1 # Master configuration file for the QEMU driver.
2 # All settings described here are optional - if omitted, sensible
3 # defaults are used.
4
5 # Use of TLS requires that x509 certificates be issued. The default is
6 # to keep them in /etc/pki/qemu. This directory must contain
7 #
8 # ca-cert.pem - the CA master certificate
9 # server-cert.pem - the server certificate signed with ca-cert.pem
10 # server-key.pem - the server private key
11 #
12 # and optionally may contain
13 #
14 # dh-params.pem - the DH params configuration file
15 #
16 # If the directory does not exist, libvirtd will fail to start. If the
17 # directory doesn't contain the necessary files, QEMU domains will fail
18 # to start if they are configured to use TLS.
19 #
20 # In order to overwrite the default path alter the following. This path
21 # definition will be used as the default path for other *_tls_x509_cert_dir
22 # configuration settings if their default path does not exist or is not
23 # specifically set.
24 #
25 #default_tls_x509_cert_dir = "/etc/pki/qemu"
26
27
28 # The default TLS configuration only uses certificates for the server
29 # allowing the client to verify the server's identity and establish
30 # an encrypted channel.
31 #
32 # It is possible to use x509 certificates for authentication too, by
33 # issuing an x509 certificate to every client who needs to connect.
34 #
35 # Enabling this option will reject any client who does not have a
36 # certificate signed by the CA in /etc/pki/qemu/ca-cert.pem
37 #
38 # The default_tls_x509_cert_dir directory must also contain
39 #
40 # client-cert.pem - the client certificate signed with the ca-cert.pem
41 # client-key.pem - the client private key
42 #
43 # If this option is supplied it provides the default for the "_verify" option
44 # of specific TLS users such as vnc, backups, migration, etc. The specific
45 # users of TLS may override this by setting the specific "_verify" option.
46 #
47 # When not supplied the specific TLS users provide their own defaults.
48 #
49 #default_tls_x509_verify = 1
50
51 #
52 # Libvirt assumes the server-key.pem file is unencrypted by default.
53 # To use an encrypted server-key.pem file, the password to decrypt
54 # the PEM file is required. This can be provided by creating a secret
55 # object in libvirt and then to uncomment this setting to set the UUID
56 # of the secret.
57 #
58 # NB This default all-zeros UUID will not work. Replace it with the
59 # output from the UUID for the TLS secret from a 'virsh secret-list'
60 # command and then uncomment the entry
61 #
62 #default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
63
64
65 # VNC is configured to listen on 127.0.0.1 by default.
66 # To make it listen on all public interfaces, uncomment
67 # this next option.
68 #
69 # NB, strong recommendation to enable TLS + x509 certificate
70 # verification when allowing public access
71 #
72 #vnc_listen = "0.0.0.0"
73
74 # Enable this option to have VNC served over an automatically created
75 # unix socket. This prevents unprivileged access from users on the
76 # host machine, though most VNC clients do not support it.
77 #
78 # This will only be enabled for VNC configurations that have listen
79 # type=address but without any address specified. This setting takes
80 # preference over vnc_listen.
81 #
82 #vnc_auto_unix_socket = 1
83
84 # Enable use of TLS encryption on the VNC server. This requires
85 # a VNC client which supports the VeNCrypt protocol extension.
86 # Examples include vinagre, virt-viewer, virt-manager and vencrypt
87 # itself. UltraVNC, RealVNC, TightVNC do not support this
88 #
89 # It is necessary to setup CA and issue a server certificate
90 # before enabling this.
91 #
92 #vnc_tls = 1
93
94
95 # In order to override the default TLS certificate location for
96 # vnc certificates, supply a valid path to the certificate directory.
97 # If the provided path does not exist, libvirtd will fail to start.
98 # If the path is not provided, but vnc_tls = 1, then the
99 # default_tls_x509_cert_dir path will be used.
100 #
101 #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
102
103
104 # Uncomment and use the following option to override the default secret
105 # UUID provided in the default_tls_x509_secret_uuid parameter.
106 #
107 #vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
108
109
110 # The default TLS configuration only uses certificates for the server
111 # allowing the client to verify the server's identity and establish
112 # an encrypted channel.
113 #
114 # It is possible to use x509 certificates for authentication too, by
115 # issuing an x509 certificate to every client who needs to connect.
116 #
117 # Enabling this option will reject any client that does not have a
118 # certificate (as described in default_tls_x509_verify) signed by the
119 # CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir).
120 #
121 # If this option is not supplied, it will be set to the value of
122 # "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either,
123 # the default is "0".
124 #
125 #vnc_tls_x509_verify = 1
126
127
128 # The default VNC password. Only 8 bytes are significant for
129 # VNC passwords. This parameter is only used if the per-domain
130 # XML config does not already provide a password. To allow
131 # access without passwords, leave this commented out. An empty
132 # string will still enable passwords, but be rejected by QEMU,
133 # effectively preventing any use of VNC. Obviously change this
134 # example here before you set this.
135 #
136 #vnc_password = "XYZ12345"
137
138
139 # Enable use of SASL encryption on the VNC server. This requires
140 # a VNC client which supports the SASL protocol extension.
141 # Examples include vinagre, virt-viewer and virt-manager
142 # itself. UltraVNC, RealVNC, TightVNC do not support this
143 #
144 # It is necessary to configure /etc/sasl2/qemu.conf to choose
145 # the desired SASL plugin (eg, GSSPI for Kerberos)
146 #
147 #vnc_sasl = 1
148
149
150 # The default SASL configuration file is located in /etc/sasl2/
151 # When running libvirtd unprivileged, it may be desirable to
152 # override the configs in this location. Set this parameter to
153 # point to the directory, and create a qemu.conf in that location
154 #
155 #vnc_sasl_dir = "/some/directory/sasl2"
156
157
158 # QEMU implements an extension for providing audio over a VNC connection,
159 # though if your VNC client does not support it, your only chance for getting
160 # sound output is through regular audio backends. By default, libvirt will
161 # disable all QEMU sound backends if using VNC, since they can cause
162 # permissions issues. Enabling this option will make libvirtd honor the
163 # QEMU_AUDIO_DRV environment variable when using VNC.
164 #
165 #vnc_allow_host_audio = 0
166
167
168
169 # SPICE is configured to listen on 127.0.0.1 by default.
170 # To make it listen on all public interfaces, uncomment
171 # this next option.
172 #
173 # NB, strong recommendation to enable TLS + x509 certificate
174 # verification when allowing public access
175 #
176 #spice_listen = "0.0.0.0"
177
178
179 # Enable use of TLS encryption on the SPICE server.
180 #
181 # It is necessary to setup CA and issue a server certificate
182 # before enabling this.
183 #
184 #spice_tls = 1
185
186
187 # In order to override the default TLS certificate location for
188 # spice certificates, supply a valid path to the certificate directory.
189 # If the provided path does not exist, libvirtd will fail to start.
190 # If the path is not provided, but spice_tls = 1, then the
191 # default_tls_x509_cert_dir path will be used.
192 #
193 #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
194
195
196 # Enable this option to have SPICE served over an automatically created
197 # unix socket. This prevents unprivileged access from users on the
198 # host machine.
199 #
200 # This will only be enabled for SPICE configurations that have listen
201 # type=address but without any address specified. This setting takes
202 # preference over spice_listen.
203 #
204 #spice_auto_unix_socket = 1
205
206
207 # The default SPICE password. This parameter is only used if the
208 # per-domain XML config does not already provide a password. To
209 # allow access without passwords, leave this commented out. An
210 # empty string will still enable passwords, but be rejected by
211 # QEMU, effectively preventing any use of SPICE. Obviously change
212 # this example here before you set this.
213 #
214 #spice_password = "XYZ12345"
215
216
217 # Enable use of SASL encryption on the SPICE server. This requires
218 # a SPICE client which supports the SASL protocol extension.
219 #
220 # It is necessary to configure /etc/sasl2/qemu.conf to choose
221 # the desired SASL plugin (eg, GSSPI for Kerberos)
222 #
223 #spice_sasl = 1
224
225 # The default SASL configuration file is located in /etc/sasl2/
226 # When running libvirtd unprivileged, it may be desirable to
227 # override the configs in this location. Set this parameter to
228 # point to the directory, and create a qemu.conf in that location
229 #
230 #spice_sasl_dir = "/some/directory/sasl2"
231
232 # Enable use of TLS encryption on the chardev TCP transports.
233 #
234 # It is necessary to setup CA and issue a server certificate
235 # before enabling this.
236 #
237 #chardev_tls = 1
238
239
240 # In order to override the default TLS certificate location for character
241 # device TCP certificates, supply a valid path to the certificate directory.
242 # If the provided path does not exist, libvirtd will fail to start.
243 # If the path is not provided, but chardev_tls = 1, then the
244 # default_tls_x509_cert_dir path will be used.
245 #
246 #chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev"
247
248
249 # The default TLS configuration only uses certificates for the server
250 # allowing the client to verify the server's identity and establish
251 # an encrypted channel.
252 #
253 # It is possible to use x509 certificates for authentication too, by
254 # issuing an x509 certificate to every client who needs to connect.
255 #
256 # Enabling this option will reject any client that does not have a
257 # certificate (as described in default_tls_x509_verify) signed by the
258 # CA in the chardev_tls_x509_cert_dir (or default_tls_x509_cert_dir).
259 #
260 # If this option is not supplied, it will be set to the value of
261 # "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either,
262 # the default is "1".
263 #
264 #chardev_tls_x509_verify = 1
265
266
267 # Uncomment and use the following option to override the default secret
268 # UUID provided in the default_tls_x509_secret_uuid parameter.
269 #
270 # NB This default all-zeros UUID will not work. Replace it with the
271 # output from the UUID for the TLS secret from a 'virsh secret-list'
272 # command and then uncomment the entry
273 #
274 #chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
275
276
277 # Enable use of TLS encryption for all VxHS network block devices that
278 # don't specifically disable.
279 #
280 # When the VxHS network block device server is set up appropriately,
281 # x509 certificates are required for authentication between the clients
282 # (qemu processes) and the remote VxHS server.
283 #
284 # It is necessary to setup CA and issue the client certificate before
285 # enabling this.
286 #
287 #vxhs_tls = 1
288
289
290 # In order to override the default TLS certificate location for VxHS
291 # backed storage, supply a valid path to the certificate directory.
292 # This is used to authenticate the VxHS block device clients to the VxHS
293 # server.
294 #
295 # If the provided path does not exist, libvirtd will fail to start.
296 # If the path is not provided, but vxhs_tls = 1, then the
297 # default_tls_x509_cert_dir path will be used.
298 #
299 # VxHS block device clients expect the client certificate and key to be
300 # present in the certificate directory along with the CA master certificate.
301 # If using the default environment, default_tls_x509_verify must be configured.
302 # Since this is only a client the server-key.pem certificate is not needed.
303 # Thus a VxHS directory must contain the following:
304 #
305 # ca-cert.pem - the CA master certificate
306 # client-cert.pem - the client certificate signed with the ca-cert.pem
307 # client-key.pem - the client private key
308 #
309 #vxhs_tls_x509_cert_dir = "/etc/pki/libvirt-vxhs"
310
311
312 # Uncomment and use the following option to override the default secret
313 # UUID provided in the default_tls_x509_secret_uuid parameter.
314 #
315 # NB This default all-zeros UUID will not work. Replace it with the
316 # output from the UUID for the TLS secret from a 'virsh secret-list'
317 # command and then uncomment the entry
318 #
319 #vxhs_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
320
321
322 # Enable use of TLS encryption for all NBD disk devices that don't
323 # specifically disable it.
324 #
325 # When the NBD server is set up appropriately, x509 certificates are required
326 # for authentication between the client and the remote NBD server.
327 #
328 # It is necessary to setup CA and issue the client certificate before
329 # enabling this.
330 #
331 #nbd_tls = 1
332
333
334 # In order to override the default TLS certificate location for NBD
335 # backed storage, supply a valid path to the certificate directory.
336 # This is used to authenticate the NBD block device clients to the NBD
337 # server.
338 #
339 # If the provided path does not exist, libvirtd will fail to start.
340 # If the path is not provided, but nbd_tls = 1, then the
341 # default_tls_x509_cert_dir path will be used.
342 #
343 # NBD block device clients expect the client certificate and key to be
344 # present in the certificate directory along with the CA certificate.
345 # Since this is only a client the server-key.pem certificate is not needed.
346 # Thus a NBD directory must contain the following:
347 #
348 # ca-cert.pem - the CA master certificate
349 # client-cert.pem - the client certificate signed with the ca-cert.pem
350 # client-key.pem - the client private key
351 #
352 #nbd_tls_x509_cert_dir = "/etc/pki/libvirt-nbd"
353
354
355 # Uncomment and use the following option to override the default secret
356 # UUID provided in the default_tls_x509_secret_uuid parameter.
357 #
358 # NB This default all-zeros UUID will not work. Replace it with the
359 # output from the UUID for the TLS secret from a 'virsh secret-list'
360 # command and then uncomment the entry
361 #
362 #nbd_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
363
364
365 # In order to override the default TLS certificate location for migration
366 # certificates, supply a valid path to the certificate directory. If the
367 # provided path does not exist, libvirtd will fail to start. If the path is
368 # not provided, but TLS-encrypted migration is requested, then the
369 # default_tls_x509_cert_dir path will be used. Once/if a default certificate is
370 # enabled/defined, migration will then be able to use the certificate via
371 # migration API flags.
372 #
373 #migrate_tls_x509_cert_dir = "/etc/pki/libvirt-migrate"
374
375
376 # The default TLS configuration only uses certificates for the server
377 # allowing the client to verify the server's identity and establish
378 # an encrypted channel.
379 #
380 # It is possible to use x509 certificates for authentication too, by
381 # issuing an x509 certificate to every client who needs to connect.
382 #
383 # Enabling this option will reject any client that does not have a
384 # certificate (as described in default_tls_x509_verify) signed by the
385 # CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir).
386 #
387 # If this option is not supplied, it will be set to the value of
388 # "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied
389 # either, the default is "1".
390 #
391 #migrate_tls_x509_verify = 1
392
393
394 # Uncomment and use the following option to override the default secret
395 # UUID provided in the default_tls_x509_secret_uuid parameter.
396 #
397 # NB This default all-zeros UUID will not work. Replace it with the
398 # output from the UUID for the TLS secret from a 'virsh secret-list'
399 # command and then uncomment the entry
400 #
401 #migrate_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
402
403
404 # By default TLS is requested using the VIR_MIGRATE_TLS flag, thus not requested
405 # automatically. Setting 'migate_tls_force' to "1" will prevent any migration
406 # which is not using VIR_MIGRATE_TLS to ensure higher level of security in
407 # deployments with TLS.
408 #
409 #migrate_tls_force = 0
410
411
412 # In order to override the default TLS certificate location for backup NBD
413 # server certificates, supply a valid path to the certificate directory. If the
414 # provided path does not exist, libvirtd will fail to start. If the path is
415 # not provided, but TLS-encrypted backup is requested, then the
416 # default_tls_x509_cert_dir path will be used.
417 #
418 #backup_tls_x509_cert_dir = "/etc/pki/libvirt-backup"
419
420
421 # The default TLS configuration only uses certificates for the server
422 # allowing the client to verify the server's identity and establish
423 # an encrypted channel.
424 #
425 # It is possible to use x509 certificates for authentication too, by
426 # issuing an x509 certificate to every client who needs to connect.
427 #
428 # Enabling this option will reject any client that does not have a
429 # certificate (as described in default_tls_x509_verify) signed by the
430 # CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir).
431 #
432 # If this option is not supplied, it will be set to the value of
433 # "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either,
434 # the default is "1".
435 #
436 #backup_tls_x509_verify = 1
437
438
439 # Uncomment and use the following option to override the default secret
440 # UUID provided in the default_tls_x509_secret_uuid parameter.
441 #
442 # NB This default all-zeros UUID will not work. Replace it with the
443 # output from the UUID for the TLS secret from a 'virsh secret-list'
444 # command and then uncomment the entry
445 #
446 #backup_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
447
448
449 # By default, if no graphical front end is configured, libvirt will disable
450 # QEMU audio output since directly talking to alsa/pulseaudio may not work
451 # with various security settings. If you know what you're doing, enable
452 # the setting below and libvirt will passthrough the QEMU_AUDIO_DRV
453 # environment variable when using nographics.
454 #
455 #nographics_allow_host_audio = 1
456
457
458 # Override the port for creating both VNC and SPICE sessions (min).
459 # This defaults to 5900 and increases for consecutive sessions
460 # or when ports are occupied, until it hits the maximum.
461 #
462 # Minimum must be greater than or equal to 5900 as lower number would
463 # result into negative vnc display number.
464 #
465 # Maximum must be less than 65536, because higher numbers do not make
466 # sense as a port number.
467 #
468 #remote_display_port_min = 5900
469 #remote_display_port_max = 65535
470
471 # VNC WebSocket port policies, same rules apply as with remote display
472 # ports. VNC WebSockets use similar display <-> port mappings, with
473 # the exception being that ports start from 5700 instead of 5900.
474 #
475 #remote_websocket_port_min = 5700
476 #remote_websocket_port_max = 65535
477
478 # The default security driver is SELinux. If SELinux is disabled
479 # on the host, then the security driver will automatically disable
480 # itself. If you wish to disable QEMU SELinux security driver while
481 # leaving SELinux enabled for the host in general, then set this
482 # to 'none' instead. It's also possible to use more than one security
483 # driver at the same time, for this use a list of names separated by
484 # comma and delimited by square brackets. For example:
485 #
486 # security_driver = [ "selinux", "apparmor" ]
487 #
488 # Notes: The DAC security driver is always enabled; as a result, the
489 # value of security_driver cannot contain "dac". The value "none" is
490 # a special value; security_driver can be set to that value in
491 # isolation, but it cannot appear in a list of drivers.
492 #
493 #security_driver = "selinux"
494
495 # If set to non-zero, then the default security labeling
496 # will make guests confined. If set to zero, then guests
497 # will be unconfined by default. Defaults to 1.
498 #security_default_confined = 1
499
500 # If set to non-zero, then attempts to create unconfined
501 # guests will be blocked. Defaults to 0.
502 #security_require_confined = 1
503
504 # The user for QEMU processes run by the system instance. It can be
505 # specified as a user name or as a user id. The qemu driver will try to
506 # parse this value first as a name and then, if the name doesn't exist,
507 # as a user id.
508 #
509 # Since a sequence of digits is a valid user name, a leading plus sign
510 # can be used to ensure that a user id will not be interpreted as a user
511 # name.
512 #
513 # Some examples of valid values are:
514 #
515 # user = "qemu" # A user named "qemu"
516 # user = "+0" # Super user (uid=0)
517 # user = "100" # A user named "100" or a user with uid=100
518 #
519 user = "libvirt"
520
521 # The group for QEMU processes run by the system instance. It can be
522 # specified in a similar way to user.
523 group = "libvirt"
524
525 # Whether libvirt should dynamically change file ownership
526 # to match the configured user/group above. Defaults to 1.
527 # Set to 0 to disable file ownership changes.
528 #dynamic_ownership = 1
529
530 # Whether libvirt should remember and restore the original
531 # ownership over files it is relabeling. Defaults to 1, set
532 # to 0 to disable the feature.
533 #remember_owner = 1
534
535 # What cgroup controllers to make use of with QEMU guests
536 #
537 # - 'cpu' - use for scheduler tunables
538 # - 'devices' - use for device access control
539 # - 'memory' - use for memory tunables
540 # - 'blkio' - use for block devices I/O tunables
541 # - 'cpuset' - use for CPUs and memory nodes
542 # - 'cpuacct' - use for CPUs statistics.
543 #
544 # NB, even if configured here, they won't be used unless
545 # the administrator has mounted cgroups, e.g.:
546 #
547 # mkdir /dev/cgroup
548 # mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup
549 #
550 # They can be mounted anywhere, and different controllers
551 # can be mounted in different locations. libvirt will detect
552 # where they are located.
553 #
554 #cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
555
556 # This is the basic set of devices allowed / required by
557 # all virtual machines.
558 #
559 # As well as this, any configured block backed disks,
560 # all sound device, and all PTY devices are allowed.
561 #
562 # This will only need setting if newer QEMU suddenly
563 # wants some device we don't already know about.
564 #
565 #cgroup_device_acl = [
566 # "/dev/null", "/dev/full", "/dev/zero",
567 # "/dev/random", "/dev/urandom",
568 # "/dev/ptmx", "/dev/kvm"
569 #]
570 #
571 # RDMA migration requires the following extra files to be added to the list:
572 # "/dev/infiniband/rdma_cm",
573 # "/dev/infiniband/issm0",
574 # "/dev/infiniband/issm1",
575 # "/dev/infiniband/umad0",
576 # "/dev/infiniband/umad1",
577 # "/dev/infiniband/uverbs0"
578
579
580 # The default format for QEMU/KVM guest save images is raw; that is, the
581 # memory from the domain is dumped out directly to a file. If you have
582 # guests with a large amount of memory, however, this can take up quite
583 # a bit of space. If you would like to compress the images while they
584 # are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
585 # for save_image_format. Note that this means you slow down the process of
586 # saving a domain in order to save disk space; the list above is in descending
587 # order by performance and ascending order by compression ratio.
588 #
589 # save_image_format is used when you use 'virsh save' or 'virsh managedsave'
590 # at scheduled saving, and it is an error if the specified save_image_format
591 # is not valid, or the requested compression program can't be found.
592 #
593 # dump_image_format is used when you use 'virsh dump' at emergency
594 # crashdump, and if the specified dump_image_format is not valid, or
595 # the requested compression program can't be found, this falls
596 # back to "raw" compression.
597 #
598 # snapshot_image_format specifies the compression algorithm of the memory save
599 # image when an external snapshot of a domain is taken. This does not apply
600 # on disk image format. It is an error if the specified format isn't valid,
601 # or the requested compression program can't be found.
602 #
603 #save_image_format = "raw"
604 #dump_image_format = "raw"
605 #snapshot_image_format = "raw"
606
607 # When a domain is configured to be auto-dumped when libvirtd receives a
608 # watchdog event from qemu guest, libvirtd will save dump files in directory
609 # specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
610 #
611 #auto_dump_path = "/var/lib/libvirt/qemu/dump"
612
613 # When a domain is configured to be auto-dumped, enabling this flag
614 # has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
615 # virDomainCoreDump API. That is, the system will avoid using the
616 # file system cache while writing the dump file, but may cause
617 # slower operation.
618 #
619 #auto_dump_bypass_cache = 0
620
621 # When a domain is configured to be auto-started, enabling this flag
622 # has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
623 # with the virDomainCreateWithFlags API. That is, the system will
624 # avoid using the file system cache when restoring any managed state
625 # file, but may cause slower operation.
626 #
627 #auto_start_bypass_cache = 0
628
629 # If provided by the host and a hugetlbfs mount point is configured,
630 # a guest may request huge page backing. When this mount point is
631 # unspecified here, determination of a host mount point in /proc/mounts
632 # will be attempted. Specifying an explicit mount overrides detection
633 # of the same in /proc/mounts. Setting the mount point to "" will
634 # disable guest hugepage backing. If desired, multiple mount points can
635 # be specified at once, separated by comma and enclosed in square
636 # brackets, for example:
637 #
638 # hugetlbfs_mount = ["/dev/hugepages2M", "/dev/hugepages1G"]
639 #
640 # The size of huge page served by specific mount point is determined by
641 # libvirt at the daemon startup.
642 #
643 # NB, within these mount points, guests will create memory backing
644 # files in a location of $MOUNTPOINT/libvirt/qemu
645 #
646 #hugetlbfs_mount = "/dev/hugepages"
647
648
649 # Path to the setuid helper for creating tap devices. This executable
650 # is used to create <source type='bridge'> interfaces when libvirtd is
651 # running unprivileged. libvirt invokes the helper directly, instead
652 # of using "-netdev bridge", for security reasons.
653 #bridge_helper = "/usr/libexec/qemu-bridge-helper"
654
655
656 # If enabled, libvirt will have QEMU set its process name to
657 # "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
658 # process will appear as "qemu:VM_NAME" in process listings and
659 # other system monitoring tools. By default, QEMU does not set
660 # its process title, so the complete QEMU command (emulator and
661 # its arguments) appear in process listings.
662 #
663 #set_process_name = 1
664
665
666 # If max_processes is set to a positive integer, libvirt will use
667 # it to set the maximum number of processes that can be run by qemu
668 # user. This can be used to override default value set by host OS.
669 # The same applies to max_files which sets the limit on the maximum
670 # number of opened files.
671 #
672 #max_processes = 0
673 #max_files = 0
674
675 # If max_threads_per_process is set to a positive integer, libvirt
676 # will use it to set the maximum number of threads that can be
677 # created by a qemu process. Some VM configurations can result in
678 # qemu processes with tens of thousands of threads. systemd-based
679 # systems typically limit the number of threads per process to
680 # 16k. max_threads_per_process can be used to override default
681 # limits in the host OS.
682 #
683 #max_threads_per_process = 0
684
685 # If max_core is set to a non-zero integer, then QEMU will be
686 # permitted to create core dumps when it crashes, provided its
687 # RAM size is smaller than the limit set.
688 #
689 # Be warned that the core dump will include a full copy of the
690 # guest RAM, if the 'dump_guest_core' setting has been enabled,
691 # or if the guest XML contains
692 #
693 # <memory dumpcore="on">...guest ram...</memory>
694 #
695 # If guest RAM is to be included, ensure the max_core limit
696 # is set to at least the size of the largest expected guest
697 # plus another 1GB for any QEMU host side memory mappings.
698 #
699 # As a special case it can be set to the string "unlimited" to
700 # to allow arbitrarily sized core dumps.
701 #
702 # By default the core dump size is set to 0 disabling all dumps
703 #
704 # Size is a positive integer specifying bytes or the
705 # string "unlimited"
706 #
707 #max_core = "unlimited"
708
709 # Determine if guest RAM is included in QEMU core dumps. By
710 # default guest RAM will be excluded if a new enough QEMU is
711 # present. Setting this to '1' will force guest RAM to always
712 # be included in QEMU core dumps.
713 #
714 # This setting will be ignored if the guest XML has set the
715 # dumpcore attribute on the <memory> element.
716 #
717 #dump_guest_core = 1
718
719 # mac_filter enables MAC addressed based filtering on bridge ports.
720 # This currently requires ebtables to be installed.
721 #
722 #mac_filter = 1
723
724
725 # By default, PCI devices below non-ACS switch are not allowed to be assigned
726 # to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
727 # be assigned to guests.
728 #
729 #relaxed_acs_check = 1
730
731
732 # In order to prevent accidentally starting two domains that
733 # share one writable disk, libvirt offers two approaches for
734 # locking files. The first one is sanlock, the other one,
735 # virtlockd, is then our own implementation. Accepted values
736 # are "sanlock" and "lockd".
737 #
738 #lock_manager = "lockd"
739
740
741 # Set limit of maximum APIs queued on one domain. All other APIs
742 # over this threshold will fail on acquiring job lock. Specially,
743 # setting to zero turns this feature off.
744 # Note, that job lock is per domain.
745 #
746 #max_queued = 0
747
748 ###################################################################
749 # Keepalive protocol:
750 # This allows qemu driver to detect broken connections to remote
751 # libvirtd during peer-to-peer migration. A keepalive message is
752 # sent to the daemon after keepalive_interval seconds of inactivity
753 # to check if the daemon is still responding; keepalive_count is a
754 # maximum number of keepalive messages that are allowed to be sent
755 # to the daemon without getting any response before the connection
756 # is considered broken. In other words, the connection is
757 # automatically closed approximately after
758 # keepalive_interval * (keepalive_count + 1) seconds since the last
759 # message received from the daemon. If keepalive_interval is set to
760 # -1, qemu driver will not send keepalive requests during
761 # peer-to-peer migration; however, the remote libvirtd can still
762 # send them and source libvirtd will send responses. When
763 # keepalive_count is set to 0, connections will be automatically
764 # closed after keepalive_interval seconds of inactivity without
765 # sending any keepalive messages.
766 #
767 #keepalive_interval = 5
768 #keepalive_count = 5
769
770
771
772 # Use seccomp syscall filtering sandbox in QEMU.
773 # 1 == filter enabled, 0 == filter disabled
774 #
775 # Unless this option is disabled, QEMU will be run with
776 # a seccomp filter that stops it from executing certain
777 # syscalls.
778 #
779 #seccomp_sandbox = 1
780
781
782 # Override the listen address for all incoming migrations. Defaults to
783 # 0.0.0.0, or :: if both host and qemu are capable of IPv6.
784 #migration_address = "0.0.0.0"
785
786
787 # The default hostname or IP address which will be used by a migration
788 # source for transferring migration data to this host. The migration
789 # source has to be able to resolve this hostname and connect to it so
790 # setting "localhost" will not work. By default, the host's configured
791 # hostname is used.
792 #migration_host = "host.example.com"
793
794
795 # Override the port range used for incoming migrations.
796 #
797 # Minimum must be greater than 0, however when QEMU is not running as root,
798 # setting the minimum to be lower than 1024 will not work.
799 #
800 # Maximum must not be greater than 65535.
801 #
802 #migration_port_min = 49152
803 #migration_port_max = 49215
804
805
806
807 # Timestamp QEMU's log messages (if QEMU supports it)
808 #
809 # Defaults to 1.
810 #
811 #log_timestamp = 0
812
813
814 # Location of master nvram file
815 #
816 # This configuration option is obsolete. Libvirt will follow the
817 # QEMU firmware metadata specification to automatically locate
818 # firmware images. See docs/interop/firmware.json in the QEMU
819 # source tree. These metadata files are distributed alongside any
820 # firmware images intended for use with QEMU.
821 #
822 # NOTE: if ANY firmware metadata files are detected, this setting
823 # will be COMPLETELY IGNORED.
824 #
825 # ------------------------------------------
826 #
827 # When a domain is configured to use UEFI instead of standard
828 # BIOS it may use a separate storage for UEFI variables. If
829 # that's the case libvirt creates the variable store per domain
830 # using this master file as image. Each UEFI firmware can,
831 # however, have different variables store. Therefore the nvram is
832 # a list of strings when a single item is in form of:
833 # ${PATH_TO_UEFI_FW}:${PATH_TO_UEFI_VARS}.
834 # Later, when libvirt creates per domain variable store, this list is
835 # searched for the master image. The UEFI firmware can be called
836 # differently for different guest architectures. For instance, it's OVMF
837 # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
838 # follows this scheme.
839 #nvram = [
840 # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
841 # "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",
842 # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd",
843 # "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
844 #]
845
846 # The backend to use for handling stdout/stderr output from
847 # QEMU processes.
848 #
849 # 'file': QEMU writes directly to a plain file. This is the
850 # historical default, but allows QEMU to inflict a
851 # denial of service attack on the host by exhausting
852 # filesystem space
853 #
854 # 'logd': QEMU writes to a pipe provided by virtlogd daemon.
855 # This is the current default, providing protection
856 # against denial of service by performing log file
857 # rollover when a size limit is hit.
858 #
859 #stdio_handler = "logd"
860
861 # QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the
862 # most verbose, and 0 representing no debugging output.
863 #
864 # The current logging levels defined in the gluster GFAPI are:
865 #
866 # 0 - None
867 # 1 - Emergency
868 # 2 - Alert
869 # 3 - Critical
870 # 4 - Error
871 # 5 - Warning
872 # 6 - Notice
873 # 7 - Info
874 # 8 - Debug
875 # 9 - Trace
876 #
877 # Defaults to 4
878 #
879 #gluster_debug_level = 9
880
881 # virtiofsd debug
882 #
883 # Whether to enable the debugging output of the virtiofsd daemon.
884 # Possible values are 0 or 1. Disabled by default.
885 #
886 #virtiofsd_debug = 1
887
888 # To enhance security, QEMU driver is capable of creating private namespaces
889 # for each domain started. Well, so far only "mount" namespace is supported. If
890 # enabled it means qemu process is unable to see all the devices on the system,
891 # only those configured for the domain in question. Libvirt then manages
892 # devices entries throughout the domain lifetime. This namespace is turned on
893 # by default.
894 #namespaces = [ "mount" ]
895
896 # This directory is used for memoryBacking source if configured as file.
897 # NOTE: big files will be stored here
898 #memory_backing_dir = "/var/lib/libvirt/qemu/ram"
899
900 # Path to the SCSI persistent reservations helper. This helper is
901 # used whenever <reservations/> are enabled for SCSI LUN devices.
902 #pr_helper = "/usr/bin/qemu-pr-helper"
903
904 # Path to the SLIRP networking helper.
905 #slirp_helper = "/usr/bin/slirp-helper"
906
907 # Path to the dbus-daemon
908 #dbus_daemon = "/usr/bin/dbus-daemon"
909
910 # User for the swtpm TPM Emulator
911 #
912 # Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
913 # and uses; alternative is 'root'
914 #
915 #swtpm_user = "tss"
916 #swtpm_group = "tss"
917
918 # For debugging and testing purposes it's sometimes useful to be able to disable
919 # libvirt behaviour based on the capabilities of the qemu process. This option
920 # allows to do so. DO _NOT_ use in production and beaware that the behaviour
921 # may change across versions.
922 #
923 #capability_filters = [ "capname" ]
924
925 # 'deprecation_behavior' setting controls how the qemu process behaves towards
926 # deprecated commands and arguments used by libvirt.
927 #
928 # This setting is meant for developers and CI efforts to make it obvious when
929 # libvirt relies on fields which are deprecated so that it can be fixes as soon
930 # as possible.
931 #
932 # Possible options are:
933 # "none" - (default) qemu is supposed to accept and output deprecated fields
934 # and commands
935 # "omit" - qemu is instructed to omit deprecated fields on output, behaviour
936 # towards fields and commands from qemu is not changed
937 # "reject" - qemu is instructed to report an error if a deprecated command or
938 # field is used by libvirtd
939 # "crash" - qemu crashes when an deprecated command or field is used by libvirtd
940 #
941 # For both "reject" and "crash" qemu is instructed to omit any deprecated fields
942 # on output.
943 #
944 # The "reject" option is less harsh towards the VMs but some code paths ignore
945 # errors reported by qemu and thus it may not be obvious that a deprecated
946 # command/field was used, thus it's suggested to use the "crash" option instead.
947 #
948 # In cases when qemu doesn't support configuring the behaviour this setting is
949 # silently ignored to allow testing older qemu versions without having to
950 # reconfigure libvirtd.
951 #
952 # DO NOT use in production.
953 #
954 #deprecation_behavior = "none"
|
