Appendix A. Appendix

Contents

A.1. Installing Para-Virtualized Drivers
A.2. Generating x509 Client/Server Certificates
A.3. QEMU Command Line Options

A.1. Installing Para-Virtualized Drivers

A.1.1. Installing Para-Virtualized Drivers for SUSE Linux Enterprise Server 10 SP3

Support for para-virtualized drivers is already built into all SUSE Linux Enterprise Server 11 SP1 Kernels, so virtio devices are supported out of the box. Para-virtualized drivers for SUSE Linux Enterprise Server 10 SP3 are not shipped with the product and need to be installed from a repository provided by Novell. It is recommended to install para-virtualized drivers during the installation as described in Section 5.3.1, “Adding para-virtualized Drivers During the Installation”. If you need to install the drivers on an existing virtual machine, follow the instructions below.

  1. Add the para-virtualized drivers repository and the corresponding drivers update repositories with either the YaST Software Repositories module or with zypper ar.

  2. Determine the flavor of the installed Kernel by running uname -r. The output string has the form Version-Flavor (for example 2.6.32.24-0.2-default).

  3. Search for packages matching the string novell-virtio-drivers in the YaST Software Management module or with zypper se.

  4. Install the novell-virtio-drivers package matching your Kernel flavor.

A.1.2. Installing virtio Drivers for Microsoft Windows*

Providing para-virtualized drivers during a Microsoft Windows installation does currently not work, since the installation refuses to boot from a para-virtualized hard disk. Therefore, the para-virtualized drivers need to be installed on a running Windows installation.

The following instructions assume that the existing Windows installation uses a single IDE hard disk and a single network adapter. An ISO image containing the virtio drivers for Windows is part of the kvm package and is available on the KVM host under /usr/share/qemu-kvm/win-virtio-drivers.iso. Make this ISO image available as a CD-ROM on your virtual machine as described in Section 9.3, “Ejecting and Changing Floppy or CD/DVD-ROM Media with Virtual Machine Manager”. In case your virtual machine is configured without a CD-ROM device or you prefer to add a second one, see Section 9.1, “Adding a CD/DVD-ROM Device with Virtual Machine Manager” for setup instructions.

Finding the virtio drivers for Windows

Windows XP 32-bit
Memory Ballooning: balloon\install\XP\x86\balloon.inf
Network: NetKVM\install\XP_Win2003\x86\netkvm.inf
Storage: viostor\install\XP\x86\viostor.inf
Windows XP 64-bit
Memory Ballooning: not available
Network: NetKVM\install\XP_Win2003\amd64\netkvm.inf
Storage: viostor\install\XP\amd64\viostor.inf
Windows Server 2003 32-bit
Memory Ballooning: balloon\install\Win2003\x86\balloon.inf
Network: NetKVM\install\XP_Win2003\x86\netkvm.inf
Storage: viostor\install\Win2003\x86\viostor.inf
Windows Server 2003 64-bit
Memory Ballooning: balloon\install\Win2003\amd64\balloon.inf
Network: NetKVM\install\XP_Win2003\amd64\netkvm.inf
Storage: viostor\install\XP\amd64\viostor.inf
Windows Vista/Server 2008 32-bit
Memory Ballooning: balloon\install\Vista_Win2008\x86\balloon.inf
Network: NetKVM\install\Vista_Win2008\x86\netkvm.inf
Storage: viostor\install\Vista_Win2008\x86\viostor.inf
Windows Vista/Server 2008 64-bit
Memory Ballooning: balloon\install\Vista_Win2008\amd64\balloon.inf
Network: NetKVM\install\Vista_Win2008\amd64\netkvm.inf
Storage: viostor\install\Vista_Win2008\amd64\viostor.inf
Windows 7 32-bit
Memory Ballooning: balloon\install\Win7\x86\balloon.inf
Network: NetKVM\install\Win7\x86\netkvm.inf
Storage: viostor\install\Win7\x86\viostor.inf
Windows 7 64-bit
Memory Ballooning: balloon\install\Win7\amd64\balloon.inf
Network: NetKVM\install\Win7\amd64\netkvm.inf
Storage: viostor\install\Win7\amd64\viostor.inf

A.1.2.1. Windows 7

The following instructions show how to install para-virtualized storage an network drivers for Windows 7. Please make sure to exactly follow the instructions for installing the storage drivers, otherwise your system will either completely refuse to boot or will boot into a blue screen!

[Important]Technical Support

The following instructions require to use virsh edit. Using this command in principle is not supported by the Novell Technical Support. However, this special context (Installing Para-Virtualized Storage Drivers for Windows) is an exception from this rule. It will be supported with reasonable effort.

Procedure A.1. Installing Para-Virtualized Storage Drivers for Windows 7 32-bit

  1. Shut down the Windows 7 VM Guest and use Virtual Machine Manager to add an additional hard disk of type virtio (a para-virtualized hard disk). This disk is only temporarily needed and will be removed again from the VM Guest.

  2. If necessary, use Virtual Machine Manager to adjust the Boot Device Order. It must start with Hard Disk, otherwise the system will not boot once the system disk is para-virtualized. You need to confirm your changes with Apply, otherwise they will not be written to the configuration.

  3. Reboot the VM Guest. Once it has booted, open the Device Manager, for example, by opening the main menu and entering devmgmt.msc followed by Enter into the Start programs and files field.

  4. Search for the entry Other devices+SCSI Controller. The entry is marked with an exclamation mark as being problematic. Right-click this entry and choose Update Driver Software.

  5. Install the driver. Choose to Browse my computer for driver software. Use the Browse button to select the directory on the driver CD containing the storage drivers for your operating system and architecture (viostor\install\Win7\x86\). Confirm the security exception by clicking Install.

  6. Once the driver installation is finished, a new Storage Controller named Novell VirtIO SCSI Adapater is listed in the Device Manager. Additionally, the entry Disk Drives now contains the temporary para-virtualized disk. It is listed as Novell VirtIO SCSI Disk Device.

  7. Shut down the Windows 7 VM Guest and use Virtual Machine Manager to remove the temporary para-virtualized disk added earlier.

  8. Changing the type of a virtual hard disk is currently not supported by Virtual Machine Manager—therefore the XML configuration needs to be changed directly. Open a terminal and enter the following command (replace NAME with the name of you Windows 7 VM Guest). If operating from a remote host, also specify a connection URL with the -c parameter.

    virsh edit NAME

    An editor (vi by default) opens. Search for a block similar to the following:

    <disk type='block' device='disk'>
      <driver name='qemu' type='raw'/>
      <source file='/var/lib/libvirt/images/win7.raw'/>
      <target dev='hda' bus='ide'/>
      <address type='drive' controller='0' bus='0' unit='0'/>
    </disk>

    Remove the <address> tag. Change the attributes of the <target> tag to dev='vda' and bus='virtio':

    <disk type='block' device='disk'>
      <driver name='qemu' type='raw'/>
      <source dev='/dev/Virtual/win7'/>
      <target dev='vda' bus='virtio'/>
    </disk>

    Save the file. A successful save results in Domain NAME XML configuration edited. In case an error is reported (for example, when having produced invalid XML), the configuration has not been changed.

  9. Restart the VM Guest. If starting it via Virtual Machine Manager, make sure the hardware change is visible in the Details screen before you start (this may take a few seconds after you have saved the configuration changes from virsh). Otherwise your changes will be overwritten with the configuration last used by Virtual Machine Manager.

    Your Windows 7 VM Guest now uses a para-virtualized system disk.

Installing para-virtualized network drivers is very similar to installing the storage drivers:

Procedure A.2. Installing Para-Virtualized Network Drivers for Windows 7

  1. Shut down the Windows 7 VM Guest and use Virtual Machine Manager to add an additional network adapter of type virtio (a para-virtualized network adapter). This ensures that you still have network connectivity while installing the drivers.

  2. Reboot the VM Guest and install the driver via the Device Manager as described above. The new network adapter can be found under Other devices+Ethernet controller. After a successful driver installation, a Novell VirtIO Ethernet Adapter is listed in the Device Manager under Network Adapters.

  3. Shut down the VM Guest and remove the original, non-para-virtualized network adapter from the guest configuration using Virtual Machine Manager. Reboot the guest—now it uses a para-virtualized network adapter.

A.1.2.2. Other Windows Versions (XP, Server 2003/2008, Vista)

Installing para-virtualized drivers for other Windows versions is very similar to installing them on Windows 7 (see Section A.1.2.1, “Windows 7”). You do not need to manually start the Device Manager— Windows will rather prompt you to install the missing drivers. Make sure to manually choose the location of the driver during the installation process.

[Warning]Para-Virtualized Storage Drivers on Windows Vista

Currently the para-virtualized storage drivers for Windows Vista do not support booting from a para-virtualized disk. Using para-virtualized storage devices for non-bootable disks is supported.

[Note]Para-Virtualized Storage Drivers on Windows XP not Recommended

Using the para-virtualized storage drivers on Windows XP does not result in any performance gain—it may even result in performance penalties. Therefore, it is not recommended to use them. See http://www.mail-archive.com/kvm@vger.kernel.org/msg22834.html for technical details.

Note that this only affects para-virtualized storage drivers for Windows XP! Using para-virtualized storage drivers on other Windows versions will result in better performance. Using para-virtualized network drivers on Windows XP is also beneficial.

A.2. Generating x509 Client/Server Certificates

In order to be able to create x509 client and server certificates you need to issue them by a Certificate Authority (CA). It is recommended to set up an independent CA that only issues certificates for libvirt.

  1. Set up a CA as described in Раздел “Creating a Root CA” (Глава 15, Managing X.509 Certification, ↑Руководство по безопасности).

  2. Create a server and a client certificate as described in Раздел “Creating or Revoking User Certificates” (Глава 15, Managing X.509 Certification, ↑Руководство по безопасности). The Common Name (CN) for the server certificate must be the full qualified hostname, the Common Name for the client certificate can be freely chosen. For all other fields stick with the defaults suggested by YaST.

    Export the client and server certificates to a temporary location (for example, /tmp/x509/) by performing the following steps:

    1. Select the certificate on the certificates tab.

    2. Choose Export+Export to File+Certificate and the Key Unencrypted in PEM Format, provide the Certificate Password and the full path and the filename under File Name, for example, /tmp/x509/server.pem or /tmp/x509/client.pem.

    3. Open a terminal and change to the directory where you have saved the certificate and issue the following commands to split it into certificate and key (this example splits the server key):

      csplit -z -f s_ server.pem '/-----BEGIN/' '{1}'
             mv s_00 servercert.pem
             mv s_01 serverkey.pem
    4. Repeat the procedure for each client and server certificate you would like to export.

  3. Finally export the CA certificate by performing the following steps:

    1. Switch to the Description tab.

    2. ChooseAdvanced+Export to File+Only the Certificate in PEM Format and enter the full path and the filename under File Name, for example, /tmp/x509/cacert.pem.

A.3. QEMU Command Line Options

A.3.1. Supported qemu-kvm Command Line Options

-alt-grab
-append ...
-audio-help
-balloon ...
-boot ...
-cdrom ...
-chardev ..
-clock
-cpu [?|kvm64 ]
-ctrl-grab
-d ...
-daemonize
-device driver [isa-serial|isa-parallel|isa-fdc |ide-drive|VGA|cirrus-vga|rtl8139|virtio-net-pci |virtio-blk-pci|virtio-balloon-pci] ...
-drive if=[ide|floppy|virtio] format=raw snapshot=off ...
-echr ...
-enable-kvm
-fda/-fdb ...
-full-screen
-gdb ...
-global ...
-h
-hda/-hdb/-hdc/-hdd ...
-help
-incoming ...
-initrd ...
-k ...
-kernel ...
-loadvm ...
-m ...
-mem-path ...
-mem-prealloc
-mon ...
-monitor ...
-M [pc|pc-0.12]
-name ...
-netdev ...
-net [nic|user|tap|none] mode=[rtl8139|virtio]
-no-acpi
-nodefaults
-no-frame
-nographic
-no-hpet
-no-quit
-no-reboot
-no-shutdown
-parallel ...
-pcidevice ...
-pidfile ...
-readconfig ...
-rtc ...
-runas ...
-s
-S
-sdl
-serial ...
-smbios ...
-smp ...
-tdf
-usb
-usbdevice [tablet|mouse]
-uuid ..
-version
-vga [std|cirrus|none]
-vnc ...
-watchdog ...
-watchdog-action ...
-writeconfig ...

A.3.2. Unsupported qemu-kvm Command Line Options

The following qemu-kvm command line options are not supported by Novell:

-acpitable ...
-bios ...
-bt ...
-chroot ...
-cpu [phenom|core2duo|qemu32|qemu64|coreduo|486|pentium |pentium2|pentium3|athlon|n270]
-curses
-device driver (where driver is not in [isa-serial |isa-parallel|isa-fdc|ide-drive|VGA|cirrus-vga|rtl8139 |virtio-net-pci|virtio-blk-pci|virtio-balloon-pci])
-drive if=[scsi|mtd|pflash], snapshot=yes, format=[anything apart from raw]
-enable-nesting
-icount ...
-kvm-shadow-memory ...
-L ...
-M [pc-0.11|pc-0.10|isapc|mac]
-mtdblock ...
-net dump ...
-net socket ...
-no-fd-bootchk
-no-kvm
-no-kvm-irqchip
-no-kvm-pit
-no-kvm-pit-reinjection
-numa ...
-nvram ...
-option-rom ...
-osk
-pflash ...
-portrait
-qmp ...
-sd ...
-set ...
-show-cursor
-singlestep
-snapshot
-soundhw ...
-tb-size ...
-usbdevice [disk|host|serial|braille|net]
-vga [vmware|xenfb]
-virtioconsole ...
-win2k-hack

A.3.3. Supported qemu-kvm monitor Command Line Options

The following qemu-kvmmonitor command line options are supported by Novell:

?
balloon target ...
[c|cont]
change device ...
cpu ...
eject ...
gdbserver ...
help
info ...
logfile ...
logitem ...
mce ...
memsave ...
migrate ...
migrate_set_downtime ...
migrate_set_speed ...
mouse_button ...
mouse_move ...
mouse_set ...
pmemsave ...
[p|print] ...
q
sendkey ...
stop
system_powerdown
watchdog_action ...
x ...
xp ...

A.3.4. Unsupported qemu-kvm monitor Command Line Options

The following qemu-kvmmonitor command line options are not supported by Novell:

acl_add ...
acl_policy ...
acl_remove ...
acl_reset ...
acl_show ...
block_passwd ...
boot_set
close_fd ...
commit ...
cpu_set ...
delvm ...
device_add ...
device_del ...
drive_add ...
hostfwd_add ...
hostfwd_remove ...
host_net_add ...
host_net_remove ...
i ...
loadvm ...
migrate_cancel
nmi ...
o ...
pci_add ...
pci_del...
savevm ...
screendump ...
set_link ...
singlestep ...
stopcapture ...
sum ...
system_reset
usb_add ...
watchdog_action ...
wavcapture ...