Libvirt the virtualization API

Note: this is the flat content of the website

libvirt

what is libvirt?

Libvirt is a C toolkit to interact with the virtualization capabilitiesof recent versions of Linux (and other OSes). It is free software availableunder the GNULesser General Public License. Virtualization of the Linux OperatingSystem means the ability to run multiple instances of Operating Systemsconcurently on a single hardware system where the basic resources are drivenby a Linux instance. The library aim at providing long term stable C APIinitially for the Xenparavirtualizationbut should be able to integrate other virtualizationmechanisms if needed.

Releases

Here is the list of official releases, however since it is early on in thedevelopment of libvirt, it is preferable when possible to just use the CVS version or snapshot, contact the mailing listand check the ChangeLogto gauge progresses.

0.2.0: Feb 14 2007

0.1.11: Jan 22 2007

0.1.10: Dec 20 2006

0.1.9: Nov 29 2006

0.1.8: Oct 16 2006

0.1.7: Sep 29 2006

0.1.6: Sep 22 2006

0.1.5: Sep 5 2006

0.1.4: Aug 16 2006

0.1.3: Jul 11 2006

0.1.2: Jul 3 2006

0.1.1: Jun 21 2006

0.1.0: Apr 10 2006

0.0.6: Feb 28 2006

0.0.5: Feb 23 2006

0.0.4: Feb 10 2006

0.0.3: Feb 9 2006

0.0.2: Jan 29 2006

0.0.1: Dec 19 2005

Introduction

Libvirt is a C toolkit to interact with the virtualization capabilities ofrecent versions of Linux (and other OSes), but libvirt won't try to provideall possible interfaces for interacting with the virtualization features.

To avoid ambiguity about the terms used here here are the definitions forsome of the specific concepts used in libvirt documentation:

Hypervisor and domains running on a node

Now we can define the goal of libvirt: to provide the lowest possiblegeneric and stable layer to manage domains on a node.

This implies the following:

So libvirt should be a building block for higher level management toolsand for applications focusing on virtualization of a single node (the onlyexception being domain migration between node capabilities which may need tobe added at the libvirt level). Where possible libvirt should be extendableto be able to provide the same API for remote nodes, however this is not thecase at the moment, the code currently handle only local node accesses(extension for remote access support is being worked on, seethe mailing listdiscussions about it).

libvirt architecture

Currently libvirt supports 2 kind of virtualization, and its internalstructure is based on a driver model which simplifies adding new engines:

Libvirt Xen support

When running in a Xen environment, programs using libvirt have to executein "Domain 0", which is the primary Linux OS loaded on the machine. That OSkernel provides most if not all of the actual drivers used by the set ofdomains. It also runs the Xen Store, a database of informations shared by thehypervisor, the kernels, the drivers and the xen daemon. Xend. The xen daemonsupervise the control and execution of the sets of domains. The hypervisor,drivers, kernels and daemons communicate though a shared system busimplemented in the hypervisor. The figure below tries to provide a view ofthis environment:

The Xen architecture

The library can be initialized in 2 ways depending on the level ofpriviledge of the embedding program. If it runs with root access,virConnectOpen() can be used, it will use different ways to connect tothe Xen infrastructure:

The library will usually interact with the Xen daemon for any operationchanging the state of the system, but for performance and accuracy reasonsmay talk directly to the hypervisor when gathering state informations atleast when possible (i.e. when the running program using libvirt has rootpriviledge access).

If it runs without root access virConnectOpenReadOnly() should be used toconnect to initialize the library. It will then fork a libvirt_proxy programrunning as root and providing read_only access to the API, this is thenonly useful for reporting and monitoring.

Libvirt QEmu and KVM support

The model for QEmu and KVM is completely similar, basically KVM isbased on QEmu for the process controlling a new domain, only small detailsdiffers between the two. In both case the libvirt API is providedby a controlling process forked by libvirt in the background andwhich launch and control the QEmu or KVM process. That program calledlibvirt_qemud talks though a specific protocol to the library, andconnects to the console of the QEmu process in order to control andreport on its status. Libvirt tries to expose all the emulationsmodels of QEmu, the selection is done when creating the new domain,by specifying the architecture and machine type targetted.

The code controlling the QEmu process is available in theqemud/subdirectory.

the driver based architecture

As the previous section explains, libvirt can communicate using differentchannels with the Xen hypervisor, and is also able to use different kindof hypervisor. To simplify the internal design, code, easemaintainance and simplify the support of other virtualization engine theinternals have been structured as one core component, the libvirt.c moduleacting as a front-end for the library API and a set of hypvisor driversdefining a common set of routines. That way the Xen Daemon accces, the XenStore one, the Hypervisor hypercall are all isolated in separate C modulesimplementing at least a subset of the common operations defined by thedrivers present in driver.h. The driver architecture is used to add supportfor other virtualization engines and

Note that a given driver may only implement a subset of those functions,for example saving a Xen domain state to disk and restoring it is only possiblethough the Xen Daemon, in that case the driver entry points are initialized toNULL.

Downloads

The latest versions of libvirt can be found on the libvirt.orgserver ( HTTP, FTP). You will find there the releasedversions as well as snapshottarballsupdated from CVS head every hour

Anonymous CVSis alsoavailable, first register onto the server:

cvs -d :pserver:anoncvs@libvirt.org:2401/data/cvs login

it will request a password, enter anoncvs. Then you cancheckout the development tree with:

cvs -d :pserver:anoncvs@libvirt.org:2401/data/cvs colibvirt

Use ./autogen.sh to configure the local checkout, then makeand make install, as usual. All normal cvs commands are nowavailable except commiting to the base.

XML Format

This section describes the XML format used to represent domains, there arevariations on the format based on the kind of domains run and the optionsused to launch them:

The formats try as much as possible to follow the same structure and reuseelements and attributes where it makes sense.

Normal paravirtualized Xendomains:

The library use an XML format to describe domains, as input to virDomainCreateLinux()and as the output of virDomainGetXMLDesc(),the following is an example of the format as returned by the shell commandvirsh xmldump fc4, where fc4 was one of the running domains:

<domain type='xen' id='18'>
  <name>fc4</name>
  <os>
    <type>linux</type>
    <kernel>/boot/vmlinuz-2.6.15-1.43_FC5guest</kernel>
    <initrd>/boot/initrd-2.6.15-1.43_FC5guest.img</initrd>
    <root>/dev/sda1</root>
    <cmdline> ro selinux=0 3</cmdline>
  </os>
  <memory>131072</memory>
  <vcpu>1</vcpu>
  <devices>
    <disk type='file'>
      <source file='/u/fc4.img'/>
      <target dev='sda1'/>
    </disk>
    <interface type='bridge'>
      <source bridge='xenbr0'/>
      <mac address='aa:00:00:00:00:11'/>
      <script path='/etc/xen/scripts/vif-bridge'/>
    </interface>
    <console tty='/dev/pts/5'/>
  </devices>
</domain>

The root element must be called domainwith no namespace, thetypeattribute indicates the kind of hypervisor used, 'xen' isthe default value. The idattribute gives the domain id atruntime (not however that this may change, for example if the domain is savedto disk and restored). The domain has a few children whose order is notsignificant:

The format of the devices and their type may grow over time, but thefollowing should be sufficient for basic use:

A diskdevice indicates a block device, it can have twovalues for the type attribute either 'file' or 'block' corresponding to the 2options availble at the Xen layer. It has two mandatory children, and oneoptional one in no specific order:

An interfaceelement describes a network device mapped on theguest, it also has a type whose value is currently 'bridge', it also have anumber of children in no specific order:

A consoleelement describes a serial console connection tothe guest. It has no children, and a single attribute ttywhichprovides the path to the Pseudo TTY on which the guest console can beaccessed

Life cycle actions for the domain can also be expressed in the XML format,they drive what should be happening if the domain crashes, is rebooted or ispoweroff. There is various actions possible when this happen:

The following could be used for a Xen production system:

<domain>
  ...
  <on_reboot>restart</on_reboot>
  <on_poweroff>destroy</on_poweroff>
  <on_crash>rename-restart</on_crash>
  ...
</domain>

While the format may be extended in various ways as support for morehypervisor types and features are added, it is expected that this core subsetwill remain functional in spite of the evolution of the library.

Fully virtualized guests(added in 0.1.3):

Here is an example of a domain description used to start a fullyvirtualized (a.k.a. HVM) Xen domain. This requires hardware virtualizationsupport at the processor level but allows to run unmodified operatingsystems:

<domain type='xen' id='3'>
  <name>fv0</name>
  <uuid>4dea22b31d52d8f32516782e98ab3fa0</uuid>
  <os>
    <type>hvm</type>
    <loader>/usr/lib/xen/boot/hvmloader</loader>
    <boot dev='hd'/>
  </os>
  <memory>524288</memory>
  <vcpu>1</vcpu>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <features>
     <pae/>
     <acpi/>
     <apic/>
  </features>
  <devices>
    <emulator>/usr/lib/xen/bin/qemu-dm</emulator>
    <interface type='bridge'>
      <source bridge='xenbr0'/>
      <mac address='00:16:3e:5d:c7:9e'/>
      <script path='vif-bridge'/>
    </interface>
    <disk type='file'>
      <source file='/root/fv0'/>
      <target dev='hda'/>
    </disk>
    <disk type='file' device='cdrom'>
      <source file='/root/fc5-x86_64-boot.iso'/>
      <target dev='hdc'/>
      <readonly/>
    </disk>
    <disk type='file' device='floppy'>
      <source file='/root/fd.img'/>
      <target dev='fda'/>
    </disk>
    <graphics type='vnc' port='5904'/>
  </devices>
</domain>

There is a few things to notice specifically for HVM domains:

It is likely that the HVM description gets additional optional elementsand attributes as the support for fully virtualized domain expands,especially for the variety of devices emulated and the graphic supportoptions offered.

KVM domain (added in 0.2.0)

Support for the KVM virtualization is provided in recent Linux kernels (2.6.20 and onward). This requires specific hardware with acceleration support and the availability of the special version of the QEmu binary. Since this relies on QEmu for the machine emulation like fully virtualized guests the XML description is quite similar, here is a simple example:

<domain type='kvm'>
  <name>demo2</name>
  <uuid>4dea24b3-1d52-d8f3-2516-782e98a23fa0</uuid>
  <memory>131072</memory>
  <vcpu>1</vcpu>
  <os>
    <type>hvm</type>
  </os>
  <devices>
    <emulator>/home/user/usr/kvm-devel/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <source file='/home/user/fedora/diskboot.img'/>
      <target dev='hda'/>
    </disk>
    <interface type='user'>
      <mac address='24:42:53:21:52:45'/>
    </interface>
    <graphics type='vnc' port='-1'/>
  </devices>
</domain>

The specific points to note if using KVM are:

except those points the options should be quite similar to Xen HVM ones.

QEmu domain (added in 0.2.0)

Binding for Python

Libvirt comes with direct support for the Python language (just make sureyou installed the libvirt-python package if not compiling from sources). Alsonote that Daniel Berrange provides bindings for Perltoo.

The Python binding should be complete and are mostly automaticallygenerated from the formal description of the API in xml. The bindings arearticulated around 2 classes virConnectand virDomain mapping tothe C types. Functions in the C API taking either type as argument thenbecomes methods for the classes, their name is just stripped from thevirConnect or virDomain(Get) prefix and the first letter gets converted tolower case, for example the C functions:

int virConnectNumOfDomains(virConnectPtr conn);

int virDomainSetMaxMemory(virDomainPtr domain, unsigned long memory);

become

virConn::numOfDomains(self)

virDomain::setMaxMemory(self, memory)

This process is fully automated, you can get a summary of the conversionin the file libvirtclass.txt present in the python dir or in the docs.Thereis a couple of function who don't map directly to their C counterparts due tospecificities in their argument conversions:

So let's look at a simple example inspired from the basic.pytest found in python/tests/in the source tree:

import libvirt
import sys

conn = libvirt.openReadOnly(None)
if conn == None:
    print 'Failed to open connection to the hypervisor'
    sys.exit(1)

try:
    dom0 = conn.lookupByName("Domain-0")
except:
    print 'Failed to find the main domain'
    sys.exit(1)

print "Domain 0: id %d running %s" % (dom0.ID(), dom0.OSType())
print dom0.info()

There is not much to comment about it, it really is a straight mappingfrom the C API, the only points to notice are:

Handling of errors

The main goals of libvirt when it comes to error handling are:

As result the library provide both synchronous, callback based andasynchronous error reporting. When an error happens in the library code theerror is logged, allowing to retrieve it later and if the user registered anerror callback it will be called synchronously. Once the call to libvirt endsthe error can be detected by the return value and the full information forthe last logged error can be retrieved.

To avoid as much as prossible troubles with a global variable in amultithreaded environment, libvirt will associate when possible the errors tothe current connection they are related to, that way the error is stored in adynamic structure which can be made thread specific. Error callback can beset specifically to a connection with

So error handling in the code is the following:

  1. if the error can be associated to a connection for example when failingto look up a domain
    1. if there is a callback associated to the connection set with virConnSetErrorFunc,call it with the error informations
    2. otherwise if there is a global callback set with virSetErrorFunc,call it with the error information
    3. otherwise call virDefaultErrorFuncwhich is the default error function of the library issuing the erroron stderr
    4. save the error in the connection for later retrieval with virConnGetLastError
  2. otherwise like when failing to create an hypervisor connection:
    1. if there is a global callback set with virSetErrorFunc,call it with the error information
    2. otherwise call virDefaultErrorFuncwhich is the default error function of the library issuing the erroron stderr
    3. save the error in the connection for later retrieval with virGetLastError

In all cases the error informations are provided as a virErrorPtrpointer toread-only structure virErrorcontaining thefollowing fields:

and then extra raw informations about the error which may be initializedto 0 or NULL if unused

So usually, setting up specific error handling with libvirt consist ofregistering an handler with with virSetErrorFuncorwith virConnSetErrorFunc,chech the value of the code value, take appropriate action, if needed letlibvirt print the error on stderr by calling virDefaultErrorFunc.For asynchronous error handing, set such a function doing nothing to avoidthe error being reported on stderr, and call virConnGetLastError orvirGetLastError when an API call returned an error value. It can be a goodidea to use virResetErroror virConnResetLastErroronce an error has been processed fully.

At the python level, there only a global reporting callback function atthis point, see the error.py example about it:

def handler(ctxt, err):
    global errno

    #print "handler(%s, %s)" % (ctxt, err)
    errno = err

libvirt.registerErrorHandler(handler, 'context') 

the second argument to the registerErrorHandler function is passed as thefist argument of the callback like in the C version. The error is a tuplecontaining the same field as a virError in C, but cast to Python.

FAQ

Table of Contents:

License(s)

  1. Licensing Terms for libvirt

    libvirt is released under the GNU LesserGeneral Public License, see the file COPYING.LIB in the distributionfor the precise wording. The only library that libvirt depends upon isthe Xen store access library which is also licenced under the LGPL.

  2. Can I embed libvirt in a proprietary application ?

    Yes. The LGPL allows you to embed libvirt into a proprietaryapplication. It would be graceful to send-back bug fixes and improvementsas patches for possible incorporation in the main development tree. Itwill decrease your maintainance costs anyway if you do so.

Installation

  1. Where can I get libvirt?

    The original distribution comes from ftp://libvirt.org/libvirt/.

  2. I can't install the libvirt/libvirt-devel RPM packages due tofailed dependencies

    The most generic solution is to re-fetch the latest src.rpm , andrebuild it locally with

    rpm --rebuild libvirt-xxx.src.rpm.

    If everything goes well it will generate two binary rpm packages (oneproviding the shared libs and virsh, and the other one, the -develpackage, providing includes, static libraries and scripts needed to buildapplications with libvirt that you can install locally.

    One can also rebuild the RPMs from a tarball:

    rpmbuild -ta libdir-xxx.tar.gz

    Or from a configured tree with:

    make rpm

  3. Failure to use the API for non-root users

    Large parts of the API may only be accessible with root priviledges,however the read only access to the xenstore data doesnot have to beforbidden to user, at least for monitoring purposes. If "virsh dominfo"fails to run as an user, change the mode of the xenstore read-only socketwith:

    chmod 666 /var/run/xenstored/socket_ro

    and also make sure that the Xen Daemon is running correctly with localHTTP server enabled, this is defined in/etc/xen/xend-config.sxpwhich need the following line to beenabled:

    (xend-http-server yes)

    If needed restart the xend daemon after making the change with thefollowing command run as root:

    service xend restart

Compilation

  1. What is the process to compile libvirt ?

    As most UNIX libraries libvirt follows the "standard":

    gunzip -c libvirt-xxx.tar.gz | tar xvf -

    cd libvirt-xxxx

    ./configure --help

    to see the options, then the compilation/installation proper

    ./configure [possible options]

    make

    make install

    At that point you may have to rerun ldconfig or a similar utility toupdate your list of installed shared libs.

  2. What other libraries are needed to compile/install libvirt ?

    Libvirt requires libxenstore, which is usually provided by the xenpackages as well as the public headers to compile against libxenstore.

  3. I use the CVS version and there is no configure script

    The configure script (and other Makefiles) are generated. Use theautogen.sh script to regenerate the configure script and Makefiles,like:

    ./autogen.sh --prefix=/usr --disable-shared

Developercorner

  1. Troubles compiling or linking programs using libvirt

    To simplify the process of reusing the library, libvirt comes withpkgconfig support, which can be used directly from autoconf support orvia the pkg-config command line tool, like:

    pkg-config libvirt --libs

Reporting bugs and getting help

There is a mailing-list libvir-list@redhat.comfor libvirt,with an on-linearchive. Please subscribe to this list before posting by visiting the associated Webpage and follow the instructions. Patches with explanations and provided asattachments are really appreciated and will be discussed on the mailing list.If possible generate the patches by using cvs diff -u in a CVS checkout.

We use Red Hat Bugzilla to track bugs to libvirt. If you want to report abug, please check the existing open bugs, then if yours isn't a duplicate ofan existing bug, log a new bug. It may be goodto post to the mailing-listtoo if the issue looks serious, thanks !