is there a mechanism for customizing VMM settings on a per-user basis? i ask since i'd like to test guestfish and libguestfs on a recently-created VM but, by default, new VM images are created in /var/lib/libvirt/images, and that directory is not accessible to non-root users.
as a non-root user, if i was about to start working with VMs, i'd like to be able to invoke "virt-manager" and, *before* creating any VMs, set some config options, such as where my images are going to go (ideally, in a personal images directory). that would make those images accessible to my account.
but if i fire up "virt-manager", i can see "Edit" -> "Preferences" but that doesn't allow me that kind of per-user configuration. does that kind of configuration even exist? and, with those default settings and permissions, how *would* one use libguestfs and guestfish as a regular user?
or am i once again missing something critical?
rday --
======================================================================== Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Annoying Kernel Pedantry.
Web page: http://crashcourse.ca Linked In: http://www.linkedin.com/in/rpjday Twitter: http://twitter.com/rpjday ========================================================================
On 04/21/2009 12:10 PM, Robert P. J. Day wrote:
is there a mechanism for customizing VMM settings on a per-user basis? i ask since i'd like to test guestfish and libguestfs on a recently-created VM but, by default, new VM images are created in /var/lib/libvirt/images, and that directory is not accessible to non-root users.
as a non-root user, if i was about to start working with VMs, i'd like to be able to invoke "virt-manager" and, *before* creating any VMs, set some config options, such as where my images are going to go (ideally, in a personal images directory). that would make those images accessible to my account.
but if i fire up "virt-manager", i can see "Edit" -> "Preferences" but that doesn't allow me that kind of per-user configuration. does that kind of configuration even exist? and, with those default settings and permissions, how *would* one use libguestfs and guestfish as a regular user?
Per user configuration is handled by gconf, so if user1 changed a setting in Preferences, user2 would still have the default.
However, there is no global way yet to change what the 'default' storage location is. There is a place in the new VM wizard to type in a manual path to provision (such as your home directory), which would then allow you to use libguestfs on it.
- Cole
On Tue, 21 Apr 2009, Cole Robinson wrote:
Per user configuration is handled by gconf, so if user1 changed a setting in Preferences, user2 would still have the default.
However, there is no global way yet to change what the 'default' storage location is. There is a place in the new VM wizard to type in a manual path to provision (such as your home directory), which would then allow you to use libguestfs on it.
so is there a simple way to move an existing VM disk image from one location to another that doesn't confuse the VMM?
rday --
======================================================================== Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Annoying Kernel Pedantry.
Web page: http://crashcourse.ca Linked In: http://www.linkedin.com/in/rpjday Twitter: http://twitter.com/rpjday ========================================================================
On 04/21/2009 02:07 PM, Robert P. J. Day wrote:
On Tue, 21 Apr 2009, Cole Robinson wrote:
Per user configuration is handled by gconf, so if user1 changed a setting in Preferences, user2 would still have the default.
However, there is no global way yet to change what the 'default' storage location is. There is a place in the new VM wizard to type in a manual path to provision (such as your home directory), which would then allow you to use libguestfs on it.
so is there a simple way to move an existing VM disk image from one location to another that doesn't confuse the VMM?
Not sure what you mean by confuse VMM, but there isn't any way to move around disk images in virt-manager. If you create a guest with disk at /foo/disk.img, then move the image to /bar/disk.img, the old libvirt guest configuration won't know where the disk is anymore.
You can remove the virtual disk from the VM in virt-manager, then add a new virtual disk pointing to the new path. Or you can use 'virsh edit vmname' from the command line and change the path.
- Cole
On Tue, 21 Apr 2009, Cole Robinson wrote:
On 04/21/2009 02:07 PM, Robert P. J. Day wrote:
On Tue, 21 Apr 2009, Cole Robinson wrote:
Per user configuration is handled by gconf, so if user1 changed a setting in Preferences, user2 would still have the default.
However, there is no global way yet to change what the 'default' storage location is. There is a place in the new VM wizard to type in a manual path to provision (such as your home directory), which would then allow you to use libguestfs on it.
so is there a simple way to move an existing VM disk image from one location to another that doesn't confuse the VMM?
Not sure what you mean by confuse VMM, but there isn't any way to move around disk images in virt-manager.
right, i noticed that. however, ...
If you create a guest with disk at /foo/disk.img, then move the image to /bar/disk.img, the old libvirt guest configuration won't know where the disk is anymore.
so where does virt-manager keep track of where the various images are? obviously, if that was easily editable, that would be a solution. but, as you say, the current incarnation of virt-manager doesn't support that.
You can remove the virtual disk from the VM in virt-manager, then add a new virtual disk pointing to the new path.
um ... you can? how? as in, how through the graphical virt-manager? i'm assuming what you mean is that you can take an *existing* VM image file and somehow register it with the current VMM. or are you talking about something else?
Or you can use 'virsh edit vmname' from the command line and change the path.
i'm not sure how that solves the problem once you move that image elsewhere and virt-manager can't find it. or am i just being confused again?
rday -- ======================================================================== Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Annoying Kernel Pedantry.
Web page: http://crashcourse.ca Linked In: http://www.linkedin.com/in/rpjday Twitter: http://twitter.com/rpjday ========================================================================
On Tue, Apr 21, 2009 at 03:45:41PM -0400, Robert P. J. Day wrote:
Or you can use 'virsh edit vmname' from the command line and change the path.
i'm not sure how that solves the problem once you move that image elsewhere and virt-manager can't find it. or am i just being confused again?
'virsh edit' is exactly what you want to do. That edits the libvirt configuration for a VM, which is what virt-manager and the other tools all use.
Rich.
On Tue, 21 Apr 2009, Richard W.M. Jones wrote:
On Tue, Apr 21, 2009 at 03:45:41PM -0400, Robert P. J. Day wrote:
Or you can use 'virsh edit vmname' from the command line and change the path.
i'm not sure how that solves the problem once you move that image elsewhere and virt-manager can't find it. or am i just being confused again?
'virsh edit' is exactly what you want to do. That edits the libvirt configuration for a VM, which is what virt-manager and the other tools all use.
ah, gotcha ... and with that, i can modify both the name of the VM and its image file path. that's what i was looking for, thanks. i really have to finish reading all the help files one of these days.
rday --
======================================================================== Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Annoying Kernel Pedantry.
Web page: http://crashcourse.ca Linked In: http://www.linkedin.com/in/rpjday Twitter: http://twitter.com/rpjday ========================================================================
On 04/21/2009 03:45 PM, Robert P. J. Day wrote:
On Tue, 21 Apr 2009, Cole Robinson wrote:
On 04/21/2009 02:07 PM, Robert P. J. Day wrote:
On Tue, 21 Apr 2009, Cole Robinson wrote:
Per user configuration is handled by gconf, so if user1 changed a setting in Preferences, user2 would still have the default.
However, there is no global way yet to change what the 'default' storage location is. There is a place in the new VM wizard to type in a manual path to provision (such as your home directory), which would then allow you to use libguestfs on it.
so is there a simple way to move an existing VM disk image from one location to another that doesn't confuse the VMM?
Not sure what you mean by confuse VMM, but there isn't any way to move around disk images in virt-manager.
right, i noticed that. however, ...
If you create a guest with disk at /foo/disk.img, then move the image to /bar/disk.img, the old libvirt guest configuration won't know where the disk is anymore.
so where does virt-manager keep track of where the various images are? obviously, if that was easily editable, that would be a solution. but, as you say, the current incarnation of virt-manager doesn't support that.
For starters, virt-manager keeps track of barely anything itself. Most info about storage or VMs is received from libvirt.
That said, I'm not sure I understand exactly what you want. Could you lay out:
- The exact steps you are taking - What you would like/expect to see from vmm/libvirt - What you are actually seeing from vmm/libvirt
You can remove the virtual disk from the VM in virt-manager, then add a new virtual disk pointing to the new path.
um ... you can? how? as in, how through the graphical virt-manager? i'm assuming what you mean is that you can take an *existing* VM image file and somehow register it with the current VMM. or are you talking about something else?
On F11:
- Select a shutoff VM in the manager window, hit the 'Open' button on the bottom row. - Select the details tab. - Select the disk device (probably 'hda' or 'vda') whose path you changed - Click the 'Remove' button on the bottom - Click the 'Add Hardware' button on the bottom left - Select 'Storage', click 'Next' - Browse->Browse Local->Select the new disk location - Make sure 'Device Type' is the same as the original disk - Next->Finish
Hope that helps, Cole
Or you can use 'virsh edit vmname' from the command line and change the path.
i'm not sure how that solves the problem once you move that image elsewhere and virt-manager can't find it. or am i just being confused again?
rday
======================================================================== Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Annoying Kernel Pedantry.Web page: http://crashcourse.ca Linked In: http://www.linkedin.com/in/rpjday Twitter: http://twitter.com/rpjday ========================================================================
On Tue, Apr 21, 2009 at 12:10:31PM -0400, Robert P. J. Day wrote:
is there a mechanism for customizing VMM settings on a per-user basis? i ask since i'd like to test guestfish and libguestfs on a recently-created VM but, by default, new VM images are created in /var/lib/libvirt/images, and that directory is not accessible to non-root users.
as a non-root user, if i was about to start working with VMs, i'd like to be able to invoke "virt-manager" and, *before* creating any VMs, set some config options, such as where my images are going to go (ideally, in a personal images directory). that would make those images accessible to my account.
but if i fire up "virt-manager", i can see "Edit" -> "Preferences" but that doesn't allow me that kind of per-user configuration. does that kind of configuration even exist? and, with those default settings and permissions, how *would* one use libguestfs and guestfish as a regular user?
or am i once again missing something critical?
There are two classes of libvirt driver connection
- Privileged, per-host connections - Unprivileged, per-user connections
Xen provides a per-host connection. UserModeLinux and QEMU provide both (qemu:///system and qemu:///session). VirtualBox just proivides a per-user instance (vbox:///session) and so on.
Now by default in Fedora, when connecting to QEMU, virt-manager will use the privileged per-host connection, so VMs end up in the system directory /var/lib/libvirt/images.
Our goal (perhaps for F12) should be for local desktop virt use cases to use the unprivileged QEMU connection qemu://session by default, and have VM disk images stored in your home directory
Daniel
On 04/21/2009 02:12 PM, Daniel P. Berrange wrote:
On Tue, Apr 21, 2009 at 12:10:31PM -0400, Robert P. J. Day wrote:
is there a mechanism for customizing VMM settings on a per-user basis? i ask since i'd like to test guestfish and libguestfs on a recently-created VM but, by default, new VM images are created in /var/lib/libvirt/images, and that directory is not accessible to non-root users.
as a non-root user, if i was about to start working with VMs, i'd like to be able to invoke "virt-manager" and, *before* creating any VMs, set some config options, such as where my images are going to go (ideally, in a personal images directory). that would make those images accessible to my account.
but if i fire up "virt-manager", i can see "Edit" -> "Preferences" but that doesn't allow me that kind of per-user configuration. does that kind of configuration even exist? and, with those default settings and permissions, how *would* one use libguestfs and guestfish as a regular user?
or am i once again missing something critical?
There are two classes of libvirt driver connection
- Privileged, per-host connections
- Unprivileged, per-user connections
Xen provides a per-host connection. UserModeLinux and QEMU provide both (qemu:///system and qemu:///session). VirtualBox just proivides a per-user instance (vbox:///session) and so on.
Now by default in Fedora, when connecting to QEMU, virt-manager will use the privileged per-host connection, so VMs end up in the system directory /var/lib/libvirt/images.
Our goal (perhaps for F12) should be for local desktop virt use cases to use the unprivileged QEMU connection qemu://session by default, and have VM disk images stored in your home directory
How would we allow KVM access? Unix groups or something else?
- Cole
On Tue, Apr 21, 2009 at 02:33:54PM -0400, Cole Robinson wrote:
On 04/21/2009 02:12 PM, Daniel P. Berrange wrote:
On Tue, Apr 21, 2009 at 12:10:31PM -0400, Robert P. J. Day wrote:
is there a mechanism for customizing VMM settings on a per-user basis? i ask since i'd like to test guestfish and libguestfs on a recently-created VM but, by default, new VM images are created in /var/lib/libvirt/images, and that directory is not accessible to non-root users.
as a non-root user, if i was about to start working with VMs, i'd like to be able to invoke "virt-manager" and, *before* creating any VMs, set some config options, such as where my images are going to go (ideally, in a personal images directory). that would make those images accessible to my account.
but if i fire up "virt-manager", i can see "Edit" -> "Preferences" but that doesn't allow me that kind of per-user configuration. does that kind of configuration even exist? and, with those default settings and permissions, how *would* one use libguestfs and guestfish as a regular user?
or am i once again missing something critical?
There are two classes of libvirt driver connection
- Privileged, per-host connections
- Unprivileged, per-user connections
Xen provides a per-host connection. UserModeLinux and QEMU provide both (qemu:///system and qemu:///session). VirtualBox just proivides a per-user instance (vbox:///session) and so on.
Now by default in Fedora, when connecting to QEMU, virt-manager will use the privileged per-host connection, so VMs end up in the system directory /var/lib/libvirt/images.
Our goal (perhaps for F12) should be for local desktop virt use cases to use the unprivileged QEMU connection qemu://session by default, and have VM disk images stored in your home directory
How would we allow KVM access? Unix groups or something else?
Two options
- A UNIX group for /dev/kvm - Just make it world writable
In theory now KVM no longer pins all guest RAM into host RAM, it is reasonable safe to allow users to access it without any restrictions. (eg option 2) Will need to confirm with KVM developers if this is really so, but that was the intention last time i asked them.
Daniel
Daniel P. Berrange wrote:
On Tue, Apr 21, 2009 at 12:10:31PM -0400, Robert P. J. Day wrote:
is there a mechanism for customizing VMM settings on a per-user basis? i ask since i'd like to test guestfish and libguestfs on a recently-created VM but, by default, new VM images are created in /var/lib/libvirt/images, and that directory is not accessible to non-root users.
as a non-root user, if i was about to start working with VMs, i'd like to be able to invoke "virt-manager" and, *before* creating any VMs, set some config options, such as where my images are going to go (ideally, in a personal images directory). that would make those images accessible to my account.
but if i fire up "virt-manager", i can see "Edit" -> "Preferences" but that doesn't allow me that kind of per-user configuration. does that kind of configuration even exist? and, with those default settings and permissions, how *would* one use libguestfs and guestfish as a regular user?
or am i once again missing something critical?
There are two classes of libvirt driver connection
- Privileged, per-host connections
- Unprivileged, per-user connections
Xen provides a per-host connection. UserModeLinux and QEMU provide both (qemu:///system and qemu:///session). VirtualBox just proivides a per-user instance (vbox:///session) and so on.
Now by default in Fedora, when connecting to QEMU, virt-manager will use the privileged per-host connection, so VMs end up in the system directory /var/lib/libvirt/images.
Our goal (perhaps for F12) should be for local desktop virt use cases to use the unprivileged QEMU connection qemu://session by default, and have VM disk images stored in your home directory
I'm not sure that home directory is where people would want images, I suspect that an arbitrary location would be far more flexible. Using KVM without a VMM, I can put images in someplace obvious, like $HOME/virtual/Images (with install ISO images in ~/virtual/ISO) so my virtual machines are not co-mingled with other things. My system stuff is in /mnt/virtual/Images and people use it by using qemu-img to make a local qcow2 images for their personal machines (including test config, obviously).
Questions: - did I make clear why some flexibility is desirable? - is there any technical reason not to make this an arbitrary path?
On Fri, Apr 24, 2009 at 12:00:13PM -0400, Bill Davidsen wrote:
I'm not sure that home directory is where people would want images, I suspect that an arbitrary location would be far more flexible. Using KVM without a VMM, I can put images in someplace obvious, like $HOME/virtual/Images (with install ISO images in ~/virtual/ISO) so my virtual machines are not co-mingled with other things. My system stuff is in /mnt/virtual/Images and people use it by using qemu-img to make a local qcow2 images for their personal machines (including test config, obviously).
Questions:
- did I make clear why some flexibility is desirable?
- is there any technical reason not to make this an arbitrary path?
You should note that this is primarily an SELinux labelling issue.
You can use virt-install to put the images wherever you like, but you have to label that directory and/or the images with the correct label.
On F-10 something like this should work:
chcon system_u:object_r:virt_image_t:s0 /some/dir virt-install --disk=path=/some/dir/image,size=10 [other virt-install opts...]
'Course you have to do both of those commands as root.
virt-manager also lets you specify the path when you create file-backed guests.
Rich.
On Fri, Apr 24, 2009 at 12:00:13PM -0400, Bill Davidsen wrote:
Daniel P. Berrange wrote:
There are two classes of libvirt driver connection
- Privileged, per-host connections
- Unprivileged, per-user connections
Xen provides a per-host connection. UserModeLinux and QEMU provide both (qemu:///system and qemu:///session). VirtualBox just proivides a per-user instance (vbox:///session) and so on.
Now by default in Fedora, when connecting to QEMU, virt-manager will use the privileged per-host connection, so VMs end up in the system directory /var/lib/libvirt/images.
Our goal (perhaps for F12) should be for local desktop virt use cases to use the unprivileged QEMU connection qemu://session by default, and have VM disk images stored in your home directory
I'm not sure that home directory is where people would want images, I suspect that an arbitrary location would be far more flexible. Using KVM without a VMM, I can put images in someplace obvious, like $HOME/virtual/Images (with install ISO images in ~/virtual/ISO) so my virtual machines are not co-mingled with other things. My system stuff is in /mnt/virtual/Images and people use it by using qemu-img to make a local qcow2 images for their personal machines (including test config, obviously).
I hinted earlier, but there are 2 core use cases too
- Local desktop virtualization. eg developers / Vmware workstation use case - Server virtualization
Thes respectively map onto the 2 types of libvirt connection I talk about above
- Unprivileged, per-user connections - Privileged, per-host connections
Now, when I then talk about directories, we're only talking about the 'default' out of the box config, which respectively will be something like
- $HOME/VirtualImages - /var/lib/libvirt/images
Libvirt (and virt-manager) has extensive storage management APIs now, and can easily deal with alternative locations for storing images. So if these default ones aren't suitable, then it'll be perectly fine to tell virt-manager all images should live in /mnt/virtual/Images instead.
Questions:
- did I make clear why some flexibility is desirable?
We've nothing against flexibility - we're really just considering the default out of the box config.
- is there any technical reason not to make this an arbitrary path?
Historically SELinux has wanted images in particular locations. With the introduction of SVirt in libvirt, we have much more advanced SELinux integration and will in fact automatically re-label images to match the needs of a VM. So allowing arbitary locations *and* still being in compliance with SELinux policy is now practical
Daniel
Daniel P. Berrange wrote:
On Fri, Apr 24, 2009 at 12:00:13PM -0400, Bill Davidsen wrote:
Daniel P. Berrange wrote:
There are two classes of libvirt driver connection
- Privileged, per-host connections
- Unprivileged, per-user connections
Xen provides a per-host connection. UserModeLinux and QEMU provide both (qemu:///system and qemu:///session). VirtualBox just proivides a per-user instance (vbox:///session) and so on.
Now by default in Fedora, when connecting to QEMU, virt-manager will use the privileged per-host connection, so VMs end up in the system directory /var/lib/libvirt/images.
Our goal (perhaps for F12) should be for local desktop virt use cases to use the unprivileged QEMU connection qemu://session by default, and have VM disk images stored in your home directory
I'm not sure that home directory is where people would want images, I suspect that an arbitrary location would be far more flexible. Using KVM without a VMM, I can put images in someplace obvious, like $HOME/virtual/Images (with install ISO images in ~/virtual/ISO) so my virtual machines are not co-mingled with other things. My system stuff is in /mnt/virtual/Images and people use it by using qemu-img to make a local qcow2 images for their personal machines (including test config, obviously).
I hinted earlier, but there are 2 core use cases too
- Local desktop virtualization. eg developers / Vmware workstation use case
- Server virtualization
Thes respectively map onto the 2 types of libvirt connection I talk about above
- Unprivileged, per-user connections
- Privileged, per-host connections
Now, when I then talk about directories, we're only talking about the 'default' out of the box config, which respectively will be something like
- $HOME/VirtualImages
- /var/lib/libvirt/images
Libvirt (and virt-manager) has extensive storage management APIs now, and can easily deal with alternative locations for storing images. So if these default ones aren't suitable, then it'll be perectly fine to tell virt-manager all images should live in /mnt/virtual/Images instead.
No, those look like fine default choices, and as you note below labeling can now be automated to solve problems like this before they happen. I'm sadly aware of labeling problems, since I run a fair number of off-label programs I have to setup myself.
Sounds as if the problem is addresses, thanks.
Questions:
- did I make clear why some flexibility is desirable?
We've nothing against flexibility - we're really just considering the default out of the box config.
- is there any technical reason not to make this an arbitrary path?
Historically SELinux has wanted images in particular locations. With the introduction of SVirt in libvirt, we have much more advanced SELinux integration and will in fact automatically re-label images to match the needs of a VM. So allowing arbitary locations *and* still being in compliance with SELinux policy is now practical
Daniel
-
Bill Davidsen -
Cole Robinson -
Daniel P. Berrange -
Richard W.M. Jones -
Robert P. J. Day