/usr/share/doc/libvirt-bin/README.Debian is in libvirt-bin 0.9.12.3-1+deb7u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 | Xen
===
To manage xen domains with libvirt you have to set:
(xend-unix-server yes)
in /etc/xen/xend-config.sxp.
For xend HTTP access (not recommended) you also have to set:
(xend-http-server yes)
# only allow access from localhost:
(xend-address localhost)
Note that *every* user on the system has access to xend then. Better use
libvirtd to access xen with unprivileged users and add the users to the
"libvirt" group (see "Access Control" below).
Debugging
=========
Use LIBVIRT_DEBUG=1 to enable libvirt's debugging output, e.g.:
LIBVIRT_DEBUG=1
export LIBVIRT_DEBUG
virt-manager
The default NAT network
=======================
To ease network configuration libvirt defines a NATed network named "default".
VMs using this network end up in 192.168.122.1/24 and DHCP is provided to them
via dnsmasq. This network is not automatically started. To start it use:
virsh net-start default
To make the default network start automatically use:
virsh net-autostart default
In order for things to work this way you need to have the recommended packages
dnsmasq-base, bridge-utils and iptables installed.
You don't need the package dnsmasq. However, if you install it, Debian's
default dnsmasq needs to be adjusted slightly to interoperate with libvirtd:
cat <<EOF >/etc/dnsmasq.d/00_libvirtd.conf
# only bind to loopback by default
interface=lo
bind-interfaces
EOF
This makes dnsmasq only bind to the loopback interface by default so libvirtd
can handle the virtual bridges.
Access Control
==============
Access to the libvirt socket is controlled by membership in the "libvirt" group.
If you want to manage VMs as non root you need to add a user to that group.
System QEMU/KVM processes are run as user and group libvirt-qemu. This can be
adjusted via /etc/libvirt/qemu.conf.
QEMU/KVM: Dropping Capabilties
==============================
Network interfaces of type "ethernet" use a script like /etc/qemu-ifup to set up
the network device. In order to make this work you need to set
"clear_emulator_capabilities" to "0" in /etc/libvirt/qemu.conf since you need
CAP_NET_ADMIN.
This used to be the default prior to 0.8.1 in the Debian package.
SSH connections to the server
=============================
If you want to connect to the libvirt server via SSH, you need to install
netcat-openbsd on the server and configure the nc alternative to use it. This
is done automatically when netcat-openbsd is installed if you do not have
previously modified the nc alternative. Please see the following bug reports
for a complete explanation:
<http://bugs.debian.org/453627>
<http://bugs.debian.org/614291>
-- Guido Günther <agx@sigxcpu.org> Mon, 06 Feb 2011 17:28:35 +0200
|