hypervisor.
612 <dl>
614 <dd>
616 list of physical CPU numbers that domain process and virtual CPUs
617 can be pinned to by default. (NB: The pinning policy of domain
618 process and virtual CPUs can be specified separately by
624 will be ignored. For virtual CPUs which don't have
627 Each element in that list is either a single CPU number,
628 a range of CPU numbers, or a caret followed by a CPU number to
629 be excluded from a previous range.
631 </dd>
633 <dd>
635 be used to specify whether fewer than the maximum number of
636 virtual CPUs should be enabled.
638 </dd>
640 <dd>
642 indicate the CPU placement mode for domain process. The value can
645 specified. Using "auto" indicates the domain process will be pinned
646 to the advisory nodeset from querying numad and the value of
651 pinned to all the available physical CPUs.
653 </dd>
654 </dl>
655 </dd>
657 <dd>
658 The vcpus element allows to control state of individual vCPUs.
661 in other places such as vCPU pinning, scheduler information and NUMA
662 assignment. Note that the vCPU ID as seen in the guest may differ from
663 libvirt ID in certain cases. Valid IDs are from 0 to the maximum vCPU
670 and hotunplugged in cases when the CPU is enabled at boot. Note that
671 all disabled vCPUs must be hotpluggable. Valid values are
675 For hypervisors/platforms that require to insert multiple vCPUs at once
676 the order may be duplicated across all vCPUs that need to be
677 enabled at once. Specifying order is not necessary, vCPUs are then
678 added in an arbitrary order. If order info is used, it must be used for
679 all online vCPUs. Hypervisors may clear or update ordering information
680 during certain operations to assure valid configuration.
682 Note that hypervisors may create hotpluggable vCPUs differently from
683 boot vCPUs thus special initialization may be necessary.
685 Hypervisors may require that vCPUs enabled on boot which are not
686 hotpluggable are clustered at the beginning starting with ID 0. It may
687 be also required that vCPU 0 is always present and non-hotpluggable.
689 Note that providing state for individual CPUs may be necessary to enable
690 support of addressable vCPU hotplug and this feature may not be
691 supported by all hypervisors.
693 For QEMU the following conditions are required. vCPU 0 needs to be
694 enabled and non-hotpluggable. On PPC64 along with it vCPUs that are in
695 the same core need to be enabled as well. All non-hotpluggable CPUs
696 present at boot need to be grouped after vCPU 0.
698 </dd>
699 </dl>
702 <p>
703 IOThreads are dedicated event loop threads for supported disk
704 devices to perform block I/O requests in order to improve
705 scalability especially on an SMP host/guest with many LUNs.
707 </p>
709 <pre>
711 ...
713 ...
715 </pre>
716 <pre>
718 ...
725 ...
727 </pre>
729 <dl>
731 <dd>
732 The content of this optional element defines the number
733 of IOThreads to be assigned to the domain for use by
734 supported target storage devices. There
736 than one supported device assigned to each IOThread.
738 </dd>
740 <dd>
742 to specifically define the IOThread ID's for the domain. By default,
743 IOThread ID's are sequentially numbered starting from 1 through the
753 will be adjusted accordingly.
755 </dd>
756 </dl>
760 <pre>
762 ...
797 ...
799 </pre>
801 <dl>
803 <dd>
805 regarding the CPU tunable parameters for the domain.
807 </dd>
809 <dd>
811 physical CPUs the domain vCPU will be pinned to. If this is omitted,
813 not specified, the vCPU is pinned to all the physical CPUs by default.
817 (NB: Only qemu driver support)
819 </dd>
821 <dd>
823 physical CPUs the "emulator", a subset of a domain not including vCPU
824 or iothreads will be pinned to. If this is omitted, and attribute
826 "emulator" is pinned to all the physical CPUs by default. It contains
828 CPUs to pin to.
829 </dd>
831 <dd>
833 physical CPUs the IOThreads will be pinned to. If this is omitted
835 not specified, the IOThreads are pinned to all the physical CPUs
836 by default. There are two required attributes, the attribute
843 </dd>
845 <dd>
847 weighted share for the domain. If this is omitted, it defaults to
848 the OS provided defaults. NB, There is no unit for the value,
849 it's a relative measure based on the setting of other VM,
850 e.g. A VM configured with value
853 </dd>
855 <dd>
860 with value 0 means no value.
863 </dd>
865 <dd>
868 negative value indicates that the domain has infinite bandwidth for
869 vCPU threads, which means that it is not bandwidth controlled. The value
871 with value 0 means no value. You can use this feature to ensure that all
872 vCPUs run at the same speed.
875 </dd>
877 <dd>
879 enforcement CFS scheduler interval (unit: microseconds) for the whole
884 </dd>
886 <dd>
888 allowed bandwidth (unit: microseconds) within a period for the whole
890 value indicates that the domain has infinite bandwidth, which means that
891 it is not bandwidth controlled. The value should be in range
893 with value 0 means no value.
895 </dd>
898 <dd>
901 threads (those excluding vCPUs) of the domain will not be allowed to consume
905 </dd>
907 <dd>
909 allowed bandwidth (unit: microseconds) for domain's emulator threads (those
911 value indicates that the domain has infinite bandwidth for emulator threads
912 (those excluding vCPUs), which means that it is not bandwidth controlled.
914 quota with value 0 means no value.
916 </dd>
919 <dd>
921 enforcement interval (unit: microseconds) for IOThreads. Within
925 An iothread_period with value 0 means no value.
927 </dd>
929 <dd>
931 allowed bandwidth (unit: microseconds) for IOThreads. A domain with
933 domain IOThreads have infinite bandwidth, which means that it is
934 not bandwidth controlled. The value should be in range
936 with value 0 means no value. You can use this feature to ensure that
937 all IOThreads run at the same speed.
939 </dd>
943 <dd>
944 The optional
951 which vCPUs/IOThreads this setting applies to, leaving them out sets the
954 than the number of vCPU's defined for the
962 well (and is ignored for non-real-time ones). The value range
966 </dd>
969 <dd>
971 caches using the resctrl on the host. Whether or not is this supported
972 can be gathered from capabilities where some limitations like minimum
973 size and required granularity are reported as well. The required
976 allocation. The vCPUs specified by cachetune can be identical with those
977 in memorytune, however they are not allowed to overlap.
978 Supported subelements are:
979 <dl>
981 <dd>
982 This optional element controls the allocation of CPU cache and has
983 the following attributes:
984 <dl>
986 <dd>
987 Host cache level from which to allocate.
988 </dd>
990 <dd>
991 Host cache id from which to allocate.
992 </dd>
994 <dd>
997 for both code and data (unified). Currently the allocation can
998 be done only with the same type as the host supports, meaning
1000 (code/data prioritization) enabled.
1001 </dd>
1003 <dd>
1004 The size of the region to allocate. The value by default is in
1006 the value.
1007 </dd>
1009 <dd>
1010 If specified it is the unit such as KiB, MiB, GiB, or TiB
1014 </dd>
1015 </dl>
1016 </dd>
1018 <dd>
1020 monitor(s) for current cache allocation and has the following
1021 required attributes:
1022 <dl>
1024 <dd>
1025 Host cache level the monitor belongs to.
1026 </dd>
1028 <dd>
1029 vCPU list the monitor applies to. A monitor's vCPU list
1030 can only be the member(s) of the vCPU list of the associated
1031 allocation. The default monitor has the same vCPU list as the
1032 associated allocation. For non-default monitors, overlapping
1033 vCPUs are not permitted.
1034 </dd>
1035 </dl>
1036 </dd>
1037 </dl>
1038 </dd>
1041 <dd>
1043 memory bandwidth using the resctrl on the host. Whether or not is this
1044 supported can be gathered from capabilities where some limitations like
1045 minimum bandwidth and required granularity are reported as well. The
1047 allocation applies. A vCPU can only be member of one
1051 Supported subelements are:
1052 <dl>
1054 <dd>
1055 This element controls the allocation of CPU memory bandwidth and has the
1056 following attributes:
1057 <dl>
1059 <dd>
1060 Host node id from which to allocate memory bandwidth.
1061 </dd>
1063 <dd>
1064 The memory bandwidth to allocate from this node. The value by default
1065 is in percentage.
1066 </dd>
1067 </dl>
1068 </dd>
1069 </dl>
1070 </dd>
1071 </dl>
1076 <pre>
1078 ...
1082 ...
1084 </pre>
1086 <dl>
1088 <dd>The maximum allocation of memory for the guest at boot time. The
1089 memory allocation includes possible additional memory devices specified
1090 at start or hotplugged later.
1091 The units for this value are determined by the optional
1103 However, the value will be rounded up to the nearest kibibyte
1104 by libvirt, and may be further rounded to the granularity
1105 supported by the hypervisor. Some hypervisors also enforce a
1106 minimum, such as 4000KiB.
1112 can be used to control whether the guest memory should be
1117 (QEMU only)</span></dd>
1119 <dd>The run time maximum memory allocation of the guest. The initial
1121 the NUMA cell size configuration can be increased by hot-plugging of
1122 memory to the limit specified by this element.
1128 available for adding memory to the guest. The bounds are hypervisor
1129 specific.
1131 Note that due to alignment of the memory chunks added via memory
1132 hotplug the full size allocation specified by this element may be
1133 impossible to achieve.
1135 </dd>
1138 <dd>The actual allocation of memory for the guest. This value can
1139 be less than the maximum allocation, to allow for ballooning
1140 up the guests memory on the fly. If this is omitted, it defaults
1144 </dl>
1149 <pre>
1151 ...
1164 ...
1166 </pre>
1169 elements that influence how virtual memory pages are backed by host
1170 pages.</p>
1172 <dl>
1174 <dd>This tells the hypervisor that the guest should have its memory
1175 allocated using hugepages instead of the normal native page size.
1179 specifies which hugepages should be used (especially useful on systems
1180 supporting hugepages of different sizes). The default unit for the
1184 come handy as it ties given guest's NUMA nodes to certain hugepage
1185 sizes. From the example snippet, one gigabyte hugepages are used for
1186 every NUMA node except node number four. For the correct syntax see
1189 <dd>Instructs hypervisor to disable shared pages (memory merge, KSM) for
1192 <dd>When set and supported by the hypervisor, memory pages belonging
1193 to the domain will be locked in host's memory and the host will not
1194 be allowed to swap them out, which might be required for some
1195 workloads such as real-time. For QEMU/KVM guests, the memory used by
1196 the QEMU process itself will be locked too: unlike guest memory, this
1197 is an amount libvirt has no way of figuring out in advance, so it has
1198 to remove the limit on locked memory altogether. Thus, enabling this
1199 option opens up to a potential security risk: the host will be unable
1200 to reclaim the locked memory back from the guest when it's running out
1201 of memory, which means a malicious guest allocating large amounts of
1202 locked memory could cause a denial-of-service attack on the host.
1203 Because of this, using this option is discouraged unless your workload
1204 demands it; even then, it's highly recommended to set a
1207 suitable for the specific environment at the same time to mitigate
1211 provide "file" to utilize file memorybacking or keep the
1222 <dd>When set and supported by hypervisor the memory
1223 content is discarded just before guest shuts down (or
1224 when DIMM module is unplugged). Please note that this is
1225 just an optimization and is not guaranteed to work in
1226 all cases (e.g. when hypervisor crashes).
1228 </dd>
1229 </dl>
1234 <pre>
1236 ...
1243 ...
1245 </pre>
1247 <dl>
1250 regarding the memory tunable parameters for the domain. If this is
1251 omitted, it defaults to the OS provided defaults. For QEMU/KVM, the
1252 parameters are applied to the QEMU process as a whole. Thus, when
1253 counting them, one needs to add up guest RAM, guest video RAM, and
1254 some memory overhead of QEMU itself. The last piece is hard to
1255 determine so one needs guess and try. For each tunable, it
1256 is possible to designate which unit the number is in on
1257 input, using the same values as
1259 compatibility, output is always in
1262 Possible values for all *_limit parameters are in range from 0 to
1263 VIR_DOMAIN_MEMORY_PARAM_UNLIMITED.</dd>
1266 the guest can use. The units for this value are kibibytes (i.e. blocks
1267 of 1024 bytes). Users of QEMU and KVM are strongly advised not to set
1268 this limit as domain may get killed by the kernel if the guess is too
1269 low, and determining the memory needed for a process to run is an
1271 undecidable problem</a>; that said, if you already set
1274 workload demands it, you'll have to take into account the specifics of
1276 is large enough to support the memory requirements of your guest, but
1277 small enough to protect your host against a malicious guest locking all
1278 memory.</dd>
1281 enforce during memory contention. The units for this value are
1285 memory plus swap the guest can use. The units for this value are
1286 kibibytes (i.e. blocks of 1024 bytes). This has to be more than
1287 hard_limit value provided</dd>
1290 minimum memory allocation for the guest. The units for this value are
1291 kibibytes (i.e. blocks of 1024 bytes). This element is only supported
1292 by VMware ESX and OpenVZ drivers.</dd>
1293 </dl>
1298 <pre>
1300 ...
1306 ...
1308 </pre>
1310 <dl>
1312 <dd>
1314 how to tune the performance of a NUMA host via controlling NUMA policy
1315 for domain process. NB, only supported by QEMU driver.
1317 </dd>
1319 <dd>
1321 for the domain process on a NUMA host. It contains several optional
1323 'strict', or 'preferred', defaults to 'strict'. Attribute
1327 used to indicate the memory placement mode for domain process, its value
1330 "auto" indicates the domain process will only allocate memory from the
1331 advisory nodeset returned from querying numad, and the value of attribute
1337 be added implicitly.
1340 </dd>
1342 <dd>
1344 policies per each guest NUMA node. For those nodes having no
1347 addresses guest NUMA node for which the settings are applied.
1351 This setting is not compatible with automatic placement.
1353 </dd>
1354 </dl>
1358 <pre>
1360 ...
1376 ...
1378 </pre>
1380 <dl>
1383 to tune Blkio cgroup tunable parameters for the domain. If this is
1384 omitted, it defaults to the OS provided
1388 weight of the guest. The value should be in the range [100,
1393 that further tune the weights for each host block device in
1394 use by the domain. Note that
1396 single host block device, if they are backed by files within
1397 the same host file system, which is why this tuning parameter
1398 is at the global domain level rather than associated with each
1399 guest disk device (contrast this to
1401 element which can apply to an
1406 the relative weight of that device, in the range [100,
1409 Additionally, the following optional sub-elements can be used:
1410 <dl>
1412 <dd>Read throughput limit in bytes per second.
1415 <dd>Write throughput limit in bytes per second.
1418 <dd>Read I/O operations per second limit.
1421 <dd>Write I/O operations per second limit.
1423 </dl></dd></dl>
1428 <p>
1429 Hypervisors may allow for virtual machines to be placed into
1430 resource partitions, potentially with nesting of said partitions.
1432 related to resource partitioning. It currently supports a child
1434 of the resource partition in which to place the domain. If no
1435 partition is listed, then the domain will be placed in a default
1436 partition. It is the responsibility of the app/admin to ensure
1437 that the partition exists prior to starting the guest. Only the
1438 (hypervisor specific) default partition can be assumed to exist
1439 by default.
1440 </p>
1441 <pre>
1442 ...
1446 ...
1447 </pre>
1449 <p>
1450 Resource partitions are currently supported by the QEMU and
1451 LXC drivers, which map partition paths to cgroups directories,
1453 </p>
1457 <p>
1458 Requirements for CPU model, its features and topology can be specified
1459 using the following collection of elements.
1461 </p>
1463 <pre>
1464 ...
1472 ...</pre>
1474 <pre>
1479 ...</pre>
1481 <pre>
1485 ...</pre>
1487 <p>
1488 In case no restrictions need to be put on CPU model and its features, a
1491 </p>
1493 <pre>
1494 ...
1498 ...</pre>
1500 <dl>
1504 strictly the virtual CPU provided to the guest matches these
1510 <dl>
1512 <dd>The specified CPU model and features describes the minimum
1513 requested CPU. A better CPU will be provided to the guest if it
1514 is possible with the requested hypervisor on the current host.
1516 will not be created if the provided virtual CPU does not meet
1517 the requirements.</dd>
1520 <dd>The virtual CPU provided to the guest should exactly match the
1521 specification. If such CPU is not supported, libvirt will refuse
1522 to start the domain.</dd>
1525 <dd>The domain will not be created unless the host CPU exactly
1526 matches the specification. This is not very useful in practice
1527 and should only be used if there is a real reason.</dd>
1528 </dl>
1533 Sometimes the hypervisor is not able to create a virtual CPU exactly
1534 matching the specification passed by libvirt.
1536 attribute can be used to request a specific way of checking whether
1537 the virtual CPU matches the specification. It is usually safe to omit
1538 this attribute when starting a domain and stick with the default
1539 value. Once the domain starts, libvirt will automatically change the
1541 virtual CPU does not change when the domain is migrated to another
1542 host. The following values can be used:
1544 <dl>
1546 <dd>Libvirt does no checking and it is up to the hypervisor to
1547 refuse to start the domain if it cannot provide the requested CPU.
1548 With QEMU this means no checking is done at all since the default
1549 behavior of QEMU is to emit warnings, but start the domain anyway.
1550 </dd>
1553 <dd>Libvirt will check the guest CPU specification before starting
1554 a domain, but the rest is left on the hypervisor. It can still
1555 provide a different virtual CPU.</dd>
1558 <dd>The virtual CPU created by the hypervisor will be checked
1559 against the CPU specification and the domain will not be started
1560 unless the two CPUs match.</dd>
1561 </dl>
1564 attribute may be used to make it easier to configure a guest CPU to be
1565 as close to host CPU as possible. Possible values for the
1568 <dl>
1571 that should be presented to the guest. This is the default when no
1573 a persistent guest will see the same hardware no matter what host
1574 the guest is booted on.</dd>
1577 copying host CPU definition from capabilities XML into domain XML.
1578 Since the CPU definition is copied just before starting a domain,
1579 exactly the same XML can be used on different hosts while still
1580 providing the best guest CPU each host supports. The
1585 disabled specifically in addition to the host model. This may be
1586 used to fine tune features that can be emulated.
1588 Libvirt does not model every aspect of each CPU so
1589 the guest CPU will not match the host CPU exactly. On the other
1590 hand, the ABI provided to the guest is reproducible. During
1591 migration, complete CPU model definition is transferred to the
1592 destination host so the migrated guest will see exactly the same CPU
1593 model for the running instance of the guest, even if the destination
1594 host contains more capable CPUs or newer kernel; but shutting down and restarting
1595 the guest may present different hardware to the guest according to
1596 the capabilities of the new host. Prior to libvirt 3.2.0 and QEMU
1597 2.9.0 detection of the host CPU model via QEMU is not supported.
1599 may not work as expected.
1601 works the way it was designed and it is indicated by the
1603 host-model CPU definition advertised in
1606 in the domain capabilities XML, it is recommended to use
1609 allows processors to run VMs in binary compatibility mode supporting
1610 an older version of ISA. Libvirt on PowerPC architecture uses the
1612 binary compatibility mode. Example:
1613 When a user needs a power7 VM to run in compatibility mode
1614 on a Power8 host, this can be described in XML as follows :
1615 <pre>
1619 ...</pre>
1620 </dd>
1622 <dd>With this mode, the CPU visible to the guest should be exactly
1623 the same as the host CPU even in the aspects that libvirt does not
1624 understand. Though the downside of this mode is that the guest
1625 environment cannot be reproduced on different hardware. Thus, if you
1626 hit any bugs, you are on your own. Further details of that CPU can
1628 using host-passthrough is dangerous if the source and destination hosts
1629 are not identical in both hardware, QEMU version, microcode version
1630 and configuration. If such a migration is attempted then the guest may
1631 hang or crash upon resuming execution on the destination host.</dd>
1632 </dl>
1635 make sense when a domain can run directly on the host CPUs (for
1637 irrelevant for domains with emulated virtual CPUs (such as domains with
1640 emulated CPUs in which case the best CPU the hypervisor is able to
1641 emulate may be used rather then trying to mimic the host CPU model.
1642 </dd>
1646 requested by the guest. The list of available CPU models and their
1648 in libvirt's data directory. If a hypervisor is not able to use the
1649 exact CPU model, libvirt automatically falls back to a closest model
1650 supported by the hypervisor while maintaining the list of CPU
1653 in which case an attempt to start a domain requesting an unsupported
1658 vendor id seen by the guest. It must be exactly 12 characters long.
1659 If not set the vendor id of the host is used. Typical possible
1665 guest. If this element is missing, the guest can be run on a CPU
1666 matching given features regardless on its vendor. The list of
1671 virtual CPU provided to the guest. Three non-zero values have to be
1674 socket, and number of threads per core, respectively. Hypervisors may
1675 require that the maximum number of vCPUs specified by the
1677 from the topology.</dd>
1682 selected CPU model. The list of known feature names can be found in
1685 set to one of the following values:
1687 <dl>
1689 <dd>The virtual CPU will claim the feature is supported regardless
1690 of it being supported by host CPU.</dd>
1692 <dd>Guest creation will fail unless the feature is supported by the
1693 host CPU or the hypervisor is able to emulate it.</dd>
1695 <dd>The feature will be supported by virtual CPU if and only if it
1696 is supported by host CPU.</dd>
1700 <dd>Guest creation will fail if the feature is supported by host
1701 CPU.</dd>
1702 </dl>
1707 <p> Individual CPU feature names are specified as part of the
1709 the 'pcid' feature with Intel IvyBridge CPU model:
1710 </p>
1712 <pre>
1713 ...
1719 ...</pre>
1721 </dd>
1725 element describes the virtual CPU cache. If the element is missing,
1726 the hypervisor will use a sensible default.
1728 <dl>
1730 <dd>This optional attribute specifies which cache level is described
1731 by the element. Missing attribute means the element describes all
1734 attribute is forbidden.</dd>
1737 <dd>
1738 The following values are supported:
1739 <dl>
1744 <dd>The real CPU cache data reported by the host CPU will be
1745 passed through to the virtual CPU.</dd>
1748 <dd>The virtual CPU will report no CPU cache of the specified
1750 is missing).</dd>
1751 </dl>
1752 </dd>
1753 </dl>
1754 </dd>
1755 </dl>
1757 <p>
1760 </p>
1762 <pre>
1763 ...
1765 ...
1770 ...
1772 ...</pre>
1774 <p>
1778 in kibibytes (i.e. blocks of 1024 bytes).
1784 necessary in the code, otherwise the cells are
1787 is not recommended as it may result in unwanted behaviour.
1792 hugepages-backed memory and nvdimm modules.
1796 feature for given numa node as described under
1800 </p>
1802 <p>
1803 This guest NUMA specification is currently available only for
1804 QEMU/KVM and Xen.
1805 </p>
1807 <p>
1808 A NUMA hardware architecture supports the notion of distances
1810 is possible to define the distance between NUMA cells using the
1813 specify the distance value between sibling NUMA cells. For more
1814 details, see the chapter explaining the system's SLIT (System
1815 Locality Information Table) within the ACPI (Advanced
1816 Configuration and Power Interface) specification.
1817 </p>
1819 <pre>
1820 ...
1822 ...
1857 ...
1859 ...</pre>
1861 <p>
1862 Describing distances between NUMA cells is currently only supported
1864 the SLIT data between different cells, it will default to a scheme
1866 </p>
1870 <p>
1871 It is sometimes necessary to override the default actions taken
1872 on various events. Not all hypervisors support all events and actions.
1873 The actions may be taken as a result of calls to libvirt APIs
1876 </a>,
1879 </a>,
1880 or
1883 </a>.
1885 also trigger the event.
1886 </p>
1888 <pre>
1889 ...
1894 ...</pre>
1896 <p>
1897 The following collections of elements allow the actions to be
1898 specified when a guest OS triggers a lifecycle operation. A
1899 common use case is to force a reboot to be treated as a poweroff
1900 when doing the initial OS installation. This allows the VM to be
1901 re-configured for the first post-install bootup.
1902 </p>
1903 <dl>
1905 <dd>The content of this element specifies the action to take when
1906 the guest requests a poweroff.</dd>
1908 <dd>The content of this element specifies the action to take when
1909 the guest requests a reboot.</dd>
1911 <dd>The content of this element specifies the action to take when
1912 the guest crashes.</dd>
1913 </dl>
1915 <p>
1916 Each of these states allow for the same four possible actions.
1917 </p>
1919 <dl>
1921 <dd>The domain will be terminated completely and all resources
1922 released.</dd>
1924 <dd>The domain will be terminated and then restarted with
1925 the same configuration.</dd>
1927 <dd>The domain will be terminated and its resource preserved
1928 to allow analysis.</dd>
1930 <dd>The domain will be terminated and then restarted with
1931 a new name.</dd>
1932 </dl>
1934 <p>
1941 </p>
1943 <p>
1946 </p>
1948 <dl>
1950 <dd>The crashed domain's core will be dumped, and then the
1951 domain will be terminated completely and all resources
1952 released</dd>
1954 <dd>The crashed domain's core will be dumped, and then the
1955 domain will be restarted with the same configuration</dd>
1956 </dl>
1958 <p>
1960 be configured via the
1963 </p>
1965 <p>
1968 taken when a lock manager loses resource locks. The following
1969 actions are recognized by libvirt, although not all of them need
1970 to be supported by individual lock managers. When no action is
1971 specified, each lock manager will take its default action.
1972 </p>
1973 <dl>
1977 <dd>The domain will be powered off and started up again to
1978 reacquire its locks.</dd>
1980 <dd>The domain will be paused so that it can be manually resumed
1981 when lock issues are solved.</dd>
1984 </dl>
1988 <p>
1990 forcibly enable or disable BIOS advertisements to the guest
1991 OS. (NB: Only qemu driver support)
1992 </p>
1994 <pre>
1995 ...
2000 ...</pre>
2002 <dl>
2004 <dd>These elements enable ('yes') or disable ('no') BIOS support
2005 for S3 (suspend-to-mem) and S4 (suspend-to-disk) ACPI sleep
2006 states. If nothing is specified, then the hypervisor will be
2007 left with its default value.<br/>
2008 Note: This setting cannot prevent the guest OS from performing
2009 a suspend as the guest OS itself can choose to circumvent the
2010 unavailability of the sleep states (e.g. S4 by turning off
2011 completely).</dd>
2012 </dl>
2016 <p>
2017 Hypervisors may allow certain CPU / machine features to be
2018 toggled on/off.
2019 </p>
2021 <pre>
2022 ...
2064 ...</pre>
2066 <p>
2068 element, omitting a togglable feature tag turns it off.
2069 The available features can be found by asking
2072 but a common set for fully virtualized domains are:
2073 </p>
2075 <dl>
2080 <dd>ACPI is useful for power management, for example, with
2081 KVM guests it is required for graceful shutdown to work.
2082 </dd>
2084 <dd>APIC allows the use of programmable IRQ
2088 Interrupt) for the guest.
2089 </dd>
2094 of Hardware Assisted Paging.
2095 </dd>
2097 <dd>Enable Viridian hypervisor extensions for paravirtualizing
2098 guest operating systems
2099 </dd>
2101 <dd>Always create a private network namespace. This is
2102 automatically set if any interface devices are defined.
2103 This feature is only relevant for container based
2104 virtualization drivers, such as LXC.
2105 </dd>
2107 <dd>Enable various features improving behavior of guests
2108 running Microsoft Windows.
2110 <tr>
2115 </tr>
2116 <tr>
2121 </tr>
2122 <tr>
2127 </tr>
2128 <tr>
2133 </tr>
2134 <tr>
2139 </tr>
2140 <tr>
2145 </tr>
2146 <tr>
2151 </tr>
2152 <tr>
2157 </tr>
2158 <tr>
2163 </tr>
2164 <tr>
2169 </tr>
2170 <tr>
2175 </tr>
2176 <tr>
2181 </tr>
2182 <tr>
2187 </tr>
2188 <tr>
2193 </tr>
2194 <tr>
2199 </tr>
2200 </table>
2201 </dd>
2203 <dd>Notify the guest that the host supports paravirtual spinlocks
2204 for example by exposing the pvticketlocks mechanism. This feature
2206 attribute.
2207 </dd>
2209 <dd>Various features to change the behavior of the KVM hypervisor.
2211 <tr>
2216 </tr>
2217 <tr>
2222 </tr>
2223 <tr>
2228 </tr>
2229 </table>
2230 </dd>
2234 performance monitoring unit for the guest.
2236 </dd>
2240 the emulation of VMware IO port, for vmmouse etc.
2242 </dd>
2244 <dd>Enable for architectures using a General Interrupt
2245 Controller instead of APIC in order to handle interrupts.
2246 For example, the 'aarch64' architecture uses
2249 however, it may not be supported by all hypervisors. Accepted
2252 </dd>
2254 <dd>
2255 <p>
2258 System Management Mode.
2261 the amount of memory dedicated to SMM's extended TSEG. That offers a
2263 MiB) that the guest OS (or rather loader) can choose from. The size
2264 can be specified as a value of that element, optional attribute
2266 aforementioned value (defaults to 'MiB'). If set to 0 the extended
2267 size is not advertised and only the default ones (see above) are
2268 available.
2269 </p><p>
2270 <b>If the VM is booting you should leave this option alone, unless you
2271 are very certain you know what you are doing.</b>
2272 </p><p>
2273 This value is configurable due to the fact that the calculation cannot
2274 be done right with the guarantee that it will work correctly. In
2275 QEMU, the user-configurable extended TSEG feature was unavailable up
2282 based on the loader the VM is using.
2283 </p><p>
2284 Additional size might be needed for significantly higher vCPU counts
2285 or increased address space (that can be memory, maxMemory, 64-bit PCI
2287 which can also be rounded up.
2288 </p><p>
2289 Due to the nature of this setting being similar to "how much RAM
2290 should the guest have" users are advised to either consult the
2291 documentation of the guest OS or loader (if there is any), or test
2292 this by trial-and-error changing the value until the VM boots
2293 successfully. Yet another guiding value for users might be the fact
2296 unavailable RAM might be too much for small guests (e.g. with 512 MiB
2297 of RAM).
2298 </p><p>
2302 </p>
2303 </dd>
2305 <dd>Tune the I/O APIC. Possible values for the
2309 which is also known as a split I/O APIC mode.
2311 </dd>
2313 <dd>Configure the HPT (Hash Page Table) of a pSeries guest. Possible
2317 causes HPT resizing to be disabled regardless of guest and host
2319 starting unless both the guest and the host support HPT resizing. If
2320 the attribute is not defined, the hypervisor default will be used.
2324 limit the usable page size for HPT guests. Common values are 64 KiB,
2327 </dd>
2329 <dd>Enable QEMU vmcoreinfo device to let the guest kernel save debug
2331 </dd>
2333 <dd>Configure HTM (Hardware Transational Memory) availability for
2336 defined, the hypervisor default will be used.
2338 </dd>
2340 <dd>Configure nested HV availability for pSeries guests. This needs to
2341 be enabled from the host (L0) in order to be effective; having HV
2342 support in the (L1) guest is very desiderable if it's planned to
2343 run nested (L2) guests inside it, because it will result in those
2344 nested guests having much better performance than they would when
2345 using KVM PR or TCG.
2348 defined, the hypervisor default will be used.
2350 </dd>
2352 <dd>Some guests might require ignoring unknown
2353 Model Specific Registers (MSRs) reads and writes. It's possible
2357 will not be ignored.
2359 </dd>
2360 </dl>
2364 <p>
2365 The guest clock is typically initialized from the host clock.
2366 Most operating systems expect the hardware clock to be kept
2367 in UTC, and this is the default. Windows, however, expects
2368 it to be in so called 'localtime'.
2369 </p>
2371 <pre>
2372 ...
2379 ...</pre>
2381 <dl>
2383 <dd>
2385 values, allowing fine grained control over how the guest
2386 clock is synchronized to the host. NB, not all hypervisors
2387 support all modes.</p>
2388 <dl>
2390 <dd>
2391 The guest clock will always be synchronized to UTC when
2392 booted.
2394 to 'variable' mode, which can be controlled by using the
2396 conversion is never done (not all hypervisors can
2397 synchronize to UTC on each boot; use of 'reset' will cause
2398 an error on those hypervisors). A numeric value
2399 forces the conversion to 'variable' mode using the value as the
2401 hypervisor specific.
2402 </dd>
2404 <dd>
2405 The guest clock will be synchronized to the host's configured
2406 timezone when booted, if any.
2408 attribute behaves the same as in 'utc' mode.
2409 </dd>
2411 <dd>
2412 The guest clock will be synchronized to the requested timezone
2415 </dd>
2417 <dd>
2418 The guest clock will have an arbitrary offset applied
2420 attribute. The delta relative to UTC (or localtime) is specified
2422 The guest is free to adjust the RTC over time and expect
2423 that it will be honored at next reboot. This is in
2424 contrast to 'utc' and 'localtime' mode (with the optional
2425 attribute adjustment='reset'), where the RTC adjustments are
2428 attribute can be either 'utc' (default) or 'localtime'.
2429 </dd>
2430 </dl>
2431 <p>
2435 </p>
2436 </dd>
2438 <dd>
2439 <p>
2441 and has other optional attributes that depend on
2443 support different combinations of attributes.
2444 </p>
2445 <dl>
2447 <dd>
2449 being modified, and can be one of
2450 "platform" (currently unsupported),
2454 or "hypervclock"
2458 reference time counter and the reference page for iTSC
2459 feature for guests running the Microsoft Windows
2460 operating system.
2461 </dd>
2463 <dd>
2468 </dd>
2470 <dd>
2471 <p>
2473 happens when QEMU misses a deadline for injecting a
2474 tick to the guest:
2475 </p>
2476 <dl>
2478 <dd>Continue to deliver ticks at the normal rate.
2479 The guest time will be delayed due to the late
2480 tick</dd>
2482 <dd>Deliver ticks at a higher rate to catch up
2483 with the missed tick. The guest time should
2484 not be delayed once catchup is complete.</dd>
2486 <dd>Merge the missed tick(s) into one tick and
2487 inject. The guest time may be delayed, depending
2488 on how the OS reacts to the merging of ticks</dd>
2490 <dd>Throw away the missed tick(s) and continue
2491 with future injection normally. The guest time
2492 may be delayed, unless the OS has explicit
2493 handling of lost ticks</dd>
2494 </dl>
2497 <dl>
2499 <dd>
2501 attributes, each a positive integer. The attributes
2504 </dd>
2505 </dl>
2506 <p>
2507 Note that hypervisors are not required to support all policies across all time sources
2508 </p>
2509 </dd>
2511 <dd>
2513 integer specifying the frequency at
2515 </dd>
2517 <dd>
2521 Other timers are always emulated.
2522 </dd>
2524 <dd>
2526 specify whether a particular timer is available to the guest.
2527 </dd>
2528 </dl>
2529 </dd>
2530 </dl>
2534 <p>
2535 Some platforms allow monitoring of performance of the virtual machine and
2536 the code executed inside. To enable the performance monitoring events
2539 are then retrieved using the virConnectGetAllDomainStats API.
2541 </p>
2543 <pre>
2544 ...
2569 ...
2570 </pre>
2573 <tr>
2577 </tr>
2578 <tr>
2582 </tr>
2583 <tr>
2587 </tr>
2588 <tr>
2592 </tr>
2593 <tr>
2597 </tr>
2598 <tr>
2602 </tr>
2603 <tr>
2607 </tr>
2608 <tr>
2612 </tr>
2613 <tr>
2617 </tr>
2618 <tr>
2622 </tr>
2623 <tr>
2627 </tr>
2628 <tr>
2630 <td>the count of stalled CPU cycles in the frontend of the instruction
2631 processor pipeline by applications running on the platform</td>
2633 </tr>
2634 <tr>
2636 <td>the count of stalled CPU cycles in the backend of the instruction
2637 processor pipeline by applications running on the platform</td>
2639 </tr>
2640 <tr>
2642 <td>the count of total CPU cycles not affected by CPU frequency scaling
2643 by applications running on the platform</td>
2645 </tr>
2646 <tr>
2648 <td>the count of CPU clock time, as measured by a monotonic
2649 high-resolution per-CPU timer, by applications running on
2650 the platform</td>
2652 </tr>
2653 <tr>
2655 <td>the count of task clock time, as measured by a monotonic
2656 high-resolution CPU timer, specific to the task that
2657 is run by applications running on the platform</td>
2659 </tr>
2660 <tr>
2662 <td>the count of page faults by applications running on the
2663 platform. This includes minor, major, invalid and other
2664 types of page faults</td>
2666 </tr>
2667 <tr>
2669 <td>the count of context switches by applications running on
2670 the platform</td>
2672 </tr>
2673 <tr>
2675 <td>the count of CPU migrations, that is, where the process
2676 moved from one logical processor to another, by
2677 applications running on the platform</td>
2679 </tr>
2680 <tr>
2682 <td>the count of minor page faults, that is, where the
2683 page was present in the page cache, and therefore
2684 the fault avoided loading it from storage, by
2685 applications running on the platform</td>
2687 </tr>
2688 <tr>
2690 <td>the count of major page faults, that is, where the
2691 page was not present in the page cache, and
2692 therefore had to be fetched from storage, by
2693 applications running on the platform</td>
2695 </tr>
2696 <tr>
2698 <td>the count of alignment faults, that is when
2699 the load or store is not aligned properly, by
2700 applications running on the platform</td>
2702 </tr>
2703 <tr>
2705 <td>the count of emulation faults, that is when
2706 the kernel traps on unimplemented instrucions
2707 and emulates them for user space, by
2708 applications running on the platform</td>
2710 </tr>
2711 </table>
2715 <p>
2716 The final set of XML elements are all used to describe devices
2717 provided to the guest domain. All devices occur as children
2720 </p>
2722 <pre>
2723 ...
2727 ...</pre>
2729 <dl>
2731 <dd>
2733 the fully qualified path to the device model emulator binary.
2735 the recommended default emulator to use for each particular
2736 domain type / architecture combination.
2737 </dd>
2738 </dl>
2740 <p>
2741 To help users identifying devices they care about, every
2744 store identifier for the device. The identifier has to have
2745 "ua-" prefix and must be unique within the domain. Additionally, the
2746 identifier must consist only of the following characters:
2749 </p>
2751 <pre>
2759 ...
2761 </pre>
2765 <p>
2766 Any device that looks like a disk, be it a floppy, harddisk,
2768 element.
2769 </p>
2771 <pre>
2772 ...
2787 ...
2791 ...
2794 ...
2938 ...</pre>
2940 <dl>
2943 describing disks and supports the following attributes:
2944 <dl>
2946 <dd>
2951 and refer to the underlying source for the disk.
2953 </dd>
2955 <dd>
2956 Indicates how the disk is to be exposed to the guest OS. Possible
2958 defaulting to "disk".
2959 <p>
2966 virtual Host Bus Adapter (vHBA) using a Fibre Channel storage pool.
2967 Configured in this manner, the LUN behaves identically to "disk",
2968 except that generic SCSI commands from the guest are accepted
2969 and passed through to the physical device. Also note that
2970 device='lun' will only be recognized for actual raw devices,
2971 but never for individual partitions or LVM partitions (in those
2972 cases, the kernel will reject the generic SCSI commands, making
2973 it identical to device='disk').
2975 </p>
2976 </dd>
2978 <dd>
2979 Indicates the emulated device model of the disk. Typically
2983 "virtio". See
2985 for more details.
2987 </dd>
2989 <dd>
2990 Indicates whether the disk needs rawio capability. Valid
2992 in a domain has rawio='yes', rawio capability will be enabled
2993 for all disks in the domain (because, in the case of QEMU, this
2994 capability can only be set on a per-process basis). This attribute
2996 to confine the capability per-device, however, current QEMU
2997 implementation gives the domain process broader capability
2998 than that (per-process basis, affects all the domain disks).
2999 To confine the capability as much as possible for QEMU driver
3003 </dd>
3005 <dd>
3006 If supported by the hypervisor and OS, indicates whether
3007 unprivileged SG_IO commands are filtered for the disk. Valid
3011 </dd>
3013 <dd>
3014 Indicates the default behavior of the disk during disk snapshots:
3015 "<code>internal</code>" requires a file format such as qcow2 that
3016 can store both the snapshot and the data changes since the snapshot;
3017 "<code>external</code>" will separate the snapshot from the live
3018 data; and "<code>no</code>" means the disk will not participate in
3019 snapshots. Read-only disks default to "<code>no</code>", while the
3020 default for other disks depends on the hypervisor's capabilities.
3021 Some hypervisors allow a per-snapshot choice as well, during
3023 Not all snapshot modes are supported; for example, enabling
3024 snapshots with a transient disk generally does not make sense.
3026 </dd>
3027 </dl>
3028 </dd>
3032 <dl>
3034 <dd>
3036 path to the file holding the disk.
3038 </dd>
3040 <dd>
3042 to the host device to serve as the disk.
3044 </dd>
3046 <dd>
3048 to the directory to use as the disk.
3050 </dd>
3052 <dd>
3054 access to the requested image. Possible values are "nbd",
3059 is mandatory to specify which volume/image will be used.
3060 </p>
3065 a TLS environment can also be globally controlled on the host by
3067 /etc/libvirt/qemu.conf.
3069 </p>
3073 separated from the target's name by a slash (e.g.,
3075 specified, the default LUN is zero.
3076 </p>
3080 HyperScale server. Additionally, an optional attribute
3082 VxHS block device would utilize a hypervisor configured TLS
3083 X.509 certificate environment in order to encrypt the data
3084 channel. For the QEMU hypervisor, usage of a TLS environment can
3085 also be globally controlled on the host by the
3090 libvirt will use the host configured TLS environment. If the
3092 the qemu.conf setting, TLS authentication will be attempted.
3093 </p>
3095 </dd>
3097 <dd>
3098 The underlying disk source is represented by attributes
3102 by libvirt) where the disk source resides. Attribute
3104 by libvirt) used as the disk source. The value for the
3107 <p>
3110 represent the LUN as the disk source. Valid values are
3112 the default is to use "host".
3117 the disk source to generate the libiscsi URI (e.g.
3121 LUN's path as it shows up on host (e.g.
3124 Using a LUN from an iSCSI source pool provides the same
3127 of 'lun' with respect to how the LUN is presented to and
3128 may be used by the guest.
3131 </p>
3132 </dd>
3133 </dl>
3137 used to override the domain security labeling policy for just
3139 is only valid when the specified storage volume is of 'file' or
3140 'block' type).
3141 <p>
3145 </p>
3146 <p>
3148 </p>
3150 <dl>
3152 <dd>
3153 <p>
3156 specify the hosts to connect.
3160 the port number, transport type and path to socket, respectively.
3161 The meaning of this element and the number of the elements depend
3162 on the protocol attribute.
3163 </p>
3165 <tr>
3170 </tr>
3171 <tr>
3176 </tr>
3177 <tr>
3182 </tr>
3183 <tr>
3188 </tr>
3189 <tr>
3194 </tr>
3195 <tr>
3200 </tr>
3201 <tr>
3206 </tr>
3207 </table>
3208 <p>
3212 transport is "unix", the socket attribute specifies the path to an
3213 AF_UNIX socket.
3214 </p>
3215 </dd>
3217 <dd>
3219 optionally specify an internal snapshot name to be used as the
3220 source for storage protocols.
3222 </dd>
3224 <dd>
3226 provides a fully qualified path to a configuration file to be
3227 provided as a parameter to the client of a networked storage
3229 (QEMU only).</span>
3230 </dd>
3237 authentication credentials needed to access the source. It
3239 identifies the username to use during authentication, as well
3243 holds the actual password or other credentials (the domain XML
3244 intentionally does not expose the password, only the reference
3245 to the object that does manage the password).
3246 Known secret types are "ceph" for Ceph RBD network sources and
3247 "iscsi" for CHAP authentication of iSCSI targets.
3250 attribute matching the key that was specified in the
3251 secret object.
3252 </dd>
3257 If present, specifies how the storage source is encrypted
3258 See the
3260 page for more information.
3261 <p/>
3262 Note that the 'qcow' format of encryption is broken and thus is no
3263 longer supported for use with disk images.
3265 </dd>
3270 If present it enables persistent reservations for SCSI
3271 based disks. The element has one mandatory attribute
3274 and manages any resources needed. When the persistent reservations
3275 are unmanaged, then the hypervisor acts as a client and the path to
3276 the server socket must be provided in the child element
3278 attributes:
3283 It's recommended to allow libvirt manage the persistent
3284 reservations.
3285 </dd>
3292 initiator IQN needed to access the source via mandatory
3294 </dd>
3295 </dl>
3297 <p>
3300 policy what to do with the disk if the source file is not accessible.
3302 the specified storage volume is of "file" type). This is done by the
3305 accepting these values:
3306 </p>
3308 <tr>
3311 </tr>
3312 <tr>
3314 <td> fail if missing on boot up,
3315 drop if missing on migrate/restore/revert </td>
3316 </tr>
3317 <tr>
3320 </tr>
3321 </table>
3322 <p>
3324 is extended to support hard disks besides cdrom and floppy. On guest
3325 cold bootup, if a certain disk is not accessible or its disk chain is
3326 broken, with startupPolicy 'optional' the guest will drop this disk.
3327 This feature doesn't support migration currently.
3328 </p>
3329 </dd>
3331 <dd>
3332 This element describes the backing store used by the disk
3334 currently ignored on input and only used for output to
3335 describe the detected backing chains of running
3337 future version of libvirt may start accepting chains on input,
3338 or output information for offline domains). An
3340 source is self-contained and is not based on any backing
3341 store. For backing chain information to be accurate, the
3342 backing format must be correctly specified in the metadata of
3343 each file of the chain (files created by libvirt satisfy this
3344 property, but using existing external files for snapshot or
3345 block copy operations requires the end user to pre-create the
3346 file correctly). The following attributes are
3348 <dl>
3350 <dd>
3352 by the backing store, see disk type attribute above for more
3353 details and possible values.
3354 </dd>
3356 <dd>
3357 This attribute is only valid in output (and ignored on input) and
3358 it can be used to refer to a specific part of the disk chain when
3359 doing block operations (such as via the
3363 </dd>
3364 </dl>
3366 <dl>
3368 <dd>
3370 attribute which specifies the internal format of the backing
3372 </dd>
3374 <dd>
3377 or network location contains the data of the described backing
3378 store.
3379 </dd>
3381 <dd>
3382 If the backing store is not self-contained, the next element
3384 element.
3385 </dd>
3386 </dl>
3387 </dd>
3389 <dd>
3390 This element is present if the hypervisor has started a
3391 long-running block job operation, where the mirror location in
3393 same contents as the source, and with the file format in the
3397 of the mirror, similar to what is done for the
3399 attribute mentions which API started the operation ("copy" for
3408 not present, the disk is probably still
3409 copying. For now, this element only valid in output; it is
3412 Older libvirt supported only block copy to a
3414 compatibility with older clients, such jobs include redundant
3417 </dd>
3420 under which the disk is exposed to the guest
3422 device name. The actual device name specified is not
3423 guaranteed to map to the device name in the guest OS. Treat it
3425 attribute specifies the type of disk device to emulate;
3426 possible values are driver specific, with typical values being
3429 type is inferred from the style of the device name (e.g. a device named
3430 'sda' will typically be exported using a SCSI bus). The optional
3432 removable disks (i.e. CDROM or Floppy disk), the value can be either
3436 removable flag for USB disks, and its value can be either "on"
3442 </dd>
3445 ability to provide additional per-device I/O tuning, with
3446 values that can vary for each device (contrast this to
3448 element, which applies globally to the domain). Currently,
3449 the only tuning available is Block I/O throttling for qemu.
3450 This element has optional sub-elements; any sub-element not
3451 specified or given with a value of 0 implies no
3453 <dl>
3456 total throughput limit in bytes per second. This cannot
3461 read throughput limit in bytes per second.</dd>
3464 write throughput limit in bytes per second.</dd>
3467 total I/O operations per second. This cannot
3472 read I/O operations per second.</dd>
3475 write I/O operations per second.</dd>
3478 maximum total throughput limit in bytes per second. This cannot
3483 maximum read throughput limit in bytes per second.</dd>
3486 maximum write throughput limit in bytes per second.</dd>
3489 maximum total I/O operations per second. This cannot
3494 maximum read I/O operations per second.</dd>
3497 maximum write I/O operations per second.</dd>
3500 size of I/O operations per second.
3501 <p>
3503 </p>
3504 </dd>
3507 to share I/O throttling quota between multiple drives. This
3508 prevents end-users from circumventing a hosting provider's
3509 throttling policy by splitting 1 large drive in N small drives
3510 and getting N times the normal throttling quota. Any name may
3511 be used.
3512 <p>
3514 </p>
3515 </dd>
3518 element is the maximum duration in seconds for the
3523 element is the maximum duration in seconds for the
3528 element is the maximum duration in seconds for the
3533 element is the maximum duration in seconds for the
3538 element is the maximum duration in seconds for the
3543 element is the maximum duration in seconds for the
3546 <p>
3548 </p>
3549 </dd>
3550 </dl>
3551 </dd>
3553 <dd>
3554 The optional driver element allows specifying further details
3555 related to the hypervisor driver used to provide the disk.
3557 <ul>
3558 <li>
3559 If the hypervisor supports multiple backend drivers, then
3562 attribute provides the sub-type. For example, xen
3566 "qed".
3567 </li>
3568 <li>
3572 "writethrough", but it bypasses the host page cache) and
3573 "unsafe" (host may cache all disk io, and sync requests from
3574 guest are ignored).
3576 Since 0.6.0,
3579 </span>
3580 </li>
3581 <li>
3583 how the hypervisor will behave on a disk read or write
3587 hypervisor. There is also an
3591 is used for both read and write errors. If rerror_policy
3593 read errors. Also note that "enospace" is not a valid
3596 given, the read error policy will be left at its default.
3597 </li>
3598 <li>
3600 policies on I/O; qemu guests support "threads" and
3602 </li>
3603 <li>
3606 domain I/O asynchronous handling</a> for disk device.
3607 The default is left to the discretion of the hypervisor.
3609 qemu to execute VM while a separate thread handles I/O.
3610 Typically guests experiencing high system CPU utilization
3611 during I/O will benefit from this. On the other hand,
3612 on overloaded host it could increase guest I/O latency.
3614 <b>In general you should leave this option alone, unless you
3615 are very certain you know what you are doing.</b>
3616 </li>
3617 <li>
3619 some aspects of device event processing. The value can be
3620 either 'on' or 'off' - if it is on, it will reduce the
3621 number of interrupts and exits for the guest. The default
3622 is determined by QEMU; usually if the feature is
3623 supported, default is on. In case there is a situation
3624 where this behavior is suboptimal, this attribute provides
3625 a way to force the feature off.
3627 <b>In general you should leave this option alone, unless you
3628 are very certain you know what you are doing.</b>
3629 </li>
3630 <li>
3632 whether to copy read backing file into the image file. The
3634 Copy-on-read avoids accessing the same backing file sectors
3635 repeatedly and is useful when the backing file is over a slow
3636 network. By default copy-on-read is off.
3638 </li>
3639 <li>
3642 ignored or passed to the filesystem. The value can be either
3644 (ignore the discard request).
3646 </li>
3647 <li>
3650 "unmap". First two values turn the detection off and on,
3651 respectively. The third value ("unmap") turns the detection on
3652 and additionally tries to discard such areas from the image based
3655 detection is a compute intensive operation, but can save file
3656 space and/or time on slow media.
3658 </li>
3659 <li>
3661 disk to an IOThread as defined by the range for the domain
3663 value. Multiple disks may be assigned to the same IOThread and
3664 are numbered from 1 to the domain iothreads value. Available
3668 </li>
3669 <li>
3672 </li>
3673 <li>
3674 For virtio disks,
3677 </li>
3678 </ul>
3679 </dd>
3682 backend domain (aka driver domain) hosting the disk. Use the
3685 </dd>
3688 attribute determines the order in which devices will be tried during
3689 boot sequence. On the S390 architecture only the first boot device is
3691 string which can be queried by guests on S390 via sclp or diag 308.
3695 with general boot elements in
3698 </dd>
3703 volume is encrypted using "qcow". See the
3705 for more information.
3706 </dd>
3708 <dd>If present, this indicates the device cannot be modified by
3709 the guest. For now, this is the default for disks with
3711 </dd>
3713 <dd>If present, this indicates the device is expected to be shared
3714 between domains (assuming the hypervisor and OS support this),
3715 which means that caching should be deactivated for that device.
3716 </dd>
3718 <dd>If present, this indicates that changes to the device
3719 contents should be reverted automatically when the guest
3720 exits. With some hypervisors, marking a disk transient
3721 prevents the domain from participating in migration or
3723 </dd>
3725 <dd>If present, this specify serial number of virtual hard drive.
3726 For example, it may look
3728 Not supported for scsi-block devices, that is those using
3732 </dd>
3734 <dd>If present, this element specifies the WWN (World Wide Name)
3735 of a virtual hard disk or CD-ROM drive. It must be composed
3736 of 16 hexadecimal digits.
3738 </dd>
3740 <dd>If present, this element specifies the vendor of a virtual hard
3741 disk or CD-ROM device. It must not be longer than 8 printable
3742 characters.
3744 </dd>
3746 <dd>If present, this element specifies the product of a virtual hard
3747 disk or CD-ROM device. It must not be longer than 16 printable
3748 characters.
3750 </dd>
3753 to a given slot of a controller (the
3755 inferred by libvirt, although it can
3762 Multifunction defaults to 'off'; any other value requires
3764 "drive" controller, additional attributes
3767 are available, each defaulting to 0.
3768 </dd>
3778 </dd>
3781 ability to override geometry settings. This mostly useful for
3783 <dl>
3786 number of cylinders. </dd>
3789 number of heads. </dd>
3792 number of sectors per track. </dd>
3795 BIOS-Translation-Modus (none, lba or auto)</dd>
3796 </dl>
3797 </dd>
3800 to override any of the block device properties listed below.
3802 <dl>
3804 <dd>The logical block size the disk will report to the guest
3805 OS. For Linux this would be the value returned by the
3806 BLKSSZGET ioctl and describes the smallest units for disk
3807 I/O.
3808 </dd>
3810 <dd>The physical block size the disk will report to the guest
3811 OS. For Linux this would be the value returned by the
3812 BLKPBSZGET ioctl and describes the disk's hardware sector
3813 size which can be relevant for the alignment of disk data.
3814 </dd>
3815 </dl>
3816 </dd>
3817 </dl>
3821 <p>
3822 A directory on the host that can be accessed directly from the guest.
3824 </p>
3826 <pre>
3827 ...
3846 ...
3848 ...</pre>
3850 <dl>
3852 <dd>
3857 <dl>
3859 <dd>
3860 A host directory to mount in the guest. Used by LXC,
3864 This mode also has an optional
3870 the host page cache; omitting the attribute gives default behavior,
3872 is immediately triggered for all pages touched during a guest file
3874 </dd>
3876 <dd>
3877 OpenVZ filesystem template. Only used by OpenVZ driver.
3878 </dd>
3880 <dd>
3881 A host file will be treated as an image and mounted in
3882 the guest. The filesystem format will be autodetected.
3883 Only used by LXC driver.
3884 </dd>
3886 <dd>
3887 A host block device to mount in the guest. The filesystem
3888 format will be autodetected. Only used by LXC driver
3890 </dd>
3892 <dd>
3893 An in-memory filesystem, using memory from the host OS.
3895 which gives the memory usage limit in KiB, unless units
3897 by LXC driver.
3900 <dd>
3901 A directory inside the guest will be bound to another
3902 directory inside the guest. Only used by LXC driver
3904 </dl>
3907 which specifies the security mode for accessing the source
3910 values are:
3912 <dl>
3914 <dd>
3917 one is not specified.
3919 </dd>
3921 <dd>
3923 hypervisor (QEMU process).
3925 </dd>
3927 <dd>
3928 Similar to 'passthrough', the exception is that failure of
3929 privileged operations like 'chown' are ignored. This makes a
3930 passthrough-like mode usable for people who run the hypervisor
3931 as non-root.
3933 </dd>
3934 </dl>
3940 for more details.
3941 </dd>
3944 <dd>
3945 The optional driver element allows specifying further details
3946 related to the hypervisor driver used to provide the filesystem.
3948 <ul>
3949 <li>
3950 If the hypervisor supports multiple backend drivers, then
3953 attribute provides the format type. For example, LXC
3956 or "handle", but no formats. Virtuozzo driver supports
3958 </li>
3959 <li>
3960 For virtio-backed devices,
3963 </li>
3964 </ul>
3965 </dd>
3968 <dd>
3969 The resource on the host that is being accessed in the guest. The
3975 </dd>
3978 <dd>
3980 most drivers this is an automatic mount point, but for QEMU/KVM
3981 this is merely an arbitrary string tag that is exported to the
3982 guest as a hint for where to mount.
3983 </dd>
3986 <dd>
3987 Enables exporting filesystem as a readonly mount for guest, by
3988 default read-write access is given (currently only works for
3989 QEMU/KVM driver).
3990 </dd>
3993 <dd>
3994 Maximum space available to this guest's filesystem.
3996 </dd>
3999 <dd>
4000 Maximum space available to this guest's filesystem. The container is
4001 permitted to exceed its soft limits for a grace period of time. Afterwards the
4002 hard limit is enforced.
4004 </dd>
4005 </dl>
4009 <p>
4011 sub-element to describe where the device is placed on the
4012 virtual bus presented to the guest. If an address (or any
4013 optional attribute within an address) is omitted on
4014 input, libvirt will generate an appropriate address; but an
4015 explicit address is required if more control over layout is
4016 required. See below for device examples including an address
4017 element.
4018 </p>
4020 <p>
4022 describes which bus the device is on. The choice of which
4023 address to use for a given device is constrained in part by the
4024 device and the architecture of the guest. For example,
4030 Each address type has further optional attributes that control
4031 where on the bus the device will be placed:
4032 </p>
4034 <dl>
4036 <dd>PCI addresses have the following additional
4043 turning on the multifunction bit for a particular
4044 slot/function in the PCI control register
4047 but should be set to 'on' for function 0 of a slot that will
4048 have multiple functions used.
4050 depending on the architecture are supported. For example, PCI
4055 PCI devices on S390 for User-defined Identifiers and Function
4056 Identifiers.<br/>
4059 element with no other attributes as an explicit request to
4060 assign a PCI address for the device rather than some other
4061 type of address that may also be appropriate for that same
4062 device (e.g. virtio-mmio).
4063 </dd>
4065 <dd>Drive addresses have the following additional
4070 </dd>
4072 <dd>Each virtio-serial address has the following additional
4076 </dd>
4078 <dd>A CCID address, for smart-cards, has the following
4082 </dd>
4084 <dd>USB addresses have the following additional
4088 </dd>
4090 <dd>On PowerPC pseries guests, devices can be assigned to the
4091 SPAPR-VIO bus. It has a flat 32-bit address space; by
4092 convention, devices are generally assigned at a non-zero
4093 multiple of 0x00001000, but other addresses are valid and
4094 permitted by libvirt. Each address has the following
4098 </dd>
4101 s390-ccw-virtio use the native CCW bus for I/O devices.
4102 CCW bus addresses have the following additional attributes:
4106 Partially specified bus addresses are not allowed.
4107 If omitted, libvirt will assign a free bus address with
4109 set to 0xfe.
4111 </dd>
4113 <dd>This places the device on the virtio-mmio transport, which is
4116 do not have any additional attributes.
4120 addresses to devices; however, the presence of a single device
4121 with virtio-mmio address in the guest configuration will cause
4122 libvirt to assign virtio-mmio addresses to all further devices.
4124 </dd>
4126 <dd>ISA addresses have the following additional
4129 </dd>
4130 </dl>
4134 <p>
4135 QEMU's virtio devices have some attributes related to the virtio transport under
4139 Translation Service support for PCIe devices. This is needed to make use
4143 </p>
4147 <p>
4149 when used with PCI/PCIe machine types, accept the following
4151 </p>
4153 <dl>
4156 drivers, so it's the best choice when compatibility with older
4157 guest operating systems is desired. libvirt will plug the device
4158 into a conventional PCI slot.
4159 </dd>
4162 the recommended option unless compatibility with older guest
4163 operating systems is necessary. libvirt will plug the device into
4164 either a PCI Express slot or a conventional PCI slot based on the
4165 machine type, resulting in a more optimized PCI topology.
4166 </dd>
4169 device when plugged into a PCI Express slot, and like a
4171 pick one or the other based on the machine type. This is the best
4172 choice when compatibility with libvirt versions older than 5.2.0
4173 is necessary, but it's otherwise not recommended to use it.
4174 </dd>
4175 </dl>
4177 <p>
4178 While the information outlined above applies to most virtio devices,
4179 there are a few exceptions:
4180 </p>
4182 <ul>
4183 <li>
4186 </li>
4187 <li>
4188 some devices, such as GPUs and input devices (keyboard, tablet and
4189 mouse), are only defined in the virtio 1.0 spec and as such don't
4190 have a transitional variant: the only accepted model is
4192 </li>
4193 </ul>
4195 <p>
4196 For more details see the
4197 <a href="https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00923.html">qemu patch posting</a> and the
4199 </p>
4204 <p>
4205 Depending on the guest architecture, some device buses can
4206 appear more than once, with a group of virtual devices tied to a
4207 virtual controller. Normally, libvirt can automatically infer such
4208 controllers without requiring explicit XML markup, but sometimes
4209 it is necessary to provide an explicit controller element, notably
4211 for guests where device hotplug is expected.
4212 </p>
4214 <pre>
4215 ...
4227 ...
4229 ...</pre>
4231 <p>
4233 which must be one of 'ide', 'fdc', 'scsi', 'sata', 'usb',
4234 'ccid', 'virtio-serial' or 'pci', and a mandatory
4236 describing in which order the bus controller is encountered (for
4240 not specified, it will be auto-assigned to be the lowest unused
4241 index for the given controller type. Some controller types have
4242 additional attributes that control specific features, such as:
4243 </p>
4245 <dl>
4249 which control how many devices can be connected through the
4252 be 'virtio', 'virtio-transitional', or 'virtio-non-transitional'. See
4254 for more details.
4255 </dd>
4259 'lsilogic', 'lsisas1068', 'lsisas1078', 'virtio-scsi',
4260 'vmpvscsi', 'virtio-transitional', 'virtio-non-transitional'. See
4262 for more details.
4263 </dd>
4274 USB controller will be built on s390.
4277 connected to the controller.</dd>
4285 which specifies the maximum number of grant frames the controller
4286 makes available for connected devices.</dd>
4287 </dl>
4289 <p>
4290 Note: The PowerPC64 "spapr-vio" addresses do not have an
4291 associated controller.
4292 </p>
4294 <p>
4295 For controllers that are themselves devices on a PCI or USB bus,
4297 the exact relationship of the controller to its master bus, with
4299 </p>
4301 <p>
4303 specific options:
4304 </p>
4305 <dl>
4307 <dd>
4309 queues for the controller. For best performance, it's recommended to
4310 specify a value matching the number of vCPUs.
4312 </dd>
4314 <dd>
4316 number of commands that can be queued on devices controlled by the
4317 host.
4319 </dd>
4321 <dd>
4323 amount of data in bytes that will be transferred to or from the device
4324 in a single command. The transfer length is measured in sectors, where
4325 a sector is 512 bytes.
4327 </dd>
4329 <dd>
4331 whether the controller should use
4333 I/O asynchronous handling</a> or not. Accepted values are
4335 </dd>
4337 <dd>
4344 to an IOThread as defined by the range for the domain
4349 multiple controllers must be defined each having a specific
4351 must be within the range 1 to the domain iothreads value.
4352 </dd>
4354 <dd>
4355 For virtio controllers,
4358 </dd>
4359 </dl>
4360 <p>
4361 USB companion controllers have an optional
4363 relationship of the companion to its master controller.
4364 A companion controller is on the same bus as its master, so
4366 Not all controller models can be used as companion controllers
4367 and libvirt might provide some sensible defaults (settings
4369 address) for some particular models.
4371 </p>
4373 <pre>
4374 ...
4383 ...
4385 ...</pre>
4387 <p>
4389 values for this attribute are
4390 </p>
4391 <ul>
4392 <li>
4395 </li>
4396 <li>
4399 </li>
4400 <li>
4404 </li>
4405 <li>
4408 </li>
4409 <li>
4412 </li>
4413 </ul>
4414 <p>
4420 Windows XP or Windows Server 2003) might crash when QEMU and Seabios
4421 are recent enough to support 64-bit PCI holes, unless this is disabled
4423 </p>
4424 <p>
4425 PCI controllers also have an optional
4428 specific device that qemu is emulating (e.g. "i82801b11-bridge")
4429 rather than simply the class of device ("pcie-to-pci-bridge",
4430 "pci-bridge"), which is set in the controller element's
4433 controller, nor should you modify one that is automatically
4435 only).</span>
4436 </p>
4437 <p>
4438 PCI controllers also have an optional
4440 subelements listed below. These are configurable items that 1)
4441 are visible to the guest OS so must be preserved for guest ABI
4442 compatibility, and 2) are usually left to default values or
4443 derived automatically by libvirt. In almost all cases, you
4445 to a controller, nor should you modify the values in the those
4446 that are automatically generated by
4448 </p>
4449 <dl>
4451 <dd>
4455 control QEMU's "chassis_nr" option for the pci-bridge device
4456 (normally libvirt automatically sets this to the same value as
4457 the index attribute of the pci controller). If set, chassisNr
4459 </dd>
4461 <dd>
4462 pcie-root-port and pcie-switch-downstream-port controllers can
4465 set the controller's "chassis" configuration value, which is
4466 visible to the virtual machine. If set, chassis must be
4468 </dd>
4470 <dd>
4471 pcie-root-port and pcie-switch-downstream-port controllers can
4474 is used to set the controller's "port" configuration value,
4475 which is visible to the virtual machine. If set, port must be
4477 </dd>
4479 <dd>
4480 pci-expander-bus and pcie-expander-bus controllers can have an
4482 the bus number of the new bus; All bus numbers between that
4483 specified and 255 will be available only for assignment to
4484 PCI/PCIe controllers plugged into the hierarchy starting with
4485 this expander bus, and bus numbers less than the specified
4486 value will be available to the next lower expander-bus (or the
4487 root-bus if there are no lower expander buses). If you do not
4488 specify a busNumber, libvirt will find the lowest existing
4489 busNumber in all other expander buses (or use 256 if there are
4490 no others) and auto-assign the busNr of that found bus - 2,
4491 which provides one bus number for the pci-expander-bus and one
4492 for the pci-bridge that is automatically attached to it (if
4493 you plan on adding more pci-bridges to the hierarchy of the
4494 bus, you should manually set busNr to a lower value).
4495 <p>
4496 A similar algorithm is used for automatically determining
4497 the busNr attribute for pcie-expander-bus, but since the
4498 pcie-expander-bus doesn't have any built-in pci-bridge, the
4499 2nd bus-number is just being reserved for the pcie-root-port
4500 that must necessarily be connected to the bus in order to
4501 actually plug in an endpoint device. If you intend to plug
4502 multiple devices into a pcie-expander-bus, you must connect
4503 a pcie-switch-upstream-port to the pcie-root-port that is
4504 plugged into the pcie-expander-bus, and multiple
4505 pcie-switch-downstream-ports to the
4506 pcie-switch-upstream-port, and of course for this to work
4507 properly, you will need to decrease the pcie-expander-bus'
4508 busNr accordingly so that there are enough unused bus
4509 numbers above it to accommodate giving out one bus number for
4510 the upstream-port and one for each downstream-port (in
4511 addition to the pcie-root-port and the pcie-expander-bus
4512 itself).
4513 </p>
4514 </dd>
4516 <dd>
4523 set the NUMA node reported to the guest OS for that bus - the
4524 guest OS will then know that all devices on that bus are a
4525 part of the specified NUMA node (it is up to the user of the
4526 libvirt API to attach host devices to the correct
4527 pci-expander-bus when assigning them to the domain).
4528 </dd>
4530 <dd>
4531 pci-root controllers for pSeries guests use this attribute to
4532 record the order they will show up in the guest.
4534 </dd>
4535 </dl>
4536 <p>
4537 For machine types which provide an implicit PCI bus, the pci-root
4538 controller with index=0 is auto-added and required to use PCI devices.
4539 pci-root has no address.
4540 PCI bridges are auto-added if there are too many devices to fit on
4541 the one bus provided by pci-root, or a PCI bus number greater than zero
4542 was specified.
4543 PCI bridges can also be specified manually, but their addresses should
4544 only refer to PCI buses provided by already specified PCI controllers.
4545 Leaving gaps in the PCI controller indexes might lead to an invalid
4546 configuration.
4547 </p>
4548 <pre>
4549 ...
4556 ...</pre>
4558 <p>
4559 For machine types which provide an implicit PCI Express (PCIe)
4560 bus (for example, the machine types based on the Q35 chipset),
4561 the pcie-root controller with index=0 is auto-added to the
4562 domain's configuration. pcie-root has also no address, provides
4564 devices (although libvirt will never auto-assign a PCI device to
4565 a PCIe slot, it will allow manual specification of such an
4566 assignment). Devices connected to pcie-root cannot be
4567 hotplugged. If traditional PCI devices are present in the guest
4569 automatically be added: this controller, which plugs into a
4572 binary doesn't support the corresponding device, then a
4574 usually at the defacto standard location of slot=0x1e. A
4575 dmi-to-pci-bridge controller plugs into a PCIe slot (as provided
4576 by pcie-root), and itself provides 31 standard PCI slots (which
4577 also do not support device hotplug). In order to have
4578 hot-pluggable PCI slots in the guest system, a pci-bridge
4579 controller will also be automatically created and connected to
4580 one of the slots of the auto-created dmi-to-pci-bridge
4581 controller; all guest PCI devices with addresses that are
4582 auto-determined by libvirt will be placed on this pci-bridge
4584 </p>
4585 <p>
4586 Domains with an implicit pcie-root can also add controllers
4590 is a simple type of bridge device that can connect only to one
4591 of the 31 slots on the pcie-root bus on its upstream side, and
4592 makes a single (PCIe, hotpluggable) port available on the
4593 downstream side (at slot='0'). pcie-root-port can be used to
4594 provide a single slot to later hotplug a PCIe device (but is not
4595 itself hotpluggable - it must be in the configuration when the
4596 domain is started).
4598 </p>
4599 <p>
4600 pcie-switch-upstream-port is a more flexible (but also more
4601 complex) device that can only plug into a pcie-root-port or
4602 pcie-switch-downstream-port on the upstream side (and only
4603 before the domain is started - it is not hot-pluggable), and
4605 that accept only pcie-switch-downstream-port devices; each
4606 pcie-switch-downstream-port device can only plug into a
4607 pcie-switch-upstream-port on its upstream side (again, not
4608 hot-pluggable), and on its downstream side provides a single
4609 hotpluggable pcie port that can accept any standard pci or pcie
4610 device (or another pcie-switch-upstream-port), i.e. identical in
4613 </p>
4614 <pre>
4615 ...
4625 ...</pre>
4629 <p>
4630 When using a lock manager, it may be desirable to record device leases
4631 against a VM. The lock manager will ensure the VM won't start unless
4632 the leases can be acquired.
4633 </p>
4635 <pre>
4636 ...
4638 ...
4644 ...
4646 ...</pre>
4648 <dl>
4650 <dd>This is an arbitrary string, identifying the lockspace
4651 within which the key is held. Lock managers may impose
4652 extra restrictions on the format, or length of the lockspace
4653 name.</dd>
4655 <dd>This is an arbitrary string, uniquely identifying the
4656 lease to be acquired. Lock managers may impose extra
4657 restrictions on the format, or length of the key.
4658 </dd>
4660 <dd>This is the fully qualified path of the file associated
4661 with the lockspace. The offset specifies where the lease
4662 is stored within the file. If the lock manager does not
4663 require an offset, just pass 0.
4664 </dd>
4665 </dl>
4671 <p>
4672 USB, PCI and SCSI devices attached to the host can be passed through
4676 </p>
4678 <pre>
4679 ...
4689 ...</pre>
4693 <pre>
4694 ...
4704 ...</pre>
4708 <pre>
4709 ...
4720 ...</pre>
4725 <pre>
4726 ...
4738 ...</pre>
4742 <pre>
4743 ...
4749 ...</pre>
4753 <pre>
4754 ...
4768 ...</pre>
4770 <dl>
4775 with additional attributes noted.
4776 <dl>
4778 <dd>USB devices are detached from the host on guest startup
4779 and reattached after the guest exits or the device is
4780 hot-unplugged.
4781 </dd>
4784 detached from the host before being passed on to the guest
4785 and reattached to the host after the guest exits. If
4791 stopping the guest.
4792 </dd>
4794 <dd>For SCSI devices, user is responsible to make sure the device
4795 is not used by host. If supported by the hypervisor and OS, the
4797 attribute indicates whether unprivileged SG_IO commands are
4798 filtered for the disk. Valid settings are "filtered" or
4802 whether the lun needs the rawio capability. Valid settings are
4805 If a disk lun in the domain already has the rawio capability,
4806 then this setting not required.
4807 </dd>
4810 is responsible to make sure the device is not used by host. This
4815 "virtio". See
4817 for more details.
4818 </dd>
4822 determines how the host's vfio driver will expose the device to the
4827 provides more information about mediated devices as well as how to
4828 create mediated devices on the host.
4831 support for an accelerated remote desktop backed by a mediated
4832 device (such as NVIDIA vGPU or Intel GVT-g) as an alternative to
4836 It is required to use a
4838 use this attribute, currently only supported with VNC, Spice and
4839 egl-headless graphics devices.
4840 <p>
4841 Note: There are also some implications on the usage of guest's
4844 </p>
4845 </dd>
4846 </dl>
4847 <p>
4851 device has the same effect as omitting it. Similarly,
4853 ignored by all other device types.
4854 </p>
4855 </dd>
4857 <dd>The source element describes the device as seen from the host using
4858 the following mechanism to describe:
4859 <dl>
4861 <dd>The USB device can either be addressed by vendor / product id
4863 or by the device's address on the host using the
4865 <p>
4868 attribute which can be used to define policy what to do if the
4869 specified host USB device is not found. The attribute accepts
4870 the following values:
4871 </p>
4873 <tr>
4876 </tr>
4877 <tr>
4879 <td> fail if missing on boot up,
4880 drop if missing on migrate/restore/revert </td>
4881 </tr>
4882 <tr>
4885 </tr>
4886 </table>
4887 </dd>
4890 </dd>
4897 number on the bus). Not all hypervisors support larger
4899 to each hypervisor to determine the maximum value supported
4900 for the adapter.
4901 <p>
4904 attribute. When the attribute is set to "iscsi", the host
4908 credentials to the iSCSI server.
4909 </p>
4910 </dd>
4915 is the vhost_scsi wwpn (16 hexadecimal digits with a prefix of
4916 "naa.") established in the host configfs.
4917 </dd>
4923 </dd>
4924 </dl>
4925 </dd>
4929 The ids can be given in decimal, hexadecimal (starting with 0x) or
4933 attribute determines the order in which devices will be tried during
4935 used together with general boot elements in
4939 </dd>
4944 or not the device's ROM will be visible in the guest's memory
4945 map. (In PCI documentation, the "rombar" setting controls the
4946 presence of the Base Address Register for the ROM). If no rom
4947 bar is specified, the qemu default will be used (older
4948 versions of qemu used a default of "off", while newer qemus
4952 to be presented to the guest as the device's ROM BIOS. This
4953 can be useful, for example, to provide a PXE boot ROM for a
4954 virtual function of an sr-iov capable ethernet device (which
4955 has no boot ROMs for the VFs).
4959 if PCI ROM loading is disabled through this attribute, attempts to
4963 </dd>
4967 USB bus and device number the device appears at on the host.
4968 The values of these attributes can be given in decimal, hexadecimal
4970 For PCI devices the element carries 4 attributes allowing to designate
4973 address type must be used. For mediated devices, which are software-only
4974 devices defining an allocation of resources on the physical parent device,
4980 element.</dd>
4982 <dd>
4984 subelement that specifies which backend driver to use for PCI
4986 select either "vfio" (for the new VFIO device assignment
4987 backend, which is compatible with UEFI SecureBoot) or "kvm"
4988 (the legacy device assignment handled directly by the KVM
4991 device assignment will fail if the requested method of device
4992 assignment isn't available on the host. When not specified,
4993 the default is "vfio" on systems where the VFIO driver is
4994 available and loaded, and "kvm" on older systems, or those
4995 where the VFIO driver hasn't been
4997 the default was always "kvm").
4998 </dd>
5000 <dd>Indicates that the device is readonly, only supported by SCSI host
5002 </dd>
5004 <dd>If present, this indicates the device is expected to be shared
5005 between domains (assuming the hypervisor and OS support this).
5006 Only supported by SCSI host device.
5008 <p>
5012 </p>
5013 </dd>
5014 </dl>
5019 <p>
5020 Block / character devices from the host can be passed through
5022 only possible with container based virtualization. Devices are specified
5023 by a fully qualified path.
5025 </p>
5027 <pre>
5028 ...
5034 ...
5035 </pre>
5037 <pre>
5038 ...
5044 ...
5045 </pre>
5047 <pre>
5048 ...
5054 ...
5055 </pre>
5057 <dl>
5063 interface.
5064 </dd>
5066 <dd>The source element describes the device as seen from the host.
5067 For block devices, the path to the block device in the host
5068 OS is provided in the nested "block" element, while for character
5069 devices the "char" element is used. For network interfaces, the
5070 name of the interface is provided in the "interface" element.
5071 </dd>
5072 </dl>
5076 <p>
5077 USB device redirection through a character device is
5079 only)</span>:
5080 </p>
5082 <pre>
5083 ...
5094 ...</pre>
5096 <dl>
5100 for a USB device.
5103 matching one of the
5105 to describe the host side of the
5109 device</a>) are typical. The redirdev element has an optional
5111 device to a particular controller. Further sub-elements,
5114 is not required (since the consumer of the character device is
5115 the hypervisor itself, rather than a device visible in the guest).
5116 </dd>
5119 <dd>Specifies that the device is bootable.
5121 devices will be tried during boot sequence. The per-device
5125 </dd>
5128 filter rule to filter out certain devices from redirection.
5131 0x08 represents mass storage devices. The USB device can be addressed by
5134 the version of the USB protocol).
5137 'yes' means allow, 'no' for deny.
5138 </dd>
5139 </dl>
5143 <p>
5144 A virtual smartcard device can be supplied to the guest via the
5146 the host cannot be used on a guest with simple device
5147 passthrough, since it will then not be available on the host,
5148 possibly locking the host computer when it is "removed".
5149 Therefore, some hypervisors provide a specialized virtual device
5150 that can present a smartcard interface to the guest, with
5151 several modes for describing how credentials are obtained from
5152 the host or even a from a channel created to a third-party
5154 </p>
5156 <pre>
5157 ...
5173 ...
5174 </pre>
5176 <p>
5179 in each mode, the guest sees a device on its USB bus that
5180 behaves like a physical USB CCID (Chip/Smart Card Interface
5181 Device) card.
5182 </p>
5184 <dl>
5186 <dd>The simplest operation, where the hypervisor relays all
5187 requests from the guest into direct access to the host's
5188 smartcard via NSS. No other attributes or sub-elements are
5189 required. See below about the use of an
5193 <dd>Rather than requiring a smartcard to be plugged into the
5194 host, it is possible to provide three NSS certificate names
5195 residing in a database on the host. These certificates can be
5196 generated via the command <code>certutil -d /etc/pki/nssdb -x -t
5197 CT,CT,CT -S -s CN=cert1 -n cert1</code>, and the resulting three
5198 certificate names must be supplied as the content of each of
5201 the absolute path to an alternate directory (matching
5203 when creating the certificates); if not present, it defaults to
5204 /etc/pki/nssdb.</dd>
5207 <dd>Rather than having the hypervisor directly communicate with
5208 the host, it is possible to tunnel all requests through a
5209 secondary character device to a third-party provider (which may
5210 in turn be talking to a smartcard or using three certificate
5211 files). In this mode of operation, an additional
5217 device</a>) are typical. Further sub-elements, such
5220 is not required (since the consumer of the character device is
5221 the hypervisor itself, rather than a device visible in the
5222 guest).</dd>
5223 </dl>
5225 <p>
5226 Each mode supports an optional
5228 correlation between the smartcard and a ccid bus
5230 For now, qemu only supports at most one
5232 </p>
5236 <pre>
5237 ...
5246 ...</pre>
5248 <p>
5249 There are several possibilities for specifying a network
5250 interface visible to the guest. Each subsection below provides
5251 more details about common setup options.
5252 </p>
5253 <p>
5257 capability for the host to detect and trust reports from the
5258 guest regarding changes to the interface mac address and receive
5261 reasons and support depends on the guest network device model as
5262 well as the type of connection on the host - currently it is
5263 only supported for the virtio device model and for macvtap
5264 connections on the host.
5265 </p>
5266 <p>
5269 the interface to a particular pci slot, with
5272 </p>
5276 <p>
5277 <strong><em>
5278 This is the recommended config for general guest connectivity on
5279 hosts with dynamic / wireless networking configs (or multi-host
5280 environments where the host hardware details are described
5283 </em></strong>
5284 </p>
5286 <p>
5288 Provides a connection whose details are described by the named
5289 network definition. Depending on the virtual network's "forward
5290 mode" configuration, the network may be totally isolated
5292 explicit network device or to the default route
5295 directly to one of the host's network interfaces (via macvtap)
5299 </p>
5300 <p>
5301 For networks with a forward mode of bridge, private, vepa, and
5302 passthrough, it is assumed that the host has any necessary DNS
5303 and DHCP services already setup outside the scope of libvirt. In
5304 the case of isolated, nat, and routed networks, DHCP and DNS are
5305 provided on the virtual network by libvirt, and the IP range can
5306 be determined by examining the virtual network config with
5308 virtual network called 'default' setup out of the box which does
5309 NAT'ing to the default route and has an IP range
5311 have an associated tun device created with a name of vnetN,
5313 (see
5315 </p>
5316 <p>
5317 When the source of an interface is a network,
5319 the network; one network may have multiple portgroups defined,
5320 with each portgroup containing slightly different configuration
5321 information for different classes of network
5323 </p>
5324 <p>
5327 of an associated virNetworkPortPtr object that records the association
5328 between the domain interface and the network. This attribute is
5329 read-only since port objects are create and deleted automatically
5331 </p>
5332 <p>
5340 </p>
5341 <p>
5342 Since the actual type of switch may vary depending on the
5345 attribute, and specify attributes from multiple different
5346 virtualport types (and also to leave out certain attributes); at
5348 element will be constructed by merging together the type and
5349 attributes defined in the network and the portgroup referenced
5350 by the interface. The newly-constructed virtualport is a combination
5351 of them. The attributes from lower virtualport can't make change
5352 on the ones defined in higher virtualport.
5353 Interface takes the highest priority, portgroup is lowest priority.
5355 to work properly with both an 802.1Qbh switch and an Open vSwitch
5356 switch, you may choose to specify no type, but both
5359 (you may also omit the other attributes, such as managerid,
5360 typeid, or profileid, to be filled in from the
5362 limit a guest to connecting only to certain types of switches,
5363 you can specify the virtualport type, but still omit some/all of
5364 the parameters - in this case if the host's network has a
5365 different type of virtualport, connection of the interface will
5366 fail.
5367 </p>
5369 <pre>
5370 ...
5375 ...
5385 ...</pre>
5389 <p>
5390 <strong><em>
5391 This is the recommended config for general guest connectivity on
5392 hosts with static wired networking configs.
5393 </em></strong>
5394 </p>
5396 <p>
5397 Provides a bridge from the VM directly to the LAN. This assumes
5398 there is a bridge device on the host which has one or more of the hosts
5399 physical NICs enslaved. The guest VM will have an associated tun device
5400 created with a name of vnetN, which can also be overridden with the
5403 The tun device will be enslaved to the bridge. The IP range / network
5404 configuration is whatever is used on the LAN. This provides the guest VM
5405 full incoming & outgoing net access just like a physical machine.
5406 </p>
5407 <p>
5408 On Linux systems, the bridge device is normally a standard Linux
5409 host bridge. On hosts that support Open vSwitch, it is also
5410 possible to connect to an Open vSwitch bridge device by adding
5416 uniquely identify this particular interface to Open vSwitch (if
5417 you do not specify one, a random interfaceid will be generated
5418 for you when you first define the interface), and an
5420 the interfaces "port-profile".
5421 </p>
5422 <pre>
5423 ...
5425 ...
5440 ...
5442 ...</pre>
5444 <p>
5445 On hosts that support Open vSwitch on the kernel side and have the
5446 Midonet Host Agent configured, it is also possible to connect to the
5447 'midonet' bridge device by adding a
5453 that specifies which port in the virtual network topology will be bound
5454 to the interface.
5455 </p>
5456 <pre>
5457 ...
5459 ...
5474 ...
5476 ...</pre>
5480 <p>
5481 Provides a virtual LAN with NAT to the outside world. The virtual
5482 network has DHCP & DNS services and will give the guest VM addresses
5485 This networking is the only option for unprivileged users who need their
5487 it is possible to override the default network address by
5492 specified to add an IPv6 address to the interface.
5495 </p>
5497 <pre>
5498 ...
5501 ...
5508 ...</pre>
5513 <p>
5514 Provides a means for the administrator to execute an arbitrary script
5515 to connect the guest's network to the LAN. The guest will have a tun
5516 device created with a name of vnetN, which can also be overridden with the
5518 be run which is expected to do whatever host network integration is
5519 required. By default this script is called /etc/qemu-ifup but can be
5520 overridden.
5521 </p>
5523 <pre>
5524 ...
5527 ...
5533 ...</pre>
5537 <p>
5538 Provides direct attachment of the virtual machine's NIC to the given
5539 physical interface of the host.
5541 This setup requires the Linux macvtap
5543 One of the modes 'vepa'
5544 ( <a href="http://www.ieee802.org/1/files/public/docs2009/new-evb-congdon-vepa-modular-0709-v01.pdf">
5545 'Virtual Ethernet Port Aggregator'</a>), 'bridge' or 'private'
5546 can be chosen for the operation mode of the macvtap device, 'vepa'
5547 being the default mode. The individual modes cause the delivery of
5548 packets to behave as follows:
5549 </p>
5550 <p>
5554 unicast/multicast receive filters, and vlan settings in the
5555 guest will be monitored and propagated to the associated macvtap
5558 or is not supported for the device model in use, an attempted
5559 change to the mac address originating from the guest side will
5560 result in a non-working network connection.
5561 </p>
5563 <dl>
5565 <dd>All VMs' packets are sent to the external bridge. Packets
5566 whose destination is a VM on the same host as where the
5567 packet originates from are sent back to the host by the VEPA
5568 capable bridge (today's bridges are typically not VEPA capable).</dd>
5570 <dd>Packets whose destination is on the same host as where they
5571 originate from are directly delivered to the target macvtap device.
5572 Both origin and destination devices need to be in bridge mode
5574 a VEPA capable bridge is required.</dd>
5576 <dd>All packets are sent to the external bridge and will only be
5577 delivered to a target VM on the same host if they are sent through an
5578 external router or gateway and that device sends them back to the
5579 host. This procedure is followed if either the source or destination
5582 <dd>This feature attaches a virtual function of a SRIOV capable
5583 NIC directly to a VM without losing the migration capability.
5584 All packets are sent to the VF/IF of the configured network device.
5585 Depending on the capabilities of the device additional prerequisites or
5586 limitations may apply; for example, on Linux this requires
5588 </dl>
5590 <pre>
5591 ...
5593 ...
5598 ...</pre>
5600 <p>
5601 The network access of direct attached virtual machines can be
5602 managed by the hardware switch to which the physical interface
5603 of the host machine is connected to.
5604 </p>
5605 <p>
5606 The interface can have additional parameters as shown below,
5607 if the switch is conforming to the IEEE 802.1Qbg standard.
5608 The parameters of the virtualport element are documented in more detail
5609 in the IEEE 802.1Qbg standard. The values are network specific and
5610 should be provided by the network administrator. In 802.1Qbg terms,
5611 the Virtual Station Interface (VSI) represents the virtual interface
5613 </p>
5614 <p>
5615 Please note that IEEE 802.1Qbg requires a non-zero value for the
5616 VLAN ID.
5617 </p>
5618 <dl>
5620 <dd>The VSI Manager ID identifies the database containing the VSI type
5621 and instance definitions. This is an integer value and the
5624 <dd>The VSI Type ID identifies a VSI type characterizing the network
5625 access. VSI types are typically managed by network administrator.
5626 This is an integer value.
5627 </dd>
5629 <dd>The VSI Type Version allows multiple versions of a VSI Type.
5630 This is an integer value.
5631 </dd>
5633 <dd>The VSI Instance ID Identifier is generated when a VSI instance
5634 (i.e. a virtual interface of a virtual machine) is created.
5635 This is a globally unique identifier.
5636 </dd>
5637 </dl>
5638 <pre>
5639 ...
5641 ...
5645 <parameters managerid="11" typeid="1193047" typeidversion="2" instanceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"/>
5649 ...</pre>
5651 <p>
5652 The interface can have additional parameters as shown below
5653 if the switch is conforming to the IEEE 802.1Qbh standard.
5654 The values are network specific and should be provided by the
5656 </p>
5657 <dl>
5659 <dd>The profile ID contains the name of the port profile that is to
5660 be applied to this interface. This name is resolved by the port
5661 profile database into the network parameters from the port profile,
5662 and those network parameters will be applied to this interface.
5663 </dd>
5664 </dl>
5665 <pre>
5666 ...
5668 ...
5676 ...
5677 </pre>
5682 <p>
5684 is directly assigned to the guest using generic device
5685 passthrough, after first optionally setting the device's MAC
5686 address to the configured value, and associating the device with
5687 an 802.1Qbh capable switch using an optionally specified
5689 given above for type='direct' network devices). Note that - due
5690 to limitations in standard single-port PCI ethernet card driver
5691 design - only SR-IOV (Single Root I/O Virtualization) virtual
5692 function (VF) devices can be assigned in this manner; to assign
5693 a standard single-port PCI or PCIe ethernet card to a guest, use
5696 </p>
5698 <p>
5699 To use VFIO device assignment rather than traditional/legacy KVM
5700 device assignment (VFIO is a new method of device assignment
5701 that is compatible with UEFI Secure Boot), a type='hostdev'
5706 is currently the default).
5708 </p>
5710 <p>
5711 Note that this "intelligent passthrough" of network devices is
5713 device, the difference being that this method allows specifying
5715 device. If these capabilities are not required, if you have a
5716 standard single-port PCI, PCIe, or USB network card that doesn't
5717 support SR-IOV (and hence would anyway lose the configured MAC
5718 address during reset after being assigned to the guest domain),
5719 or if you are using a version of libvirt older than 0.9.11, you
5722 </p>
5724 <p>
5727 before being passed on to the guest, and reattached to the host
5733 stopping the guest.
5734 </p>
5736 <pre>
5737 ...
5750 ...</pre>
5755 <p>
5756 A multicast group is setup to represent a virtual network. Any VMs
5757 whose network devices are in the same multicast group can talk to each
5758 other even across hosts. This mode is also available to unprivileged
5759 users. There is no default DNS or DHCP support and no outgoing network
5760 access. To provide outgoing network access, one of the VMs should have a
5762 appropriate routing. The multicast protocol is compatible with that used
5763 by user mode linux guests too. The source address used must be from the
5764 multicast address block.
5765 </p>
5767 <pre>
5768 ...
5775 ...</pre>
5779 <p>
5780 A TCP client/server architecture provides a virtual network. One VM
5781 provides the server end of the network, all other VMS are configured as
5782 clients. All network traffic is routed between the VMs via the server.
5783 This mode is also available to unprivileged users. There is no default
5784 DNS or DHCP support and no outgoing network access. To provide outgoing
5785 network access, one of the VMs should have a 2nd NIC which is connected
5788 <pre>
5789 ...
5795 ...
5801 ...</pre>
5805 <p>
5806 A UDP unicast architecture provides a virtual network which enables
5807 connections between QEMU instances using QEMU's UDP infrastructure.
5809 The xml "source" address is the endpoint address to which the UDP socket
5810 packets will be sent from the host running QEMU.
5811 The xml "local" address is the address of the interface from which the
5812 UDP socket packets will originate from the QEMU host.
5815 <pre>
5816 ...
5825 ...</pre>
5829 <pre>
5830 ...
5838 ...</pre>
5840 <p>
5841 For hypervisors which support this, you can set the model of
5842 emulated network interface card.
5843 </p>
5845 <p>
5847 libvirt, but by what the underlying hypervisor supports (if
5848 any). For QEMU and KVM you can get a list of supported models
5849 with these commands:
5850 </p>
5852 <pre>
5853 qemu -net nic,model=? /dev/null
5854 qemu-kvm -net nic,model=? /dev/null
5855 </pre>
5857 <p>
5858 Typical values for QEMU and KVM include:
5859 ne2k_isa i82551 i82557b i82559er ne2k_pci pcnet rtl8139 e1000 virtio.
5863 for more details.
5864 </p>
5868 <pre>
5869 ...
5875 <b><driver name='vhost' txmode='iothread' ioeventfd='on' event_idx='off' queues='5' rx_queue_size='256' tx_queue_size='256'>
5881 ...</pre>
5883 <p>
5884 Some NICs may have tunable driver-specific options. These are
5886 interface definition. Currently the following attributes are
5888 </p>
5890 <dl>
5892 <dd>
5894 backend driver to use. The value can be either 'qemu' (a
5895 user-space backend) or 'vhost' (a kernel backend, which
5896 requires the vhost module to be provided by the kernel); an
5897 attempt to require the vhost driver without kernel support
5898 will be rejected. If this attribute is not present, then the
5899 domain defaults to 'vhost' if present, but silently falls back
5900 to 'qemu' without error.
5902 </dd>
5903 <dd>
5904 For interfaces of type='hostdev' (PCI passthrough devices)
5907 assignment rather than traditional KVM device assignment (VFIO
5908 is a new method of device assignment that is compatible with
5909 UEFI Secure Boot), and "kvm" tells libvirt to use the legacy
5910 device assignment performed directly by the kvm kernel module
5911 (the default is currently "kvm", but is subject to change).
5914 </dd>
5915 <dd>
5917 attribute is ignored. The backend driver used is always
5918 vhost-user.
5919 </dd>
5922 <dd>
5924 transmission of packets when the transmit buffer is full. The
5925 value can be either 'iothread' or 'timer'.
5928 If set to 'iothread', packet tx is all done in an iothread in
5929 the bottom half of the driver (this option translates into
5930 adding "tx=bh" to the qemu commandline -device virtio-net-pci
5931 option).<br/><br/>
5933 If set to 'timer', tx work is done in qemu, and if there is
5934 more tx data than can be sent at the present time, a timer is
5935 set before qemu moves on to do other things; when the timer
5936 fires, another attempt is made to send more data.<br/><br/>
5938 The resulting difference, according to the qemu developer who
5939 added the option is: "bh makes tx more asynchronous and reduces
5940 latency, but potentially causes more processor bandwidth
5941 contention since the CPU doing the tx isn't necessarily the
5944 <b>In general you should leave this option alone, unless you
5945 are very certain you know what you are doing.</b>
5946 </dd>
5948 <dd>
5949 This optional attribute allows users to set
5951 domain I/O asynchronous handling</a> for interface device.
5952 The default is left to the discretion of the hypervisor.
5954 qemu to execute VM while a separate thread handles I/O.
5955 Typically guests experiencing high system CPU utilization
5956 during I/O will benefit from this. On the other hand,
5957 on overloaded host it could increase guest I/O latency.
5960 <b>In general you should leave this option alone, unless you
5961 are very certain you know what you are doing.</b>
5962 </dd>
5964 <dd>
5966 device event processing. The value can be either 'on' or 'off'
5967 - if it is on, it will reduce the number of interrupts and
5968 exits for the guest. The default is determined by QEMU;
5969 usually if the feature is supported, default is on. In case
5970 there is a situation where this behavior is suboptimal, this
5971 attribute provides a way to force the feature off.
5974 <b>In general you should leave this option alone, unless you
5975 are very certain you know what you are doing.</b>
5976 </dd>
5978 <dd>
5980 of queues to be used for either
5983 interfaces. Use of multiple packet processing queues requires the
5985 element. Each queue will potentially be handled by a different
5986 processor, resulting in much higher throughput.
5989 </dd>
5991 <dd>
5993 the size of virtio ring for each queue as described above.
5994 The default value is hypervisor dependent and may change
5995 across its releases. Moreover, some hypervisors may pose
5996 some restrictions on actual value. For instance, latest
6001 <b>In general you should leave this option alone, unless you
6002 are very certain you know what you are doing.</b>
6003 </dd>
6005 <dd>
6007 the size of virtio ring for each queue as described above.
6008 The default value is hypervisor dependent and may change
6009 across its releases. Moreover, some hypervisors may pose
6010 some restrictions on actual value. For instance, QEMU
6012 range. In addition to that, this may work only for a subset of
6013 interface types, e.g. aforementioned QEMU enables this option
6017 <b>In general you should leave this option alone, unless you
6018 are very certain you know what you are doing.</b>
6019 </dd>
6021 <dd>
6022 For virtio interfaces,
6025 </dd>
6026 </dl>
6027 <p>
6028 Offloading options for the host and guest can be configured using
6029 the following sub-elements:
6030 </p>
6031 <dl>
6033 <dd>
6038 By default, the supported offloads are enabled by QEMU.
6041 mergeable rx buffers on the host side. Possible values are
6044 </dd>
6046 <dd>
6051 By default, the supported offloads are enabled by QEMU.
6053 </dd>
6054 </dl>
6058 <pre>
6059 ...
6072 ...</pre>
6074 <p>
6081 </p>
6082 <p>
6086 </p>
6089 <pre>
6090 ...
6097 ...</pre>
6099 <p>
6100 If no target is specified, certain hypervisors will
6101 automatically generate a name for the created tun device. This
6102 name can be manually specified, however the name <i>should not
6103 start with either 'vnet', 'vif', 'macvtap', or 'macvlan'</i>,
6104 which are prefixes reserved by libvirt and certain hypervisors.
6105 Manually specified targets using these prefixes may be ignored.
6106 </p>
6108 <p>
6109 Note that for LXC containers, this defines the name of the interface
6112 element should be used, as in the following snippet:
6113 </p>
6115 <pre>
6116 ...
6123 ...</pre>
6127 <pre>
6128 ...
6136 ...</pre>
6138 <p>
6139 For hypervisors which support this, you can set a specific NIC to
6141 the order in which devices will be tried during boot sequence. The
6143 general boot elements in
6146 </p>
6150 <pre>
6151 ...
6159 ...</pre>
6161 <p>
6162 For hypervisors which support this, you can change how a PCI Network
6165 or not the device's ROM will be visible in the guest's memory
6166 map. (In PCI documentation, the "rombar" setting controls the
6167 presence of the Base Address Register for the ROM). If no rom
6168 bar is specified, the qemu default will be used (older
6169 versions of qemu used a default of "off", while newer qemus
6170 have a default of "on").
6172 binary file to be presented to the guest as the device's ROM
6173 BIOS. This can be useful to provide an alternative boot ROM for a
6174 network device.
6176 </p>
6178 <pre>
6179 ...
6181 ...
6186 ...
6188 ...</pre>
6190 <p>
6192 backend domain (aka driver domain) for the interface. Use the
6194 can use it to create a direct network link between domains (so data
6195 will not go through host system). Use with type 'ethernet' to create
6196 plain network link, or with type 'bridge' to connect to a bridge inside
6197 the backend domain.
6199 </p>
6203 <pre>
6204 ...
6215 ...</pre>
6217 <p>
6218 This part of interface XML provides setting quality of service. Incoming
6219 and outgoing traffic can be shaped independently.
6222 the Network XML.
6223 </p>
6227 <pre>
6228 ...
6244 ...
6247 ...</pre>
6249 <p>
6250 If (and only if) the network connection used by the guest
6251 supports VLAN tagging transparent to the guest, an
6253 more VLAN tags to apply to the guest's network
6255 connections that support guest-transparent VLAN tagging include
6256 1) type='bridge' interfaces connected to an Open vSwitch bridge
6258 Functions (VF) used via type='hostdev' (direct device
6260 SRIOV VFs used via type='direct' with mode='passthrough'
6265 provide their own way (outside of libvirt) to tag guest traffic
6266 onto a specific VLAN. Each tag is given in a
6270 is supported only on Open vSwitch connections),
6272 which implies that the user wants to do VLAN trunking on the
6273 interface for all the specified tags. In the case that VLAN
6274 trunking of a single tag is desired, the optional
6277 single tag from normal tagging.
6278 </p>
6279 <p>
6280 For network connections using Open vSwitch it is also possible
6281 to configure 'native-tagged' and 'native-untagged' VLAN modes
6288 to be the "native" VLAN for this interface, and
6290 traffic for that VLAN will be tagged.
6291 </p>
6294 <pre>
6295 ...
6303 ...</pre>
6305 <p>
6306 This element provides means of setting state of the virtual network link.
6309 behaves as if it had the network cable disconnected. Default behavior if this
6312 </p>
6315 <pre>
6316 ...
6324 ...</pre>
6326 <p>
6327 This element provides means of setting MTU of the virtual network link.
6329 non-negative integer which specifies the MTU size for the interface.
6331 </p>
6334 <pre>
6335 ...
6347 ...</pre>
6349 <p>
6350 This element provides means of setting coalesce settings for
6355 that specifies the maximum number of packets that will be
6356 received before an interrupt.
6358 </p>
6361 <pre>
6362 ...
6369 <b><route family='ipv4' address='192.168.122.0' prefix='24' gateway='192.168.122.1'/></b>
6372 ...
6378 <b><route family='ipv4' address='192.168.122.0' prefix='24' gateway='192.168.122.1'/></b>
6381 ...
6383 ...
6384 </pre>
6386 <p>
6388 hostdev devices with network capabilities can optionally be provided
6389 one or more IP addresses to set on the network device in the
6390 guest. Note that some hypervisors or network device types will
6391 simply ignore them or only use the first one.
6396 netmask, and will be automatically set if not specified - for
6397 IPv4 the default prefix is determined according to the network
6398 "class" (A, B, or C - see RFC870), and for IPv6 the default
6400 IP address of the other end of a point-to-point network
6402 </p>
6404 <p>
6406 added to define IP routes to add in the guest. The attributes of
6407 this element are described in the documentation for
6410 definitions</a>. This is used by the LXC driver.
6411 </p>
6413 <pre>
6414 ...
6422 ...
6424 ...
6426 ...
6427 </pre>
6429 <p>
6431 "ethernet" can optionally be provided one or more IP addresses
6433 network device. These are configured as subelements of
6435 have the same attributes as the similarly named elements used to
6436 configure the guest side of the interface (described above).
6437 </p>
6441 <p>
6443 communication between a QEMU virtual machine and other userspace process
6444 using the Virtio transport protocol. A char dev (e.g. Unix socket) is used
6445 for the control plane, while the data plane is based on shared memory.
6446 </p>
6448 <pre>
6449 ...
6465 ...</pre>
6467 <p>
6469 along with the type of char device.
6470 Currently, only type='unix' is supported, where the path (the
6471 directory path of the socket) and mode attributes are required.
6473 are supported.
6474 vhost-user requires the virtio model type, thus the
6478 configures reconnect timeout if the connection is lost. It
6482 after which hypervisor tries to reconnect.
6483 </p>
6487 <p>
6489 can be assigned to a domain interface, which allows configuring
6490 traffic filter rules for the virtual machine.
6493 complete details.
6494 </p>
6496 <pre>
6497 ...
6500 ...
6504 ...
6509 ...
6513 ...</pre>
6515 <p>
6518 specified for passing additional info to the nwfilter via the
6521 docs for info on parameters.
6522 </p>
6527 <p>
6528 Input devices allow interaction with the graphical framebuffer
6529 in the guest virtual machine. When enabling the framebuffer, an
6530 input device is automatically provided. It may be possible to
6531 add additional devices explicitly, for example,
6532 to provide a graphics tablet for absolute cursor movement.
6533 </p>
6535 <pre>
6536 ...
6547 ...</pre>
6549 <dl>
6555 The tablet provides absolute cursor movement,
6556 while the mouse uses relative movement. The optional
6560 </dl>
6562 <p>
6565 device to a particular PCI
6572 event device passed through to guests. (KVM only)
6576 'virtio-transitional' and 'virtio-non-transitional'. See
6578 for more details.
6579 </p>
6581 <p>
6583 options of the device:
6586 </p>
6590 <p>
6591 A hub is a device that expands a single port into several so
6592 that there are more ports available to connect devices to a host
6593 system.
6594 </p>
6596 <pre>
6597 ...
6601 ...</pre>
6603 <dl>
6607 </dl>
6609 <p>
6614 above</a>.
6615 </p>
6619 <p>
6620 A graphics device allows for graphical interaction with the
6621 guest OS. A guest will typically have either a framebuffer
6622 or a text console configured to allow interaction with the
6623 admin.
6624 </p>
6626 <pre>
6627 ...
6639 ...</pre>
6641 <dl>
6643 <dd>
6644 <p>
6649 </p>
6650 <dl>
6652 <dd>
6653 <p>
6654 This displays a window on the host desktop, it can take 3 optional
6659 </p>
6661 <p>
6663 property to enable OpenGL support in SDL. Likewise you can
6665 </p>
6666 </dd>
6668 <dd>
6669 <p>
6671 the TCP port number (with -1 as legacy syntax indicating that it
6673 the new preferred syntax for indicating auto-allocation of the TCP
6676 set to an empty string, then VNC access is disabled. The
6678 possible to set a limit on the validity of the password by giving
6681 control of connected client during password changes. VNC accepts
6683 NB, this may not be supported by all hypervisors.
6684 </p>
6685 <p>
6688 clients to ask for exclusive access by dropping other connections.
6689 Connecting multiple clients in parallel requires all clients asking
6690 for a shared session (vncviewer: -Shared switch). This is
6692 client access, every connection has to specify -Shared switch for
6695 </p>
6696 <p>
6698 attribute for listening on a unix domain socket path
6700 </p>
6701 <p>
6703 may be used to specify port to listen on (with -1 meaning
6706 </p>
6707 <p>
6708 Although VNC doesn't support OpenGL natively, it can be paired
6710 will instruct QEMU to open and use drm nodes for OpenGL rendering.
6711 </p>
6712 </dd>
6714 <dd>
6715 <p>
6717 the TCP port number (with -1 as legacy syntax indicating that it
6720 attribute is the new preferred syntax for indicating
6722 attribute provides a SPICE password in clear text. If the
6725 specifies the keymap to use. It is possible to set a limit on
6726 the validity of the password by giving a timestamp
6728 in UTC.
6729 </p>
6730 <p>
6735 be supported by all hypervisors.
6737 </p>
6738 <p>
6742 secure if possible, but falls back to insecure rather than erroring
6743 out if no secure path is available).
6745 </p>
6746 <p>
6747 When SPICE has both a normal and TLS secured TCP port configured,
6748 it can be desirable to restrict what channels can be run on each
6753 attribute overrides the default value as set by
6756 inherit the default mode anyways.) Valid channel names include
6762 </p>
6763 <pre>
6774 <p>
6775 Spice supports variable compression settings for audio, images and
6776 streaming. These settings are accessible via the <code>compression
6787 </p>
6788 <p>
6793 </p>
6794 <p>
6795 Copy & Paste functionality (via Spice agent) is set by the
6799 </p>
6800 <p>
6805 </p>
6806 <p>
6807 File transfer functionality (via Spice agent) is set using the
6811 </p>
6812 <p>
6813 Spice may provide accelerated server-side rendering with OpenGL.
6814 You can enable or disable OpenGL support explicitly with
6817 Note that this only works locally, since this requires usage of
6819 'none'. For accelerated OpenGL with remote support, consider
6821 (see below). However, this will deliver weaker performance
6822 compared to native Spice OpenGL support.
6823 </p>
6824 <p>
6825 By default, QEMU will pick the first available GPU DRM render node.
6826 You may specify a DRM render node path to use instead. (QEMU only,
6828 </p>
6829 </dd>
6831 <dd>
6832 <p>
6834 TCP port number (with -1 as legacy syntax indicating that it should
6836 preferred syntax for indicating auto-allocation of the TCP port to
6841 whether multiple simultaneous connections to the VM are permitted.
6843 the existing connection must be dropped and a new connection must
6844 be established by the VRDP server, when a new client connects in
6845 single connection mode.
6846 </p>
6847 </dd>
6849 <dd>
6850 <p>
6851 This value is reserved for VirtualBox domains for the moment. It
6852 displays a window on the host desktop, similarly to "sdl", but
6853 using the VirtualBox viewer. Just like "sdl", it accepts
6856 </p>
6857 </dd>
6859 <dd>
6860 <p>
6861 This display type provides support for an OpenGL accelerated
6862 display accessible both locally and remotely (for comparison,
6863 Spice's native OpenGL support only works locally using UNIX
6864 sockets at the moment, but has better performance). Since this
6865 display type doesn't provide any window or graphical console like
6866 the other types, for practical reasons it should be paired with
6868 This display type is only supported by QEMU domains
6873 path to a host's DRI device to be used for OpenGL rendering.
6874 </p>
6875 <pre>
6880 </pre>
6881 </dd>
6882 </dl>
6883 </dd>
6884 </dl>
6886 <p>
6888 the device should listen for clients. It has a mandatory attribute
6892 Available types are:
6893 </p>
6894 <dl>
6896 <dd>
6897 <p>
6898 Tells a graphics device to use an address specified in the
6900 or hostname (which will be resolved to an IP address via a DNS query)
6901 to listen on.
6902 </p>
6903 <p>
6906 </p>
6907 <p>
6910 If both are provided they must be equal.
6911 </p>
6912 </dd>
6914 <dd>
6915 <p>
6917 attribute from libvirt's list of configured networks. The named network
6918 configuration will be examined to determine an appropriate listen
6919 address and the address will be stored in live XML in <code>address
6920 </code> attribute. For example, if the network has an IPv4 address in
6923 address listed in the network's configuration will be used.
6924 If the network is describing a host bridge, the first IPv4 address
6925 associated with that bridge device will be used, and if the network is
6926 describing one of the 'direct' (macvtap) modes, the first IPv4 address
6927 of the first forward dev will be used.
6928 </p>
6929 </dd>
6931 <dd>
6932 <p>
6933 This listen type tells a graphics server to listen on unix socket.
6935 attribute is omitted libvirt will generate this path for you.
6937 </p>
6938 <p>
6944 </p>
6945 </dd>
6947 <dd>
6948 <p>
6949 This listen type doesn't have any other attribute. Libvirt supports
6950 passing a file descriptor through our APIs virDomainOpenGraphics() and
6951 virDomainOpenGraphicsFD(). No other listen types are allowed if this
6952 one is used and the graphics device doesn't listen anywhere. You need
6953 to use one of the two APIs to pass a FD to QEMU in order to connect to
6956 </p>
6957 </dd>
6958 </dl>
6961 <p>
6962 A video device.
6963 </p>
6965 <pre>
6966 ...
6974 ...</pre>
6976 <dl>
6978 <dd>
6979 <p>
6984 type.
6985 </p>
6986 <p>
6990 video device in domain xml is the primary one, but the optional
6992 with value 'yes' can be used to mark the primary in cases of multiple
6993 video device. The non-primary must be type of "qxl" or
6995 </p>
6996 </dd>
6999 <dd>
7000 <p>
7008 depending on the hypervisor features available.
7010 to add a default video device in the guest (see the paragraph above).
7011 This legacy behaviour can be inconvenient in cases where GPU mediated
7012 devices are meant to be the only rendering device within a guest and
7016 how to add a mediated device into a guest.
7017 </p>
7018 <p>
7019 You can provide the amount of video memory in kibibytes (blocks of
7022 value is provided the default is used. If the size is not a power of
7023 two it will be rounded to closest one.
7024 </p>
7025 <p>
7028 </p>
7029 <p>
7038 the size of VGA framebuffer for fallback mode of QXL device.
7040 extends secondary bar and makes it addressable as 64bit memory.
7041 </p>
7042 </dd>
7045 <dd>
7046 Configure if video acceleration should be enabled.
7047 <dl>
7056 </dl>
7057 </dd>
7060 <dd>
7062 tie the video device to a particular PCI slot.
7066 </dd>
7069 <dd>
7071 <dl>
7073 <dd>
7076 </dd>
7078 <dd>
7079 Control how the video devices exposed to the guest using the
7081 At present, it's only applicable to the bhyve's "gop" video model type
7083 </dd>
7084 </dl>
7085 </dd>
7086 </dl>
7090 <p>
7091 A character device provides a way to interact with the virtual machine.
7092 Paravirtualized consoles, serial ports, parallel ports and channels are
7093 all classed as character devices and so represented using the same syntax.
7094 </p>
7096 <pre>
7097 ...
7122 ...</pre>
7124 <p>
7125 In each of these directives, the top-level element name (parallel, serial,
7126 console, channel) describes how the device is presented to the guest. The
7128 </p>
7130 <p>
7132 attribute of the top-level element. The host interface is
7134 </p>
7136 <p>
7139 is done on the socket path. If this element is not present,
7141 the per-domain setting</a>.
7142 </p>
7144 <p>
7148 the file should be preserved on domain restart. Allowed values are
7150 </p>
7152 <p>
7154 have an optional log file associated with them. This is
7157 attribute which takes the same values described above.
7159 </p>
7161 <pre>
7162 ...
7164 ...</pre>
7166 <p>
7167 Each character device element has an optional
7169 device to a
7171 slot.
7172 </p>
7174 <p>
7177 which configures reconnect timeout if the connection is lost.
7183 </p>
7187 <p>
7188 A character device presents itself to the guest as one of the following
7189 types.
7190 </p>
7194 <pre>
7195 ...
7202 ...</pre>
7204 <p>
7206 specifies the port number. Ports are numbered starting from 0. There are
7208 </p>
7212 <pre>
7213 ...
7221 ...</pre>
7223 <pre>
7224 ...
7234 ...</pre>
7236 <p>
7238 attribute, which specifies the port number (starting from 0), and an
7248 available as well.
7249 </p>
7251 <p>
7265 </p>
7267 <p>
7268 If any of the attributes is not specified by the user, libvirt will
7269 choose a value suitable for most users.
7270 </p>
7272 <p>
7273 Most target types support configuring the guest-visible device
7280 address.
7281 </p>
7283 <p>
7284 For the relationship between serial ports and consoles,
7286 </p>
7290 <pre>
7291 ...
7299 ...</pre>
7301 <pre>
7302 ...
7310 ...</pre>
7312 <p>
7314 serial consoles. Depending on the type of guest in use and the specifics
7317 device.
7318 </p>
7320 <p>
7328 (available when the corresponding hypervisor is in use).
7330 s390x QEMU guests) are supported for compatibility reasons but should
7334 </p>
7336 <p>
7338 that it doesn't represents a separate device, but rather the same
7342 </p>
7344 <p>
7346 from inside the guest; for more information, see
7347 <a href="http://fedoraproject.org/wiki/Features/VirtioSerial">http://fedoraproject.org/wiki/Features/VirtioSerial</a>.
7349 </p>
7351 <p>
7352 For the relationship between serial ports and consoles,
7354 </p>
7356 <h6><a id="elementCharSerialAndConsole">Relationship between serial ports and consoles</a></h6>
7358 <p>
7361 </p>
7363 <p>
7364 In general, both elements are used to configure one or more serial
7365 consoles to be used for interacting with the guest. The main difference
7368 for paravirtualized ones.
7369 </p>
7371 <p>
7372 Both emulated and paravirtualized serial consoles have advantages and
7373 disadvantages:
7374 </p>
7376 <ul>
7377 <li>
7378 emulated serial consoles are usually initialized much earlier than
7379 paravirtualized ones, so they can be used to control the bootloader
7380 and display both firmware and early boot messages;
7381 </li>
7382 <li>
7383 on several platforms, there can only be a single emulated serial
7384 console per guest but paravirtualized consoles don't suffer from the
7385 same limitation.
7386 </li>
7387 </ul>
7389 <p>
7390 A configuration such as:
7391 </p>
7393 <pre>
7394 ...
7403 ...</pre>
7405 <p>
7406 will work on any platform and will result in one emulated serial console
7407 for early boot logging / interactive / recovery use, and one
7408 paravirtualized serial console to be used eg. as a side channel. Most
7410 element in their configuration.
7411 </p>
7413 <p>
7414 Note that, due to the compatibility concerns mentioned earlier, all the
7415 following configurations:
7416 </p>
7418 <pre>
7419 ...
7423 ...</pre>
7425 <pre>
7426 ...
7430 ...</pre>
7432 <pre>
7433 ...
7438 ...</pre>
7440 <p>
7441 will be treated the same and will result in a single emulated serial
7442 console being available to the guest.
7443 </p>
7447 <p>
7448 This represents a private communication channel between the host and the
7449 guest.
7450 </p>
7452 <pre>
7453 ...
7472 ...</pre>
7474 <p>
7475 This can be implemented in a variety of ways. The specific type of
7479 </p>
7481 <dl>
7483 <dd>TCP traffic sent by the guest to a given IP address and port is
7489 <dd>Paravirtualized virtio channel. Channel is exposed in the guest under
7491 /dev/virtio-ports/$name (for more info, please see
7492 <a href="http://fedoraproject.org/wiki/Features/VirtioSerial">http://fedoraproject.org/wiki/Features/VirtioSerial</a>). The
7497 then libvirt can interact with a guest agent installed in the
7498 guest, for actions such as guest shutdown or file system quiescing.
7501 it is possible to have source path auto generated for virtio unix channels.
7502 This is very useful in case of a qemu guest agent, where users don't
7503 usually care about the source path since it's libvirt who talks to
7504 the guest agent. In case users want to utilize this feature, they should
7508 guest is active on the channel. This is an output-only attribute.
7511 </dd>
7513 <dd> Paravirtualized Xen channel. Channel is exposed in the guest as a
7514 Xen console but identified with a name. Setup and consumption of a Xen
7515 channel depends on software and configuration in the guest
7516 (for more info, please see <a href="http://xenbits.xen.org/docs/unstable/misc/channel.txt">http://xenbits.xen.org/docs/unstable/misc/channel.txt</a>).
7517 Channel source path semantics are the same as the virtio target type.
7519 lack the necessary probing mechanism.
7521 </dd>
7523 <dd>Paravirtualized SPICE channel. The domain must also have a
7525 device</a>, at which point the host piggy-backs messages
7527 element must be present, with
7530 access to the channel, and defaults
7535 </dl>
7539 <p>
7540 A character device presents itself to the host as one of the following
7541 types.
7542 </p>
7546 <p>
7547 This disables all input on the character device, and sends output
7548 into the virtual machine's logfile
7549 </p>
7551 <pre>
7552 ...
7558 ...</pre>
7563 <p>
7564 A file is opened and all data sent to the character
7565 device is written to the file.
7566 </p>
7568 <pre>
7569 ...
7576 ...</pre>
7580 <p>
7581 Connects the character device to the graphical framebuffer in
7582 a virtual console. This is typically accessed via a special
7583 hotkey sequence such as "ctrl+alt+3"
7584 </p>
7586 <pre>
7587 ...
7593 ...</pre>
7597 <p>
7598 Connects the character device to the void. No data is ever
7599 provided to the input. All data written is discarded.
7600 </p>
7602 <pre>
7603 ...
7609 ...</pre>
7613 <p>
7614 A Pseudo TTY is allocated using /dev/ptmx. A suitable client
7615 such as 'virsh console' can connect to interact with the
7616 serial port locally.
7617 </p>
7619 <pre>
7620 ...
7627 ...</pre>
7629 <p>
7631 path is also duplicated as an attribute tty='/dev/pts/3'
7634 </p>
7638 <p>
7639 The character device is passed through to the underlying
7640 physical character device. The device types must match,
7641 eg the emulated serial port should only be connected to
7642 a host serial port - don't connect a serial port to a parallel
7643 port.
7644 </p>
7646 <pre>
7647 ...
7654 ...</pre>
7658 <p>
7659 The character device writes output to a named pipe. See pipe(7) for
7660 more info.
7661 </p>
7663 <pre>
7664 ...
7671 ...</pre>
7675 <p>
7676 The character device acts as a TCP client connecting to a
7677 remote server.
7678 </p>
7680 <pre>
7681 ...
7689 ...</pre>
7691 <p>
7692 Or as a TCP server waiting for a client connection.
7693 </p>
7695 <pre>
7696 ...
7704 ...</pre>
7706 <p>
7709 for the connection.
7710 </p>
7711 <p>
7714 (via secure sockets layer) as the transport protocol for connections.
7715 </p>
7717 <pre>
7718 ...
7725 ...
7732 ...</pre>
7734 <p>
7737 TCP communication channel would utilize a hypervisor configured
7738 TLS X.509 certificate environment in order to encrypt the data
7739 channel. For the QEMU hypervisor, usage of a TLS environment can
7745 will use the host configured TLS environment.
7747 attribute is set to "yes", then libvirt will attempt to use the
7750 </p>
7751 <pre>
7752 ...
7760 ...</pre>
7764 <p>
7765 The character device acts as a UDP netconsole service,
7766 sending and receiving packets. This is a lossy service.
7767 </p>
7769 <pre>
7770 ...
7778 ...</pre>
7782 <p>
7783 The character device acts as a UNIX domain socket server,
7784 accepting connections from local clients.
7785 </p>
7787 <pre>
7788 ...
7795 ...</pre>
7799 <p>
7800 The character device is accessible through spice connection
7803 </p>
7804 <p>
7805 Note: depending on the hypervisor, spiceports might (or might not)
7807 graphics</a>.
7808 </p>
7810 <pre>
7811 ...
7818 ...</pre>
7822 <p>
7823 The nmdm device driver, available on FreeBSD, provides two
7824 tty devices connected together by a virtual null modem cable.
7826 </p>
7828 <pre>
7829 ...
7835 ...</pre>
7837 <p>
7839 </p>
7841 <dl>
7843 <dd>Master device of the pair, that is passed to the hypervisor.
7844 Device is specified by a fully qualified path.</dd>
7847 <dd>Slave device of the pair, that is passed to the clients for connection
7848 to the guest console. Device is specified by a fully qualified path.</dd>
7849 </dl>
7853 <p>
7854 A virtual sound card can be attached to the host via the
7856 </p>
7858 <pre>
7859 ...
7863 ...</pre>
7865 <dl>
7867 <dd>
7870 Valid values are specific to the underlying hypervisor, though typical
7871 choices are 'es1370', 'sb16', 'ac97', 'ich6' and 'usb'.
7875 </dd>
7876 </dl>
7878 <p>
7882 codecs to the audio device. If not specified, a default codec
7883 will be attached to allow playback and recording.
7884 </p>
7885 <p>
7886 Valid values are:
7887 </p>
7888 <p>
7889 <ul>
7892 <li>'output' - advertise a line-out
7894 </ul>
7895 </p>
7897 <pre>
7898 ...
7904 ...</pre>
7906 <p>
7909 device to a particular PCI
7911 </p>
7915 <p>
7916 A virtual hardware watchdog device can be added to the guest via
7919 </p>
7921 <p>
7922 The watchdog device requires an additional driver and management
7923 daemon in the guest. Just enabling the watchdog in the libvirt
7924 configuration does not do anything useful on its own.
7925 </p>
7927 <p>
7928 Currently libvirt does not support notification when the
7929 watchdog fires. This feature is planned for a future version of
7930 libvirt.
7931 </p>
7933 <pre>
7934 ...
7938 ...</pre>
7940 <pre>
7941 ...
7947 <dl>
7949 <dd>
7950 <p>
7952 watchdog device is emulated. Valid values are specific to the
7953 underlying hypervisor.
7954 </p>
7955 <p>
7956 QEMU and KVM support:
7957 </p>
7958 <ul>
7959 <li>'i6300esb' - the recommended device,
7962 <li>'diag288' - emulating an S390 DIAG288 device
7964 </ul>
7965 </dd>
7967 <dd>
7968 <p>
7970 action to take when the watchdog expires. Valid values are
7971 specific to the underlying hypervisor.
7972 </p>
7973 <p>
7974 QEMU and KVM support:
7975 </p>
7976 <ul>
7978 <li>'shutdown' - gracefully shutdown the guest
7979 (not recommended) </li>
7983 <li>'dump' - automatically dump the guest
7985 <li>'inject-nmi' - inject a non-maskable interrupt
7986 into the guest
7988 </ul>
7989 <p>
7990 Note 1: the 'shutdown' action requires that the guest
7991 is responsive to ACPI signals. In the sort of situations
7992 where the watchdog has expired, guests are usually unable
7993 to respond to ACPI signals. Therefore using 'shutdown'
7994 is not recommended.
7995 </p>
7996 <p>
7997 Note 2: the directory to save dump files can be configured
7999 </p>
8000 </dd>
8001 </dl>
8005 <p>
8006 A virtual memory balloon device is added to all Xen and KVM/QEMU
8008 It will be automatically added when appropriate, so there is no
8009 need to explicitly add this element in the guest XML unless a
8010 specific PCI slot needs to be assigned.
8013 memballoon device needs to be explicitly disabled,
8015 </p>
8017 <p>
8018 Example: automatically added device with KVM
8019 </p>
8020 <pre>
8021 ...
8025 ...</pre>
8027 <p>
8028 Example: manually added device with static PCI slot 2 requested
8029 </p>
8030 <pre>
8031 ...
8041 <dl>
8043 <dd>
8044 <p>
8046 of balloon device is provided. Valid values are specific to
8047 the virtualization platform
8048 </p>
8049 <ul>
8054 </ul>
8056 for more details.
8057 </dd>
8059 <dd>
8060 <p>
8063 QEMU virtio memory balloon to release some memory at the last moment
8064 before a guest's process get killed by Out of Memory killer.
8066 </p>
8067 </dd>
8069 <dd>
8070 <p>
8072 driver to provide statistics through the <code>virsh dommemstat
8073 [domain]</code> command. By default, collection is not enabled. In
8074 order to enable, use the <code>virsh dommemstat [domain] --period
8079 for a running domain will only be made to the active guest. If the
8080 QEMU driver is not at the right revision, the attempt to set the
8081 period will fail. Large values (e.g. many years) might be ignored.
8083 </p>
8084 </dd>
8086 <dd>
8090 </dd>
8091 </dl>
8094 <p>
8095 The virtual random number generator device allows the host to pass
8096 through entropy to guest operating systems.
8098 </p>
8100 <p>
8101 Example: usage of the RNG device:
8102 </p>
8103 <pre>
8104 ...
8116 ...
8117 </pre>
8118 <dl>
8120 <dd>
8121 <p>
8123 of RNG device is provided. Valid values are specific to
8124 the virtualization platform:
8125 </p>
8126 <ul>
8130 </ul>
8132 for more details.
8133 </dd>
8135 <dd>
8136 <p>
8138 which entropy can be consumed from the source. The mandatory
8141 specifies the duration of a period in milliseconds; if omitted, the
8144 </p>
8145 </dd>
8147 <dd>
8148 <p>
8150 to be used for the domain. The source model is configured using the
8152 </p>
8153 <dl>
8155 <dd>
8156 <p>
8157 This backend type expects a non-blocking character device
8158 as input. The file name is specified as contents of the
8162 the only accepted paths. When no file name is specified,
8163 the hypervisor default is used. For QEMU, the default is
8167 </p>
8168 </dd>
8170 <dd>
8171 <p>
8172 This backend connects to a source using the EGD protocol.
8173 The source is specified as a character device. Refer to
8175 for more information.
8176 </p>
8177 </dd>
8178 </dl>
8179 </dd>
8181 <dd>
8183 <dl>
8185 <dd>
8188 </dd>
8189 </dl>
8190 </dd>
8192 </dl>
8196 <p>
8197 The TPM device enables a QEMU guest to have access to TPM
8198 functionality. The TPM device may either be a TPM 1.2 or
8199 a TPM 2.0.
8200 </p>
8201 <p>
8202 The TPM passthrough device type provides access to the host's TPM
8203 for one QEMU guest. No other software may be using the TPM device,
8204 typically /dev/tpm0, at the time the QEMU guest is started.
8206 </p>
8208 <p>
8209 Example: usage of the TPM passthrough device
8210 </p>
8211 <pre>
8212 ...
8220 ...
8221 </pre>
8223 <p>
8224 The emulator device type gives access to a TPM emulator providing
8225 TPM functionality for each VM. QEMU talks to it over a Unix socket. With
8226 the emulator device type each guest gets its own private TPM.
8228 The state of the TPM emulator can be encrypted by providing an
8231 </p>
8232 <p>
8233 Example: usage of the TPM Emulator
8234 </p>
8235 <pre>
8236 ...
8244 ...
8245 </pre>
8246 <dl>
8248 <dd>
8249 <p>
8251 model QEMU provides to the guest. If no model name is provided,
8255 backend device is a TPM 2.0.
8256 </p>
8257 </dd>
8259 <dd>
8260 <p>
8262 TPM device. The following types are supported:
8263 </p>
8264 <dl>
8266 <dd>
8267 <p>
8268 Use the host's TPM device.
8269 </p>
8270 <p>
8271 This backend type requires exclusive access to a TPM device on
8272 the host. An example for such a device is /dev/tpm0. The fully
8273 qualified file name is specified by path attribute of the
8275 /dev/tpm0 is automatically used.
8276 </p>
8277 </dd>
8278 </dl>
8279 <dl>
8281 <dd>
8282 <p>
8283 For this backend type the 'swtpm' TPM Emulator must be installed on the
8284 host. Libvirt will automatically start an independent TPM emulator
8285 for each QEMU guest requesting access to it.
8286 </p>
8287 </dd>
8288 </dl>
8289 </dd>
8291 <dd>
8292 <p>
8294 of the TPM. By default a TPM 1.2 is created. This attribute
8296 versions are supported:
8297 </p>
8298 <ul>
8301 </ul>
8302 </dd>
8304 <dd>
8305 <p>
8308 that holds the passphrase from which the encryption key will be derived.
8309 </p>
8310 </dd>
8311 </dl>
8314 <p>
8315 nvram device is always added to pSeries guest on PPC64, and its address
8318 enable the address setting.
8319 </p>
8320 <p>
8321 Example: usage of NVRAM configuration
8322 </p>
8323 <pre>
8324 ...
8330 ...
8331 </pre>
8332 <dl>
8334 <dd>
8335 <p>
8336 VIO device address type, only valid for PPC64.
8337 </p>
8338 </dd>
8340 <dd>
8341 <p>
8342 Device address
8343 </p>
8344 </dd>
8345 </dl>
8348 <p>
8349 panic device enables libvirt to receive panic notification from a QEMU
8350 guest.
8352 </p>
8353 <p>
8354 This feature is always enabled for:
8355 </p>
8356 <ul>
8359 </ul>
8360 <p>
8361 For the guest types listed above, libvirt automatically adds a
8363 </p>
8364 <p>
8365 Example: usage of panic configuration
8366 </p>
8367 <pre>
8368 ...
8375 ...
8376 </pre>
8377 <dl>
8379 <dd>
8380 <p>
8382 of panic device is provided. The panic model used when this attribute
8383 is missing depends on the hypervisor and guest arch.
8384 </p>
8385 <ul>
8388 <li>'hyperv' - for Hyper-V crash CPU feature.
8390 <li>'s390' - default for S390 guests.
8392 </ul>
8393 </dd>
8395 <dd>
8396 <p>
8397 address of panic. The default ioport is 0x505. Most users
8398 don't need to specify an address, and doing so is forbidden
8399 altogether for s390, pseries and hyperv models.
8400 </p>
8401 </dd>
8402 </dl>
8406 <p>
8407 A shared memory device allows to share a memory region between
8408 different virtual machines and the host.
8410 </p>
8412 <pre>
8413 ...
8426 ...
8427 </pre>
8429 <dl>
8431 <dd>
8436 </dd>
8438 <dd>
8440 specifies the model of the underlying device providing the
8443 deprecated by newer QEMU in favour of the -plain and -doorbell variants),
8446 </dd>
8448 <dd>
8451 </dd>
8453 <dd>
8455 socket the device is supposed to connect to. The optional
8458 </dd>
8460 <dd>
8462 respectively) MSI interrupts. This option can currently be used only
8464 attribute can be used to specify the number of interrupt
8467 </dd>
8468 </dl>
8472 <p>
8473 In addition to the initial memory assigned to the guest, memory devices
8474 allow additional memory to be assigned to the guest in the form of
8475 memory modules.
8477 A memory device can be hot-plugged or hot-unplugged depending on the
8478 guests' memory resource needs.
8480 Some hypervisors may require NUMA configured for the guest.
8481 </p>
8483 <p>
8484 Example: usage of the memory devices
8485 </p>
8486 <pre>
8487 ...
8533 ...
8534 </pre>
8535 <dl>
8537 <dd>
8538 <p>
8543 </p>
8544 </dd>
8547 <dd>
8548 <p>
8551 capability to fine tune mapping of the memory on per
8552 module basis. Values are the same as
8555 </p>
8556 </dd>
8559 <dd>
8560 <p>
8563 capability to fine tune discard of data on per module
8567 This attribute is allowed only for
8569 </p>
8570 </dd>
8573 <dd>
8574 <p>
8576 fine tune the source of the memory used for the given memory device.
8577 If the element is not provided defaults configured via
8579 then the following optional elements can be provided as well:
8580 </p>
8582 <dl>
8584 <dd>
8585 <p>
8586 This element can be used to override the default
8587 host page size used for backing the memory device.
8588 The configured value must correspond to a page size
8589 supported by the host.
8590 </p>
8591 </dd>
8594 <dd>
8595 <p>
8596 This element can be used to override the default
8597 set of NUMA nodes where the memory would be
8598 allocated.
8599 </p>
8600 </dd>
8601 </dl>
8603 <p>
8606 the host that backs the nvdimm module in the guest. The following
8607 optional elements may be used:
8608 </p>
8610 <dl>
8612 <dd>
8613 <p>
8615 alignment used to mmap the address range for the backend
8617 For example, to mmap a real NVDIMM device a 2M-aligned page may
8618 be required.
8620 </p>
8621 </dd>
8624 <dd>
8625 <p>
8626 If persistent memory is supported and enabled by the hypervisor
8627 in order to guarantee the persistence of writes to the vNVDIMM
8629 utilize the feature.
8631 </p>
8632 </dd>
8633 </dl>
8634 </dd>
8637 <dd>
8638 <p>
8640 sizing of the added memory from the perspective of the guest.
8641 </p>
8642 <p>
8644 added memory as a scaled integer.
8645 </p>
8646 <p>
8648 attach the memory to. The element shall be used only if the guest has
8649 NUMA nodes configured.
8650 </p>
8651 <p>
8652 The following optional elements may be used:
8653 </p>
8655 <dl>
8657 <dd>
8658 <p>
8659 For NVDIMM type devices one can optionally use
8661 to configure the size of namespaces label storage
8663 has usual meaning described
8665 For QEMU domains the following restrictions apply:
8666 </p>
8667 <ol>
8669 <li>the remaining size (total-size - label-size) will be aligned
8671 </ol>
8672 </dd>
8675 <dd>
8676 <p>
8678 as read-only. Only the real NVDIMM device backend can guarantee
8679 the guest write persistence, so other backend types should use
8682 </p>
8683 </dd>
8684 </dl>
8685 </dd>
8686 </dl>
8690 <p>
8693 </p>
8695 <p>
8696 Example:
8697 </p>
8698 <pre>
8699 ...
8705 ...
8706 </pre>
8707 <dl>
8709 <dd>
8710 <p>
8713 ARM virt guests).
8714 </p>
8715 </dd>
8717 <dd>
8718 <p>
8720 additional options, some of which might only be available for
8721 certain IOMMU models:
8722 </p>
8723 <dl>
8725 <dd>
8726 <p>
8729 turn on interrupt remapping, a part of the VT-d functionality.
8730 Currently this requires split I/O APIC
8733 </p>
8734 </dd>
8736 <dd>
8737 <p>
8740 turn on the VT-d caching mode (useful for assigned devices).
8742 </p>
8743 </dd>
8745 <dd>
8746 <p>
8749 configure Extended Interrupt Mode. A q35 domain with
8750 split I/O APIC (as described in
8752 and both interrupt remapping and EIM turned on for
8753 the IOMMU, will be able to use more than 255 vCPUs.
8755 </p>
8756 </dd>
8758 <dd>
8759 <p>
8762 turn on the IOTLB used to cache address translation
8763 requests from devices.
8765 </p>
8766 </dd>
8767 </dl>
8768 </dd>
8769 </dl>
8776 'virtio-non-transitional', see
8778 for more details.
8780 element specifies the CID assigned to the guest. If the attribute
8782 will assign a free CID automatically on domain startup.
8785 <pre>
8786 ...
8792 ...</pre>
8797 <p>
8799 operation of the security drivers. There are three basic
8800 modes of operation, 'dynamic' where libvirt automatically
8801 generates a unique security label, 'static' where the
8802 application/administrator chooses the labels, or 'none'
8803 where confinement is disabled. With dynamic
8804 label generation, libvirt will always automatically
8805 relabel any resources associated with the virtual machine.
8806 With static label assignment, by default, the administrator
8807 or application must ensure labels are set correctly on any
8808 resources, however, automatic relabeling can be enabled
8811 </p>
8813 <p>
8814 If more than one security driver is used by libvirt, multiple
8816 the security driver referenced by each tag can be defined using
8818 </p>
8820 <p>
8821 Valid input XML configurations for the top-level security label
8822 are:
8823 </p>
8825 <pre>
8841 </pre>
8843 <p>
8844 If no 'type' attribute is provided in the input XML, then
8845 the security driver default setting will be used, which
8846 may be either 'none' or 'dynamic'. If a 'baselabel' is set
8847 but no 'type' is set, then the type is presumed to be 'dynamic'
8848 </p>
8850 <p>
8851 When viewing the XML for a running guest with automatic
8852 resource relabeling active, an additional XML element,
8854 output-only element, so will be ignored in user supplied
8855 XML documents
8856 </p>
8857 <dl>
8860 to determine whether libvirt automatically generates a unique security
8861 label or not.
8862 </dd>
8864 <dd>A valid security model name, matching the currently
8865 activated security model
8866 </dd>
8871 </dd>
8873 <dd>If static labelling is used, this must specify the full
8874 security label to assign to the virtual domain. The format
8875 of the content depends on the security driver in use:
8876 <ul>
8879 <li>
8880 DAC: owner and group separated by colon. They can be
8881 defined both as user/group names or uid/gid. The driver will first
8882 try to parse these values as names, but a leading plus sign can
8883 used to force the driver to parse them as uid or gid.
8884 </li>
8885 </ul>
8886 </dd>
8888 <dd>If dynamic labelling is used, this can optionally be
8889 used to specify the base security label that will be used to generate
8890 the actual label. The format of the content depends on the security
8891 driver in use.
8894 baselabel in the generated label. Other fields are inherited from
8895 the parent process when using SELinux baselabels.
8899 </dd>
8901 <dd>This is an output only element, which shows the
8902 security label used on resources associated with the virtual domain.
8903 The format of the content depends on the security driver in use
8904 </dd>
8905 </dl>
8907 <p>When relabeling is in effect, it is also possible to fine-tune
8908 the labeling done for specific source file names, by either
8909 disabling the labeling (useful if the file lives on NFS or other
8910 file system that lacks security labeling) or requesting an
8911 alternate label (useful when a management application creates a
8912 special label to allow sharing of some, but not all, resources
8915 rather than the top-level domain assignment, only the
8920 domains on disks where labeling was skipped due to the image
8921 being on a file system that lacks security labeling.
8922 </p>
8927 whether the guest will be allowed to perform the S390 cryptographic key
8928 management operations. A clear key can be protected by encrypting it
8929 under a unique wrapping key that is generated for each guest VM running
8930 on the host. Two variations of wrapping keys are generated: one version
8931 for encrypting protected keys using the DEA/TDEA algorithm, and another
8932 version for keys encrypted using the AES algorithm. If a
8934 access to both AES and DEA/TDEA key wrapping by default.</p>
8936 <pre>
8938 ...
8942 ...
8944 </pre>
8945 <p>
8948 </p>
8949 <dl>
8952 for encrypting a protected key. The values supported for this attribute
8956 management operations should be turned on for the specified encryption
8958 </dd>
8959 </dl>
8965 <p>
8967 is used to provide the guest owners input used for creating an encrypted
8968 VM using the AMD SEV feature (Secure Encrypted Virtualization).
8970 SEV is an extension to the AMD-V architecture which supports running
8971 encrypted virtual machine (VMs) under the control of KVM. Encrypted
8972 VMs have their pages (code and data) secured such that only the guest
8973 itself has access to the unencrypted version. Each encrypted VM is
8974 associated with a unique encryption key; if its data is accessed to a
8975 different entity using a different key the encrypted guests data will
8976 be incorrectly decrypted, leading to unintelligible data.
8978 For more information see various input parameters and its format see the
8981 </p>
8982 <pre>
8984 ...
8992 ...
8994 </pre>
8996 <dl>
9001 from the domain capabilities.
9002 </dd>
9006 reduced-phys-bit</code> is hypervisor dependent and can be obtained
9008 </dd>
9011 which must be maintained by the SEV firmware. This policy is enforced by
9012 the firmware and restricts what configuration and operational commands
9013 can be performed on this guest by the hypervisor. The guest policy
9014 provided during guest launch is bound to the guest and cannot be changed
9015 throughout the lifetime of the guest. The policy is also transmitted
9016 during snapshot and migration flows and enforced on the destination platform.
9018 The guest policy is a 4 unsigned byte with the fields shown in Table:
9021 <tr>
9024 </tr>
9025 <tr>
9028 </tr>
9029 <tr>
9032 </tr>
9033 <tr>
9036 </tr>
9037 <tr>
9040 </tr>
9041 <tr>
9043 <td> The guest must not be transmitted to another platform that is
9044 not in the domain when set. </td>
9045 </tr>
9046 <tr>
9048 <td> The guest must not be transmitted to another platform that is
9049 not SEV capable when set. </td>
9050 </tr>
9051 <tr>
9054 </tr>
9055 <tr>
9057 <td> The guest must not be transmitted to another platform with a
9058 lower firmware version. </td>
9059 </tr>
9060 </table>
9062 </dd>
9065 base64 encoded Diffie-Hellman (DH) key. The key is used to negotiate a
9066 master secret key between the SEV firmware and guest owner. This master
9067 secret key is then used to establish a trusted channel between SEV
9068 firmware and guest owner.
9069 </dd>
9072 base64 encoded session blob defined in the SEV API spec.
9074 See SEV spec LAUNCH_START section for the session blob format.
9075 </dd>
9076 </dl>
9080 <p>
9081 Example configurations for each driver are provide on the
9082 driver specific pages listed below
9083 </p>
9085 <ul>
9088 </ul>
9089 </body>
9090 </html>