89
Comment:
|
5818
Put all qemu options into "unused", will sort them later
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
= Multiuser usage of KVM: Assumptions = * The host computer runs several instances of KVM virtual machines. * Each virtual machine runs as a process with privileges of a user it is allocated to. This makes it possible to utilize standard Linux user access control mechanisms. * Users may logon in various ways (see below), but even if a user possesses a shell account on the host computer, they should be prevented from direct execution of KVM (e. g. from command line), i. e. from uncontrolled creation of virtual machine instances. Therefore, a secure wrapper is necessary to run KVM on users' behalf. = User Logon Possibilities = * Logon via ssh to the host computer, then launch a VM by invoking the wrapper passing desired ID of VM to start, then ssh into the VM (or xdm, or http) * VM is already running for a user (variant: frozen when user logs off, and unfrozen when they log on), so user logs on via ssh (or xdm, ot http) into a running VM instance * VM is running as a daemon, providing some services to other VMs (e. g. NFS/SAMBA server), and users access it indirectly from their own VMs by appropriate protocols = Virtual Machine Layout = == Classification of QEMU/KVM Options (as of 0.17) == === Options that Users Are Allowed to Set === === Options that Users Are Not Allowed to Set === === Options that Are Not Used === -M machine select emulated machine (-M ? for list) -fda/-fdb file use 'file' as floppy disk 0/1 image -hda/-hdb file use 'file' as IDE hard disk 0/1 image -hdc/-hdd file use 'file' as IDE hard disk 2/3 image -cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master) -boot [a|c|d|n] boot on floppy (a), hard disk (c), CD-ROM (d), or network (n) -snapshot write to temporary files instead of disk image files -no-quit disable SDL window close capability -no-fd-bootchk disable boot signature checking for floppy disks -m megs set virtual RAM size to megs MB [default=128] -smp n set the number of CPUs to 'n' [default=1] -nographic disable graphical output and redirect serial I/Os to console -k language use keyboard layout (for example "fr" for French) -audio-help print list of audio drivers and their options -soundhw c1,... enable audio support and only specified sound cards (comma separated list) use -soundhw ? to get the list of supported cards use -soundhw all to enable all of them -localtime set the real time clock to local time [default=utc] -full-screen start in full screen -win2k-hack use it when installing Windows 2000 to avoid a disk full bug -usb enable the USB driver (will be the default soon) -usbdevice name add the host or guest USB device 'name' -net nic[,vlan=n][,macaddr=addr][,model=type] create a new Network Interface Card and connect it to VLAN 'n' -net user[,vlan=n][,hostname=host] connect the user mode network stack to VLAN 'n' and send hostname 'host' to DHCP clients -net tap[,vlan=n][,fd=h][,ifname=name][,script=file] connect the host TAP network interface to VLAN 'n' and use the network script 'file' (default=/etc/qemu-ifup); use 'script=no' to disable script execution; use 'fd=h' to connect to an already opened TAP interface -net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port] connect the vlan 'n' to another VLAN using a socket connection -net socket[,vlan=n][,fd=h][,mcast=maddr:port] connect the vlan 'n' to multicast maddr and port -net none use it alone to have zero network devices; if no -net option is provided, the default is '-net nic -net user' -tftp prefix allow tftp access to files starting with prefix [-net user] -smb dir allow SMB access to files in 'dir' [-net user] -redir [tcp|udp]:host-port:[guest-host]:guest-port redirect TCP or UDP connections from host to guest [-net user] -kernel bzImage use 'bzImage' as kernel image -append cmdline use 'cmdline' as kernel command line -initrd file use 'file' as initial ram disk -monitor dev redirect the monitor to char device 'dev' -vmchannel di:DI,dev redirect the hypercall device with device id DI, to char device 'dev' -balloon dev redirect the balloon hypercall device to char device 'dev' -serial dev redirect the serial port to char device 'dev' -parallel dev redirect the parallel port to char device 'dev' -pidfile file Write PID to 'file' -S freeze CPU at startup (use 'c' to start execution) -s wait gdb connection to port 1234 -p port change gdb connection port -d item1,... output log to /tmp/qemu.log (use -d ? for a list of log items) -hdachs c,h,s[,t] force hard disk 0 physical geometry and the optional BIOS translation (t=none or lba) (usually qemu can guess them) -L path set the directory for the BIOS, VGA BIOS and keymaps -no-kvm disable KVM hardware virtualization -std-vga simulate a standard VGA card with VESA Bochs Extensions (default is CL-GD5446 PCI VGA) -no-acpi disable ACPI -no-reboot exit instead of rebooting -loadvm file start right away with a saved state (loadvm in monitor) -vnc display start a VNC server on display -daemonize daemonize QEMU after initializing -no-rtc don't use /dev/rtc for timer alarm (do use gettimeofday) -option-rom rom load a file, rom, into the option ROM space === VM ID Structure === === VM Directory Structure === = Secure Wrapper = |
Describe KVM Multiuser Usage here.
Put up some thoughts here on multiuser KVM usage.
Multiuser usage of KVM: Assumptions
- The host computer runs several instances of KVM virtual machines.
- Each virtual machine runs as a process with privileges of a user it is allocated to. This makes it possible to utilize standard Linux user access control mechanisms.
- Users may logon in various ways (see below), but even if a user possesses a shell account on the host computer, they should be prevented from direct execution of KVM (e. g. from command line), i. e. from uncontrolled creation of virtual machine instances. Therefore, a secure wrapper is necessary to run KVM on users' behalf.
User Logon Possibilities
- Logon via ssh to the host computer, then launch a VM by invoking the wrapper passing desired ID of VM to start, then ssh into the VM (or xdm, or http)
- VM is already running for a user (variant: frozen when user logs off, and unfrozen when they log on), so user logs on via ssh (or xdm, ot http) into a running VM instance
- VM is running as a daemon, providing some services to other VMs (e. g. NFS/SAMBA server), and users access it indirectly from their own VMs by appropriate protocols
Virtual Machine Layout
Classification of QEMU/KVM Options (as of 0.17)
Options that Users Are Allowed to Set
Options that Users Are Not Allowed to Set
Options that Are Not Used
-M machine select emulated machine (-M ? for list) -fda/-fdb file use 'file' as floppy disk 0/1 image -hda/-hdb file use 'file' as IDE hard disk 0/1 image -hdc/-hdd file use 'file' as IDE hard disk 2/3 image -cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master) -boot [a|c|d|n] boot on floppy (a), hard disk (c), CD-ROM (d), or network (n) -snapshot write to temporary files instead of disk image files -no-quit disable SDL window close capability -no-fd-bootchk disable boot signature checking for floppy disks -m megs set virtual RAM size to megs MB [default=128] -smp n set the number of CPUs to 'n' [default=1] -nographic disable graphical output and redirect serial I/Os to console -k language use keyboard layout (for example "fr" for French) -audio-help print list of audio drivers and their options -soundhw c1,... enable audio support
- and only specified sound cards (comma separated list) use -soundhw ? to get the list of supported cards use -soundhw all to enable all of them
-localtime set the real time clock to local time [default=utc] -full-screen start in full screen -win2k-hack use it when installing Windows 2000 to avoid a disk full bug -usb enable the USB driver (will be the default soon) -usbdevice name add the host or guest USB device 'name' -net nic[,vlan=n][,macaddr=addr][,model=type]
- create a new Network Interface Card and connect it to VLAN 'n'
-net user[,vlan=n][,hostname=host]
- connect the user mode network stack to VLAN 'n' and send hostname 'host' to DHCP clients
-net tap[,vlan=n][,fd=h][,ifname=name][,script=file]
- connect the host TAP network interface to VLAN 'n' and use the network script 'file' (default=/etc/qemu-ifup); use 'script=no' to disable script execution; use 'fd=h' to connect to an already opened TAP interface
-net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port]
- connect the vlan 'n' to another VLAN using a socket connection
-net socket[,vlan=n][,fd=h][,mcast=maddr:port]
- connect the vlan 'n' to multicast maddr and port
-net none use it alone to have zero network devices; if no -net option
- is provided, the default is '-net nic -net user'
-tftp prefix allow tftp access to files starting with prefix [-net user] -smb dir allow SMB access to files in 'dir' [-net user] -redir [tcp|udp]:host-port:[guest-host]:guest-port
- redirect TCP or UDP connections from host to guest [-net user]
-kernel bzImage use 'bzImage' as kernel image -append cmdline use 'cmdline' as kernel command line -initrd file use 'file' as initial ram disk
-monitor dev redirect the monitor to char device 'dev' -vmchannel di:DI,dev redirect the hypercall device with device id DI, to char device 'dev' -balloon dev redirect the balloon hypercall device to char device 'dev' -serial dev redirect the serial port to char device 'dev' -parallel dev redirect the parallel port to char device 'dev' -pidfile file Write PID to 'file' -S freeze CPU at startup (use 'c' to start execution) -s wait gdb connection to port 1234 -p port change gdb connection port -d item1,... output log to /tmp/qemu.log (use -d ? for a list of log items) -hdachs c,h,s[,t] force hard disk 0 physical geometry and the optional BIOS
- translation (t=none or lba) (usually qemu can guess them)
-L path set the directory for the BIOS, VGA BIOS and keymaps -no-kvm disable KVM hardware virtualization -std-vga simulate a standard VGA card with VESA Bochs Extensions
- (default is CL-GD5446 PCI VGA)
-no-acpi disable ACPI -no-reboot exit instead of rebooting -loadvm file start right away with a saved state (loadvm in monitor) -vnc display start a VNC server on display -daemonize daemonize QEMU after initializing -no-rtc don't use /dev/rtc for timer alarm (do use gettimeofday) -option-rom rom load a file, rom, into the option ROM space
VM ID Structure
VM Directory Structure