mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-29 17:15:23 +00:00
9c5b190017
* src/qemu/qemu.conf: Add blkio controller into qemu.conf.
291 lines
9.9 KiB
Plaintext
291 lines
9.9 KiB
Plaintext
# Master configuration file for the QEMU driver.
|
|
# All settings described here are optional - if omitted, sensible
|
|
# defaults are used.
|
|
|
|
# VNC is configured to listen on 127.0.0.1 by default.
|
|
# To make it listen on all public interfaces, uncomment
|
|
# this next option.
|
|
#
|
|
# NB, strong recommendation to enable TLS + x509 certificate
|
|
# verification when allowing public access
|
|
#
|
|
# vnc_listen = "0.0.0.0"
|
|
|
|
# Enable this option to have VNC served over an automatically created
|
|
# unix socket. This prevents unprivileged access from users on the
|
|
# host machine, though most VNC clients do not support it.
|
|
#
|
|
# This will only be enabled for VNC configurations that do not have
|
|
# a hardcoded 'listen' or 'socket' value. This setting takes preference
|
|
# over vnc_listen.
|
|
#
|
|
# vnc_auto_unix_socket = 1
|
|
|
|
# Enable use of TLS encryption on the VNC server. This requires
|
|
# a VNC client which supports the VeNCrypt protocol extension.
|
|
# Examples include vinagre, virt-viewer, virt-manager and vencrypt
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
#
|
|
# It is necessary to setup CA and issue a server certificate
|
|
# before enabling this.
|
|
#
|
|
# vnc_tls = 1
|
|
|
|
|
|
# Use of TLS requires that x509 certificates be issued. The
|
|
# default it to keep them in /etc/pki/libvirt-vnc. This directory
|
|
# must contain
|
|
#
|
|
# ca-cert.pem - the CA master certificate
|
|
# server-cert.pem - the server certificate signed with ca-cert.pem
|
|
# server-key.pem - the server private key
|
|
#
|
|
# This option allows the certificate directory to be changed
|
|
#
|
|
# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
|
|
|
|
|
|
# The default TLS configuration only uses certificates for the server
|
|
# allowing the client to verify the server's identity and establish
|
|
# an encrypted channel.
|
|
#
|
|
# It is possible to use x509 certificates for authentication too, by
|
|
# issuing a x509 certificate to every client who needs to connect.
|
|
#
|
|
# Enabling this option will reject any client who does not have a
|
|
# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
|
|
#
|
|
# vnc_tls_x509_verify = 1
|
|
|
|
|
|
# The default VNC password. Only 8 letters are significant for
|
|
# VNC passwords. This parameter is only used if the per-domain
|
|
# XML config does not already provide a password. To allow
|
|
# access without passwords, leave this commented out. An empty
|
|
# string will still enable passwords, but be rejected by QEMU,
|
|
# effectively preventing any use of VNC. Obviously change this
|
|
# example here before you set this.
|
|
#
|
|
# vnc_password = "XYZ12345"
|
|
|
|
|
|
# Enable use of SASL encryption on the VNC server. This requires
|
|
# a VNC client which supports the SASL protocol extension.
|
|
# Examples include vinagre, virt-viewer and virt-manager
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
#
|
|
# It is necessary to configure /etc/sasl2/qemu.conf to choose
|
|
# the desired SASL plugin (eg, GSSPI for Kerberos)
|
|
#
|
|
# vnc_sasl = 1
|
|
|
|
|
|
# The default SASL configuration file is located in /etc/sasl2/
|
|
# When running libvirtd unprivileged, it may be desirable to
|
|
# override the configs in this location. Set this parameter to
|
|
# point to the directory, and create a qemu.conf in that location
|
|
#
|
|
# vnc_sasl_dir = "/some/directory/sasl2"
|
|
|
|
|
|
|
|
# SPICE is configured to listen on 127.0.0.1 by default.
|
|
# To make it listen on all public interfaces, uncomment
|
|
# this next option.
|
|
#
|
|
# NB, strong recommendation to enable TLS + x509 certificate
|
|
# verification when allowing public access
|
|
#
|
|
# spice_listen = "0.0.0.0"
|
|
|
|
|
|
# Enable use of TLS encryption on the SPICE server.
|
|
#
|
|
# It is necessary to setup CA and issue a server certificate
|
|
# before enabling this.
|
|
#
|
|
# spice_tls = 1
|
|
|
|
|
|
# Use of TLS requires that x509 certificates be issued. The
|
|
# default it to keep them in /etc/pki/libvirt-spice. This directory
|
|
# must contain
|
|
#
|
|
# ca-cert.pem - the CA master certificate
|
|
# server-cert.pem - the server certificate signed with ca-cert.pem
|
|
# server-key.pem - the server private key
|
|
#
|
|
# This option allows the certificate directory to be changed.
|
|
#
|
|
# spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
|
|
|
|
|
|
# The default SPICE password. This parameter is only used if the
|
|
# per-domain XML config does not already provide a password. To
|
|
# allow access without passwords, leave this commented out. An
|
|
# empty string will still enable passwords, but be rejected by
|
|
# QEMU, effectively preventing any use of SPICE. Obviously change
|
|
# this example here before you set this.
|
|
#
|
|
# spice_password = "XYZ12345"
|
|
|
|
|
|
# The default security driver is SELinux. If SELinux is disabled
|
|
# on the host, then the security driver will automatically disable
|
|
# itself. If you wish to disable QEMU SELinux security driver while
|
|
# leaving SELinux enabled for the host in general, then set this
|
|
# to 'none' instead.
|
|
#
|
|
# security_driver = "selinux"
|
|
|
|
|
|
# The user ID for QEMU processes run by the system instance.
|
|
#user = "root"
|
|
|
|
# The group ID for QEMU processes run by the system instance.
|
|
#group = "root"
|
|
|
|
# Whether libvirt should dynamically change file ownership
|
|
# to match the configured user/group above. Defaults to 1.
|
|
# Set to 0 to disable file ownership changes.
|
|
#dynamic_ownership = 1
|
|
|
|
|
|
# What cgroup controllers to make use of with QEMU guests
|
|
#
|
|
# - 'cpu' - use for schedular tunables
|
|
# - 'devices' - use for device whitelisting
|
|
# - 'memory' - use for memory tunables
|
|
# - 'blkio' - use for block devices I/O tunables
|
|
#
|
|
# NB, even if configured here, they won't be used unless
|
|
# the administrator has mounted cgroups, e.g.:
|
|
#
|
|
# mkdir /dev/cgroup
|
|
# mount -t cgroup -o devices,cpu,memory,blkio none /dev/cgroup
|
|
#
|
|
# They can be mounted anywhere, and different controllers
|
|
# can be mounted in different locations. libvirt will detect
|
|
# where they are located.
|
|
#
|
|
# cgroup_controllers = [ "cpu", "devices", "memory", "blkio" ]
|
|
|
|
# This is the basic set of devices allowed / required by
|
|
# all virtual machines.
|
|
#
|
|
# As well as this, any configured block backed disks,
|
|
# all sound device, and all PTY devices are allowed.
|
|
#
|
|
# This will only need setting if newer QEMU suddenly
|
|
# wants some device we don't already know about.
|
|
#
|
|
#cgroup_device_acl = [
|
|
# "/dev/null", "/dev/full", "/dev/zero",
|
|
# "/dev/random", "/dev/urandom",
|
|
# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
|
# "/dev/rtc", "/dev/hpet",
|
|
#]
|
|
|
|
|
|
# The default format for Qemu/KVM guest save images is raw; that is, the
|
|
# memory from the domain is dumped out directly to a file. If you have
|
|
# guests with a large amount of memory, however, this can take up quite
|
|
# a bit of space. If you would like to compress the images while they
|
|
# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
|
|
# for save_image_format. Note that this means you slow down the process of
|
|
# saving a domain in order to save disk space; the list above is in descending
|
|
# order by performance and ascending order by compression ratio.
|
|
#
|
|
# save_image_format is used when you use 'virsh save' at scheduled saving.
|
|
# dump_image_format is used when you use 'virsh dump' at emergency crashdump.
|
|
#
|
|
# save_image_format = "raw"
|
|
# dump_image_format = "raw"
|
|
|
|
# When a domain is configured to be auto-dumped when libvirtd receives a
|
|
# watchdog event from qemu guest, libvirtd will save dump files in directory
|
|
# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
|
|
#
|
|
# auto_dump_path = "/var/lib/libvirt/qemu/dump"
|
|
|
|
# If provided by the host and a hugetlbfs mount point is configured,
|
|
# a guest may request huge page backing. When this mount point is
|
|
# unspecified here, determination of a host mount point in /proc/mounts
|
|
# will be attempted. Specifying an explicit mount overrides detection
|
|
# of the same in /proc/mounts. Setting the mount point to "" will
|
|
# disable guest hugepage backing.
|
|
#
|
|
# NB, within this mount point, guests will create memory backing files
|
|
# in a location of $MOUNTPOINT/libvirt/qemu
|
|
#
|
|
# hugetlbfs_mount = "/dev/hugepages"
|
|
|
|
|
|
# mac_filter enables MAC addressed based filtering on bridge ports.
|
|
# This currently requires ebtables to be installed.
|
|
#
|
|
# mac_filter = 1
|
|
|
|
|
|
# By default, PCI devices below non-ACS switch are not allowed to be assigned
|
|
# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
|
|
# be assigned to guests.
|
|
#
|
|
# relaxed_acs_check = 1
|
|
|
|
|
|
# QEMU implements an extension for providing audio over a VNC connection,
|
|
# though if your VNC client does not support it, your only chance for getting
|
|
# sound output is through regular audio backends. By default, libvirt will
|
|
# disable all QEMU sound backends if using VNC, since they can cause
|
|
# permissions issues. Enabling this option will make libvirtd honor the
|
|
# QEMU_AUDIO_DRV environment variable when using VNC.
|
|
#
|
|
# vnc_allow_host_audio = 0
|
|
|
|
|
|
# If clear_emulator_capabilities is enabled, libvirt will drop all
|
|
# privileged capabilities of the QEmu/KVM emulator. This is enabled by
|
|
# default.
|
|
#
|
|
# Warning: Disabling this option means that a compromised guest can
|
|
# exploit the privileges and possibly do damage to the host.
|
|
#
|
|
# clear_emulator_capabilities = 1
|
|
|
|
|
|
# If allow_disk_format_probing is enabled, libvirt will probe disk
|
|
# images to attempt to identify their format, when not otherwise
|
|
# specified in the XML. This is disabled by default.
|
|
#
|
|
# WARNING: Enabling probing is a security hole in almost all
|
|
# deployments. It is strongly recommended that users update their
|
|
# guest XML <disk> elements to include <driver type='XXXX'/>
|
|
# elements instead of enabling this option.
|
|
#
|
|
# allow_disk_format_probing = 1
|
|
|
|
|
|
# If enabled, libvirt will have QEMU set its process name to
|
|
# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
|
|
# process will appear as "qemu:VM_NAME" in process listings and
|
|
# other system monitoring tools. By default, QEMU does not set
|
|
# its process title, so the complete QEMU command (emulator and
|
|
# its arguments) appear in process listings.
|
|
#
|
|
# set_process_name = 1
|
|
|
|
|
|
# If max_processes is set to a positive integer, libvirt will use it to set
|
|
# maximum number of processes that can be run by qemu user. This can be used to
|
|
# override default value set by host OS.
|
|
#
|
|
# max_processes = 0
|
|
|
|
# To enable strict 'fcntl' based locking of the file
|
|
# content (to prevent two VMs writing to the same
|
|
# disk), start the 'virtlockd' service, and uncomment
|
|
# this
|
|
#
|
|
# lock_manager = "fcntl"
|