Linux Virtualization Wiki
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Linux Virtualization

  • Front Page

  • Why Virtualization

  • Technology Overview

  • Technology Comparison

  • KN Virt Forum

  • FAQ

Technologies

  • lguest

  • KVM

  • Linux-VServer

  • OpenVZ

  • UML

  • Xen

System Management

  • System Management Intro

  • libvirt

  • OVirt

  • Virt-Manager

Wiki bits

  • Site Editors

  • Side Bar

  • Hosted by WikiWall

Navigation

  • RecentChanges
  • FindPage
  • HelpContents
Revision 4 as of 2007-06-24 02:50:52
LinuxVirt:
  • KVM_Multiuser_Usage

Describe KVM Multiuser Usage here.

Put up some thoughts here on multiuser KVM usage.

Multiuser usage of KVM: Assumptions

  • The host computer runs several instances of KVM virtual machines.
  • Each virtual machine runs as a process with privileges of a user it is allocated to. This makes it possible to utilize standard Linux user access control mechanisms.
  • Users may logon in various ways (see below), but even if a user possesses a shell account on the host computer, they should be prevented from direct execution of KVM (e. g. from command line), i. e. from uncontrolled creation of virtual machine instances. Therefore, a secure wrapper is necessary to run KVM on users' behalf.

User Logon Possibilities

  • Logon via ssh to the host computer, then launch a VM by invoking the wrapper passing desired ID of VM to start, then ssh into the VM (or xdm, or http)
  • VM is already running for a user (variant: frozen when user logs off, and unfrozen when they log on), so user logs on via ssh (or xdm, ot http) into a running VM instance
  • VM is running as a daemon, providing some services to other VMs (e. g. NFS/SAMBA server), and users access it indirectly from their own VMs by appropriate protocols

Virtual Machine Layout

Classification of QEMU/KVM Options (as of 0.17)

Options that Users Are Allowed to Set

-fda/-fdb file use 'file' as floppy disk 0/1 image

-hda/-hdb file use 'file' as IDE hard disk 0/1 image

-cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master)

-boot [a|c|d|n] boot on floppy (a), hard disk (c), CD-ROM (d), or network (n)

-snapshot write to temporary files instead of disk image files

-localtime set the real time clock to local time [default=utc]

-kernel bzImage use 'bzImage' as kernel image

-append cmdline use'cmdline' as kernel command line

-initrd file use 'file' as initial ramdisk

-hdachs c,h,s[,t] force hard disk 0 physical geometry and the optional BIOS translation (t=none or lba) (usually qemu can guess them)

Options that Users Are Not Allowed to Set

-m megs set virtual RAM size to megs MB [default=128]

-nographic disable graphical output and redirect serial I/Os to console

-win2k-hack use it when installing Windows 2000 to avoid a disk full bug

-usb enable the USB driver (will be the default soon)

-usbdevice name add the host or guest USB device 'name'

-net nic[,vlan=n][,macaddr=addr][,model=type] create a new Network Interface Card and connect it to VLAN 'n'

-net user[,vlan=n][,hostname=host] connect the user mode network stack to VLAN 'n' and send hostname 'host' to DHCP clients

-net tap[,vlan=n][,fd=h][,ifname=name][,script=file] connectthe host TAP network interface to VLAN 'n' and use the network script'file' (default=/etc/qemu-ifup); use 'script=no' to disable scriptexecution; use 'fd=h' to connect to an already opened TAP interface

-net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port] connect the vlan 'n' to another VLAN using a socket connection

-net socket[,vlan=n][,fd=h][,mcast=maddr:port] connect the vlan 'n' to multicast maddr and port

-net none use it alone to have zero network devices; if no -net option is provided, the default is '-net nic -net user'

-tftp prefix allow tftp access to files startingwith prefix [-net user] -smb dir allow SMB access to files in 'dir'[-net user] -redir [tcp|udp]:host-port:[guest-host]:guest-port redirect TCP or UDP connections from host to guest [-net user]

-monitor dev redirect the monitor to char device 'dev'

-vmchanneldi:DI,dev redirect the hypercall device with device id DI, to chardevice 'dev'

-balloon dev redirect the balloon hypercall device to chardevice 'dev'

-serial dev redirect the serial port to char device 'dev'

-parallel dev redirect the parallel port to char device 'dev'

-pidfile file Write PID to 'file'

Options that Are Not Used

-M machine select emulated machine (-M ? for list) -hdc/-hdd file use 'file' as IDE hard disk 2/3 image

-no-quit disable SDL window close capability

-no-fd-bootchk disable boot signature checking for floppy disks

-smp n set the number of CPUs to 'n' [default=1]

-k language use keyboard layout (for example "fr" for French)

-audio-help print list of audio drivers and their options

-soundhw c1,... enable audio support and only specified sound cards (comma separated list) use -soundhw ? to get the list of supported cards use -soundhw all to enable all of them

-full-screen start in full screen

-S freeze CPU at startup (use 'c' to start execution)

-s wait gdb connection to port 1234

-p port change gdb connection port

-d item1,... output log to /tmp/qemu.log (use -d ? for a list of log items)

-L path set the directory for the BIOS, VGA BIOS and keymaps -no-kvm disable KVM hardware virtualization -std-vga simulate a standard VGA card with VESA Bochs Extensions

  • (default is CL-GD5446 PCI VGA)

-no-acpi disable ACPI -no-reboot exit instead of rebooting -loadvm file start right away with a saved state (loadvm in monitor) -vnc display start a VNC server on display -daemonize daemonize QEMU after initializing -no-rtc don't use /dev/rtc for timer alarm (do use gettimeofday) -option-rom rom load a file, rom, into the option ROM space

VM ID Structure

VM Directory Structure

Secure Wrapper

  • MoinMoin Powered
  • Python Powered
  • GPL licensed
  • Valid HTML 4.01