KVM, Libvirt, and Libvirt-QEMU Groups in Linux – Purpose and Usage

debiankvmlibvirtqemuvirtual machine

I wanted to play a little bit with KVM on my Debian, and I installed the needed tools. The three groups showed up in the /etc/group file: kvm , libvirt and libvirt-qemu . What's the purpose of each of these groups?

For now I know that the libvirt group allows a regular user (via policykit) to connect to the libvirtd daemon without asking for root password, and hence it allows to create/remove/configure/manage of virtual machines.

I also know, that the /dev/kvm device has set the kvm group. What can a user do when he has read/write permissions to this device? Should I add a regular user to this group? If so, why?

I don't really know what's the purpose of the libvirt-qemu group. It looks like it's redundant, but many HowTos on the net suggest to add a regular user also to this group. Is this required?

Best Answer

See /usr/share/doc/libvirt-daemon/README.Debian: the libvirt group controls access to libvirt, through PolicyKit (as you determined), and libvirt-qemu is the user and group used to run system QEMU/KVM processes. You needn’t care about the latter, it’s an implementation detail, not a group end users need to be added to.

Membership of the kvm group grants access to /dev/kvm, which is necessary to run VMs using KVM. This is controlled using uaccess now, so the currently-active user on the console gets access automatically. libvirt-qemu’s primary group is kvm, which is how libvirt-managed VMs get access to KVM.

Related Solutions

Centos – enable cephx authentication using a pool in qemu/kvm

As you say, the XML not include auth stanza, that's why domain installation faild, but you can add the auth part manual
Edit /usr/share/virt-manager/virtinst/guest.py as follow

#vim /usr/share/virt-manager/virtinst/guest.py
import re
...
#define the auth 
auth_secret = '''
      <auth username='libvirt'>
        <secret type='ceph' uuid='e63e4b32-280e-4b00-982a-9d3xxxxxxx'/>
      </auth>
'''
ceph_monitors = '''
        <host name='172.16.200.104' port='6789'/>
        <host name='172.16.200.105' port='6789'/>
        <host name='172.16.200.106' port='6789'/>
'''

#change func: _build_xml 
    def _build_xml(self, is_initial):
        log_label = is_initial and "install" or "continue"
        disk_boot = not is_initial

        start_xml = self._get_install_xml(install=True, disk_boot=disk_boot)
        final_xml = self._get_install_xml(install=False)

#add------------start
        rgx_qemu = re.compile('(<driver name="qemu"[^>]*?>)')
        rgx_auth = re.compile('(?<=<source protocol="rbd" name=")([^>]*?">).*?(?= *?</source>)',re.S)

        start_xml = rgx_qemu.sub('\\1' + auth_secret,start_xml)
        start_xml = rgx_auth.sub('\\1' + ceph_monitors,start_xml)

        final_xml = rgx_qemu.sub('\\1' + auth_secret,final_xml)
        final_xml = rgx_auth.sub('\\1' + ceph_monitors,final_xml)
#add------------end

        logging.debug("Generated %s XML: %s",
                      log_label,
                      (start_xml and ("\n" + start_xml) or "None required"))
        logging.debug("Generated boot XML: \n%s", final_xml)

        return start_xml, final_xml

Then, run virt-install again

sudo virt-install \
  --connect qemu:///system \
  --virt-type kvm \
  --name $NAME \
  --ram $RAM \
  --vcpus=$VCPUS \
  --disk vol=$POOL/$FILE \
  --location /var/lib/libvirt/images/$IMAGE \
  --vnc \
  --noautoconsole \
  --os-type linux \
  --os-variant rhel7 \
  --network=bridge:virbr0,model=virtio,mac=52:54:00:00:00:$MACLAST_HEX \
  --autostart

More info http://www.isjian.com/ceph/virt-install-create-vm-use-rbd-pool/

What’s the difference between KVM, QEMU and libvirt

Qemu is the lowest level that emulates processor and peripherals. KVM is to accelerate it if the CPU has VT enabled. Libvirt provides a daemon and client to manipulate VMs for convenience. See also Difference between KVM and QEMU on Server Fault.

Best Answer

Related Solutions

Centos – enable cephx authentication using a pool in qemu/kvm

What’s the difference between KVM, QEMU and libvirt

Related Question