table of contents
- NAME
- SYNOPSIS
- DESCRIPTION
- NOTES
- GENERIC COMMANDS
- DOMAIN COMMANDS
- DEVICE COMMANDS
- NODEDEV COMMANDS
- VIRTUAL NETWORK COMMANDS
- INTERFACE COMMANDS
- STORAGE POOL COMMANDS
- VOLUME COMMANDS
- SECRET COMMANDS
- SNAPSHOT COMMANDS
- NWFILTER COMMANDS
- HYPERVISOR-SPECIFIC COMMANDS
- ENVIRONMENT
- BUGS
- AUTHORS
- COPYRIGHT
- LICENSE
- SEE ALSO
other versions
- wheezy 0.9.12.3-1+deb7u1
- wheezy-backports 1.2.9-9+deb8u2~bpo70+1
- wheezy-backports 1.2.4-1~bpo70+1.1
- jessie 1.2.9-9+deb8u4
- jessie-backports 3.0.0-4~bpo8+1
- testing 3.0.0-4
- unstable 3.0.0-4
conflicting packages
VIRSH(1) | Virtualization Support | VIRSH(1) |
NAME¶
virsh - management user interfaceSYNOPSIS¶
virsh [OPTION]... [COMMAND_STRING] virsh [OPTION]... COMMAND [ARG]...DESCRIPTION¶
The virsh program is the main interface for managing virsh guest domains. The program can be used to create, pause, and shutdown domains. It can also be used to list current domains. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). It is free software available under the GNU Lesser General Public License. Virtualization of the Linux Operating System means the ability to run multiple instances of Operating Systems concurrently on a single hardware system where the basic resources are driven by a Linux instance. The library aims at providing a long term stable C API. It currently supports Xen, QEMU, KVM, LXC, OpenVZ, VirtualBox and VMware ESX. The basic structure of most virsh usage is:virsh [OPTION]... <command> <domain> [ARG]...Where command is one of the commands listed below; domain is the numeric domain id, or the domain name, or the domain UUID; and ARGS are command specific options. There are a few exceptions to this rule in the cases where the command in question acts on all domains, the entire machine, or directly on the xen hypervisor. Those exceptions will be clear for each of those commands. Note: it is permissible to give numeric names to domains, however, doing so will result in a domain that can only be identified by domain id. In other words, if a numeric value is supplied it will be interpreted as a domain id, not as a name. The virsh program can be used either to run one COMMAND by giving the command and its arguments on the shell command line, or a COMMAND_STRING which is a single shell argument consisting of multiple COMMAND actions and their arguments joined with whitespace, and separated by semicolons between commands. Within COMMAND_STRING, virsh understands the same single, double, and backslash escapes as the shell, although you must add another layer of shell escaping in creating the single shell argument. If no command is given in the command line, virsh will then start a minimal interpreter waiting for your commands, and the quit command will then exit the program. The virsh program understands the following OPTIONS.
- -c, --connect URI
- Connect to the specified URI, as if by the connect command, instead of the default connection.
- -d, --debug LEVEL
- Enable debug messages at integer LEVEL and above. LEVEL can range from 0 to 4 (default). See the documentation of VIRSH_DEBUG environment variable below for the description of each LEVEL.
- -e, --escape string
- Set alternative escape sequence for console command. By default, telnet's ^] is used. Allowed characters when using hat notation are: alphabetic character, @, [, ], \, ^, _.
- -h, --help
- Ignore all other arguments, and behave as if the help command were given instead.
- -k, --keepalive-interval INTERVAL
- Set an INTERVAL (in seconds) for sending keepalive messages to check whether connection to the server is still alive. Setting the interval to 0 disables client keepalive mechanism.
- -K, --keepalive-count COUNT
- Set a number of times keepalive message can be sent without getting an answer from the server without marking the connection dead. There is no effect to this setting in case the INTERVAL is set to 0.
- -l, --log FILE
- Output logging details to FILE.
- -q, --quiet
- Avoid extra informational messages.
- -r, --readonly
- Make the initial connection read-only, as if by the --readonly option of the connect command.
- -t, --timing
- Output elapsed time information for each command.
- -v, --version[=short]
- Ignore all other arguments, and prints the version of the libvirt library virsh is coming from
- -V, --version=long
- Ignore all other arguments, and prints the version of the libvirt library virsh is coming from and which options and driver are compiled in.
NOTES¶
Most virsh operations rely upon the libvirt library being able to connect to an already running libvirtd service. This can usually be done using the command invoke-rc.d libvirtd start. Most virsh commands require root privileges to run due to the communications channels used to talk to the hypervisor. Running as non root will return an error. Most virsh commands act synchronously, except maybe shutdown, setvcpus and setmem. In those cases the fact that the virsh program returned, may not mean the action is complete and you must poll periodically to detect that the guest completed the operation. virsh strives for backward compatibility. Although the help command only lists the preferred usage of a command, if an older version of virsh supported an alternate spelling of a command or option (such as --tunnelled instead of --tunneled), then scripts using that older spelling will continue to work. Several virsh commands take an optionally scaled integer; if no scale is provided, then the default is listed in the command (for historical reasons, some commands default to bytes, while other commands default to kibibytes). The following case-insensitive suffixes can be used to select a specific scale:b, byte byte 1
KB kilobyte 1,000
k, KiB kibibyte 1,024
MB megabyte 1,000,000
M, MiB mebibyte 1,048,576
GB gigabyte 1,000,000,000
G, GiB gibibyte 1,073,741,824
TB terabyte 1,000,000,000,000
T, TiB tebibyte 1,099,511,627,776
PB petabyte 1,000,000,000,000,000
P, PiB pebibyte 1,125,899,906,842,624
EB exabyte 1,000,000,000,000,000,000
E, EiB exbibyte 1,152,921,504,606,846,976
GENERIC COMMANDS¶
The following commands are generic i.e. not specific to a domain.- help [command-or-group]
- This lists each of the virsh commands. When used without
options, all commands are listed, one per line, grouped into related
categories, displaying the keyword for each group.
virsh # help host Host and Hypervisor (help keyword 'host'): capabilities capabilities cpu-models show the CPU models for an architecture connect (re)connect to hypervisor freecell NUMA free memory hostname print the hypervisor hostname qemu-attach Attach to existing QEMU process qemu-monitor-command QEMU Monitor Command qemu-agent-command QEMU Guest Agent Command sysinfo print the hypervisor sysinfo uri print the hypervisor canonical URI
virsh # help list NAME list - list domains SYNOPSIS list [--inactive] [--all] DESCRIPTION Returns list of domains. OPTIONS --inactive list inactive domains --all list inactive & active domains
- quit, exit
- quit this interactive terminal
- version [--daemon]
- Will print out the major version info about what this built from. If --daemon is specified then the version of the libvirt daemon is included in the output.
Example
$ virsh version Compiled against library: libvirt 1.2.3 Using library: libvirt 1.2.3 Using API: QEMU 1.2.3 Running hypervisor: QEMU 2.0.50 $ virsh version --daemon Compiled against library: libvirt 1.2.3 Using library: libvirt 1.2.3 Using API: QEMU 1.2.3 Running hypervisor: QEMU 2.0.50 Running against daemon: 1.2.6
- cd [directory]
- Will change current directory to directory. The
default directory for the cd command is the home directory or, if
there is no HOME variable in the environment, the root directory.
- pwd
- Will print the current directory.
- connect [URI] [--readonly]
- (Re)-Connect to the hypervisor. When the shell is first started, this is automatically run with the URI parameter requested by the "-c" option on the command line. The URI parameter specifies how to connect to the hypervisor. The documentation page at <http://libvirt.org/uri.html> list the values supported, but the most common are:
- xen:///
- this is used to connect to the local Xen hypervisor
- qemu:///system
- connect locally as root to the daemon supervising QEMU and KVM domains
- qemu:///session
- connect locally as a normal user to his own set of QEMU and KVM domains
- lxc:///
- connect to a local linux container
- uri
- Prints the hypervisor canonical URI, can be useful in shell mode.
- hostname
- Print the hypervisor hostname.
- sysinfo
- Print the XML representation of the hypervisor sysinfo, if available.
- nodeinfo
- Returns basic information about the node, like number and type of CPU, and size of the physical memory. The output corresponds to virNodeInfo structure. Specifically, the "CPU socket(s)" field means number of CPU sockets per NUMA cell.
- nodecpumap [--pretty]
- Displays the node's total number of CPUs, the number of
online CPUs and the list of online CPUs.
- nodecpustats [cpu] [--percent]
- Returns cpu stats of the node. If cpu is specified, this will prints specified cpu statistics only. If --percent is specified, this will prints percentage of each kind of cpu statistics during 1 second.
- nodememstats [cell]
- Returns memory stats of the node. If cell is specified, this will prints specified cell statistics only.
- nodesuspend [target] [duration]
- Puts the node (host machine) into a system-wide sleep state and schedule the node's Real-Time-Clock interrupt to resume the node after the time duration specified by duration is out. target specifies the state to which the host will be suspended to, it can be "mem" (suspend to RAM), "disk" (suspend to disk), or "hybrid" (suspend to both RAM and disk). duration specifies the time duration in seconds for which the host has to be suspended, it should be at least 60 seconds.
- node-memory-tune [shm-pages-to-scan] [shm-sleep-millisecs] [ shm-merge-across-nodes]
- Allows you to display or set the node memory parameters.
shm-pages-to-scan can be used to set the number of pages to scan
before the shared memory service goes to sleep; shm-sleep-millisecs
can be used to set the number of millisecs the shared memory service
should sleep before next scan; shm-merge-across-nodes specifies if
pages from different numa nodes can be merged. When set to 0, only pages
which physically reside in the memory area of same NUMA node can be
merged. When set to 1, pages from all nodes can be merged. Default to 1.
- capabilities
- Print an XML document describing the capabilities of the
hypervisor we are currently connected to. This includes a section on the
host capabilities in terms of CPU and features, and a set of description
for each kind of guest which can be virtualized. For a more complete
description see:
<http://libvirt.org/formatcaps.html> The XML also show the NUMA topology information if available.
- domcapabilities [virttype] [emulatorbin] [ arch] [machine]
- Print an XML document describing the domain capabilities
for the hypervisor we are connected to using information either sourced
from an existing domain or taken from the virsh capabilities
output. This may be useful if you intend to create a new domain and are
curious if for instance it could make use of VFIO by creating a domain for
the hypervisor with a specific emulator and architecture.
- inject-nmi domain
- Inject NMI to the guest.
- list [--inactive | --all] [--managed-save] [ --title] { [--table] | --name | --uuid } [--persistent] [--transient] [--with-managed-save] [ --without-managed-save] [--autostart] [ --no-autostart] [--with-snapshot] [--without-snapshot] [ --state-running] [--state-paused] [ --state-shutoff] [--state-other]
- Prints information about existing domains. If no options
are specified it prints out information about running domains.
Id Name State
----------------------------------------------------
0 Domain-0 running
2 fedora paused
- cpu-models arch
- Print the list of CPU models known for the specified architecture.
- running
- The domain is currently running on a CPU
- idle
- The domain is idle, and not running or runnable. This can be caused because the domain is waiting on IO (a traditional wait state) or has gone to sleep because there was nothing else for it to do.
- paused
- The domain has been paused, usually occurring through the administrator running virsh suspend. When in a paused state the domain will still consume allocated resources like memory, but will not be eligible for scheduling by the hypervisor.
- shutdown
- The domain is in the process of shutting down, i.e. the guest operating system has been notified and should be in the process of stopping its operations gracefully.
- shut off
- The domain is not running. Usually this indicates the domain has been shut down completely, or has not been started.
- crashed
- The domain has crashed, which is always a violent ending. Usually this state can only occur if the domain has been configured not to restart on crash.
- dying
- The domain is in process of dying, but hasn't completely shutdown or crashed.
- pmsuspended
- The domain has been suspended by guest power management, e.g. entered into s3 state.
- Persistence
- Flag --persistent is used to include persistent domains in the returned list. To include transient domains specify --transient.
- Existence of managed save image
- To list domains having a managed save image specify flag --with-managed-save. For domains that don't have a managed save image specify --without-managed-save.
- Domain state
- The following filter flags select a domain by its state: --state-running for running domains, --state-paused for paused domains, --state-shutoff for turned off domains and --state-other for all other states as a fallback.
- Autostarting domains
- To list autostarting domains use the flag --autostart. To list domains with this feature disabled use --no-autostart.
- Snapshot existence
- Domains that have snapshot images can be listed using flag --with-snapshot, domains without a snapshot --without-snapshot.
Id Name State Title
--------------------------------------------------------------------------
0 Domain-0 running Mailserver 1
2 fedora paused
- freecell [{ [--cellno] cellno | --all }]
- Prints the available amount of memory on the machine or within a NUMA cell. The freecell command can provide one of three different displays of available memory on the machine depending on the options specified. With no options, it displays the total free memory on the machine. With the --all option, it displays the free memory in each cell and the total free memory on the machine. Finally, with a numeric argument or with --cellno plus a cell number it will display the free memory for the specified cell only.
- freepages [{ [--cellno] cellno [--pagesize] pagesize | --all }]
- Prints the available amount of pages within a NUMA cell. cellno refers to the NUMA cell you're interested in. pagesize is a scaled integer (see NOTES above). Alternatively, if --all is used, info on each possible combination of NUMA cell and page size is printed out.
- allocpages [--pagesize] pagesize [--pagecount] pagecount [[--cellno] cellno] [--add] [ --all]
- Change the size of pages pool of pagesize on the host. If --add is specified, then pagecount pages are added into the pool. However, if --add wasn't specified, then the pagecount is taken as the new absolute size of the pool (this may be used to free some pages and size the pool down). The cellno modifier can be used to narrow the modification down to a single host NUMA cell. On the other end of spectrum lies --all which executes the modification on all NUMA cells.
- cpu-baseline FILE [--features]
- Compute baseline CPU which will be supported by all host CPUs given in <file>. The list of host CPUs is built by extracting all <cpu> elements from the <file>. Thus, the <file> can contain either a set of <cpu> elements separated by new lines or even a set of complete <capabilities> elements printed by capabilities command. If --features is specified then the resulting XML description will explicitly include all features that make up the CPU, without this option features that are part of the CPU model will not be listed in the XML description.
- cpu-compare FILE [--error]
- Compare CPU definition from XML <file> with host CPU. The XML <file> may contain either host or guest CPU definition. The host CPU definition is the <cpu> element and its contents as printed by capabilities command. The guest CPU definition is the <cpu> element and its contents from domain XML definition. For more information on guest CPU definition see: <http://libvirt.org/formatdomain.html#elementsCPU>. If --error is specified, the command will return an error when the given CPU is incompatible with host CPU and a message providing more details about the incompatibility will be printed out.
- echo [--shell] [--xml] [arg...]
- Echo back each arg, separated by space. If --shell is specified, then the output will be single-quoted where needed, so that it is suitable for reuse in a shell context. If --xml is specified, then the output will be escaped for use in XML.
DOMAIN COMMANDS¶
The following commands manipulate domains directly, as stated previously most commands take domain as the first parameter. The domain can be specified as a short integer, a name or a full UUID.- autostart [--disable] domain
- Configure a domain to be automatically started at boot.
- console domain [devname] [--safe] [ --force]
- Connect the virtual serial console for the guest. The
optional devname parameter refers to the device alias of an
alternate console, serial or parallel device configured for the guest. If
omitted, the primary console will be opened.
- create FILE [--console] [--paused] [ --autodestroy] [--pass-fds N,M,...]
- Create a domain from an XML <file>. An easy way to
create the XML <file> is to use the dumpxml command to obtain
the definition of a pre-existing guest. The domain will be paused if the
--paused option is used and supported by the driver; otherwise it
will be running. If --console is requested, attach to the console
after creation. If --autodestroy is requested, then the guest will
be automatically destroyed when virsh closes its connection to libvirt, or
otherwise exits.
virsh dumpxml <domain> > domain.xml vi domain.xml (or make changes with your other text editor) virsh create domain.xml
- define FILE
- Define a domain from an XML <file>. The domain definition is registered but not started. If domain is already running, the changes will take effect on the next boot.
- desc domain [[--live] [--config] | [ --current]] [--title] [--edit] [--new-desc New description or title message]
- Show or modify description and title of a domain. These
values are user fields that allow to store arbitrary textual data to allow
easy identification of domains. Title should be short, although it's not
enforced. (See also metadata that works with XML based domain
metadata.)
- destroy domain [--graceful]
- Immediately terminate the domain domain. This
doesn't give the domain OS any chance to react, and it's the equivalent of
ripping the power cord out on a physical machine. In most cases you will
want to use the shutdown command instead. However, this does not
delete any storage volumes used by the guest, and if the domain is
persistent, it can be restarted later.
- domblkstat domain [block-device] [--human]
- Get device block stats for a running domain. A
block-device corresponds to a unique target name (<target
dev='name'/>) or source file (<source file='name'/>) for one of
the disk devices attached to domain (see also domblklist for
listing these names). On a lxc domain, omitting the block-device
yields device block stats summarily for the entire domain.
rd_req - count of read operations
rd_bytes - count of read bytes
wr_req - count of write operations
wr_bytes - count of written bytes
errs - error count
flush_operations - count of flush operations
rd_total_times - total time read operations took (ns)
wr_total_times - total time write operations took (ns)
flush_total_times - total time flush operations took (ns)
<-- other fields provided by hypervisor -->
- domifstat domain interface-device
- Get network interface stats for a running domain.
- domif-setlink domain interface-device state [--config]
- Modify link state of the domain's virtual interface. Possible values for state are "up" and "down. If --config is specified, only the persistent configuration of the domain is modified, for compatibility purposes, --persistent is alias of --config. interface-device can be the interface's target name or the MAC address.
- domif-getlink domain interface-device [ --config]
- Query link state of the domain's virtual interface. If
--config is specified, query the persistent configuration, for
compatibility purposes, --persistent is alias of --config.
- domiftune domain interface-device [[--config] [--live] | [--current]] [--inbound average,peak,burst] [ --outbound average,peak,burst]
- Set or query the domain's network interface's bandwidth
parameters. interface-device can be the interface's target name
(<target dev='name'/>), or the MAC address.
- dommemstat domain [--period seconds] [[ --config] [--live] | [--current]]
- Get memory stats for a running domain.
- domblkerror domain
- Show errors on block devices. This command usually comes handy when domstate command says that a domain was paused due to I/O error. The domblkerror command lists all block devices in error state and the error seen on each of them.
- domblkinfo domain block-device
- Get block device size info for a domain. A block-device corresponds to a unique target name (<target dev='name'/>) or source file (<source file='name'/>) for one of the disk devices attached to domain (see also domblklist for listing these names).
- domblklist domain [--inactive] [--details]
- Print a table showing the brief information of all block devices associated with domain. If --inactive is specified, query the block devices that will be used on the next boot, rather than those currently in use by a running domain. If --details is specified, disk type and device value will also be printed. Other contexts that require a block device name (such as domblkinfo or snapshot-create for disk snapshots) will accept either target or unique source names printed by this command.
- domstats [--raw] [--enforce] [--state] [ --cpu-total] [--balloon] [--vcpu] [--interface] [--block] [[--list-active] [--list-inactive] [ --list-persistent] [--list-transient] [ --list-running] [--list-paused] [--list-shutoff] [--list-other]] | [domain ...]
- Get statistics for multiple or all domains. Without any
argument this command prints all available statistics for all domains.
- domiflist domain [--inactive]
- Print a table showing the brief information of all virtual interfaces associated with domain. If --inactive is specified, query the virtual interfaces that will be used on the next boot, rather than those currently in use by a running domain. Other contexts that require a MAC address of virtual interface (such as detach-interface or domif-setlink) will accept the MAC address printed by this command.
- blockcommit domain path [bandwidth] [ base] [--shallow] [top] [--delete] [ --keep-relative] [--wait [--async] [ --verbose]] [--timeout seconds] [--active] [{--pivot | --keep-overlay}]
- Reduce the length of a backing image chain, by committing
changes at the top of the chain (snapshot or delta files) into backing
images. By default, this command attempts to flatten the entire chain. If
base and/or top are specified as files within the backing
chain, then the operation is constrained to committing just that portion
of the chain; --shallow can be used instead of base to
specify the immediate backing file of the resulting top image to be
committed. The files being committed are rendered invalid, possibly as
soon as the operation starts; using the --delete flag will attempt
to remove these invalidated files at the successful completion of the
commit operation. When the --keep-relative flag is used, the
backing file paths will be kept relative.
- blockcopy domain path { dest [format] [--blockdev] | xml } [--shallow] [--reuse-external] [ bandwidth] [--wait [--async] [ --verbose]] [{--pivot | --finish}] [--timeout seconds] [granularity] [buf-size]
- Copy a disk backing image chain to a destination. Either
dest as the destination file name, or xml as the name of an
XML file containing a top-level <disk> element describing the
destination, must be present. Additionally, if dest is given,
format should be specified to declare the format of the destination
(if format is omitted, then libvirt will reuse the format of the
source, or with --reuse-external will be forced to probe the
destination format, which could be a potential security hole). The command
supports --raw as a boolean flag synonym for --format=raw.
When using dest, the destination is treated as a regular file
unless --blockdev is used to signal that it is a block device. By
default, this command flattens the entire chain; but if --shallow
is specified, the copy shares the backing chain.
- blockpull domain path [bandwidth] [ base] [--wait [--verbose] [--timeout seconds] [--async]] [--keep-relative]
- Populate a disk from its backing image chain. By default,
this command flattens the entire chain; but if base is specified,
containing the name of one of the backing files in the chain, then that
file becomes the new backing file and only the intermediate portion of the
chain is pulled. Once all requested data from the backing image chain has
been pulled, the disk no longer depends on that portion of the backing
chain.
- blkdeviotune domain device [[--config] [ --live] | [--current]] [[total-bytes-sec] | [ read-bytes-sec] [write-bytes-sec]] [[ total-iops-sec] | [read-iops-sec] [ write-iops-sec]]
- Set or query the block disk io parameters for a block
device of domain. device specifies a unique target name
(<target dev='name'/>) or source file (<source file='name'/>)
for one of the disk devices attached to domain (see also
domblklist for listing these names).
- blockjob domain path { [--abort] [ --async] [--pivot] | [--info] [--raw] [ --bytes] | [bandwidth] }
- Manage active block operations. There are three
mutually-exclusive modes: --info, bandwidth, and
--abort. --async and --pivot imply abort mode;
--raw implies info mode; and if no mode was given, --info
mode is assumed.
- blockresize domain path size
- Resize a block device of domain while the domain is
running, path specifies the absolute path of the block device; it
corresponds to a unique target name (<target dev='name'/>) or source
file (<source file='name'/>) for one of the disk devices attached to
domain (see also domblklist for listing these names).
- domdisplay domain [--include-password]
- Output a URI which can be used to connect to the graphical display of the domain via VNC, SPICE or RDP. If --include-password is specified, the SPICE channel password will be included in the URI.
- domfsfreeze domain [[--mountpoint] mountpoint...]
- Freeze mounted filesystems within a running domain to
prepare for consistent snapshots.
- domfsthaw domain [[--mountpoint] mountpoint...]
- Thaw mounted filesystems within a running domain, which
have been frozen by domfsfreeze command.
- domfstrim domain [--minimum bytes] [ --mountpoint mountPoint]
- Issue a fstrim command on all mounted filesystems within a running domain. It discards blocks which are not in use by the filesystem. If --minimum bytes is specified, it tells guest kernel length of contiguous free range. Smaller than this may be ignored (this is a hint and the guest may not respect it). By increasing this value, the fstrim operation will complete more quickly for filesystems with badly fragmented free space, although not all blocks will be discarded. The default value is zero, meaning "discard every free block". Moreover, a if user wants to trim only one mount point, it can be specified via optional --mountpoint parameter.
- domhostname domain
- Returns the hostname of a domain, if the hypervisor makes it available.
- dominfo domain
- Returns basic information about the domain.
- domuuid domain-name-or-id
- Convert a domain name or id to domain UUID
- domid domain-name-or-uuid
- Convert a domain name (or UUID) to a domain id
- domjobabort domain
- Abort the currently running domain job.
- domjobinfo domain [--completed]
- Returns information about jobs running on a domain. --completed tells virsh to return information about a recently finished job. Statistics of a completed job are automatically destroyed once read or when libvirtd is restarted. Note that time information returned for completed migrations may be completely irrelevant unless both source and destination hosts have synchronized time (i.e., NTP daemon is running on both of them).
- domname domain-id-or-uuid
- Convert a domain Id (or UUID) to domain name
- domstate domain [--reason]
- Returns state about a domain. --reason tells virsh to also print reason for the state.
- domcontrol domain
- Returns state of an interface to VMM used to control a domain. For states other than "ok" or "error" the command also prints number of seconds elapsed since the control interface entered its current state.
- domtime domain { [--now] [--pretty] [ --sync] [--time time] }
- Gets or sets the domain's system time. When run without any
arguments (but domain), the current domain's system time is printed
out. The --pretty modifier can be used to print the time in more
human readable form.
- domxml-from-native format config
- Convert the file config in the native guest configuration format named by format to a domain XML format. For QEMU/KVM hypervisor, the format argument must be qemu-argv. For Xen hypervisor, the format argument may be xen-xm or xen-sxpr. For LXC hypervisor, the format argument must be lxc-tools.
- domxml-to-native format xml
- Convert the file xml in domain XML format to the native guest configuration format named by format. For QEMU/KVM hypervisor, the format argument must be qemu-argv. For Xen hypervisor, the format argument may be xen-xm or xen-sxpr. For LXC hypervisor, the format argument must be lxc-tools.
- dump domain corefilepath [--bypass-cache] { [ --live] | [--crash] | [--reset] } [ --verbose] [--memory-only] [--format string]
- Dumps the core of a domain to a file for analysis. If
--live is specified, the domain continues to run until the core
dump is complete, rather than pausing up front. If --crash is
specified, the domain is halted with a crashed status, rather than merely
left in a paused state. If --reset is specified, the domain is
reset after successful dump. Note, these three switches are mutually
exclusive. If --bypass-cache is specified, the save will avoid the
file system cache, although this may slow down the operation. If
--memory-only is specified, the file is elf file, and will only
include domain's memory and cpu common register value. It is very useful
if the domain uses host devices directly. --format string is
used to specify the format of 'memory-only' dump, and string can be
one of them: elf, kdump-zlib(kdump-compressed format with
zlib-compressed), kdump-lzo(kdump-compressed format with lzo-compressed),
kdump-snappy(kdump-compressed format with snappy-compressed).
- dumpxml domain [--inactive] [--security-info] [ --update-cpu] [--migratable]
- Output the domain information as an XML dump to stdout, this format can be used by the create command. Additional options affecting the XML dump may be used. --inactive tells virsh to dump domain configuration that will be used on next start of the domain as opposed to the current domain configuration. Using --security-info will also include security sensitive information in the XML dump. --update-cpu updates domain CPU requirements according to host CPU. With --migratable one can request an XML that is suitable for migrations, i.e., compatible with older libvirt releases and possibly amended with internal run-time options. This option may automatically enable other options ( --update-cpu, --security-info, ...) as necessary.
- edit domain
- Edit the XML configuration file for a domain, which will
affect the next boot of the guest.
virsh dumpxml --inactive --security-info domain > domain.xml vi domain.xml (or make changes with your other text editor) virsh define domain.xml
- event {[domain] { event | --all } [ --loop] [--timeout seconds] | --list}
- Wait for a class of domain events to occur, and print
appropriate details of events as they happen. The events can optionally be
filtered by domain. Using --list as the only argument will
provide a list of possible event values known by this client,
although the connection might not allow registering for all these events.
It is also possible to use --all instead of event to
register for all possible event types at once.
- managedsave domain [--bypass-cache] [{--running | --paused}] [--verbose]
- Save and destroy (stop) a running domain, so it can be
restarted from the same state at a later time. When the virsh start
command is next run for the domain, it will automatically be started from
this saved state. If --bypass-cache is specified, the save will
avoid the file system cache, although this may slow down the operation.
- managedsave-remove domain
- Remove the managedsave state file for a domain, if it exists. This ensures the domain will do a full boot the next time it is started.
- maxvcpus [type]
- Provide the maximum number of virtual CPUs supported for a guest VM on this connection. If provided, the type parameter must be a valid type attribute for the <domain> element of XML.
- cpu-stats domain [--total] [start] [ count]
- Provide cpu statistics information of a domain. The domain should be running. Default it shows stats for all CPUs, and a total. Use --total for only the total stats, start for only the per-cpu stats of the CPUs from start, count for only count CPUs' stats.
- metadata domain [[--live] [--config] | [ --current]] [--edit] [uri] [key] [ set] [--remove]
- Show or modify custom XML metadata of a domain. The
metadata is a user defined XML that allows to store arbitrary XML data in
the domain definition. Multiple separate custom metadata pieces can be
stored in the domain XML. The pieces are identified by a private XML
namespace provided via the uri argument. (See also desc that
works with textual metadata of a domain.)
- migrate [--live] [--offline] [--direct] [ --p2p [--tunnelled]] [--persistent] [ --undefinesource] [--suspend] [--copy-storage-all] [--copy-storage-inc] [--change-protection] [--unsafe] [--verbose] [--compressed] [--abort-on-error] [--auto-converge] domain desturi [migrateuri] [graphicsuri] [listen-address] [dname] [--timeout seconds] [--xml file]
- Migrate domain to another host. Add --live for live
migration; <--p2p> for peer-2-peer migration; --direct for
direct migration; or --tunnelled for tunnelled migration.
--offline migrates domain definition without starting the domain on
destination and without stopping it on source host. Offline migration may
be used with inactive domains and it must be used with --persistent
option. --persistent leaves the domain persistent on destination
host, --undefinesource undefines the domain on the source host, and
--suspend leaves the domain paused on the destination host.
--copy-storage-all indicates migration with non-shared storage with
full disk copy, --copy-storage-inc indicates migration with
non-shared storage with incremental copy (same base image shared between
source and destination). In both cases the disk images have to exist on
destination host, the --copy-storage-... options only tell libvirt
to transfer data from the images on source host to the images found at the
same place on the destination host. --change-protection enforces
that no incompatible configuration changes will be made to the domain
while the migration is underway; this flag is implicitly enabled when
supported by the hypervisor, but can be explicitly used to reject the
migration if the hypervisor lacks change protection support.
--verbose displays the progress of migration. --compressed
activates compression of memory pages that have to be transferred
repeatedly during live migration. --abort-on-error cancels the
migration if a soft error (for example I/O error) happens during the
migration. --auto-converge forces convergence during live
migration.
- •
- normal migration: the desturi is an address of the target host as seen from the client machine.
- •
- peer2peer migration: the desturi is an address of the target host as seen from the source machine.
- •
- The configured hostname is incorrect, or DNS is broken. If a host has a hostname which will not resolve to match one of its public IP addresses, then libvirt will generate an incorrect URI. In this case migrateuri should be explicitly specified, using an IP address, or a correct hostname.
- •
- The host has multiple network interfaces. If a host has multiple network interfaces, it might be desirable for the migration data stream to be sent over a specific interface for either security or performance reasons. In this case migrateuri should be explicitly specified, using an IP address associated with the network to be used.
- •
- The firewall restricts what ports are available. When libvirt generates a migration URI, it will pick a port number using hypervisor specific rules. Some hypervisors only require a single port to be open in the firewalls, while others require a whole range of port numbers. In the latter case migrateuri might be specified to choose a specific port number outside the default range in order to comply with local firewall policies.
protocol://hostname[:port]/[?parameters]
spice://target.host.com:1234/?tlsPort=4567
- migrate-setmaxdowntime domain downtime
- Set maximum tolerable downtime for a domain which is being live-migrated to another host. The downtime is a number of milliseconds the guest is allowed to be down at the end of live migration.
- migrate-compcache domain [--size bytes]
- Sets and/or gets size of the cache (in bytes) used for compressing repeatedly transferred memory pages during live migration. When called without size, the command just prints current size of the compression cache. When size is specified, the hypervisor is asked to change compression cache to size bytes and then the current size is printed (the result may differ from the requested size due to rounding done by the hypervisor). The size option is supposed to be used while the domain is being live-migrated as a reaction to migration progress and increasing number of compression cache misses obtained from domjobinfo.
- migrate-setspeed domain bandwidth
- Set the maximum migration bandwidth (in MiB/s) for a domain which is being migrated to another host. bandwidth is interpreted as an unsigned long long value. Specifying a negative value results in an essentially unlimited value being provided to the hypervisor. The hypervisor can choose whether to reject the value or convert it to the maximum value allowed.
- migrate-getspeed domain
- Get the maximum migration bandwidth (in MiB/s) for a domain.
- numatune domain [--mode mode] [--nodeset nodeset] [[--config] [--live] | [--current]]
- Set or get a domain's numa parameters, corresponding to the
<numatune> element of domain XML. Without flags, the current
settings are displayed.
- reboot domain [--mode MODE-LIST]
- Reboot a domain. This acts just as if the domain had the
reboot command run from the console. The command returns as soon as
it has executed the reboot action, which may be significantly before the
domain actually reboots.
- reset domain
- Reset a domain immediately without any guest shutdown.
reset emulates the power reset button on a machine, where all guest
hardware sees the RST line set and reinitializes internal state.
- restore state-file [--bypass-cache] [--xml file] [{--running | --paused}]
- Restores a domain from a virsh save state file. See
save for more info.
- save domain state-file [--bypass-cache] [ --xml file] [{--running | --paused}] [ --verbose]
- Saves a running domain (RAM, but not disk state) to a state
file so that it can be restored later. Once saved, the domain will no
longer be running on the system, thus the memory allocated for the domain
will be free for other domains to use. virsh restore restores from
this state file. If --bypass-cache is specified, the save will
avoid the file system cache, although this may slow down the operation.
- save-image-define file xml [{--running | --paused}]
- Update the domain XML that will be used when file is
later used in the restore command. The xml argument must be
a file name containing the alternative XML, with changes only in the
host-specific portions of the domain XML. For example, it can be used to
account for file naming differences resulting from creating disk snapshots
of underlying storage after the guest was saved.
- save-image-dumpxml file [--security-info]
- Extract the domain XML that was in effect at the time the saved state file file was created with the save command. Using --security-info will also include security sensitive information.
- save-image-edit file [{--running | --paused}]
- Edit the XML configuration associated with a saved state
file file created by the save command.
virsh save-image-dumpxml state-file > state-file.xml vi state-file.xml (or make changes with your other text editor) virsh save-image-define state-file state-file-xml
- schedinfo domain [[--config] [--live] | [ --current]] [[--set] parameter=value]...
- schedinfo [--weight number] [--cap number] domain
- Allows you to show (and set) the domain scheduler
parameters. The parameters available for each hypervisor are:
- screenshot domain [imagefilepath] [--screen screenID]
- Takes a screenshot of a current domain console and stores it into a file. Optionally, if hypervisor supports more displays for a domain, screenID allows to specify which screen will be captured. It is the sequential number of screen. In case of multiple graphics cards, heads are enumerated before devices, e.g. having two graphics cards, both with four heads, screen ID 5 addresses the second head on the second card.
- send-key domain [--codeset codeset] [ --holdtime holdtime] keycode...
- Parse the keycode sequence as keystrokes to send to
domain. Each keycode can either be a numeric value or a
symbolic name from the corresponding codeset. If --holdtime is
given, each keystroke will be held for that many milliseconds. The default
codeset is linux, but use of the --codeset option allows
other codesets to be chosen.
- linux
- The numeric values are those defined by the Linux generic input event subsystem. The symbolic names match the corresponding Linux key constant macro names.
- xt
- The numeric values are those defined by the original XT keyboard controller. No symbolic names are provided
- atset1
- The numeric values are those defined by the AT keyboard controller, set 1 (aka XT compatible set). Extended keycoes from atset1 may differ from extended keycodes in the xt codeset. No symbolic names are provided
- atset2
- The numeric values are those defined by the AT keyboard controller, set 2. No symbolic names are provided
- atset3
- The numeric values are those defined by the AT keyboard controller, set 3 (aka PS/2 compatible set). No symbolic names are provided
- os_x
- The numeric values are those defined by the OS-X keyboard input subsystem. The symbolic names match the corresponding OS-X key constant macro names
- xt_kbd
- The numeric values are those defined by the Linux KBD device. These are a variant on the original XT codeset, but often with different encoding for extended keycodes. No symbolic names are provided.
- win32
- The numeric values are those defined by the Win32 keyboard input subsystem. The symbolic names match the corresponding Win32 key constant macro names
- usb
- The numeric values are those defined by the USB HID specification for keyboard input. No symbolic names are provided
- rfb
- The numeric values are those defined by the RFB extension for sending raw keycodes. These are a variant on the XT codeset, but extended keycodes have the low bit of the second byte set, instead of the high bit of the first byte. No symbolic names are provided.
# send three strokes 'k', 'e', 'y', using xt codeset. these
# are all pressed simultaneously and may be received by the guest
# in random order
virsh send-key dom --codeset xt 37 18 21
# send one stroke 'right-ctrl+C' virsh send-key dom KEY_RIGHTCTRL KEY_C # send a tab, held for 1 second virsh send-key --holdtime 1000 0xf
- send-process-signal domain-id pid signame
- Send a signal signame to the process identified by
pid running in the virtual domain domain-id. The pid
is a process ID in the virtual domain namespace.
"nop", "hup", "int", "quit", "ill", "trap", "abrt", "bus", "fpe", "kill", "usr1", "segv", "usr2", "pipe", "alrm", "term", "stkflt", "chld", "cont", "stop", "tstp", "ttin", "ttou", "urg", "xcpu", "xfsz", "vtalrm", "prof", "winch", "poll", "pwr", "sys", "rt0", "rt1", "rt2", "rt3", "rt4", "rt5", "rt6", "rt7", "rt8", "rt9", "rt10", "rt11", "rt12", "rt13", "rt14", "rt15", "rt16", "rt17", "rt18", "rt19", "rt20", "rt21", "rt22", "rt23", "rt24", "rt25", "rt26", "rt27", "rt28", "rt29", "rt30", "rt31", "rt32"
virsh send-process-signal myguest 1 15
virsh send-process-signal myguest 1 term
virsh send-process-signal myguest 1 sigterm
virsh send-process-signal myguest 1 SIG_HUP
- setmem domain size [[--config] [ --live] | [--current]]
- Change the memory allocation for a guest domain. If
--live is specified, perform a memory balloon of a running guest.
If --config is specified, affect the next boot of a persistent
guest. If --current is specified, affect the current guest state.
Both --live and --config flags may be given, but
--current is exclusive. If no flag is specified, behavior is
different depending on hypervisor.
- setmaxmem domain size [[--config] [ --live] | [--current]]
- Change the maximum memory allocation limit for a guest
domain. If --live is specified, affect a running guest. If
--config is specified, affect the next boot of a persistent guest.
If --current is specified, affect the current guest state. Both
--live and --config flags may be given, but --current
is exclusive. If no flag is specified, behavior is different depending on
hypervisor.
- memtune domain [--hard-limit size] [ --soft-limit size] [--swap-hard-limit size] [--min-guarantee size] [[--config] [--live] | [ --current]]
- Allows you to display or set the domain memory parameters.
Without flags, the current settings are displayed; with a flag, the
appropriate limit is adjusted if supported by the hypervisor. LXC and
QEMU/KVM support --hard-limit, --soft-limit, and
--swap-hard-limit. --min-guarantee is supported only by ESX
hypervisor. Each of these limits are scaled integers (see NOTES
above), with a default of kibibytes (blocks of 1024 bytes) if no suffix is
present. Libvirt rounds up to the nearest kibibyte. Some hypervisors
require a larger granularity than KiB, and requests that are not an even
multiple will be rounded up. For example, vSphere/ESX rounds the parameter
up to mebibytes (1024 kibibytes).
- --hard-limit
- The maximum memory the guest can use.
- --soft-limit
- The memory limit to enforce during memory contention.
- --swap-hard-limit
- The maximum memory plus swap the guest can use. This has to be more than hard-limit value provided.
- --min-guarantee
- The guaranteed minimum memory allocation for the guest.
- blkiotune domain [--weight weight] [ --device-weights device-weights] [--device-read-iops-sec device-read-iops-sec] [--device-write-iops-sec device-write-iops-sec] [--device-read-bytes-sec device-read-bytes-sec] [--device-write-bytes-sec device-write-bytes-sec] [[--config] [ --live] | [--current]]
- Display or set the blkio parameters. QEMU/KVM supports
--weight. --weight is in range [100, 1000]. After kernel
2.6.39, the value could be in the range [10, 1000].
- setvcpus domain count [--maximum] [[ --config] [--live] | [--current]] [ --guest]
- Change the number of virtual CPUs active in a guest domain.
By default, this command works on active guest domains. To change the
settings for an inactive guest domain, use the --config flag.
- shutdown domain [--mode MODE-LIST]
- Gracefully shuts down a domain. This coordinates with the
domain OS to perform graceful shutdown, so there is no guarantee that it
will succeed, and may take a variable length of time depending on what
services must be shutdown in the domain.
- start domain-name-or-uuid [--console] [ --paused] [--autodestroy] [--bypass-cache] [--force-boot] [ --pass-fds N,M,...]
- Start a (previously defined) inactive domain, either from
the last managedsave state, or via a fresh boot if no managedsave
state is present. The domain will be paused if the --paused option
is used and supported by the driver; otherwise it will be running. If
--console is requested, attach to the console after creation. If
--autodestroy is requested, then the guest will be automatically
destroyed when virsh closes its connection to libvirt, or otherwise exits.
If --bypass-cache is specified, and managedsave state exists, the
restore will avoid the file system cache, although this may slow down the
operation. If --force-boot is specified, then any managedsave state
is discarded and a fresh boot occurs.
- suspend domain
- Suspend a running domain. It is kept in memory but won't be scheduled anymore.
- resume domain
- Moves a domain out of the suspended state. This will allow a previously suspended domain to now be eligible for scheduling by the underlying hypervisor.
- dompmsuspend domain target [--duration]
- Suspend a running domain into one of these states (possible
target values):
mem equivalent of S3 ACPI state
disk equivalent of S4 ACPI state
hybrid RAM is saved to disk but not powered off
- dompmwakeup domain
- Wakeup a domain from pmsuspended state (either suspended by dompmsuspend or from the guest itself). Injects a wakeup into the guest that is in pmsuspended state, rather than waiting for the previously requested duration (if any) to elapse. This operation doesn't not necessarily fail if the domain is running.
- ttyconsole domain
- Output the device used for the TTY console of the domain. If the information is not available the processes will provide an exit code of 1.
- undefine domain [--managed-save] [--snapshots-metadata] [ --nvram] [ {--storage volumes | --remove-all-storage} --wipe-storage]
- Undefine a domain. If the domain is running, this converts
it to a transient domain, without stopping it. If the domain is inactive,
the domain configuration is removed.
- vcpucount domain [{--maximum | --active} { --config | --live | --current}] [--guest]
- Print information about the virtual cpu counts of the given
domain. If no flags are specified, all possible counts are listed
in a table; otherwise, the output is limited to just the numeric value
requested. For historical reasons, the table lists the label
"current" on the rows that can be queried in isolation via the
--active flag, rather than relating to the --current flag.
- vcpuinfo domain [--pretty]
- Returns basic information about the domain virtual CPUs,
like the number of vCPUs, the running time, the affinity to physical
processors.
- vcpupin domain [vcpu] [cpulist] [[ --live] [--config] | [--current]]
- Query or change the pinning of domain VCPUs to host
physical CPUs. To pin a single vcpu, specify cpulist;
otherwise, you can query one vcpu or omit vcpu to list all
at once.
- emulatorpin domain [cpulist] [[--live] [ --config] | [--current]]
- Query or change the pinning of domain's emulator threads to
host physical CPUs.
- vncdisplay domain
- Output the IP address and port number for the VNC display. If the information is not available the processes will provide an exit code of 1.
DEVICE COMMANDS¶
The following commands manipulate devices associated to domains. The domain can be specified as a short integer, a name or a full UUID. To better understand the values allowed as options for the command reading the documentation at <http://libvirt.org/formatdomain.html> on the format of the device sections to get the most accurate set of accepted values.- attach-device domain FILE [[[--live] [ --config] | [--current]] | [--persistent]]
- Attach a device to the domain, using a device definition in
an XML file using a device definition element such as <disk> or
<interface> as the top-level element. See the documentation at
<http://libvirt.org/formatdomain.html#elementsDevices> to learn
about libvirt XML format for a device. If --config is specified the
command alters the persistent domain configuration with the device attach
taking effect the next time libvirt starts the domain. For cdrom and
floppy devices, this command only replaces the media within an existing
device; consider using update-device for this usage. For
passthrough host devices, see also nodedev-detach, needed if the
device does not use managed mode.
- attach-disk domain source target [[[ --live] [--config] | [--current]] | [--persistent]] [--targetbus bus] [--driver driver] [--subdriver subdriver] [--iothread iothread] [--cache cache] [ --type type] [--mode mode] [--sourcetype sourcetype] [ --serial serial] [--wwn wwn] [--rawio] [ --address address] [--multifunction] [--print-xml]
- Attach a new disk device to the domain. source is
path for the files and devices. target controls the bus or device
under which the disk is exposed to the guest OS. It indicates the
"logical" device name; the optional targetbus attribute
specifies the type of disk device to emulate; possible values are driver
specific, with typical values being ide, scsi,
virtio, xen, usb, sata, or sd, if
omitted, the bus type is inferred from the style of the device name (e.g.
a device named 'sda' will typically be exported using a SCSI bus).
driver can be file, tap or phy for the Xen
hypervisor depending on the kind of access; or qemu for the QEMU
emulator. Further details to the driver can be passed using
subdriver. For Xen subdriver can be aio, while for
QEMU subdriver should match the format of the disk source, such as
raw or qcow2. Hypervisor default will be used if
subdriver is not specified. However, the default may not be
correct, esp. for QEMU as for security reasons it is configured not to
detect disk formats. type can indicate lun, cdrom or
floppy as alternative to the disk default, although this use only
replaces the media within the existing virtual cdrom or floppy device;
consider using update-device for this usage instead. mode
can specify the two specific mode readonly or shareable.
sourcetype can indicate the type of source (block|file)
cache can be one of "default", "none",
"writethrough", "writeback", "directsync" or
"unsafe". iothread is the number within the range of
domain IOThreads to which this disk may be attached (QEMU only).
serial is the serial of disk device. wwn is the wwn of disk
device. rawio indicates the disk needs rawio capability.
address is the address of disk device in the form of
pci:domain.bus.slot.function, scsi:controller.bus.unit or
ide:controller.bus.unit. multifunction indicates specified pci
address is a multifunction pci device address.
- attach-interface domain type source [[[ --live] [--config] | [--current]] | [--persistent]] [--target target] [--mac mac] [--script script] [ --model model] [--config] [--inbound average,peak,burst] [ --outbound average,peak,burst]
- Attach a new network interface to the domain. type
can be either network to indicate connection via a libvirt virtual
network or bridge to indicate connection via a bridge device on the
host. source indicates the source of the connection (either the
name of a network, or of a bridge device). target is used to
specify the tap/macvtap device to be used to connect the domain to the
source. Names starting with 'vnet' are considered as auto-generated and
are blanked out/regenerated each time the interface is attached.
mac specifies the MAC address of the network interface; if a MAC
address is not given, a new address will be automatically generated (and
stored in the persistent configuration if "--config" is given on
the commandline). script is used to specify a path to a custom
script to be called while attaching to a bridge - this will be called
instead of the default script not in addition to it; --script is valid
only for interfaces of type bridge and only for Xen domains.
model specifies the network device model to be presented to the
domain. inbound and outbound control the bandwidth of the
interface. peak and burst are optional, so
"average,peak", "average,,burst" and
"average" are also legal. Values for average and
peak are expressed in kilobytes per second, while burst is
expressed in kilobytes in a single burst at - peak speed as
described in the Network XML documentation at
<http://libvirt.org/formatnetwork.html#elementQoS>.
- detach-device domain FILE [[[--live] [ --config] | [--current]] | [--persistent]]
- Detach a device from the domain, takes the same kind of XML
descriptions as command attach-device. For passthrough host
devices, see also nodedev-reattach, needed if the device does not
use managed mode.
- detach-disk domain target [[[--live] [ --config] | [--current]] | [--persistent]]
- Detach a disk device from a domain. The target is
the device as seen from the domain.
- detach-interface domain type [--mac mac] [[[ --live] [--config] | [--current]] | [--persistent]]
- Detach a network interface from a domain. type can
be either network to indicate a physical network device or
bridge to indicate a bridge to a device. It is recommended to use
the mac option to distinguish between the interfaces if more than
one are present on the domain.
- update-device domain file [--force] [[[ --live] [--config] | [--current]] | [ --persistent]]
- Update the characteristics of a device associated with
domain, based on the device definition in an XML file. The
--force option can be used to force device update, e.g., to eject a
CD-ROM even if it is locked/mounted in the domain. See the documentation
at <http://libvirt.org/formatdomain.html#elementsDevices> to learn
about libvirt XML format for a device.
- change-media domain path [--eject] [ --insert] [--update] [source] [--force] [[ --live] [--config] | [--current]]
- Change media of CDROM or floppy drive. path can be
the fully-qualified path or the unique target name (<target
dev='hdc'>) of the disk device. source specifies the path of the
media to be inserted or updated.
NODEDEV COMMANDS¶
The following commands manipulate host devices that are intended to be passed through to guest domains via <hostdev> elements in a domain's <devices> section. A node device key is generally specified by the bus name followed by its address, using underscores between all components, such as pci_0000_00_02_1, usb_1_5_3, or net_eth1_00_27_13_6a_fe_00. The nodedev-list gives the full list of host devices that are known to libvirt, although this includes devices that cannot be assigned to a guest (for example, attempting to detach the PCI device that controls the host's hard disk controller where the guest's disk images live could cause the host system to lock up or reboot). For more information on node device definition see: <http://libvirt.org/formatnode.html>. Passthrough devices cannot be simultaneously used by the host and its guest domains, nor by multiple active guests at once. If the <hostdev> description includes the attribute managed='yes', and the hypervisor driver supports it, then the device is in managed mode, and attempts to use that passthrough device in an active guest will automatically behave as if nodedev-detach (guest start, device hot-plug) and nodedev-reattach (guest stop, device hot-unplug) were called at the right points (currently, qemu does this for PCI devices, but not USB). If a device is not marked as managed, then it must manually be detached before guests can use it, and manually reattached to be returned to the host. Also, if a device is manually detached, then the host does not regain control of the device without a matching reattach, even if the guests use the device in managed mode.- nodedev-create FILE
- Create a device on the host node that can then be assigned to virtual machines. Normally, libvirt is able to automatically determine which host nodes are available for use, but this allows registration of host hardware that libvirt did not automatically detect. file contains xml for a top-level <device> description of a node device.
- nodedev-destroy device
- Destroy (stop) a device on the host. device can be either device name or wwn pair in "wwnn,wwpn" format (only works for vHBA currently). Note that this makes libvirt quit managing a host device, and may even make that device unusable by the rest of the physical host until a reboot.
- nodedev-detach nodedev [--driver backend_driver]
- Detach nodedev from the host, so that it can safely
be used by guests via <hostdev> passthrough. This is reversed with
nodedev-reattach, and is done automatically for managed devices.
For compatibility purposes, this command can also be spelled
nodedev-dettach.
- nodedev-dumpxml device
- Dump a <device> XML representation for the given node device, including such information as the device name, which bus owns the device, the vendor and product id, and any capabilities of the device usable by libvirt (such as whether device reset is supported). device can be either device name or wwn pair in "wwnn,wwpn" format (only works for HBA).
- nodedev-list cap --tree
- List all of the devices available on the node that are known by libvirt. cap is used to filter the list by capability types, the types must be separated by comma, e.g. --cap pci,scsi, valid capability types include 'system', 'pci', 'usb_device', 'usb', 'net', 'scsi_host', 'scsi_target', 'scsi', 'storage', 'fc_host', 'vports', 'scsi_generic'. If --tree is used, the output is formatted in a tree representing parents of each node. cap and --tree are mutually exclusive.
- nodedev-reattach nodedev
- Declare that nodedev is no longer in use by any guests, and that the host can resume normal use of the device. This is done automatically for devices in managed mode, but must be done explicitly to match any explicit nodedev-detach.
- nodedev-reset nodedev
- Trigger a device reset for nodedev, useful prior to transferring a node device between guest passthrough or the host. Libvirt will often do this action implicitly when required, but this command allows an explicit reset when needed.
VIRTUAL NETWORK COMMANDS¶
The following commands manipulate networks. Libvirt has the capability to define virtual networks which can then be used by domains and linked to actual network devices. For more detailed information about this feature see the documentation at <http://libvirt.org/formatnetwork.html> . Many of the commands for virtual networks are similar to the ones used for domains, but the way to name a virtual network is either by its name or UUID.- net-autostart network [--disable]
- Configure a virtual network to be automatically started at boot. The --disable option disable autostarting.
- net-create file
- Create a transient (temporary) virtual network from an XML file and instantiate (start) the network. See the documentation at <http://libvirt.org/formatnetwork.html> to get a description of the XML network format used by libvirt.
- net-define file
- Define a persistent virtual network from an XML file, the network is just defined but not instantiated (started).
- net-destroy network
- Destroy (stop) a given transient or persistent virtual network specified by its name or UUID. This takes effect immediately.
- net-dumpxml network [--inactive]
- Output the virtual network information as an XML dump to stdout. If --inactive is specified, then physical functions are not expanded into their associated virtual functions.
- net-edit network
- Edit the XML configuration file for a network.
virsh net-dumpxml --inactive network > network.xml vi network.xml (or make changes with your other text editor) virsh net-define network.xml
- net-event {[network] event [--loop] [ --timeout seconds] | --list}
- Wait for a class of network events to occur, and print
appropriate details of events as they happen. The events can optionally be
filtered by network. Using --list as the only argument will
provide a list of possible event values known by this client,
although the connection might not allow registering for all these events.
- net-info network
- Returns basic information about the network object.
- net-list [--inactive | --all] [--persistent] [<--transient>] [ --autostart] [<--no-autostart>]
- Returns the list of active networks, if --all is
specified this will also include defined but inactive networks, if
--inactive is specified only the inactive ones will be listed. You
may also want to filter the returned networks by --persistent to
list the persistent ones, --transient to list the transient ones,
--autostart to list the ones with autostart enabled, and
--no-autostart to list the ones with autostart disabled.
- net-name network-UUID
- Convert a network UUID to network name.
- net-start network
- Start a (previously defined) inactive network.
- net-undefine network
- Undefine the configuration for a persistent network. If the network is active, make it transient.
- net-uuid network-name
- Convert a network name to network UUID.
- net-update network command section xml [--parent-index index] [[--live] [ --config] | [--current]]
- Update the given section of an existing network definition,
with the changes optionally taking effect immediately, without needing to
destroy and re-start the network.
- net-dhcp-leases network [mac]
- Get a list of dhcp leases for all network interfaces connected to the given virtual network or limited output just for one interface if mac is specified.
INTERFACE COMMANDS¶
The following commands manipulate host interfaces. Often, these host interfaces can then be used by name within domain <interface> elements (such as a system-created bridge interface), but there is no requirement that host interfaces be tied to any particular guest configuration XML at all. Many of the commands for host interfaces are similar to the ones used for domains, and the way to name an interface is either by its name or its MAC address. However, using a MAC address for an iface argument only works when that address is unique (if an interface and a bridge share the same MAC address, which is often the case, then using that MAC address results in an error due to ambiguity, and you must resort to a name instead).- iface-bridge interface bridge [--no-stp] [ delay] [--no-start]
- Create a bridge device named bridge, and attach the
existing network device interface to the new bridge. The new bridge
defaults to starting immediately, with STP enabled and a delay of 0; these
settings can be altered with --no-stp, --no-start, and an
integer number of seconds for delay. All IP address configuration
of interface will be moved to the new bridge device.
- iface-define file
- Define a host interface from an XML file, the interface is just defined but not started.
- iface-destroy interface
- Destroy (stop) a given host interface, such as by running "if-down" to disable that interface from active use. This takes effect immediately.
- iface-dumpxml interface [--inactive]
- Output the host interface information as an XML dump to stdout. If --inactive is specified, then the output reflects the persistent state of the interface that will be used the next time it is started.
- iface-edit interface
- Edit the XML configuration file for a host interface.
virsh iface-dumpxml iface > iface.xml vi iface.xml (or make changes with your other text editor) virsh iface-define iface.xml
- iface-list [--inactive | --all]
- Returns the list of active host interfaces. If --all is specified this will also include defined but inactive interfaces. If --inactive is specified only the inactive ones will be listed.
- iface-name interface
- Convert a host interface MAC to interface name, if the MAC
address is unique among the host's interfaces.
- iface-mac interface
- Convert a host interface name to MAC address.
- iface-start interface
- Start a (previously defined) host interface, such as by running "if-up".
- iface-unbridge bridge [--no-start]
- Tear down a bridge device named bridge, releasing
its underlying interface back to normal usage, and moving all IP address
configuration from the bridge device to the underlying device. The
underlying interface is restarted unless --no-start is present;
this flag is present for symmetry, but generally not recommended.
- iface-undefine interface
- Undefine the configuration for an inactive host interface.
- iface-begin
- Create a snapshot of current host interface settings, which can later be committed ( iface-commit) or restored (iface-rollback). If a snapshot already exists, then this command will fail until the previous snapshot has been committed or restored. Undefined behavior results if any external changes are made to host interfaces outside of the libvirt API between the beginning of a snapshot and its eventual commit or rollback.
- iface-commit
- Declare all changes since the last iface-begin as working, and delete the rollback point. If no interface snapshot has already been started, then this command will fail.
- iface-rollback
- Revert all host interface settings back to the state recorded in the last iface-begin. If no interface snapshot has already been started, then this command will fail. Rebooting the host also serves as an implicit rollback point.
STORAGE POOL COMMANDS¶
The following commands manipulate storage pools. Libvirt has the capability to manage various storage solutions, including files, raw partitions, and domain-specific formats, used to provide the storage volumes visible as devices within virtual machines. For more detailed information about this feature, see the documentation at <http://libvirt.org/formatstorage.html> . Many of the commands for pools are similar to the ones used for domains.- find-storage-pool-sources type [srcSpec]
- Returns XML describing all storage pools of a given type that could be found. If srcSpec is provided, it is a file that contains XML to further restrict the query for pools.
- find-storage-pool-sources-as type [host] [ port] [initiator]
- Returns XML describing all storage pools of a given type that could be found. If host, port, or initiator are provided, they control where the query is performed.
- pool-autostart pool-or-uuid [--disable]
- Configure whether pool should automatically start at boot.
- pool-build pool-or-uuid [--overwrite] [ --no-overwrite]
- Build a given pool.
- pool-create file
- Create and start a pool object from the XML file.
- pool-create-as name --print-xml type [ source-host] [source-path] [source-dev] [source-name] [<target>] [--source-format format]
- Create and start a pool object name from the raw parameters. If --print-xml is specified, then print the XML of the pool object without creating the pool. Otherwise, the pool has the specified type.
- pool-define file
- Create, but do not start, a pool object from the XML file.
- pool-define-as name --print-xml type [ source-host] [source-path] [source-dev] [source-name] [<target>] [--source-format format]
- Create, but do not start, a pool object name from the raw parameters. If --print-xml is specified, then print the XML of the pool object without defining the pool. Otherwise, the pool has the specified type.
- pool-destroy pool-or-uuid
- Destroy (stop) a given pool object. Libvirt will no longer manage the storage described by the pool object, but the raw data contained in the pool is not changed, and can be later recovered with pool-create.
- pool-delete pool-or-uuid
- Destroy the resources used by a given pool object. This operation is non-recoverable. The pool object will still exist after this command, ready for the creation of new storage volumes.
- pool-dumpxml [--inactive] pool-or-uuid
- Returns the XML information about the pool object. --inactive tells virsh to dump pool configuration that will be used on next start of the pool as opposed to the current pool configuration.
- pool-edit pool-or-uuid
- Edit the XML configuration file for a storage pool.
virsh pool-dumpxml pool > pool.xml vi pool.xml (or make changes with your other text editor) virsh pool-define pool.xml
- pool-info pool-or-uuid
- Returns basic information about the pool object.
- pool-list [--inactive] [--all] [--persistent] [ --transient] [--autostart] [--no-autostart] [[ --details] [<type>]
- List pool objects known to libvirt. By default, only active
pools are listed; --inactive lists just the inactive pools, and
--all lists all pools.
- pool-name uuid
- Convert the uuid to a pool name.
- pool-refresh pool-or-uuid
- Refresh the list of volumes contained in pool.
- pool-start pool-or-uuid
- Start the storage pool, which is previously defined
but inactive.
- pool-undefine pool-or-uuid
- Undefine the configuration for an inactive pool.
- pool-uuid pool
- Returns the UUID of the named pool.
VOLUME COMMANDS¶
- vol-create pool-or-uuid FILE [--prealloc-metadata]
- Create a volume from an XML <file>.
pool-or-uuid is the name or UUID of the storage pool to create the
volume in. FILE is the XML <file> with the volume definition.
An easy way to create the XML <file> is to use the
vol-dumpxml command to obtain the definition of a pre-existing
volume. [ --prealloc-metadata] preallocate metadata (for qcow2
images which don't support full allocation). This option creates a sparse
image file with metadata, resulting in higher performance compared to
images with no preallocation and only slightly higher initial disk space
usage.
virsh vol-dumpxml --pool storagepool1 appvolume1 > newvolume.xml vi newvolume.xml (or make changes with your other text editor) virsh vol-create differentstoragepool newvolume.xml
- vol-create-from pool-or-uuid FILE [--inputpool pool-or-uuid] vol-name-or-key-or-path [--prealloc-metadata]
- Create a volume, using another volume as input. pool-or-uuid is the name or UUID of the storage pool to create the volume in. FILE is the XML <file> with the volume definition. --inputpool pool-or-uuid is the name or uuid of the storage pool the source volume is in. vol-name-or-key-or-path is the name or key or path of the source volume. [ --prealloc-metadata] preallocate metadata (for qcow2 images which don't support full allocation). This option creates a sparse image file with metadata, resulting in higher performance compared to images with no preallocation and only slightly higher initial disk space usage.
- vol-create-as pool-or-uuid name capacity [ --allocation size] [--format string] [ --backing-vol vol-name-or-key-or-path] [--backing-vol-format string] [--prealloc-metadata]
- Create a volume from a set of arguments. pool-or-uuid is the name or UUID of the storage pool to create the volume in. name is the name of the new volume. capacity is the size of the volume to be created, as a scaled integer (see NOTES above), defaulting to bytes if there is no suffix. --allocation size is the initial size to be allocated in the volume, also as a scaled integer defaulting to bytes. --format string is used in file based storage pools to specify the volume file format to use; raw, bochs, qcow, qcow2, vmdk, qed. --backing-vol vol-name-or-key-or-path is the source backing volume to be used if taking a snapshot of an existing volume. --backing-vol-format string is the format of the snapshot backing volume; raw, bochs, qcow, qcow2, qed, vmdk, host_device. These are, however, meant for file based storage pools. [ --prealloc-metadata] preallocate metadata (for qcow2 images which don't support full allocation). This option creates a sparse image file with metadata, resulting in higher performance compared to images with no preallocation and only slightly higher initial disk space usage.
- vol-clone [--pool pool-or-uuid] vol-name-or-key-or-path name [--prealloc-metadata]
- Clone an existing volume. Less powerful, but easier to type, version of vol-create-from. --pool pool-or-uuid is the name or UUID of the storage pool to create the volume in. vol-name-or-key-or-path is the name or key or path of the source volume. name is the name of the new volume. [ --prealloc-metadata] preallocate metadata (for qcow2 images which don't support full allocation). This option creates a sparse image file with metadata, resulting in higher performance compared to images with no preallocation and only slightly higher initial disk space usage.
- vol-delete [--pool pool-or-uuid] vol-name-or-key-or-path
- Delete a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to delete.
- vol-upload [--pool pool-or-uuid] [--offset bytes] [--length bytes] vol-name-or-key-or-path local-file
- Upload the contents of local-file to a storage volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume where the file will be uploaded. --offset is the position in the storage volume at which to start writing the data. The value must be 0 or larger. --length is an upper bound of the amount of data to be uploaded. A negative value is interpreted as an unsigned long long value to essentially include everything from the offset to the end of the volume. An error will occur if the local-file is greater than the specified length. See the description for the libvirt virStorageVolUpload API for details regarding possible target volume and pool changes as a result of the pool refresh when the upload is attempted.
- vol-download [--pool pool-or-uuid] [--offset bytes] [--length bytes] vol-name-or-key-or-path local-file
- Download the contents of a storage volume to local-file. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to download. --offset is the position in the storage volume at which to start reading the data. The value must be 0 or larger. --length is an upper bound of the amount of data to be downloaded. A negative value is interpreted as an unsigned long long value to essentially include everything from the offset to the end of the volume.
- vol-wipe [--pool pool-or-uuid] [--algorithm algorithm] vol-name-or-key-or-path
- Wipe a volume, ensure data previously on the volume is not
accessible to future reads. --pool pool-or-uuid is the name
or UUID of the storage pool the volume is in.
vol-name-or-key-or-path is the name or key or path of the volume to
wipe. It is possible to choose different wiping algorithms instead of
re-writing volume with zeroes. This can be done via --algorithm
switch.
zero - 1-pass all zeroes
nnsa - 4-pass NNSA Policy Letter NAP-14.1-C (XVI-8) for
sanitizing removable and non-removable hard disks:
random x2, 0x00, verify.
dod - 4-pass DoD 5220.22-M section 8-306 procedure for
sanitizing removable and non-removable rigid
disks: random, 0x00, 0xff, verify.
bsi - 9-pass method recommended by the German Center of
Security in Information Technologies
(http://www.bsi.bund.de): 0xff, 0xfe, 0xfd, 0xfb,
0xf7, 0xef, 0xdf, 0xbf, 0x7f.
gutmann - The canonical 35-pass sequence described in
Gutmann's paper.
schneier - 7-pass method described by Bruce Schneier in
"Applied Cryptography" (1996): 0x00, 0xff,
random x5.
pfitzner7 - Roy Pfitzner's 7-random-pass method: random x7.
pfitzner33 - Roy Pfitzner's 33-random-pass method: random x33.
random - 1-pass pattern: random.
- vol-dumpxml [--pool pool-or-uuid] vol-name-or-key-or-path
- Output the volume information as an XML dump to stdout. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to output the XML of.
- vol-info [--pool pool-or-uuid] vol-name-or-key-or-path
- Returns basic information about the given storage volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to return information for.
- vol-list [--pool pool-or-uuid] [--details]
- Return the list of volumes in the given storage pool. --pool pool-or-uuid is the name or UUID of the storage pool. The --details option instructs virsh to additionally display volume type and capacity related information where available.
- vol-pool [--uuid] vol-key-or-path
- Return the pool name or UUID for a given volume. By default, the pool name is returned. If the --uuid option is given, the pool UUID is returned instead. vol-key-or-path is the key or path of the volume to return the pool information for.
- vol-path [--pool pool-or-uuid] vol-name-or-key
- Return the path for a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key is the name or key of the volume to return the path for.
- vol-name vol-key-or-path
- Return the name for a given volume. vol-key-or-path is the key or path of the volume to return the name for.
- vol-key [--pool pool-or-uuid] vol-name-or-path
- Return the volume key for a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-path is the name or path of the volume to return the volume key for.
- vol-resize [--pool pool-or-uuid] vol-name-or-path pool-or-uuid capacity [--allocate] [ --delta] [--shrink]
- Resize the capacity of the given volume, in bytes. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to resize. The new capacity might be sparse unless --allocate is specified. Normally, capacity is the new size, but if --delta is present, then it is added to the existing size. Attempts to shrink the volume will fail unless --shrink is present; capacity cannot be negative unless --shrink is provided, but a negative sign is not necessary. capacity is a scaled integer (see NOTES above), which defaults to bytes if there is no suffix. This command is only safe for storage volumes not in use by an active guest; see also blockresize for live resizing.
SECRET COMMANDS¶
The following commands manipulate "secrets" (e.g. passwords, passphrases and encryption keys). Libvirt can store secrets independently from their use, and other objects (e.g. volumes or domains) can refer to the secrets for encryption or possibly other uses. Secrets are identified using a UUID. See <http://libvirt.org/formatsecret.html> for documentation of the XML format used to represent properties of secrets.- secret-define file
- Create a secret with the properties specified in file, with no associated secret value. If file does not specify a UUID, choose one automatically. If file specifies a UUID of an existing secret, replace its properties by properties defined in file, without affecting the secret value.
- secret-dumpxml secret
- Output properties of secret (specified by its UUID) as an XML dump to stdout.
- secret-set-value secret base64
- Set the value associated with secret (specified by its UUID) to the value Base64-encoded value base64.
- secret-get-value secret
- Output the value associated with secret (specified by its UUID) to stdout, encoded using Base64.
- secret-undefine secret
- Delete a secret (specified by its UUID), including the associated value, if any.
- secret-list [--ephemeral] [--no-ephemeral] [ --private] [--no-private]
- Returns the list of secrets. You may also want to filter the returned secrets by --ephemeral to list the ephemeral ones, --no-ephemeral to list the non-ephemeral ones, --private to list the private ones, and --no-private to list the non-private ones.
SNAPSHOT COMMANDS¶
The following commands manipulate domain snapshots. Snapshots take the disk, memory, and device state of a domain at a point-of-time, and save it for future use. They have many uses, from saving a "clean" copy of an OS image to saving a domain's state before a potentially destructive operation. Snapshots are identified with a unique name. See <http://libvirt.org/formatsnapshot.html> for documentation of the XML format used to represent properties of snapshots.- snapshot-create domain [xmlfile] {[--redefine [ --current]] | [--no-metadata] [--halt] [ --disk-only] [--reuse-external] [--quiesce] [ --atomic] [--live]}
- Create a snapshot for domain domain with the
properties specified in xmlfile. Normally, the only properties
settable for a domain snapshot are the <name> and
<description> elements, as well as <disks> if
--disk-only is given; the rest of the fields are ignored, and
automatically filled in by libvirt. If xmlfile is completely
omitted, then libvirt will choose a value for all fields. The new snapshot
will become current, as listed by snapshot-current.
- snapshot-create-as domain {[--print-xml] | [ --no-metadata] [--halt] [--reuse-external]} [ name] [description] [--disk-only [ --quiesce]] [--atomic] [[--live] [ --memspec memspec]] [--diskspec] diskspec]...
- Create a snapshot for domain domain with the given
<name> and <description>; if either value is omitted, libvirt
will choose a value. If --print-xml is specified, then XML
appropriate for snapshot-create is output, rather than actually
creating a snapshot. Otherwise, if --halt is specified, the domain
will be left in an inactive state after the snapshot is created, and if
--disk-only is specified, the snapshot will not include vm state.
<disk name='vda' snapshot='external'>
<source file='/path/to,new'/>
</disk>
- snapshot-current domain {[--name] | [--security-info] | [snapshotname]}
- Without snapshotname, this will output the snapshot
XML for the domain's current snapshot (if any). If --name is
specified, just the current snapshot name instead of the full xml.
Otherwise, using --security-info will also include security
sensitive information in the XML.
- snapshot-edit domain [snapshotname] [--current] {[--rename] | [--clone]}
- Edit the XML configuration file for snapshotname of
a domain. If both snapshotname and --current are specified,
also force the edited snapshot to become the current snapshot. If
snapshotname is omitted, then --current must be supplied, to
edit the current snapshot.
virsh snapshot-dumpxml dom name > snapshot.xml vi snapshot.xml (or make changes with your other text editor) virsh snapshot-create dom snapshot.xml --redefine [--current]
- snapshot-info domain {snapshot | --current}
- Output basic information about a named <snapshot>, or the current snapshot with --current.
- snapshot-list domain [--metadata] [--no-metadata] [{ --parent | --roots | [{--tree | --name}]}] [{[--from] snapshot | --current} [--descendants]] [--leaves] [--no-leaves] [--inactive] [ --active] [--disk-only] [--internal] [ --external]
- List all of the available snapshots for the given domain,
defaulting to show columns for the snapshot name, creation time, and
domain state.
- snapshot-dumpxml domain snapshot [--security-info]
- Output the snapshot XML for the domain's snapshot named snapshot. Using --security-info will also include security sensitive information. Use snapshot-current to easily access the XML of the current snapshot.
- snapshot-parent domain {snapshot | --current}
- Output the name of the parent snapshot, if any, for the given snapshot, or for the current snapshot with --current.
- snapshot-revert domain {snapshot | --current} [{ --running | --paused}] [--force]
- Revert the given domain to the snapshot specified by
snapshot, or to the current snapshot with --current. Be
aware that this is a destructive action; any changes in the domain since
the last snapshot was taken will be lost. Also note that the state of the
domain after snapshot-revert is complete will be the state of the domain
at the time the original snapshot was taken.
- snapshot-delete domain {snapshot | --current} [ --metadata] [{--children | --children-only}]
- Delete the snapshot for the domain named snapshot,
or the current snapshot with --current. If this snapshot has child
snapshots, changes from this snapshot will be merged into the children. If
--children is passed, then delete this snapshot and any children of
this snapshot. If --children-only is passed, then delete any
children of this snapshot, but leave this snapshot intact. These two flags
are mutually exclusive.
NWFILTER COMMANDS¶
The following commands manipulate network filters. Network filters allow filtering of the network traffic coming from and going to virtual machines. Individual network traffic filters are written in XML and may contain references to other network filters, describe traffic filtering rules, or contain both. Network filters are referenced by virtual machines from within their interface description. A network filter may be referenced by multiple virtual machines' interfaces.- nwfilter-define xmlfile
- Make a new network filter known to libvirt. If a network filter with the same name already exists, it will be replaced with the new XML. Any running virtual machine referencing this network filter will have its network traffic rules adapted. If for any reason the network traffic filtering rules cannot be instantiated by any of the running virtual machines, then the new XML will be rejected.
- nwfilter-undefine nwfilter-name
- Delete a network filter. The deletion will fail if any running virtual machine is currently using this network filter.
- nwfilter-list
- List all of the available network filters.
- nwfilter-dumpxml nwfilter-name
- Output the network filter XML.
- nwfilter-edit nwfilter-name
- Edit the XML of a network filter.
virsh nwfilter-dumpxml myfilter > myfilter.xml vi myfilter.xml (or make changes with your other text editor) virsh nwfilter-define myfilter.xml
HYPERVISOR-SPECIFIC COMMANDS¶
NOTE: Use of the following commands is strongly discouraged. They can cause libvirt to become confused and do the wrong thing on subsequent operations. Once you have used these commands, please do not report problems to the libvirt developers; the reports will be ignored. If you find that these commands are the only way to accomplish something, then it is better to request that the feature be added as a first-class citizen in the regular libvirt library.- qemu-attach pid
- Attach an externally launched QEMU process to the libvirt QEMU driver. The QEMU process must have been created with a monitor connection using the UNIX driver. Ideally the process will also have had the '-name' argument specified.
$ qemu-kvm -cdrom ~/demo.iso \ -monitor unix:/tmp/demo,server,nowait \ -name foo \ -uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea & $ QEMUPID=$! $ virsh qemu-attach $QEMUPID
- qemu-monitor-command domain { [--hmp] | [ --pretty] } command...
- Send an arbitrary monitor command command to domain domain through the qemu monitor. The results of the command will be printed on stdout. If --hmp is passed, the command is considered to be a human monitor command and libvirt will automatically convert it into QMP if needed. In that case the result will also be converted back from QMP. If --pretty is given, and the monitor uses QMP, then the output will be pretty-printed. If more than one argument is provided for command, they are concatenated with a space in between before passing the single command to the monitor.
- qemu-agent-command domain [--timeout seconds | --async | --block] command...
- Send an arbitrary guest agent command command to domain domain through qemu agent. --timeout, --async and --block options are exclusive. --timeout requires timeout seconds seconds and it must be positive. When --aysnc is given, the command waits for timeout whether success or failed. And when --block is given, the command waits forever with blocking timeout.
- qemu-monitor-event [domain] [--event event-name] [--loop] [--timeout seconds] [--pretty] [ --regex] [--no-case]
- Wait for arbitrary QEMU monitor events to occur, and print
out the details of events as they happen. The events can optionally be
filtered by domain or event-name. The 'query-events' QMP
command can be used via qemu-monitor-command to learn what events
are supported. If --regex is used, event-name is a basic
regular expression instead of a literal string. If --no-case is
used, event-name will match case-insensitively.
- lxc-enter-namespace domain -- /path/to/binary [arg1, [arg2, ...]]
- Enter the namespace of domain and execute the command "/path/to/binary" passing the requested args. The binary path is relative to the container root filesystem, not the host root filesystem. The binary will inherit the environment variables / console visible to virsh. This command only works when connected to the LXC hypervisor driver. This command succeeds only if "/path/to/binary" has 0 exit status.
ENVIRONMENT¶
The following environment variables can be set to alter the behaviour of "virsh"- VIRSH_DEBUG=<0 to 4>
- Turn on verbose debugging of virsh commands. Valid levels are
- •
- VIRSH_DEBUG=0
- •
- VIRSH_DEBUG=1
- •
- VIRSH_DEBUG=2
- •
- VIRSH_DEBUG=3
- •
- VIRSH_DEBUG=4
- VIRSH_LOG_FILE="LOGFILE"
- The file to log virsh debug messages.
- VIRSH_DEFAULT_CONNECT_URI
- The hypervisor to connect to by default. Set this to a URI, in the same format as accepted by the connect option. This environment variable is deprecated in favour of the global LIBVIRT_DEFAULT_URI variable which serves the same purpose.
- LIBVIRT_DEFAULT_URI
- The hypervisor to connect to by default. Set this to a URI, in the same format as accepted by the connect option. This overrides the default URI set in any client config file and prevents libvirt from probing for drivers.
- VISUAL
- The editor to use by the edit and related options.
- EDITOR
- The editor to use by the edit and related options, if "VISUAL" is not set.
- VIRSH_HISTSIZE
- The number of commands to remember in the command history. The default value is 500.
- LIBVIRT_DEBUG=LEVEL
- Turn on verbose debugging of all libvirt API calls. Valid levels are
- •
- LIBVIRT_DEBUG=1
- •
- LIBVIRT_DEBUG=2
- •
- LIBVIRT_DEBUG=3
- •
- LIBVIRT_DEBUG=4
BUGS¶
Report any bugs discovered to the libvirt community via the mailing list "http://libvirt.org/contact.html" or bug tracker "http://libvirt.org/bugs.html". Alternatively report bugs to your software distributor / vendor.AUTHORS¶
Please refer to the AUTHORS file distributed with libvirt. Based on the xm man page by: Sean Dague <sean at dague dot net> Daniel Stekloff <dsteklof at us dot ibm dot com>
COPYRIGHT¶
Copyright (C) 2005, 2007-2014 Red Hat, Inc., and the authors listed in the libvirt AUTHORS file.LICENSE¶
virsh is distributed under the terms of the GNU LGPL v2+. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSESEE ALSO¶
virt-install(1), virt-xml-validate(1), virt-top(1), virt-df(1), <http://www.libvirt.org/>2016-03-31 | libvirt-1.2.9 |