Libvirt: Difference between revisions

(8 intermediate revisions by 6 users not shown)

Line 5:

Enable libvirt daemon

{{file|~~/etc/nixos/configuration.nix~~|~~nix~~|<nowiki>

{{file|||<nowiki>

virtualisation.libvirtd.enable = true;

# Enable TPM emulation (optional)

# install pkgs.swtpm system-wide for use in virt-manager (optional)

virtualisation.libvirtd.qemu = {

swtpm.enable = true;

~~ovmf.packages = [ pkgs.OVMFFull.fd ];~~

};

Line 17:

virtualisation.spiceUSBRedirection.enable = true;

</nowiki>}}

</nowiki>|name=/etc/nixos/configuration.nix|lang=nix}}

To enable local user access to libvirt, for example by using <code>virt-manager</code> or <code>gnome-boxes</code>, add yourself to the <code>libvirtd</code> group

Line 37:

If you would like to enable nested virtualization for your guests to run KVM hypervisors inside them, you should enable it as follows: {{nixos:option|boot.extraModprobeConfig}}, for example:

{{file|~~/etc/nixos/configuration.nix~~|~~xml~~|<nowiki>

{{file|||<nowiki>

boot.extraModprobeConfig = "options kvm_intel nested=1";

boot.extraModprobeConfig = ''

</nowiki>}}

options kvm_intel nested=1

'';

</nowiki>|name=/etc/nixos/configuration.nix|lang=nix}}

=== Networking ===

==== Default networking ====

Enable and start the default network using the following commands:

# virsh net-autostart default

# virsh net-start default

</syntaxhighlight>

This will configure the default network to start automatically on boot and immediately activate it. You may need to whitelist the interface for the firewall like so:

{{File|3=networking.firewall.trustedInterfaces = [ "virbr0" ];|name=/etc/nixos/configuration.nix|lang=nix}}

=== Bridge networking ===

==== Bridge networking ====

Create a XML file called <code>virbr0.xml</code> with the definition of the bridge interface

Create a XML file called <code>virbr0.xml</code> with the definition of the bridge interface.

Line 53:

Line 70:

</syntaxhighlight>

Add and enable bridge interface

Add and enable bridge interface.

Line 63:

Line 80:

</syntaxhighlight>

Edit the libvirt guest <code>my_guest</code> XML file and add the bridge interface to it

Edit the libvirt guest <code>my_guest</code> XML file and add the bridge interface to it.

Line 69:

Line 86:

</syntaxhighlight>

Add

Add:

Line 84:

Line 101:

</syntaxhighlight>

Inside the guest configure networking for the interface <code>enp1s0</code> (name ~~might~~ differ)

Inside the guest configure networking for the interface <code>enp1s0</code> (name may differ).

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 101:

Line 118:

The host should now be able to reach the guest via the bridge interface and vice versa.

=== File sharing ===

=== File sharing via virtiofs mount ===

One of the best ways to share a host directory with the guest OS is with [https://virtio-fs.gitlab.io/ virtiofs]. On the host system, install the <code>virtiofsd</code> package:<syntaxhighlight lang="nix">

environment.systemPackages = with pkgs; [

guestfs-tools

virtiofsd

];

</syntaxhighlight>Next, a few sections of the XML must be edited, which can be done manually or via virt-manager in the guest configuration GUI. If using virt-manager, first navigate on the toolbar to Edit > Preferences > General, and click "Enable XML Editing". Next, open the virtual machine and under the hardware configuration, navigate to Memory and check the box "Enable shared memory". This will add an "access" block to the XML for you, similar to this:<syntaxhighlight lang="xml">

</memoryBacking>

</syntaxhighlight>While still in the hardware configuration, click "Add Hardware" and select "Filesystem". For driver, select "virtiofs". For source path, input the folder on the host machine you wish to share, no trailing slash. For target path, don't put a path but instead a tag/label that is easily identifiable. It will be used in the mount options in the guest OS setup shortly. Once done, you should have a new Filesystem device configuration similar to this:<syntaxhighlight lang="xml">

</filesystem>

</syntaxhighlight>If your guest system is using NixOS, you can boot the system and add the new filesystem entry to auto-mount on boot and you're done:<syntaxhighlight lang="nix">

fileSystems."/media" = {

device = "my_host_media_share";

fsType = "virtiofs";

};

</syntaxhighlight>If the system fails to fully reboot after applying the changes, ensure the filesystem device matches the "Target path" in your XML exactly.

~~In order~~ to share files between host and guest~~, one recommended way of doing this~~ is to use <code>spice-webdavd</code>.

==== Error starting domain: internal error: Child process (/run/current-system/sw/bin/virtiofsd --print-capabilities) unexpected exit status 127: libvirt: error : cannot execute binary /run/current-system/sw/bin/virtiofsd: No such file or directory ====

This error means virtiofsd was not installed on the host system. Ensure the system package was installed before making changes in virt-manager.

==== Error starting domain: operation failed: Unable to find a satisfying virtiofsd ====

The virtiofsd binary path needs to be specified in the filesystem configuration. virt-manager doesn't add this by default and instead assumes a default path that doesn't exist under NixOS. Open the guest machine's hardware details page, click on the passthrough filesystem created earlier, open the XML tab and inside the `<filesystem>...</filesystem>` add the following element to tell virtio where to find the virtiofsd binary:<syntaxhighlight lang="xml">

</syntaxhighlight>

=== File sharing via WebDAV ===

Another recommended way to share files between host and guest is to use <code>spice-webdavd</code>.

Shutdown the client, in this example named <code>my_guest</code>, and edit the libvirt XML file.

Line 121:

Line 175:

</syntaxhighlight>

Start the guest machine. Inside the guest, add following part to your system configuration and apply it

Start the guest machine. Inside the guest, add following part to your system configuration and apply it.

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 127:

Line 181:

</nowiki>}}

List available shares for the guest

List available shares for the guest.

Line 133:

Line 187:

</syntaxhighlight>

Mount an example share called <code>myshare</code> to the mountpoint <code>myshare</code>

Mount an example share called <code>myshare</code> to the mountpoint <code>myshare.</code>

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 177:

Line 231:

};

}

</syntaxhighlight>Note that after you added the configuration and switch, you'll have the following command to setup the hooks.<syntaxhighlight lang="bash">

systemctl start libvirtd-config.service

</syntaxhighlight>

=== PCI Passthrough ===

For detailed instructions on configuring PCI passthrough with libvirt, refer to the [[PCI passthrough]] page.

== Clients ==

@@ Line 5: / Line 5: @@
 Enable libvirt daemon
-{{file|/etc/nixos/configuration.nix|nix|<nowiki>
+{{file|||<nowiki>
 virtualisation.libvirtd.enable = true;
 # Enable TPM emulation (optional)
+# install pkgs.swtpm system-wide for use in virt-manager (optional)
 virtualisation.libvirtd.qemu = {
    swtpm.enable = true;
-  ovmf.packages = [ pkgs.OVMFFull.fd ];
 };
@@ Line 17: / Line 17: @@
 virtualisation.spiceUSBRedirection.enable = true;
-</nowiki>}}
+</nowiki>|name=/etc/nixos/configuration.nix|lang=nix}}
 To enable local user access to libvirt, for example by using <code>virt-manager</code> or <code>gnome-boxes</code>, add yourself to the <code>libvirtd</code> group
@@ Line 37: / Line 37: @@
 If you would like to enable nested virtualization for your guests to run KVM hypervisors inside them, you should enable it as follows:  {{nixos:option|boot.extraModprobeConfig}}, for example:
-{{file|/etc/nixos/configuration.nix|xml|<nowiki>
+{{file|||<nowiki>
-boot.extraModprobeConfig = "options kvm_intel nested=1";
+boot.extraModprobeConfig = ''
-</nowiki>}}
+  options kvm_intel nested=1
+'';
+</nowiki>|name=/etc/nixos/configuration.nix|lang=nix}}
+=== Networking ===
+==== Default networking ====
+Enable and start the default network using the following commands:
+<syntaxhighlight lang="console">
+# virsh net-autostart default
+# virsh net-start default
+</syntaxhighlight>
+This will configure the default network to start automatically on boot and immediately activate it. You may need to whitelist the interface for the firewall like so:
+{{File|3=networking.firewall.trustedInterfaces = [ "virbr0" ];|name=/etc/nixos/configuration.nix|lang=nix}}
-=== Bridge networking ===
+==== Bridge networking ====
-Create a XML file called <code>virbr0.xml</code> with the definition of the bridge interface
+Create a XML file called <code>virbr0.xml</code> with the definition of the bridge interface.
 <syntaxhighlight lang="bash">
@@ Line 53: / Line 70: @@
 </syntaxhighlight>
-Add and enable bridge interface
+Add and enable bridge interface.
 <syntaxhighlight lang="bash">
@@ Line 63: / Line 80: @@
 </syntaxhighlight>
-Edit the libvirt guest <code>my_guest</code> XML file and add the bridge interface to it
+Edit the libvirt guest <code>my_guest</code> XML file and add the bridge interface to it.
 <syntaxhighlight lang="bash">
@@ Line 69: / Line 86: @@
 </syntaxhighlight>
-Add
+Add:
 <syntaxhighlight lang="bash">
@@ Line 84: / Line 101: @@
 </syntaxhighlight>
-Inside the guest configure networking for the interface <code>enp1s0</code> (name might differ)
+Inside the guest configure networking for the interface <code>enp1s0</code> (name may differ).
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 101: / Line 118: @@
 The host should now be able to reach the guest via the bridge interface and vice versa.
-=== File sharing ===
+=== File sharing via virtiofs mount ===
+One of the best ways to share a host directory with the guest OS is with [https://virtio-fs.gitlab.io/ virtiofs]. On the host system, install the <code>virtiofsd</code> package:<syntaxhighlight lang="nix">
+environment.systemPackages = with pkgs; [
+  guestfs-tools
+  virtiofsd
+];
+</syntaxhighlight>Next, a few sections of the XML must be edited, which can be done manually or via virt-manager in the guest configuration GUI. If using virt-manager, first navigate on the toolbar to Edit > Preferences > General, and click "Enable XML Editing". Next, open the virtual machine and under the hardware configuration, navigate to Memory and check the box "Enable shared memory". This will add an "access" block to the XML for you, similar to this:<syntaxhighlight lang="xml">
+<memory unit="KiB">1638400</memory>
+<currentMemory unit="KiB">1638400</currentMemory>
+<memoryBacking>
+  <source type="memfd"/>
+  <access mode="shared"/>
+</memoryBacking>
+</syntaxhighlight>While still in the hardware configuration, click "Add Hardware" and select "Filesystem". For driver, select "virtiofs". For source path, input the folder on the host machine you wish to share, no trailing slash. For target path, don't put a path but instead a tag/label that is easily identifiable. It will be used in the mount options in the guest OS setup shortly. Once done, you should have a new Filesystem device configuration similar to this:<syntaxhighlight lang="xml">
+<filesystem type="mount" accessmode="passthrough">
+  <driver type="virtiofs"/>
+  <binary path="/run/current-system/sw/bin/virtiofsd"/>
+  <source dir="/media"/>
+  <target dir="my_host_media_share"/>
+  <alias name="fs0"/>
+  <address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
+</filesystem>
+</syntaxhighlight>If your guest system is using NixOS, you can boot the system and add the new filesystem entry to auto-mount on boot and you're done:<syntaxhighlight lang="nix">
+fileSystems."/media" = {
+  device = "my_host_media_share";
+  fsType = "virtiofs";
+};
+</syntaxhighlight>If the system fails to fully reboot after applying the changes, ensure the filesystem device matches the "Target path" in your XML exactly.
-In order to share files between host and guest, one recommended way of doing this is to use <code>spice-webdavd</code>.
+==== Error starting domain: internal error: Child process (/run/current-system/sw/bin/virtiofsd --print-capabilities) unexpected exit status 127: libvirt:  error : cannot execute binary /run/current-system/sw/bin/virtiofsd: No such file or directory ====
+This error means virtiofsd was not installed on the host system. Ensure the system package was installed before making changes in virt-manager.
+==== Error starting domain: operation failed: Unable to find a satisfying virtiofsd ====
+The virtiofsd binary path needs to be specified in the filesystem configuration. virt-manager doesn't add this by default and instead assumes a default path that doesn't exist under NixOS. Open the guest machine's hardware details page, click on the passthrough filesystem created earlier, open the XML tab and inside the `<filesystem>...</filesystem>` add the following element to tell virtio where to find the virtiofsd binary:<syntaxhighlight lang="xml">
+<binary path="/run/current-system/sw/bin/virtiofsd"/>
+</syntaxhighlight>
+=== File sharing via WebDAV ===
+Another recommended way to share files between host and guest is to use <code>spice-webdavd</code>.
 Shutdown the client, in this example named <code>my_guest</code>, and edit the libvirt XML file.
@@ Line 121: / Line 175: @@
 </syntaxhighlight>
-Start the guest machine. Inside the guest, add following part to your system configuration and apply it
+Start the guest machine. Inside the guest, add following part to your system configuration and apply it.
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 127: / Line 181: @@
 </nowiki>}}
-List available shares for the guest
+List available shares for the guest.
 <syntaxhighlight lang="bash">
@@ Line 133: / Line 187: @@
 </syntaxhighlight>
-Mount an example share called <code>myshare</code> to the mountpoint <code>myshare</code>
+Mount an example share called <code>myshare</code> to the mountpoint <code>myshare.</code>
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 177: / Line 231: @@
    };
 }
+</syntaxhighlight>Note that after you added the configuration and switch, you'll have the following command to setup the hooks.<syntaxhighlight lang="bash">
+systemctl start libvirtd-config.service
 </syntaxhighlight>
+=== PCI Passthrough ===
+For detailed instructions on configuring PCI passthrough with libvirt, refer to the [[PCI passthrough]] page.
 == Clients ==