2007-10-12 19:54:15 +00:00
|
|
|
# Master configuration file for the QEMU driver.
|
|
|
|
|
# All settings described here are optional - if omitted, sensible
|
|
|
|
|
# defaults are used.
|
|
|
|
|
|
|
|
|
|
# VNC is configured to listen on 127.0.0.1 by default.
|
|
|
|
|
# To make it listen on all public interfaces, uncomment
|
|
|
|
|
# this next option.
|
|
|
|
|
#
|
|
|
|
|
# NB, strong recommendation to enable TLS + x509 certificate
|
|
|
|
|
# verification when allowing public access
|
|
|
|
|
#
|
|
|
|
|
# vnc_listen = "0.0.0.0"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable use of TLS encryption on the VNC server. This requires
|
|
|
|
|
# a VNC client which supports the VeNCrypt protocol extension.
|
|
|
|
|
# Examples include vinagre, virt-viewer, virt-manager and vencrypt
|
|
|
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
|
|
|
#
|
2008-03-17 10:27:31 +00:00
|
|
|
# It is necessary to setup CA and issue a server certificate
|
2007-10-12 19:54:15 +00:00
|
|
|
# before enabling this.
|
|
|
|
|
#
|
|
|
|
|
# vnc_tls = 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Use of TLS requires that x509 certificates be issued. The
|
|
|
|
|
# default it to keep them in /etc/pki/libvirt-vnc. This directory
|
|
|
|
|
# must contain
|
|
|
|
|
#
|
|
|
|
|
# ca-cert.pem - the CA master certificate
|
|
|
|
|
# server-cert.pem - the server certificate signed with ca-cert.pem
|
|
|
|
|
# server-key.pem - the server private key
|
|
|
|
|
#
|
|
|
|
|
# This option allows the certificate directory to be changed
|
|
|
|
|
#
|
|
|
|
|
# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The default TLS configuration only uses certificates for the server
|
|
|
|
|
# allowing the client to verify the server's identity and establish
|
2008-02-05 19:27:37 +00:00
|
|
|
# and encrypted channel.
|
2007-10-12 19:54:15 +00:00
|
|
|
#
|
|
|
|
|
# It is possible to use x509 certificates for authentication too, by
|
|
|
|
|
# issuing a x509 certificate to every client who needs to connect.
|
2008-02-05 19:27:37 +00:00
|
|
|
#
|
2007-10-12 19:54:15 +00:00
|
|
|
# Enabling this option will reject any client who does not have a
|
|
|
|
|
# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
|
|
|
|
|
#
|
|
|
|
|
# vnc_tls_x509_verify = 1
|
2009-01-29 17:50:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# The default VNC password. Only 8 letters are significant for
|
|
|
|
|
# VNC passwords. This parameter is only used if the per-domain
|
|
|
|
|
# XML config does not already provide a password. To allow
|
|
|
|
|
# access without passwords, leave this commented out. An empty
|
|
|
|
|
# string will still enable passwords, but be rejected by QEMU
|
|
|
|
|
# effectively preventing any use of VNC. Obviously change this
|
|
|
|
|
# example here before you set this
|
|
|
|
|
#
|
|
|
|
|
# vnc_password = "XYZ12345"
|
2009-03-03 12:03:44 +00:00
|
|
|
|
|
|
|
|
|
2009-03-16 13:54:26 +00:00
|
|
|
# Enable use of SASL encryption on the VNC server. This requires
|
|
|
|
|
# a VNC client which supports the SASL protocol extension.
|
|
|
|
|
# Examples include vinagre, virt-viewer and virt-manager
|
|
|
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
|
|
|
#
|
|
|
|
|
# It is necessary to configure /etc/sasl2/qemu.conf to choose
|
|
|
|
|
# the desired SASL plugin (eg, GSSPI for Kerberos)
|
|
|
|
|
#
|
|
|
|
|
# vnc_sasl = 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The default SASL configuration file is located in /etc/sasl2/
|
|
|
|
|
# When running libvirtd unprivileged, it may be desirable to
|
|
|
|
|
# override the configs in this location. Set this parameter to
|
|
|
|
|
# point to the directory, and create a qemu.conf in that location
|
|
|
|
|
#
|
|
|
|
|
# vnc_sasl_dir = "/some/directory/sasl2"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2009-03-03 12:03:44 +00:00
|
|
|
# The default security driver is SELinux. If SELinux is disabled
|
|
|
|
|
# on the host, then the security driver will automatically disable
|
|
|
|
|
# itself. If you wish to disable QEMU SELinux security driver while
|
|
|
|
|
# leaving SELinux enabled for the host in general, then set this
|
|
|
|
|
# to 'none' instead
|
|
|
|
|
#
|
|
|
|
|
# security_driver = "selinux"
|
2009-07-15 21:25:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# The user ID for QEMU processes run by the system instance
|
|
|
|
|
#user = "root"
|
|
|
|
|
|
|
|
|
|
# The group ID for QEMU processes run by the system instance
|
|
|
|
|
#group = "root"
|
2009-07-22 15:08:04 +00:00
|
|
|
|
2010-01-13 17:41:36 +00:00
|
|
|
# Whether libvirt should dynamically change file ownership
|
|
|
|
|
# to match the configured user/group above. Defaults to 1.
|
|
|
|
|
# Set to 0 to disable file ownership changes.
|
|
|
|
|
#dynamic_ownership = 1
|
|
|
|
|
|
2009-07-22 15:08:04 +00:00
|
|
|
|
|
|
|
|
# What cgroup controllers to make use of with QEMU guests
|
|
|
|
|
#
|
|
|
|
|
# - 'cpu' - use for schedular tunables
|
|
|
|
|
# - 'devices' - use for device whitelisting
|
|
|
|
|
#
|
|
|
|
|
# NB, even if configured here, they won't be used unless
|
|
|
|
|
# the adminsitrator has mounted cgroups. eg
|
|
|
|
|
#
|
|
|
|
|
# mkdir /dev/cgroup
|
|
|
|
|
# mount -t cgroup -o devices,cpu none /dev/cgroup
|
|
|
|
|
#
|
|
|
|
|
# They can be mounted anywhere, and different controlers
|
|
|
|
|
# can be mounted in different locations. libvirt will detect
|
|
|
|
|
# where they are located.
|
|
|
|
|
#
|
|
|
|
|
# cgroup_controllers = [ "cpu", "devices" ]
|
|
|
|
|
|
|
|
|
|
# This is the basic set of devices allowed / required by
|
|
|
|
|
# all virtual machines.
|
|
|
|
|
#
|
|
|
|
|
# As well as this, any configured block backed disks,
|
|
|
|
|
# all sound device, and all PTY devices are allowed.
|
|
|
|
|
#
|
|
|
|
|
# This will only need setting if newer QEMU suddenly
|
|
|
|
|
# wants some device we don't already know a bout.
|
|
|
|
|
#
|
|
|
|
|
#cgroup_device_acl = [
|
|
|
|
|
# "/dev/null", "/dev/full", "/dev/zero",
|
|
|
|
|
# "/dev/random", "/dev/urandom",
|
|
|
|
|
# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
|
|
|
|
# "/dev/rtc", "/dev/hpet", "/dev/net/tun",
|
|
|
|
|
#]
|
Compressed save image format for Qemu.
Implement a compressed save image format for qemu. While ideally
we would have the choice between compressed/non-compressed
available to the libvirt API, unfortunately there is no "flags"
parameter to the virDomainSave() API. Therefore, implement this
as a qemu.conf option. gzip, bzip2, and lzma are implemented, and
it should be very easy to implement additional compression
methods.
One open question is if/how we should detect the compression
binaries. One way to do it is to do compile-time setting of the
paths (via configure.in), but that doesn't seem like a great thing
to do. My preferred solution is not to detect at all;
when we go to run the commands that need them, if they
aren't available, or aren't available in one of the standard paths,
then we'll fail. That's also the solution implemented in this patch.
In the future, we'll have a more robust (managed) save/restore API,
at which time we can expose this functionality properly in the API.
V2: get rid of redundant dd command and just use >> to append data.
V3: Add back the missing pieces for the enum and bumping the save version.
V4: Make the compressed field in the save_header an int.
Implement LZMA compression.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-08-07 11:34:05 +00:00
|
|
|
|
|
|
|
|
# The default format for Qemu/KVM guest save images is raw; that is, the
|
|
|
|
|
# memory from the domain is dumped out directly to a file. If you have
|
|
|
|
|
# guests with a large amount of memory, however, this can take up quite
|
|
|
|
|
# a bit of space. If you would like to compress the images while they
|
2009-09-10 09:13:33 +00:00
|
|
|
# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
|
|
|
|
|
# for save_image_format. Note that this means you slow down the process of
|
|
|
|
|
# saving a domain in order to save disk space; the list above is in descending
|
|
|
|
|
# order by performance and ascending order by compression ratio.
|
Compressed save image format for Qemu.
Implement a compressed save image format for qemu. While ideally
we would have the choice between compressed/non-compressed
available to the libvirt API, unfortunately there is no "flags"
parameter to the virDomainSave() API. Therefore, implement this
as a qemu.conf option. gzip, bzip2, and lzma are implemented, and
it should be very easy to implement additional compression
methods.
One open question is if/how we should detect the compression
binaries. One way to do it is to do compile-time setting of the
paths (via configure.in), but that doesn't seem like a great thing
to do. My preferred solution is not to detect at all;
when we go to run the commands that need them, if they
aren't available, or aren't available in one of the standard paths,
then we'll fail. That's also the solution implemented in this patch.
In the future, we'll have a more robust (managed) save/restore API,
at which time we can expose this functionality properly in the API.
V2: get rid of redundant dd command and just use >> to append data.
V3: Add back the missing pieces for the enum and bumping the save version.
V4: Make the compressed field in the save_header an int.
Implement LZMA compression.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-08-07 11:34:05 +00:00
|
|
|
#
|
|
|
|
|
# save_image_format = "raw"
|
Support configuration of huge pages in guests
Add option to domain XML for
<memoryBacking>
<hugepages/>
</memoryBacking>
* configure.in: Add check for mntent.h
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
Add 'hugetlbfs_mount' config parameter
* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
and pass it when hugepages are requested.
Load hugetlbfs_mount config parameter, search for mount if not given.
* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
Create directory for QEMU hugepage usage, chowning if required.
* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
helper API
* tests/qemuhelptest.c: Add -mem-path constants
* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
handling
* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
hugepage tests
2009-08-25 14:05:18 +00:00
|
|
|
|
|
|
|
|
# If provided by the host and a hugetlbfs mount point is configured,
|
|
|
|
|
# a guest may request huge page backing. When this mount point is
|
|
|
|
|
# unspecified here, determination of a host mount point in /proc/mounts
|
|
|
|
|
# will be attempted. Specifying an explicit mount overrides detection
|
|
|
|
|
# of the same in /proc/mounts. Setting the mount point to "" will
|
|
|
|
|
# disable guest hugepage backing.
|
|
|
|
|
#
|
|
|
|
|
# NB, within this mount point, guests will create memory backing files
|
|
|
|
|
# in a location of $MOUNTPOINT/libvirt/qemu
|
|
|
|
|
|
|
|
|
|
# hugetlbfs_mount = "/dev/hugepages"
|
2009-11-03 22:41:23 +00:00
|
|
|
|
2009-11-11 12:02:57 +00:00
|
|
|
# mac_filter enables MAC addressed based filtering on bridge ports.
|
|
|
|
|
# This currently requires ebtables to be installed.
|
|
|
|
|
#
|
|
|
|
|
# mac_filter = 1
|
2009-12-22 17:21:16 +00:00
|
|
|
|
|
|
|
|
# By default, PCI devices below non-ACS switch are not allowed to be assigned
|
|
|
|
|
# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
|
|
|
|
|
# be assigned to guests.
|
|
|
|
|
#
|
|
|
|
|
# relaxed_acs_check = 1
|
2010-05-19 20:41:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# QEMU implements an extension for providing audio over a VNC connection,
|
|
|
|
|
# though if your VNC client does not support it, your only chance for getting
|
|
|
|
|
# sound output is through regular audio backends. By default, libvirt will
|
|
|
|
|
# disable all QEMU sound backends if using VNC, since they can cause
|
|
|
|
|
# permissions issues. Enabling this option will make libvirtd honor the
|
|
|
|
|
# QEMU_AUDIO_DRV environment variable when using VNC.
|
|
|
|
|
#
|
|
|
|
|
# vnc_allow_host_audio = 0
|
2010-05-27 23:17:55 +00:00
|
|
|
|
|
|
|
|
# If clear_emulator_capabilities is enabled, libvirt will drop all
|
|
|
|
|
# privileged capabilities of the QEmu/KVM emulator. This is enabled by
|
|
|
|
|
# default.
|
|
|
|
|
#
|
|
|
|
|
# Warning: Disabling this option means that a compromised guest can
|
|
|
|
|
# exploit the privileges and possibly do damage to the host.
|
|
|
|
|
#
|
|
|
|
|
# clear_emulator_capabilities = 1
|
2010-06-15 16:58:58 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# If allow_disk_format_probing is enabled, libvirt will probe disk
|
|
|
|
|
# images to attempt to identify their format, when not otherwise
|
|
|
|
|
# specified in the XML. This is disabled by default.
|
|
|
|
|
#
|
|
|
|
|
# WARNING: Enabling probing is a security hole in almost all
|
|
|
|
|
# deployments. It is strongly recommended that users update their
|
|
|
|
|
# guest XML <disk> elements to include <driver type='XXXX'/>
|
|
|
|
|
# elements instead of enabling this option.
|
|
|
|
|
# allow_disk_format_probing = 1
|
