Linux Virtualization Wiki
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Linux Virtualization

  • Front Page

  • Why Virtualization

  • Technology Overview

  • Technology Comparison

  • KN Virt Forum

  • FAQ

Technologies

  • lguest

  • KVM

  • Linux-VServer

  • OpenVZ

  • UML

  • Xen

System Management

  • System Management Intro

  • libvirt

  • OVirt

  • Virt-Manager

Wiki bits

  • Site Editors

  • Side Bar

  • Hosted by WikiWall

Navigation

  • RecentChanges
  • FindPage
  • HelpContents
Revision 3 as of 2007-06-24 02:36:17
LinuxVirt:
  • KVM_Multiuser_Usage

Describe KVM Multiuser Usage here.

Put up some thoughts here on multiuser KVM usage.

Multiuser usage of KVM: Assumptions

  • The host computer runs several instances of KVM virtual machines.
  • Each virtual machine runs as a process with privileges of a user it is allocated to. This makes it possible to utilize standard Linux user access control mechanisms.
  • Users may logon in various ways (see below), but even if a user possesses a shell account on the host computer, they should be prevented from direct execution of KVM (e. g. from command line), i. e. from uncontrolled creation of virtual machine instances. Therefore, a secure wrapper is necessary to run KVM on users' behalf.

User Logon Possibilities

  • Logon via ssh to the host computer, then launch a VM by invoking the wrapper passing desired ID of VM to start, then ssh into the VM (or xdm, or http)
  • VM is already running for a user (variant: frozen when user logs off, and unfrozen when they log on), so user logs on via ssh (or xdm, ot http) into a running VM instance
  • VM is running as a daemon, providing some services to other VMs (e. g. NFS/SAMBA server), and users access it indirectly from their own VMs by appropriate protocols

Virtual Machine Layout

Classification of QEMU/KVM Options (as of 0.17)

Options that Users Are Allowed to Set

Options that Users Are Not Allowed to Set

Options that Are Not Used

-M machine select emulated machine (-M ? for list) -fda/-fdb file use 'file' as floppy disk 0/1 image -hda/-hdb file use 'file' as IDE hard disk 0/1 image -hdc/-hdd file use 'file' as IDE hard disk 2/3 image -cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master) -boot [a|c|d|n] boot on floppy (a), hard disk (c), CD-ROM (d), or network (n) -snapshot write to temporary files instead of disk image files -no-quit disable SDL window close capability -no-fd-bootchk disable boot signature checking for floppy disks -m megs set virtual RAM size to megs MB [default=128] -smp n set the number of CPUs to 'n' [default=1] -nographic disable graphical output and redirect serial I/Os to console -k language use keyboard layout (for example "fr" for French) -audio-help print list of audio drivers and their options -soundhw c1,... enable audio support

  • and only specified sound cards (comma separated list) use -soundhw ? to get the list of supported cards use -soundhw all to enable all of them

-localtime set the real time clock to local time [default=utc] -full-screen start in full screen -win2k-hack use it when installing Windows 2000 to avoid a disk full bug -usb enable the USB driver (will be the default soon) -usbdevice name add the host or guest USB device 'name' -net nic[,vlan=n][,macaddr=addr][,model=type]

  • create a new Network Interface Card and connect it to VLAN 'n'

-net user[,vlan=n][,hostname=host]

  • connect the user mode network stack to VLAN 'n' and send hostname 'host' to DHCP clients

-net tap[,vlan=n][,fd=h][,ifname=name][,script=file]

  • connect the host TAP network interface to VLAN 'n' and use the network script 'file' (default=/etc/qemu-ifup); use 'script=no' to disable script execution; use 'fd=h' to connect to an already opened TAP interface

-net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port]

  • connect the vlan 'n' to another VLAN using a socket connection

-net socket[,vlan=n][,fd=h][,mcast=maddr:port]

  • connect the vlan 'n' to multicast maddr and port

-net none use it alone to have zero network devices; if no -net option

  • is provided, the default is '-net nic -net user'

-tftp prefix allow tftp access to files starting with prefix [-net user] -smb dir allow SMB access to files in 'dir' [-net user] -redir [tcp|udp]:host-port:[guest-host]:guest-port

  • redirect TCP or UDP connections from host to guest [-net user]

-kernel bzImage use 'bzImage' as kernel image -append cmdline use 'cmdline' as kernel command line -initrd file use 'file' as initial ram disk

-monitor dev redirect the monitor to char device 'dev' -vmchannel di:DI,dev redirect the hypercall device with device id DI, to char device 'dev' -balloon dev redirect the balloon hypercall device to char device 'dev' -serial dev redirect the serial port to char device 'dev' -parallel dev redirect the parallel port to char device 'dev' -pidfile file Write PID to 'file' -S freeze CPU at startup (use 'c' to start execution) -s wait gdb connection to port 1234 -p port change gdb connection port -d item1,... output log to /tmp/qemu.log (use -d ? for a list of log items) -hdachs c,h,s[,t] force hard disk 0 physical geometry and the optional BIOS

  • translation (t=none or lba) (usually qemu can guess them)

-L path set the directory for the BIOS, VGA BIOS and keymaps -no-kvm disable KVM hardware virtualization -std-vga simulate a standard VGA card with VESA Bochs Extensions

  • (default is CL-GD5446 PCI VGA)

-no-acpi disable ACPI -no-reboot exit instead of rebooting -loadvm file start right away with a saved state (loadvm in monitor) -vnc display start a VNC server on display -daemonize daemonize QEMU after initializing -no-rtc don't use /dev/rtc for timer alarm (do use gettimeofday) -option-rom rom load a file, rom, into the option ROM space

VM ID Structure

VM Directory Structure

Secure Wrapper

  • MoinMoin Powered
  • Python Powered
  • GPL licensed
  • Valid HTML 4.01