VIRSH
Section: Virtualization Support (1)Updated: 2012-10-11
Index Return to Main Contents
NAME
virsh - management user interfaceSYNOPSIS
virsh [OPTION]... [COMMAND_STRING]virsh [OPTION]... COMMAND [ARG]...
DESCRIPTION
The virsh program is the main interface for managing virsh guest domains. The program can be used to create, pause, and shutdown domains. It can also be used to list current domains. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). It is free software available under the GNU Lesser General Public License. Virtualization of the Linux Operating System means the ability to run multiple instances of Operating Systems concurrently on a single hardware system where the basic resources are driven by a Linux instance. The library aims at providing a long term stable C API. It currently supports Xen, QEmu, KVM, LXC, OpenVZ, VirtualBox and VMware ESX.The basic structure of most virsh usage is:
virsh [OPTION]... <command> <domain-id> [ARG]...
Where command is one of the commands listed below, domain-id is the numeric domain id, or the domain name (which will be internally translated to domain id), and ARGS are command specific options. There are a few exceptions to this rule in the cases where the command in question acts on all domains, the entire machine, or directly on the xen hypervisor. Those exceptions will be clear for each of those commands.
The virsh program can be used either to run one COMMAND by giving the command and its arguments on the shell command line, or a COMMAND_STRING which is a single shell argument consisting of multiple COMMAND actions and their arguments joined with whitespace, and separated by semicolons between commands. Within COMMAND_STRING, virsh understands the same single, double, and backslash escapes as the shell, although you must add another layer of shell escaping in creating the single shell argument. If no command is given in the command line, virsh will then start a minimal interpreter waiting for your commands, and the quit command will then exit the program.
The virsh program understands the following OPTIONS.
- -h, --help
- Ignore all other arguments, and behave as if the help command were given instead.
- -v, --version[=short]
- Ignore all other arguments, and prints the version of the libvirt library virsh is coming from
- -V, --version=long
- Ignore all other arguments, and prints the version of the libvirt library virsh is coming from and which options and driver are compiled in.
- -c, --connect URI
- Connect to the specified URI, as if by the connect command, instead of the default connection.
- -d, --debug LEVEL
- Enable debug messages at integer LEVEL and above. LEVEL can range from 0 to 4 (default). See the documentation of VIRSH_DEBUG environment variable for the description of each LEVEL.
- -l, --log FILE
- Output logging details to FILE.
- -q, --quiet
- Avoid extra informational messages.
- -r, --readonly
- Make the initial connection read-only, as if by the --readonly option of the connect command.
- -t, --timing
- Output elapsed time information for each command.
- -e, --escape string
- Set alternative escape sequence for console command. By default, telnet's ^] is used. Allowed characters when using hat notation are: alphabetic character, @, [, ], \, ^, _.
NOTES
Most virsh operations rely upon the libvirt library being able to connect to an already running libvirtd service. This can usually be done using the command service libvirtd start.Most virsh commands require root privileges to run due to the communications channels used to talk to the hypervisor. Running as non root will return an error.
Most virsh commands act synchronously, except maybe shutdown, setvcpus and setmem. In those cases the fact that the virsh program returned, may not mean the action is complete and you must poll periodically to detect that the guest completed the operation.
virsh strives for backward compatibility. Although the help command only lists the preferred usage of a command, if an older version of virsh supported an alternate spelling of a command or option (such as --tunnelled instead of --tunneled), then scripts using that older spelling will continue to work.
Several virsh commands take an optionally scaled integer; if no
scale is provided, then the default is listed in the command (for
historical reasons, some commands default to bytes, while other
commands default to kibibytes). The following case-insensitive
suffixes can be used to select a specfic scale:
b, byte byte 1
KB kilobyte 1,000
k, KiB kibibyte 1,024
MB megabyte 1,000,000
M, MiB mebibyte 1,048,576
GB gigabyte 1,000,000,000
G, GiB gibibyte 1,073,741,824
TB terabyte 1,000,000,000,000
T, TiB tebibyte 1,099,511,627,776
PB petabyte 1,000,000,000,000,000
P, PiB pebibyte 1,125,899,906,842,624
EB exabyte 1,000,000,000,000,000,000
E, EiB exbibyte 1,152,921,504,606,846,976
GENERIC COMMANDS
The following commands are generic i.e. not specific to a domain.- help [command-or-group]
-
This lists each of the virsh commands. When used without options, all
commands are listed, one per line, grouped into related categories,
displaying the keyword for each group.
To display only commands for a specific group, give the keyword for that group as an option. For example:
virsh # help host Host and Hypervisor (help keyword 'host'): capabilities capabilities connect (re)connect to hypervisor freecell NUMA free memory hostname print the hypervisor hostname qemu-attach Attach to existing QEMU process qemu-monitor-command QEMU Monitor Command sysinfo print the hypervisor sysinfo uri print the hypervisor canonical URI
To display detailed information for a specific command, give its name as the option instead. For example:
virsh # help list NAME list - list domains SYNOPSIS list [--inactive] [--all] DESCRIPTION Returns list of domains. OPTIONS --inactive list inactive domains --all list inactive & active domains
- quit, exit
- quit this interactive terminal
- version
-
Will print out the major version info about what this built from.
-
-
Example
virsh version
Compiled against library: libvir 0.0.6
Using library: libvir 0.0.6
Using API: Xen 3.0.0
Running hypervisor: Xen 3.0.0
-
Example
-
- cd [directory]
-
Will change current directory to directory. The default directory
for the cd command is the home directory or, if there is no HOME
variable in the environment, the root directory.
This command is only available in interactive mode.
- pwd
- Will print the current directory.
- connect URI [--readonly]
-
(Re)-Connect to the hypervisor. When the shell is first started, this
is automatically run with the URI parameter requested by the "-c"
option on the command line. The URI parameter specifies how to
connect to the hypervisor. The documentation page at
<http://libvirt.org/uri.html> list the values supported, but the most
common are:
-
- xen:///
- this is used to connect to the local Xen hypervisor, this is the default
- qemu:///system
- connect locally as root to the daemon supervising QEmu and KVM domains
- qemu:///session
- connect locally as a normal user to his own set of QEmu and KVM domains
- lxc:///
- connect to a local linux container
-
For remote access see the documentation page on how to make URIs. The --readonly option allows for read-only connection
-
- uri
- Prints the hypervisor canonical URI, can be useful in shell mode.
- hostname
- Print the hypervisor hostname.
- sysinfo
- Print the XML representation of the hypervisor sysinfo, if available.
- nodeinfo
- Returns basic information about the node, like number and type of CPU, and size of the physical memory. The output corresponds to virNodeInfo structure. Specifically, the ``CPU socket(s)'' field means number of CPU sockets per NUMA cell.
- nodecpustats [cpu] [--percent]
- Returns cpu stats of the node. If cpu is specified, this will prints specified cpu statistics only. If --percent is specified, this will prints percentage of each kind of cpu statistics during 1 second.
- nodememstats [cell]
- Returns memory stats of the node. If cell is specified, this will prints specified cell statistics only.
- nodesuspend [target] [duration] [flags]
- Puts the node (host machine) into a system-wide sleep state such as Suspend-to-RAM, Suspend-to-Disk or Hybrid-Suspend and sets up a Real-Time-Clock interrupt to fire (to wake up the node) after a time delay specified by the 'duration' parameter.
- capabilities
-
Print an XML document describing the capabilities of the hypervisor
we are currently connected to. This includes a section on the host
capabilities in terms of CPU and features, and a set of description
for each kind of guest which can be virtualized. For a more complete
description see:
<http://libvirt.org/formatcaps.html> The XML also show the NUMA topology information if available. - inject-nmi domain-id
- Inject NMI to the guest.
- list [--inactive | --all] [--managed-save] [--title] { [--table] | --name | --uuid } [--persistent] [--transient]
-
Prints information about existing domains. If no options are
specified it prints out information about running domains.
An example format for the list is as follows:
virsh list
Id Name State----------------------------------
0 Domain-0 running 2 fedora paused
Name is the name of the domain. ID the domain numeric id. State is the run state (see below).
STATES
The State field lists 7 states for a domain, and which ones the current domain is in.
-
- running
- The domain is currently running on a CPU
- idle
- The domain is idle, and not running or runnable. This can be caused because the domain is waiting on IO (a traditional wait state) or has gone to sleep because there was nothing else for it to do.
- paused
- The domain has been paused, usually occurring through the administrator running virsh suspend. When in a paused state the domain will still consume allocated resources like memory, but will not be eligible for scheduling by the hypervisor.
- shutdown
- The domain is in the process of shutting down, i.e. the guest operating system has been notified and should be in the process of stopping its operations gracefully.
- shut off
- The domain is not running. Usually this indicates the domain has been shut down completely, or has not been started.
- crashed
- The domain has crashed, which is always a violent ending. Usually this state can only occur if the domain has been configured not to restart on crash.
- dying
- The domain is in process of dying, but hasn't completely shutdown or crashed.
-
If --managed-save is specified, then domains that have managed save state (only possible if they are in the shut off state) will instead show as saved in the listing. This flag is usable only with the default --table output.
If --name is specified, domain names are printed instead of the table formatted one per line. If --uuid is specified domain's UUID's are printed instead of names. Flag --table specifies that the legacy table-formatted output should be used. This is the default. All of these are mutually exclusive.
Flag --persistent specifies that persistent domains should be printed. Similarly --transient enables output of transient domains. These flags may be combined. Default behavior is as though both were specified. (Note that if any of these flags is specified, the check for the persistence state is done and may fail. If none of these flags is specified, the check is skipped.)
If --title is specified, then the short domain description (title) is printed in an extra column. This flag is usable only with the default --table output.
Example:
virsh list --title
Id Name State Title
-----------------------------------------------
0 Domain-0 running Mailserver 1
2 fedora paused
-
- freecell [{ [--cellno] cellno | --all }]
- Prints the available amount of memory on the machine or within a NUMA cell. The freecell command can provide one of three different displays of available memory on the machine depending on the options specified. With no options, it displays the total free memory on the machine. With the --all option, it displays the free memory in each cell and the total free memory on the machine. Finally, with a numeric argument or with --cellno plus a cell number it will display the free memory for the specified cell only.
- cpu-baseline FILE
- Compute baseline CPU which will be supported by all host CPUs given in <file>. The list of host CPUs is built by extracting all <cpu> elements from the <file>. Thus, the <file> can contain either a set of <cpu> elements separated by new lines or even a set of complete <capabilities> elements printed by capabilities command.
- cpu-compare FILE
- Compare CPU definition from XML <file> with host CPU. The XML <file> may contain either host or guest CPU definition. The host CPU definition is the <cpu> element and its contents as printed by capabilities command. The guest CPU definition is the <cpu> element and its contents from domain XML definition. For more information on guest CPU definition see: <http://libvirt.org/formatdomain.html#elementsCPU>
- echo [--shell] [--xml] [arg...]
- Echo back each arg, separated by space. If --shell is specified, then the output will be single-quoted where needed, so that it is suitable for reuse in a shell context. If --xml is specified, then the output will be escaped for use in XML.
DOMAIN COMMANDS
The following commands manipulate domains directly, as stated previously most commands take domain-id as the first parameter. The domain-id can be specified as a short integer, a name or a full UUID.- autostart [--disable] domain-id
-
Configure a domain to be automatically started at boot.
The option --disable disables autostarting.
- console domain-id [devname] [--safe] [--force]
-
Connect the virtual serial console for the guest. The optional
devname parameter refers to the device alias of an alternate
console, serial or parallel device configured for the guest.
If omitted, the primary console will be opened.
If the flag --safe is specified, the connection is only attempted if the driver supports safe console handling. This flag specifies that the server has to ensure exclusive access to console devices. Optionally the --force flag may be specified, requesting to disconnect any existing sessions, such as in a case of a broken connection.
- create FILE [--console] [--paused] [--autodestroy]
-
Create a domain from an XML <file>. An easy way to create the XML
<file> is to use the dumpxml command to obtain the definition of a
pre-existing guest. The domain will be paused if the --paused option
is used and supported by the driver; otherwise it will be running.
If --console is requested, attach to the console after creation.
If --autodestroy is requested, then the guest will be automatically
destroyed when virsh closes its connection to libvirt, or otherwise
exits.
Example
virsh dumpxml <domain-id> > domain.xml vi domain.xml (or make changes with your other text editor) virsh create < domain.xml
- define FILE
- Define a domain from an XML <file>. The domain definition is registered but not started. If domain is already running, the changes will take effect on the next boot.
- desc [[--live] [--config] | [--current]] [--title] [--edit] [--new-desc New description or title message]
-
Show or modify description and title of a domain. These values are user
fields that allow to store arbitrary textual data to allow easy
identification of domains. Title should be short, although it's not enforced.
Flags --live or --config select whether this command works on live or persistent definitions of the domain. If both --live and --config are specified, the --config option takes precedence on getting the current description and both live configuration and config are updated while setting the description. --current is exclusive and implied if none of these was specified.
Flag --edit specifies that an editor with the contents of current description or title should be opened and the contents saved back afterwards.
Flag --title selects operation on the title field instead of description.
If neither of --edit and --new_desc are specified the note or description is displayed instead of being modified.
- destroy domain-id [--graceful]
-
Immediately terminate the domain domain-id. This doesn't give the domain
OS any chance to react, and it's the equivalent of ripping the power
cord out on a physical machine. In most cases you will want to use
the shutdown command instead. However, this does not delete any
storage volumes used by the guest, and if the domain is persistent, it
can be restarted later.
If domain-id is transient, then the metadata of any snapshots will be lost once the guest stops running, but the snapshot contents still exist, and a new domain with the same name and UUID can restore the snapshot metadata with snapshot-create.
If --graceful is specified, don't resort to extreme measures (e.g. SIGKILL) when the guest doesn't stop after a reasonable timeout; return an error instead.
- domblkstat domain block-device [--human]
-
Get device block stats for a running domain. A block-device corresponds
to a unique target name (<target dev='name'/>) or source file (<source
file='name'/>) for one of the disk devices attached to domain (see
also domblklist for listing these names).
Use --human for a more human readable output.
Availability of these fields depends on hypervisor. Unsupported fields are missing from the output. Other fields may appear if communicating with a newer version of libvirtd.
Explanation of fields (fields appear in the folowing order):
rd_req - count of read operations
rd_bytes - count of read bytes
wr_req - count of write operations
wr_bytes - count of written bytes
errs - error count
flush_operations - count of flush operations
rd_total_times - total time read operations took (ns)
wr_total_times - total time write operations took (ns)
flush_total_times - total time flush operations took (ns)
<-- other fields provided by hypervisor --> - domifstat domain interface-device
- Get network interface stats for a running domain.
- domif-setlink domain interface-device state --persistent
- Modify link state of the domain's virtual interface. Possible values for state are ``up'' and "down. If --persistent is specified, only the persistent configuration of the domain is modified. interface-device can be the interface's target name or the MAC address.
- domif-getlink domain interface-device --persistent
- Query link state of the domain's virtual interface. If --persistent is specified, query the persistent configuration. interface-device can be the interface's target name or the MAC address.
- domiftune domain interface-device [[--config] [--live] | [--current]] [--inbound average,peak,burst] [--outbound average,peak,burst]
-
Set or query the domain's network interface's bandwidth parameters.
interface-device can be the interface's target name (<target dev='name'/>),
or the MAC address.
If no --inbound or --outbound is specified, this command will query and show the bandwidth settings. Otherwise, it will set the inbound or outbound bandwidth. average,peak,burst is the same as in command attach-interface.
If --live is specified, affect a running guest. If --config is specified, affect the next boot of a persistent guest. If --current is specified, affect the current guest state. Both --live and --current flags may be given, but --current is exclusive. If no flag is specified, behavior is different depending on hypervisor.
- dommemstat domain
- Get memory stats for a running domain.
- domblkerror domain-id
- Show errors on block devices. This command usually comes handy when domstate command says that a domain was paused due to I/O error. The domblkerror command lists all block devices in error state and the error seen on each of them.
- domblkinfo domain block-device
- Get block device size info for a domain. A block-device corresponds to a unique target name (<target dev='name'/>) or source file (<source file='name'/>) for one of the disk devices attached to domain (see also domblklist for listing these names).
- domblklist domain [--inactive] [--details]
- Print a table showing the brief information of all block devices associated with domain. If --inactive is specified, query the block devices that will be used on the next boot, rather than those currently in use by a running domain. If --details is specified, disk type and device value will also be printed. Other contexts that require a block device name (such as domblkinfo or snapshot-create for disk snapshots) will accept either target or unique source names printed by this command.
- domiflist domain [--inactive]
- Print a table showing the brief information of all virtual interfaces associated with domain. If --inactive is specified, query the virtual interfaces that will be used on the next boot, rather than those currently in use by a running domain. Other contexts that require a MAC address of virtual interface (such as detach-interface or domif-setlink) will accept the MAC address printed by this command.
- blockcopy domain path dest [bandwidth] [--shallow] [--reuse-external] [--raw] [--wait [--verbose] [{--pivot | --finish}] [--timeout seconds] [--async]]
-
Copy a disk backing image chain to dest. By default, this command
flattens the entire chain; but if --shallow is specified, the copy
shares the backing chain.
If --reuse-external is specified, then dest must exist and have contents identical to the resulting backing file (that is, it must start with contents matching the backing file disk if --shallow is used, otherwise it must start empty); this option is typically used to set up a relative backing file name in the destination.
The format of the destination is determined by the first match in the following list: if --raw is specified, it will be raw; if --reuse-external is specified, the existing destination is probed for a format; and in all other cases, the destination format will match the source format.
By default, the copy job runs in the background, and consists of two phases. Initially, the job must copy all data from the source, and during this phase, the job can only be canceled to revert back to the source disk, with no guarantees about the destination. After this phase completes, both the source and the destination remain mirrored until a call to blockjob with the --abort and --pivot flags pivots over to the copy, or a call without --pivot leaves the destination as a faithful copy of that point in time. However, if --wait is specified, then this command will block until the mirroring phase begins, or cancel the operation if the optional timeout in seconds elapses or SIGINT is sent (usually with "Ctrl-C"). Using --verbose along with --wait will produce periodic status updates. Using --pivot or --finish along with --wait will additionally end the job cleanly rather than leaving things in the mirroring phase. If job cancellation is triggered, --async will return control to the user as fast as possible, otherwise the command may continue to block a little while longer until the job is done cleaning up.
path specifies fully-qualified path of the disk. bandwidth specifies copying bandwidth limit in Mbps.
- blockpull domain path [bandwidth] [base] [--wait [--verbose] [--timeout seconds] [--async]]
-
Populate a disk from its backing image chain. By default, this command
flattens the entire chain; but if base is specified, containing the
name of one of the backing files in the chain, then that file becomes
the new backing file and only the intermediate portion of the chain is
pulled. Once all requested data from the backing image chain has been
pulled, the disk no longer depends on that portion of the backing chain.
By default, this command returns as soon as possible, and data for the entire disk is pulled in the background; the progress of the operation can be checked with blockjob. However, if --wait is specified, then this command will block until the operation completes, or cancel the operation if the optional timeout in seconds elapses or SIGINT is sent (usually with "Ctrl-C"). Using --verbose along with --wait will produce periodic status updates. If job cancellation is triggered, --async will return control to the user as fast as possible, otherwise the command may continue to block a little while longer until the job is done cleaning up.
path specifies fully-qualified path of the disk; it corresponds to a unique target name (<target dev='name'/>) or source file (<source file='name'/>) for one of the disk devices attached to domain (see also domblklist for listing these names). bandwidth specifies copying bandwidth limit in Mbps.
- blkdeviotune domain device [[--config] [--live] | [--current]] [[total-bytes-sec] | [read-bytes-sec] [write-bytes-sec]] [[total-iops-sec] | [read-iops-sec] [write-iops-sec]]
-
Set or query the block disk io parameters for a block device of domain.
device specifies a unique target name (<target dev='name'/>) or source
file (<source file='name'/>) for one of the disk devices attached to
domain (see also domblklist for listing these names).
If no limit is specified, it will query current I/O limits setting. Otherwise, alter the limits with these flags: --total-bytes-sec specifies total throughput limit in bytes per second. --read-bytes-sec specifies read throughput limit in bytes per second. --write-bytes-sec specifies write throughput limit in bytes per second. --total-iops-sec specifies total I/O operations limit per second. --read-iops-sec specifies read I/O operations limit per second. --write-iops-sec specifies write I/O operations limit per second.
Older versions of virsh only accepted these options with underscore instead of dash, as in --total_bytes_sec.
Bytes and iops values are independent, but setting only one value (such as --read-bytes-sec) resets the other two in that category to unlimited. An explicit 0 also clears any limit. A non-zero value for a given total cannot be mixed with non-zero values for read or write.
If --live is specified, affect a running guest. If --config is specified, affect the next boot of a persistent guest. If --current is specified, affect the current guest state. Both --live and --current flags may be given, but --current is exclusive. If no flag is specified, behavior is different depending on hypervisor.
- blockjob domain path { [--abort] [--async] [--pivot] | [--info] | [bandwidth] }
-
Manage active block operations. There are three modes: --info,
bandwidth, and --abort; --info is default except that --async
or --pivot implies --abort.
path specifies fully-qualified path of the disk; it corresponds to a unique target name (<target dev='name'/>) or source file (<source file='name'/>) for one of the disk devices attached to domain (see also domblklist for listing these names).
If --abort is specified, the active job on the specified disk will be aborted. If --async is also specified, this command will return immediately, rather than waiting for the cancelation to complete. If --pivot is specified, this requests that an active copy job be pivoted over to the new copy. If --info is specified, the active job information on the specified disk will be printed. bandwidth can be used to set bandwidth limit for the active job.
- blockresize domain path size
-
Resize a block device of domain while the domain is running, path
specifies the absolute path of the block device; it corresponds
to a unique target name (<target dev='name'/>) or source file (<source
file='name'/>) for one of the disk devices attached to domain (see
also domblklist for listing these names).
size is a scaled integer (see NOTES above) which defaults to KiB (blocks of 1024 bytes) if there is no suffix. You must use a suffix of ``B'' to get bytes (note that for historical reasons, this differs from vol-resize which defaults to bytes without a suffix).
- dominfo domain-id
- Returns basic information about the domain.
- domuuid domain-name-or-id
- Convert a domain name or id to domain UUID
- domid domain-name-or-uuid
- Convert a domain name (or UUID) to a domain id
- domjobabort domain-id-or-uuid
- Abort the currently running domain job.
- domjobinfo domain-id-or-uuid
- Returns information about jobs running on a domain.
- domname domain-id-or-uuid
- Convert a domain Id (or UUID) to domain name
- domstate domain-id [--reason]
- Returns state about a domain. --reason tells virsh to also print reason for the state.
- domcontrol domain-id
- Returns state of an interface to VMM used to control a domain. For states other than ``ok'' or ``error'' the command also prints number of seconds elapsed since the control interface entered its current state.
- domxml-from-native format config
- Convert the file config in the native guest configuration format named by format to a domain XML format. For QEMU/KVM hypervisor, the format argument must be qemu-argv. For Xen hypervisor, the format argument may be xen-xm or xen-sxpr.
- domxml-to-native format xml
- Convert the file xml in domain XML format to the native guest configuration format named by format. For QEMU/KVM hypervisor, the format argument must be qemu-argv. For Xen hypervisor, the format argument may be xen-xm or xen-sxpr.
- dump domain-id corefilepath [--bypass-cache] { [--live] | [--crash] | [--reset] } [--verbose]
-
Dumps the core of a domain to a file for analysis.
If --live is specified, the domain continues to run until the core
dump is complete, rather than pausing up front.
If --crash is specified, the domain is halted with a crashed status,
rather than merely left in a paused state.
If --reset is specified, the domain is reset after successful dump.
Note, these three switches are mutually exclusive.
If --bypass-cache is specified, the save will avoid the file system
cache, although this may slow down the operation.
The progress may be monitored using domjobinfo virsh command and canceled with domjobabort command (sent by another virsh instance). Another option is to send SIGINT (usually with "Ctrl-C") to the virsh process running dump command. --verbose displays the progress of dump.
NOTE: Some hypervisors may require the user to manually ensure proper permissions on file and path specified by argument corefilepath.
- dumpxml domain-id [--inactive] [--security-info] [--update-cpu]
- Output the domain information as an XML dump to stdout, this format can be used by the create command. Additional options affecting the XML dump may be used. --inactive tells virsh to dump domain configuration that will be used on next start of the domain as opposed to the current domain configuration. Using --security-info will also include security sensitive information in the XML dump. --update-cpu updates domain CPU requirements according to host CPU.
- edit domain-id
-
Edit the XML configuration file for a domain, which will affect the
next boot of the guest.
This is equivalent to:
virsh dumpxml --inactive --security-info domain > domain.xml vi domain.xml (or make changes with your other text editor) virsh define domain.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".
- managedsave domain-id [--bypass-cache] [{--running | --paused}] [--verbose]
-
Save and destroy (stop) a running domain, so it can be restarted from the same
state at a later time. When the virsh start command is next run for
the domain, it will automatically be started from this saved state.
If --bypass-cache is specified, the save will avoid the file system
cache, although this may slow down the operation.
The progress may be monitored using domjobinfo virsh command and canceled with domjobabort command (sent by another virsh instance). Another option is to send SIGINT (usually with "Ctrl-C") to the virsh process running managedsave command. --verbose displays the progress of save.
Normally, starting a managed save will decide between running or paused based on the state the domain was in when the save was done; passing either the --running or --paused flag will allow overriding which state the start should use.
The dominfo command can be used to query whether a domain currently has any managed save image.
- managedsave-remove domain-id
- Remove the managedsave state file for a domain, if it exists. This ensures the domain will do a full boot the next time it is started.
- maxvcpus [type]
- Provide the maximum number of virtual CPUs supported for a guest VM on this connection. If provided, the type parameter must be a valid type attribute for the <domain> element of XML.
- cpu-stats domain [--total] [start] [count]
- Provide cpu statistics information of a domain. The domain should be running. Default it shows stats for all CPUs, and a total. Use --total for only the total stats, start for only the per-cpu stats of the CPUs from start, count for only count CPUs' stats.
- migrate [--live] [--direct] [--p2p [--tunnelled]] [--persistent] [--undefinesource] [--suspend] [--copy-storage-all] [--copy-storage-inc] [--change-protection] [--unsafe] [--verbose] domain-id desturi [migrateuri] [dname] [--timeout seconds] [--xml file]
-
Migrate domain to another host. Add --live for live migration; --p2p
for peer-2-peer migration; --direct for direct migration; or --tunnelled
for tunnelled migration. --persistent leaves the domain persistent on
destination host, --undefinesource undefines the domain on the source host,
and --suspend leaves the domain paused on the destination host.
--copy-storage-all indicates migration with non-shared storage with full
disk copy, --copy-storage-inc indicates migration with non-shared storage
with incremental copy (same base image shared between source and destination).
In both cases the disk images have to exist on destination host, the
--copy-storage-... options only tell libvirt to transfer data from the
images on source host to the images found at the same place on the destination
host. --change-protection enforces that no incompatible configuration
changes will be made to the domain while the migration is underway; this flag
is implicitly enabled when supported by the hypervisor, but can be explicitly
used to reject the migration if the hypervisor lacks change protection
support. --verbose displays the progress of migration.
In some cases libvirt may refuse to migrate the domain because doing so may lead to potential problems such as data corruption, and thus the migration is considered unsafe. For QEMU domain, this may happen if the domain uses disks without explicitly setting cache mode to ``none''. Migrating such domains is unsafe unless the disk images are stored on coherent clustered filesystem, such as GFS2 or GPFS. If you are sure the migration is safe or you just do not care, use --unsafe to force the migration.
The desturi is the connection URI of the destination host, and migrateuri is the migration URI, which usually can be omitted. dname is used for renaming the domain to new name during migration, which also usually can be omitted. Likewise, --xml file is usually omitted, but can be used to supply an alternative XML file for use on the destination to supply a larger set of changes to any host-specific portions of the domain XML, such as accounting for naming differences between source and destination in accessing underlying storage.
--timeout seconds forces guest to suspend when live migration exceeds that many seconds, and then the migration will complete offline. It can only be used with --live.
Running migration can be canceled by interrupting virsh (usually using "Ctrl-C") or by domjobabort command sent from another virsh instance.
Note: The desturi parameter for normal migration and peer2peer migration has different semantics:
-
- *
- normal migration: the desturi is an address of the target host as seen from the client machine.
- *
- peer2peer migration: the desturi is an address of the target host as seen from the source machine.
-
- migrate-setmaxdowntime domain-id downtime
- Set maximum tolerable downtime for a domain which is being live-migrated to another host. The downtime is a number of milliseconds the guest is allowed to be down at the end of live migration.
- migrate-setspeed domain-id bandwidth
- Set the maximum migration bandwidth (in Mbps) for a domain which is being migrated to another host.
- migrate-getspeed domain-id
- Get the maximum migration bandwidth (in Mbps) for a domain.
- numatune domain [--mode mode] [--nodeset nodeset] [[--config] [--live] | [--current]]
-
Set or get a domain's numa parameters, corresponding to the <numatune>
element of domain XML. Without flags, the current settings are
displayed.
mode can be one of `strict', `interleave' and `preferred'. For a running domain, the mode can't be changed, and the nodeset can be changed only if the domain was started with a mode of `strict'.
nodeset is a list of numa nodes used by the host for running the domain. Its syntax is a comma separated list, with '-' for ranges and '^' for excluding a node.
If --live is specified, set scheduler information of a running guest. If --config is specified, affect the next boot of a persistent guest. If --current is specified, affect the current guest state.
- reboot domain-id [--mode acpi|agent]
-
Reboot a domain. This acts just as if the domain had the reboot
command run from the console. The command returns as soon as it has
executed the reboot action, which may be significantly before the
domain actually reboots.
The exact behavior of a domain when it reboots is set by the on_reboot parameter in the domain's XML definition.
By default the hypervisor will try to pick a suitable shutdown method. To specify an alternative method, the --mode parameter can specify "acpi" or "agent".
- reset domain-id
-
Reset a domain immediately without any guest shutdown. reset
emulates the power reset button on a machine, where all guest
hardware sees the RST line set and reinitializes internal state.
Note: Reset without any guest OS shutdown risks data loss.
- restore state-file [--bypass-cache] [--xml file] [{--running | --paused}]
-
Restores a domain from a virsh save state file. See save for more info.
If --bypass-cache is specified, the restore will avoid the file system cache, although this may slow down the operation.
--xml file is usually omitted, but can be used to supply an alternative XML file for use on the restored guest with changes only in the host-specific portions of the domain XML. For example, it can be used to account for file naming differences in underlying storage due to disk snapshots taken after the guest was saved.
Normally, restoring a saved image will use the state recorded in the save image to decide between running or paused; passing either the --running or --paused flag will allow overriding which state the domain should be started in.
Note: To avoid corrupting file system contents within the domain, you should not reuse the saved state file for a second restore unless you have also reverted all storage volumes back to the same contents as when the state file was created.
- save domain-id state-file [--bypass-cache] [--xml file] [{--running | --paused}] [--verbose]
-
Saves a running domain (RAM, but not disk state) to a state file so that
it can be restored
later. Once saved, the domain will no longer be running on the
system, thus the memory allocated for the domain will be free for
other domains to use. virsh restore restores from this state file.
If --bypass-cache is specified, the save will avoid the file system
cache, although this may slow down the operation.
The progress may be monitored using domjobinfo virsh command and canceled with domjobabort command (sent by another virsh instance). Another option is to send SIGINT (usually with "Ctrl-C") to the virsh process running save command. --verbose displays the progress of save.
This is roughly equivalent to doing a hibernate on a running computer, with all the same limitations. Open network connections may be severed upon restore, as TCP timeouts may have expired.
--xml file is usually omitted, but can be used to supply an alternative XML file for use on the restored guest with changes only in the host-specific portions of the domain XML. For example, it can be used to account for file naming differences that are planned to be made via disk snapshots of underlying storage after the guest is saved.
Normally, restoring a saved image will decide between running or paused based on the state the domain was in when the save was done; passing either the --running or --paused flag will allow overriding which state the restore should use.
Domain saved state files assume that disk images will be unchanged between the creation and restore point. For a more complete system restore point, where the disk state is saved alongside the memory state, see the snapshot family of commands.
- save-image-define file xml [{--running | --paused}]
-
Update the domain XML that will be used when file is later
used in the restore command. The xml argument must be a file
name containing the alternative XML, with changes only in the
host-specific portions of the domain XML. For example, it can
be used to account for file naming differences resulting from creating
disk snapshots of underlying storage after the guest was saved.
The save image records whether the domain should be restored to a running or paused state. Normally, this command does not alter the recorded state; passing either the --running or --paused flag will allow overriding which state the restore should use.
- save-image-dumpxml file [--security-info]
- Extract the domain XML that was in effect at the time the saved state file file was created with the save command. Using --security-info will also include security sensitive information.
- save-image-edit file [{--running | --paused}]
-
Edit the XML configuration associated with a saved state file file
created by the save command.
The save image records whether the domain should be restored to a running or paused state. Normally, this command does not alter the recorded state; passing either the --running or --paused flag will allow overriding which state the restore should use.
This is equivalent to:
virsh save-image-dumpxml state-file > state-file.xml vi state-file.xml (or make changes with your other text editor) virsh save-image-define state-file state-file-xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".
- schedinfo [--set parameter=value] domain-id [[--config] [--live] | [--current]]
- schedinfo [--weight number] [--cap number] domain-id
-
Allows you to show (and set) the domain scheduler parameters. The parameters
available for each hypervisor are:
LXC (posix scheduler) : cpu_shares
QEMU/KVM (posix scheduler): cpu_shares, vcpu_period, vcpu_quota
Xen (credit scheduler): weight, cap
ESX (allocation scheduler): reservation, limit, shares
If --live is specified, set scheduler information of a running guest. If --config is specified, affect the next boot of a persistent guest. If --current is specified, affect the current guest state.
Note: The cpu_shares parameter has a valid value range of 0-262144; Negative values are wrapped to positive, and larger values are capped at the maximum. Therefore, -1 is a useful shorthand for 262144. On the Linux kernel, the values 0 and 1 are automatically converted to a minimal value of 2.
Note: The weight and cap parameters are defined only for the XEN_CREDIT scheduler and are now DEPRECATED.
Note: The vcpu_period parameter has a valid value range of 1000-1000000 or 0, and the vcpu_quota parameter has a valid value range of 1000-18446744073709551 or less than 0. The value 0 for either parameter is the same as not specifying that parameter.
- screenshot domain-id [imagefilepath] [--screen screenID]
- Takes a screenshot of a current domain console and stores it into a file. Optionally, if hypervisor supports more displays for a domain, screenID allows to specify which screen will be captured. It is the sequential number of screen. In case of multiple graphics cards, heads are enumerated before devices, e.g. having two graphics cards, both with four heads, screen ID 5 addresses the second head on the second card.
- send-key domain-id [--codeset codeset] [--holdtime holdtime] keycode...
-
Parse the keycode sequence as keystrokes to send to domain-id.
Each keycode can either be a numeric value or a symbolic name from
the corresponding codeset. If --holdtime is given, each keystroke
will be held for that many milliseconds. The default codeset is
linux, but use of the --codeset option allows other codesets to
be chosen.
-
- linux
- The numeric values are those defined by the Linux generic input event subsystem. The symbolic names match the corresponding Linux key constant macro names.
- xt
- The numeric values are those defined by the original XT keyboard controller. No symbolic names are provided
- atset1
- The numeric values are those defined by the AT keyboard controller, set 1 (aka XT compatible set). Extended keycoes from atset1 may differ from extended keycodes in the xt codeset. No symbolic names are provided
- atset2
- The numeric values are those defined by the AT keyboard controller, set 2. No symbolic names are provided
- atset3
- The numeric values are those defined by the AT keyboard controller, set 3 (aka PS/2 compatible set). No symbolic names are provided
- os_x
- The numeric values are those defined by the OS-X keyboard input subsystem. The symbolic names match the corresponding OS-X key constant macro names
- xt_kbd
- The numeric values are those defined by the Linux KBD device. These are a variant on the original XT codeset, but often with different encoding for extended keycodes. No symbolic names are provided.
- win32
- The numeric values are those defined by the Win32 keyboard input subsystem. The symbolic names match the corresponding Win32 key constant macro names
- usb
- The numeric values are those defined by the USB HID specification for keyboard input. No symbolic names are provided
- rfb
- The numeric values are those defined by the RFB extension for sending raw keycodes. These are a variant on the XT codeset, but extended keycodes have the low bit of the second byte set, instead of the high bit of the first byte. No symbolic names are provided.
-
Examples
# send three strokes 'k', 'e', 'y', using xt codeset
virsh send-key dom --codeset xt 37 18 21
# send one stroke 'right-ctrl+C'
virsh send-key dom KEY_RIGHTCTRL KEY_C
# send a tab, held for 1 second
virsh send-key --holdtime 1000 0xf
-
- setmem domain-id size [[--config] [--live] | [--current]]
-
Change the memory allocation for a guest domain.
If --live is specified, perform a memory balloon of a running guest.
If --config is specified, affect the next boot of a persistent guest.
If --current is specified, affect the current guest state.
Both --live and --config flags may be given, but --current is
exclusive. If no flag is specified, behavior is different depending
on hypervisor.
size is a scaled integer (see NOTES above); it defaults to kibibytes (blocks of 1024 bytes) unless you provide a suffix (and the older option name --kilobytes is available as a deprecated synonym) . Libvirt rounds up to the nearest kibibyte. Some hypervisors require a larger granularity than KiB, and requests that are not an even multiple will be rounded up. For example, vSphere/ESX rounds the parameter up to mebibytes (1024 kibibytes).
For Xen, you can only adjust the memory of a running domain if the domain is paravirtualized or running the PV balloon driver.
- setmaxmem domain-id size [[--config] [--live] | [--current]]
-
Change the maximum memory allocation limit for a guest domain.
If --live is specified, affect a running guest.
If --config is specified, affect the next boot of a persistent guest.
If --current is specified, affect the current guest state.
Both --live and --config flags may be given, but --current is
exclusive. If no flag is specified, behavior is different depending
on hypervisor.
This command works for at least the Xen, QEMU/KVM and vSphere/ESX hypervisors.
size is a scaled integer (see NOTES above); it defaults to kibibytes (blocks of 1024 bytes) unless you provide a suffix (and the older option name --kilobytes is available as a deprecated synonym) . Libvirt rounds up to the nearest kibibyte. Some hypervisors require a larger granularity than KiB, and requests that are not an even multiple will be rounded up. For example, vSphere/ESX rounds the parameter up to mebibytes (1024 kibibytes).
- memtune domain-id [--hard-limit size] [--soft-limit size] [--swap-hard-limit size] [--min-guarantee size] [[--config] [--live] | [--current]]
-
Allows you to display or set the domain memory parameters. Without
flags, the current settings are displayed; with a flag, the
appropriate limit is adjusted if supported by the hypervisor. LXC and
QEMU/KVM support --hard-limit, --soft-limit, and --swap-hard-limit.
--min-guarantee is supported only by ESX hypervisor. Each of these
limits are scaled integers (see NOTES above), with a default of
kibibytes (blocks of 1024 bytes) if no suffix is present.
If --live is specified, affect a running guest. If --config is specified, affect the next boot of a persistent guest. If --current is specified, affect the current guest state. Both --live and --config flags may be given, but --current is exclusive. If no flag is specified, behavior is different depending on hypervisor.
For QEMU/KVM, the parameters are applied to the QEMU process as a whole. Thus, when counting them, one needs to add up guest RAM, guest video RAM, and some memory overhead of QEMU itself. The last piece is hard to determine so one needs guess and try.
-
- --hard-limit
- The maximum memory the guest can use.
- --soft-limit
- The memory limit to enforce during memory contention.
- --swap-hard-limit
- The maximum memory plus swap the guest can use. This has to be more than hard-limit value provided.
- --min-guarantee
- The guaranteed minimum memory allocation for the guest.
-
Specifying -1 as a value for these limits is interpreted as unlimited.
-
- blkiotune domain-id [--weight weight] [--device-weights device-weights] [[--config] [--live] | [--current]]
-
Display or set the blkio parameters. QEMU/KVM supports --weight.
--weight is in range [100, 1000].
device-weights is a single string listing one or more device/weight pairs, in the format of /path/to/device,weight,/path/to/device,weight. Each weight is in the range [100, 1000], or the value 0 to remove that device from per-device listings. Only the devices listed in the string are modified; any existing per-device weights for other devices remain unchanged.
If --live is specified, affect a running guest. If --config is specified, affect the next boot of a persistent guest. If --current is specified, affect the current guest state. Both --live and --config flags may be given, but --current is exclusive. If no flag is specified, behavior is different depending on hypervisor.
- setvcpus domain-id count [--maximum] [[--config] [--live] | [--current]]
-
Change the number of virtual CPUs active in a guest domain. By default,
this command works on active guest domains. To change the settings for an
inactive guest domain, use the --config flag.
The count value may be limited by host, hypervisor, or a limit coming from the original description of the guest domain. For Xen, you can only adjust the virtual CPUs of a running domain if the domain is paravirtualized.
If the --config flag is specified, the change is made to the stored XML configuration for the guest domain, and will only take effect when the guest domain is next started.
If --live is specified, the guest domain must be active, and the change takes place immediately. Both the --config and --live flags may be specified together if supported by the hypervisor.
If --current is specified, affect the current guest state.
When no flags are given, the --live flag is assumed and the guest domain must be active. In this situation it is up to the hypervisor whether the --config flag is also assumed, and therefore whether the XML configuration is adjusted to make the change persistent.
The --maximum flag controls the maximum number of virtual cpus that can be hot-plugged the next time the domain is booted. As such, it must only be used with the --config flag, and not with the --live flag.
- shutdown domain-id [--mode acpi|agent]
-
Gracefully shuts down a domain. This coordinates with the domain OS
to perform graceful shutdown, so there is no guarantee that it will
succeed, and may take a variable length of time depending on what
services must be shutdown in the domain.
The exact behavior of a domain when it shuts down is set by the on_shutdown parameter in the domain's XML definition.
If domain-id is transient, then the metadata of any snapshots will be lost once the guest stops running, but the snapshot contents still exist, and a new domain with the same name and UUID can restore the snapshot metadata with snapshot-create.
By default the hypervisor will try to pick a suitable shutdown method. To specify an alternative method, the --mode parameter can specify "acpi" or "agent".
- start domain-name [--console] [--paused] [--autodestroy] [--bypass-cache] [--force-boot]
- Start a (previously defined) inactive domain, either from the last managedsave state, or via a fresh boot if no managedsave state is present. The domain will be paused if the --paused option is used and supported by the driver; otherwise it will be running. If --console is requested, attach to the console after creation. If --autodestroy is requested, then the guest will be automatically destroyed when virsh closes its connection to libvirt, or otherwise exits. If --bypass-cache is specified, and managedsave state exists, the restore will avoid the file system cache, although this may slow down the operation. If --force-boot is specified, then any managedsave state is discarded and a fresh boot occurs.
- suspend domain-id
- Suspend a running domain. It is kept in memory but won't be scheduled anymore.
- resume domain-id
- Moves a domain out of the suspended state. This will allow a previously suspended domain to now be eligible for scheduling by the underlying hypervisor.
- dompmsuspend domain-id target
-
Suspend a running domain into one of these states (possible target
values):
mem equivallent of S3 ACPI state
disk equivallent of S4 ACPI state
hybrid RAM is saved to disk but not powered off - ttyconsole domain-id
- Output the device used for the TTY console of the domain. If the information is not available the processes will provide an exit code of 1.
- undefine domain-id [--managed-save] [--snapshots-metadata] [ {--storage volumes | --remove-all-storage} --wipe-storage]
-
Undefine a domain. If the domain is running, this converts it to a
transient domain, without stopping it. If the domain is inactive,
the domain configuration is removed.
The --managed-save flag guarantees that any managed save image (see the managedsave command) is also cleaned up. Without the flag, attempts to undefine a domain with a managed save image will fail.
The --snapshots-metadata flag guarantees that any snapshots (see the snapshot-list command) are also cleaned up when undefining an inactive domain. Without the flag, attempts to undefine an inactive domain with snapshot metadata will fail. If the domain is active, this flag is ignored.
The --storage flag takes a parameter volumes, which is a comma separated list of volume target names or source paths of storage volumes to be removed along with the undefined domain. Volumes can be undefined and thus removed only on inactive domains. Volume deletion is only attempted after the domain is undefined; if not all of the requested volumes could be deleted, the error message indicates what still remains behind. If a volume path is not found in the domain definition, it's treated as if the volume was successfully deleted. (See domblklist for list of target names associated to a domain). Example: --storage vda,/path/to/storage.img
The --remove-all-storage flag specifies that all of the domain's storage volumes should be deleted.
The flag --wipe-storage specifies that the storage volumes should be wiped before removal.
NOTE: For an inactive domain, the domain name or UUID must be used as the domain-id.
- vcpucount domain-id [{--maximum | --active} {--config | --live | --current}]
-
Print information about the virtual cpu counts of the given
domain-id. If no flags are specified, all possible counts are
listed in a table; otherwise, the output is limited to just the
numeric value requested. For historical reasons, the table
lists the label ``current'' on the rows that can be queried in isolation
via the --active flag, rather than relating to the --current flag.
--maximum requests information on the maximum cap of vcpus that a domain can add via setvcpus, while --active shows the current usage; these two flags cannot both be specified. --config requires a persistent domain and requests information regarding the next time the domain will be booted, --live requires a running domain and lists current values, and --current queries according to the current state of the domain (corresponding to --live if running, or --config if inactive); these three flags are mutually exclusive. Thus, this command always takes exactly zero or two flags.
- vcpuinfo domain-id
- Returns basic information about the domain virtual CPUs, like the number of vCPUs, the running time, the affinity to physical processors.
- vcpupin domain-id [vcpu] [cpulist] [[--live] [--config] | [--current]]
-
Query or change the pinning of domain VCPUs to host physical CPUs. To
pin a single vcpu, specify cpulist; otherwise, you can query one
vcpu or omit vcpu to list all at once.
cpulist is a list of physical CPU numbers. Its syntax is a comma separated list and a special markup using '-' and '^' (ex. '0-4', '0-3,^2') can also be allowed. The '-' denotes the range and the '^' denotes exclusive. If you want to reset vcpupin setting, that is, to pin vcpu all physical cpus, simply specify 'r' as a cpulist. If --live is specified, affect a running guest. If --config is specified, affect the next boot of a persistent guest. If --current is specified, affect the current guest state. Both --live and --config flags may be given if cpulist is present, but --current is exclusive. If no flag is specified, behavior is different depending on hypervisor.
Note: The expression is sequentially evaluated, so ``0-15,^8'' is identical to ``9-14,0-7,15'' but not identical to ``^8,0-15''.
- vncdisplay domain-id
- Output the IP address and port number for the VNC display. If the information is not available the processes will provide an exit code of 1.
DEVICE COMMANDS
The following commands manipulate devices associated to domains. The domain-id can be specified as a short integer, a name or a full UUID. To better understand the values allowed as options for the command reading the documentation at <http://libvirt.org/formatdomain.html> on the format of the device sections to get the most accurate set of accepted values.- attach-device domain-id FILE
- Attach a device to the domain, using a device definition in an XML file. See the documentation to learn about libvirt XML format for a device. For cdrom and floppy devices, this command only replaces the media within the single existing device; consider using update-device for this usage. For passthrough host devices, see also nodedev-detach, needed if the device does not use managed mode.
- attach-disk domain-id source target [--driver driver] [--subdriver subdriver] [--cache cache] [--type type] [--mode mode] [--persistent] [--sourcetype soucetype] [--serial serial] [--shareable] [--rawio] [--address address] [--multifunction]
- Attach a new disk device to the domain. source and target are paths for the files and devices. driver can be file, tap or phy for the Xen hypervisor depending on the kind of access; or qemu for the QEMU emulator. type can indicate cdrom or floppy as alternative to the disk default, although this use only replaces the media within the existing virtual cdrom or floppy device; consider using update-device for this usage instead. mode can specify the two specific mode readonly or shareable. persistent indicates the changes will affect the next boot of the domain. sourcetype can indicate the type of source (block|file) cache can be one of ``default'', ``none'', ``writethrough'', ``writeback'', ``directsync'' or ``unsafe''. serial is the serial of disk device. shareable indicates the disk device is shareable between domains. rawio indicates the disk needs rawio capability. address is the address of disk device in the form of pci:domain.bus.slot.function, scsi:controller.bus.unit or ide:controller.bus.unit. multifunction indicates specified pci address is a multifunction pci device address.
- attach-interface domain-id type source [--target target] [--mac mac] [--script script] [--model model] [--persistent] [--inbound average,peak,burst] [--outbound average,peak,burst]
-
Attach a new network interface to the domain.
type can be either network to indicate a physical network device or bridge to indicate a bridge to a device.
source indicates the source device.
target allows to indicate the target device in the guest.
mac allows to specify the MAC address of the network interface.
script allows to specify a path to a script handling a bridge instead of
the default one.
model allows to specify the model type.
persistent indicates the changes will affect the next boot of the domain.
inbound and outbound control the bandwidth of the interface. peak
and burst are optional, so ``average,peak'', ``average,,burst'' and
``average'' are also legal.
Note: the optional target value is the name of a device to be created as the back-end on the node. If not provided a device named ``vnetN'' or ``vifN'' will be created automatically.
- detach-device domain-id FILE
- Detach a device from the domain, takes the same kind of XML descriptions as command attach-device. For passthrough host devices, see also nodedev-reattach, needed if the device does not use managed mode.
- detach-disk domain-id target
- Detach a disk device from a domain. The target is the device as seen from the domain.
- detach-interface domain-id type [--mac mac]
- Detach a network interface from a domain. type can be either network to indicate a physical network device or bridge to indicate a bridge to a device. It is recommended to use the mac option to distinguish between the interfaces if more than one are present on the domain.
- update-device domain-id file [--persistent] [--force]
- Update the characteristics of a device associated with domain-id, based on the device definition in an XML file. If the --persistent option is used, the changes will affect the next boot of the domain. The --force option can be used to force device update, e.g., to eject a CD-ROM even if it is locked/mounted in the domain. See the documentation to learn about libvirt XML format for a device.
- change-media domain-id path [--eject] [--insert] [--update] [source] [--force] [[--live] [--config] | [--current]]
-
Change media of CDROM or floppy drive. path can be the fully-qualified path
or the unique target name (<target dev='hdc'>) of the disk device. source
specifies the path of the media to be inserted or updated.
--eject indicates the media will be ejected. --insert indicates the media will be inserted. source must be specified. If the device has source (e.g. <source file='media'>), and source is not specified, --update is equal to --eject. If the device has no source, and source is specified, --update is equal to --insert. If the device has source, and source is specified, --update behaves like combination of --eject and --insert. If none of --eject, --insert, and --update is specified, --update is used by default. The --force option can be used to force media changing. If --live is specified, alter live configuration of running guest. If --config is specified, alter persistent configuration, effect observed on next boot. --current can be either or both of live and config, depends on the hypervisor's implementation. Both --live and --config flags may be given, but --current is exclusive. If no flag is specified, behavior is different depending on hypervisor.
NODEDEV COMMANDS
The following commands manipulate host devices that are intended to be passed through to guest domains via <hostdev> elements in a domain's <devices> section. A node device key is generally specified by the bus name followed by its address, using underscores between all components, such as pci_0000_00_02_1, usb_1_5_3, or net_eth1_00_27_13_6a_fe_00. The nodedev-list gives the full list of host devices that are known to libvirt, although this includes devices that cannot be assigned to a guest (for example, attempting to detach the PCI device that controls the host's hard disk controller where the guest's disk images live could cause the host system to lock up or reboot).For more information on node device definition see: <http://libvirt.org/formatnode.html>.
Passthrough devices cannot be simultaneously used by the host and its guest domains, nor by multiple active guests at once. If the <hostdev> description includes the attribute managed='yes', and the hypervisor driver supports it, then the device is in managed mode, and attempts to use that passthrough device in an active guest will automatically behave as if nodedev-detach (guest start, device hot-plug) and nodedev-reattach (guest stop, device hot-unplug) were called at the right points (currently, qemu does this for PCI devices, but not USB). If a device is not marked as managed, then it must manually be detached before guests can use it, and manually reattached to be returned to the host. Also, if a device is manually detached, then the host does not regain control of the device without a matching reattach, even if the guests use the device in managed mode.
- nodedev-create FILE
- Create a device on the host node that can then be assigned to virtual machines. Normally, libvirt is able to automatically determine which host nodes are available for use, but this allows registration of host hardware that libvirt did not automatically detect. file contains xml for a top-level <device> description of a node device.
- nodedev-destroy nodedev
- Destroy (stop) a device on the host. Note that this makes libvirt quit managing a host device, and may even make that device unusable by the rest of the physical host until a reboot.
- nodedev-detach nodedev
- Detach nodedev from the host, so that it can safely be used by guests via <hostdev> passthrough. This is reversed with nodedev-reattach, and is done automatically for managed devices. For compatibility purposes, this command can also be spelled nodedev-dettach.
- nodedev-dumpxml nodedev
- Dump a <device> XML representation for the given node device, including such information as the device name, which bus owns the device, the vendor and product id, and any capabilities of the device usable by libvirt (such as whether device reset is supported).
- nodedev-list cap --tree
- List all of the devices available on the node that are known by libvirt. If cap is used, the list is filtered to show only the nodes that include the given capability. If --tree is used, the output is formatted in a tree representing parents of each node.
- nodedev-reattach nodedev
- Declare that nodedev is no longer in use by any guests, and that the host can resume normal use of the device. This is done automatically for devices in managed mode, but must be done explicitly to match any explicit nodedev-detach.
- nodedev-reset nodedev
- Trigger a device reset for nodedev, useful prior to transferring a node device between guest passthrough or the host. Libvirt will often do this action implicitly when required, but this command allows an explicit reset when needed.
VIRTUAL NETWORK COMMANDS
The following commands manipulate networks. Libvirt has the capability to define virtual networks which can then be used by domains and linked to actual network devices. For more detailed information about this feature see the documentation at <http://libvirt.org/formatnetwork.html> . Many of the commands for virtual networks are similar to the ones used for domains, but the way to name a virtual network is either by its name or UUID.- net-autostart network [--disable]
- Configure a virtual network to be automatically started at boot. The --disable option disable autostarting.
- net-create file
- Create a virtual network from an XML file, see the documentation to get a description of the XML network format used by libvirt.
- net-define file
- Define a virtual network from an XML file, the network is just defined but not instantiated.
- net-destroy network
- Destroy (stop) a given virtual network specified by its name or UUID. This takes effect immediately.
- net-dumpxml network [--inactive]
- Output the virtual network information as an XML dump to stdout. If --inactive is specified, then physical functions are not expanded into their associated virtual functions.
- net-edit network
-
Edit the XML configuration file for a network.
This is equivalent to:
virsh net-dumpxml network > network.xml vi network.xml (or make changes with your other text editor) virsh net-define network.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".
- net-info network
- Returns basic information about the network object.
- net-list [--inactive | --all]
- Returns the list of active networks, if --all is specified this will also include defined but inactive networks, if --inactive is specified only the inactive ones will be listed.
- net-name network-UUID
- Convert a network UUID to network name.
- net-start network
- Start a (previously defined) inactive network.
- net-undefine network
- Undefine the configuration for an inactive network.
- net-uuid network-name
- Convert a network name to network UUID.
INTERFACE COMMANDS
The following commands manipulate host interfaces. Often, these host interfaces can then be used by name within domain <interface> elements (such as a system-created bridge interface), but there is no requirement that host interfaces be tied to any particular guest configuration XML at all.Many of the commands for host interfaces are similar to the ones used for domains, and the way to name an interface is either by its name or its MAC address. However, using a MAC address for an iface argument only works when that address is unique (if an interface and a bridge share the same MAC address, which is often the case, then using that MAC address results in an error due to ambiguity, and you must resort to a name instead).
- iface-bridge interface bridge [--no-stp] [delay] [--no-start]
-
Create a bridge device named bridge, and attach the existing
network device interface to the new bridge. The new bridge
defaults to starting immediately, with STP enabled and a delay of 0;
these settings can be altered with --no-stp, --no-start, and an
integer number of seconds for delay. All IP address configuration
of interface will be moved to the new bridge device.
See also iface-unbridge for undoing this operation.
- iface-define file
- Define a host interface from an XML file, the interface is just defined but not started.
- iface-destroy interface
- Destroy (stop) a given host interface, such as by running ``if-down'' to disable that interface from active use. This takes effect immediately.
- iface-dumpxml interface [--inactive]
- Output the host interface information as an XML dump to stdout. If --inactive is specified, then the output reflects the persistent state of the interface that will be used the next time it is started.
- iface-edit interface
-
Edit the XML configuration file for a host interface.
This is equivalent to:
virsh iface-dumpxml iface > iface.xml vi iface.xml (or make changes with your other text editor) virsh iface-define iface.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".
- iface-list [--inactive | --all]
- Returns the list of active host interfaces. If --all is specified this will also include defined but inactive interfaces. If --inactive is specified only the inactive ones will be listed.
- iface-name interface
-
Convert a host interface MAC to interface name, if the MAC address is unique
among the host's interfaces.
interface specifies the interface MAC address.
- iface-mac interface
-
Convert a host interface name to MAC address.
interface specifies the interface name.
- iface-start interface
- Start a (previously defined) host interface, such as by running ``if-up''.
- iface-unbridge bridge [--no-start]
-
Tear down a bridge device named bridge, releasing its underlying
interface back to normal usage, and moving all IP address
configuration from the bridge device to the underlying device. The
underlying interface is restarted unless --no-start is present;
this flag is present for symmetry, but generally not recommended.
See also iface-bridge for creating a bridge.
- iface-undefine interface
- Undefine the configuration for an inactive host interface.
- iface-begin
- Create a snapshot of current host interface settings, which can later be committed (iface-commit) or restored (iface-rollback). If a snapshot already exists, then this command will fail until the previous snapshot has been committed or restored. Undefined behavior results if any external changes are made to host interfaces outside of the libvirt API between the beginning of a snapshot and its eventual commit or rollback.
- iface-commit
- Declare all changes since the last iface-begin as working, and delete the rollback point. If no interface snapshot has already been started, then this command will fail.
- iface-rollback
- Revert all host interface settings back to the state recorded in the last iface-begin. If no interface snapshot has already been started, then this command will fail. Rebooting the host also serves as an implicit rollback point.
STORAGE POOL COMMANDS
The following commands manipulate storage pools. Libvirt has the capability to manage various storage solutions, including files, raw partitions, and domain-specific formats, used to provide the storage volumes visible as devices within virtual machines. For more detailed information about this feature, see the documentation at <http://libvirt.org/formatstorage.html> . Many of the commands for pools are similar to the ones used for domains.- find-storage-pool-sources type [srcSpec]
- Returns XML describing all storage pools of a given type that could be found. If srcSpec is provided, it is a file that contains XML to further restrict the query for pools.
- find-storage-pool-sources-as type [host] [port] [initiator]
- Returns XML describing all storage pools of a given type that could be found. If host, port, or initiator are provided, they control where the query is performed.
- pool-autostart pool-or-uuid [--disable]
- Configure whether pool should automatically start at boot.
- pool-build pool-or-uuid [--overwrite] [--no-overwrite]
-
Build a given pool.
Options --overwrite and --no-overwrite can only be used for pool-build a filesystem pool. If neither of them is specified, pool-build on a filesystem pool only makes the directory; If --no-overwrite is specified, it probes to determine if a filesystem already exists on the target device, returning an error if exists, or using mkfs to format the target device if not; If --overwrite is specified, mkfs is always executed, any existed data on the target device is overwritten unconditionally.
- pool-create file
- Create and start a pool object from the XML file.
- pool-create-as name --print-xml type [source-host] [source-path] [source-dev] [source-name] [<target>] [--source-format format]
- Create and start a pool object name from the raw parameters. If --print-xml is specified, then print the XML of the pool object without creating the pool. Otherwise, the pool has the specified type.
- pool-define file
- Create, but do not start, a pool object from the XML file.
- pool-define-as name --print-xml type [source-host] [source-path] [source-dev] [source-name] [<target>] [--source-format format]
- Create, but do not start, a pool object name from the raw parameters. If --print-xml is specified, then print the XML of the pool object without defining the pool. Otherwise, the pool has the specified type.
- pool-destroy pool-or-uuid
- Destroy (stop) a given pool object. Libvirt will no longer manage the storage described by the pool object, but the raw data contained in the pool is not changed, and can be later recovered with pool-create.
- pool-delete pool-or-uuid
- Destroy the resources used by a given pool object. This operation is non-recoverable. The pool object will still exist after this command, ready for the creation of new storage volumes.
- pool-dumpxml pool-or-uuid
- Returns the XML information about the pool object.
- pool-edit pool-or-uuid
-
Edit the XML configuration file for a storage pool.
This is equivalent to:
virsh pool-dumpxml pool > pool.xml vi pool.xml (or make changes with your other text editor) virsh pool-define pool.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".
- pool-info pool-or-uuid
- Returns basic information about the pool object.
- pool-list [--inactive | --all] [--details]
- List pool objects known to libvirt. By default, only pools in use by active domains are listed; --inactive lists just the inactive pools, and --all lists all pools. The --details option instructs virsh to additionally display pool persistence and capacity related information where available.
- pool-name uuid
- Convert the uuid to a pool name.
- pool-refresh pool-or-uuid
- Refresh the list of volumes contained in pool.
- pool-start pool-or-uuid
- Start the storage pool, which is previously defined but inactive.
- pool-undefine pool-or-uuid
- Undefine the configuration for an inactive pool.
- pool-uuid pool
- Returns the UUID of the named pool.
VOLUME COMMANDS
- vol-create pool-or-uuid FILE
-
Create a volume from an XML <file>.
pool-or-uuid is the name or UUID of the storage pool to create the volume in.
FILE is the XML <file> with the volume definition. An easy way to create the
XML <file> is to use the vol-dumpxml command to obtain the definition of a
pre-existing volume.
Example
virsh vol-dumpxml --pool storagepool1 appvolume1 > newvolume.xml vi newvolume.xml (or make changes with your other text editor) virsh vol-create differentstoragepool newvolume.xml
- vol-create-from pool-or-uuid FILE [--inputpool pool-or-uuid] vol-name-or-key-or-path
- Create a volume, using another volume as input. pool-or-uuid is the name or UUID of the storage pool to create the volume in. FILE is the XML <file> with the volume definition. --inputpool pool-or-uuid is the name or uuid of the storage pool the source volume is in. vol-name-or-key-or-path is the name or key or path of the source volume.
- vol-create-as pool-or-uuid name capacity [--allocation size] [--format string] [--backing-vol vol-name-or-key-or-path] [--backing-vol-format string]
- Create a volume from a set of arguments. pool-or-uuid is the name or UUID of the storage pool to create the volume in. name is the name of the new volume. capacity is the size of the volume to be created, as a scaled integer (see NOTES above), defaulting to bytes if there is no suffix. --allocation size is the initial size to be allocated in the volume, also as a scaled integer defaulting to bytes. --format string is used in file based storage pools to specify the volume file format to use; raw, bochs, qcow, qcow2, vmdk. --backing-vol vol-name-or-key-or-path is the source backing volume to be used if taking a snapshot of an existing volume. --backing-vol-format string is the format of the snapshot backing volume; raw, bochs, qcow, qcow2, vmdk, host_device.
- vol-clone [--pool pool-or-uuid] vol-name-or-key-or-path name
- Clone an existing volume. Less powerful, but easier to type, version of vol-create-from. --pool pool-or-uuid is the name or UUID of the storage pool to create the volume in. vol-name-or-key-or-path is the name or key or path of the source volume. name is the name of the new volume.
- vol-delete [--pool pool-or-uuid] vol-name-or-key-or-path
- Delete a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to delete.
- vol-upload [--pool pool-or-uuid] [--offset bytes] [--length bytes] vol-name-or-key-or-path local-file
- Upload the contents of local-file to a storage volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to wipe. --offset is the position in the storage volume at which to start writing the data. --length is an upper bound of the amount of data to be uploaded. An error will occurr if the local-file is greater than the specified length.
- vol-download [--pool pool-or-uuid] [--offset bytes] [--length bytes] vol-name-or-key-or-path local-file
- Download the contents of local-file from a storage volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to wipe. --offset is the position in the storage volume at which to start reading the data. --length is an upper bound of the amount of data to be downloaded.
- vol-wipe [--pool pool-or-uuid] [--algorithm algorithm] vol-name-or-key-or-path
-
Wipe a volume, ensure data previously on the volume is not accessible to
future reads. --pool pool-or-uuid is the name or UUID of the storage
pool the volume is in.
vol-name-or-key-or-path is the name or key or path of the volume to wipe.
It is possible to choose different wiping algorithms instead of re-writing
volume with zeroes. This can be done via --algorithm switch.
Supported algorithms
zero - 1-pass all zeroes
nnsa - 4-pass NNSA Policy Letter NAP-14.1-C (XVI-8) for
sanitizing removable and non-removable hard disks:
random x2, 0x00, verify.
dod - 4-pass DoD 5220.22-M section 8-306 procedure for
sanitizing removeable and non-removeable rigid
disks: random, 0x00, 0xff, verify.
bsi - 9-pass method recommended by the German Center of
Security in Information Technologies
(http://www.bsi.bund.de): 0xff, 0xfe, 0xfd, 0xfb,
0xf7, 0xef, 0xdf, 0xbf, 0x7f.
gutmann - The canonical 35-pass sequence described in
Gutmann's paper.
schneier - 7-pass method described by Bruce Schneier in
``Applied Cryptography'' (1996): 0x00, 0xff,
random x5.
pfitzner7 - Roy Pfitzner's 7-random-pass method: random x7.
pfitzner33 - Roy Pfitzner's 33-random-pass method: random x33.
random - 1-pass pattern: random.Note: The availability of algorithms may be limited by the version of the "scrub" binary installed on the host.
- vol-dumpxml [--pool pool-or-uuid] vol-name-or-key-or-path
- Output the volume information as an XML dump to stdout. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to output the XML of.
- vol-info [--pool pool-or-uuid] vol-name-or-key-or-path
- Returns basic information about the given storage volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to return information for.
- vol-list [--pool pool-or-uuid] [--details]
- Return the list of volumes in the given storage pool. --pool pool-or-uuid is the name or UUID of the storage pool. The --details option instructs virsh to additionally display volume type and capacity related information where available.
- vol-pool [--uuid] vol-key-or-path
- Return the pool name or UUID for a given volume. By default, the pool name is returned. If the --uuid option is given, the pool UUID is returned instead. vol-key-or-path is the key or path of the volume to return the pool information for.
- vol-path [--pool pool-or-uuid] vol-name-or-key
- Return the path for a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key is the name or key of the volume to return the path for.
- vol-name vol-key-or-path
- Return the name for a given volume. vol-key-or-path is the key or path of the volume to return the name for.
- vol-key [--pool pool-or-uuid] vol-name-or-path
- Return the volume key for a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-path is the name or path of the volume to return the volume key for.
- vol-resize [--pool pool-or-uuid] vol-name-or-path pool-or-uuid capacity [--allocate] [--delta] [--shrink]
- Resize the capacity of the given volume, in bytes. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to resize. The new capacity might be sparse unless --allocate is specified. Normally, capacity is the new size, but if --delta is present, then it is added to the existing size. Attempts to shrink the volume will fail unless --shrink is present; capacity cannot be negative unless --shrink is provided, but a negative sign is not necessary. capacity is a scaled integer (see NOTES above), which defaults to bytes if there is no suffix. This command is only safe for storage volumes not in use by an active guest; see also blockresize for live resizing.
SECRET COMMMANDS
The following commands manipulate ``secrets'' (e.g. passwords, passphrases and encryption keys). Libvirt can store secrets independently from their use, and other objects (e.g. volumes or domains) can refer to the secrets for encryption or possibly other uses. Secrets are identified using an UUID. See <http://libvirt.org/formatsecret.html> for documentation of the XML format used to represent properties of secrets.- secret-define file
- Create a secret with the properties specified in file, with no associated secret value. If file does not specify a UUID, choose one automatically. If file specifies an UUID of an existing secret, replace its properties by properties defined in file, without affecting the secret value.
- secret-dumpxml secret
- Output properties of secret (specified by its UUID) as an XML dump to stdout.
- secret-set-value secret base64
- Set the value associated with secret (specified by its UUID) to the value Base64-encoded value base64.
- secret-get-value secret
- Output the value associated with secret (specified by its UUID) to stdout, encoded using Base64.
- secret-undefine secret
- Delete a secret (specified by its UUID), including the associated value, if any.
- secret-list
- Output a list of UUIDs of known secrets to stdout.
SNAPSHOT COMMMANDS
The following commands manipulate domain snapshots. Snapshots take the disk, memory, and device state of a domain at a point-of-time, and save it for future use. They have many uses, from saving a ``clean'' copy of an OS image to saving a domain's state before a potentially destructive operation. Snapshots are identified with a unique name. See <http://libvirt.org/formatsnapshot.html> for documentation of the XML format used to represent properties of snapshots.- snapshot-create domain [xmlfile] {[--redefine [--current]] | [--no-metadata] [--halt] [--disk-only] [--reuse-external] [--quiesce] [--atomic]}
-
Create a snapshot for domain domain with the properties specified in
xmlfile. Normally, the only properties settable for a domain snapshot
are the <name> and <description> elements, as well as <disks> if
--disk-only is given; the rest of the fields are
ignored, and automatically filled in by libvirt. If xmlfile is
completely omitted, then libvirt will choose a value for all fields.
The new snapshot will become current, as listed by snapshot-current.
If --halt is specified, the domain will be left in an inactive state after the snapshot is created.
If --disk-only is specified, the snapshot will only include disk state rather than the usual system checkpoint with vm state. Disk snapshots are faster than full system checkpoints, but reverting to a disk snapshot may require fsck or journal replays, since it is like the disk state at the point when the power cord is abruptly pulled; and mixing --halt and --disk-only loses any data that was not flushed to disk at the time.
If --redefine is specified, then all XML elements produced by snapshot-dumpxml are valid; this can be used to migrate snapshot hierarchy from one machine to another, to recreate hierarchy for the case of a transient domain that goes away and is later recreated with the same name and UUID, or to make slight alterations in the snapshot metadata (such as host-specific aspects of the domain XML embedded in the snapshot). When this flag is supplied, the xmlfile argument is mandatory, and the domain's current snapshot will not be altered unless the --current flag is also given.
If --no-metadata is specified, then the snapshot data is created, but any metadata is immediately discarded (that is, libvirt does not treat the snapshot as current, and cannot revert to the snapshot unless --redefine is later used to teach libvirt about the metadata again).
If --reuse-external is specified, and the snapshot XML requests an external snapshot with a destination of an existing file, then the existing file is truncated and reused; otherwise, a snapshot is refused to avoid losing contents of the existing files.
If --quiesce is specified, libvirt will try to use guest agent to freeze and unfreeze domain's mounted file systems. However, if domain has no guest agent, snapshot creation will fail. Currently, this requires --disk-only to be passed as well.
If --atomic is specified, libvirt will guarantee that the snapshot either succeeds, or fails with no changes; not all hypervisors support this. If this flag is not specified, then some hypervisors may fail after partially performing the action, and dumpxml must be used to see whether any partial changes occurred.
Existence of snapshot metadata will prevent attempts to undefine a persistent domain. However, for transient domains, snapshot metadata is silently lost when the domain quits running (whether by command such as destroy or by internal guest action).
- snapshot-create-as domain {[--print-xml] | [--no-metadata] [--halt] [--reuse-existing]} [name] [description] [--disk-only [--quiesce] [--atomic] [[--diskspec] diskspec]...]
-
Create a snapshot for domain domain with the given <name> and
<description>; if either value is omitted, libvirt will choose a
value. If --print-xml is specified, then XML appropriate for
snapshot-create is output, rather than actually creating a snapshot.
Otherwise, if --halt is specified, the domain will be left in an
inactive state after the snapshot is created, and if --disk-only
is specified, the snapshot will not include vm state.
The --disk-only flag is used to request a disk-only snapshot. When this flag is in use, the command can also take additional diskspec arguments to add <disk> elements to the xml. Each <diskspec> is in the form disk[,snapshot=type][,driver=type][,file=name]. To include a literal comma in disk or in file=name, escape it with a second comma. A literal --diskspec must preceed each diskspec unless all three of domain, name, and description are also present. For example, a diskspec of ``vda,snapshot=external,file=/path/to,,new'' results in the following XML:
<disk name='vda' snapshot='external'>
<source file='/path/to,new'/>
</disk>If --reuse-external is specified, and the domain XML or diskspec option requests an external snapshot with a destination of an existing file, then the existing file is truncated and reused; otherwise, a snapshot is refused to avoid losing contents of the existing files.
If --quiesce is specified, libvirt will try to use guest agent to freeze and unfreeze domain's mounted file systems. However, if domain has no guest agent, snapshot creation will fail. Currently, this requires --disk-only to be passed as well.
If --no-metadata is specified, then the snapshot data is created, but any metadata is immediately discarded (that is, libvirt does not treat the snapshot as current, and cannot revert to the snapshot unless snapshot-create is later used to teach libvirt about the metadata again). This flag is incompatible with --print-xml.
If --atomic is specified, libvirt will guarantee that the snapshot either succeeds, or fails with no changes; not all hypervisors support this. If this flag is not specified, then some hypervisors may fail after partially performing the action, and dumpxml must be used to see whether any partial changes occurred.
- snapshot-current domain {[--name] | [--security-info] | [snapshotname]}
-
Without snapshotname, this will output the snapshot XML for the domain's
current snapshot (if any). If --name is specified, just the
current snapshot name instead of the full xml. Otherwise, using
--security-info will also include security sensitive information in
the XML.
With snapshotname, this is a request to make the existing named snapshot become the current snapshot, without reverting the domain.
- snapshot-edit domain [snapshotname] [--current] {[--rename] | [--clone]}
-
Edit the XML configuration file for snapshotname of a domain. If
both snapshotname and --current are specified, also force the
edited snapshot to become the current snapshot. If snapshotname
is omitted, then --current must be supplied, to edit the current
snapshot.
This is equivalent to:
virsh snapshot-dumpxml dom name > snapshot.xml vi snapshot.xml (or make changes with your other text editor) virsh snapshot-create dom snapshot.xml --redefine [--current]
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".
If --rename is specified, then the edits can change the snapshot name. If --clone is specified, then changing the snapshot name will create a clone of the snapshot metadata. If neither is specified, then the edits must not change the snapshot name. Note that changing a snapshot name must be done with care, since the contents of some snapshots, such as internal snapshots within a single qcow2 file, are accessible only from the original name.
- snapshot-list domain [{--parent | --roots | --tree}] [{[--from] snapshot | --current} [--descendants]] [--metadata] [--leaves]
-
List all of the available snapshots for the given domain, defaulting
to show columns for the snapshot name, creation time, and domain state.
If --parent is specified, add a column to the output table giving the name of the parent of each snapshot. If --roots is specified, the list will be filtered to just snapshots that have no parents. If --tree is specified, the output will be in a tree format, listing just snapshot names. These three options are mutually exclusive.
If --from is provided, filter the list to snapshots which are children of the given snapshot; or if --current is provided, start at the current snapshot. When used in isolation or with --parent, the list is limited to direct children unless --descendants is also present. When used with --tree, the use of --descendants is implied. This option is not compatible with --roots.
If --leaves is specified, the list will be filtered to just snapshots that have no children. This option is not compatible with --tree.
If --metadata is specified, the list will be filtered to just snapshots that involve libvirt metadata, and thus would prevent undefine of a persistent domain, or be lost on destroy of a transient domain.
- snapshot-dumpxml domain snapshot [--security-info]
- Output the snapshot XML for the domain's snapshot named snapshot. Using --security-info will also include security sensitive information. Use snapshot-current to easily access the XML of the current snapshot.
- snapshot-parent domain {snapshot | --current}
- Output the name of the parent snapshot, if any, for the given snapshot, or for the current snapshot with --current.
- snapshot-revert domain {snapshot | --current} [{--running | --paused}] [--force]
-
Revert the given domain to the snapshot specified by snapshot, or to
the current snapshot with --current. Be aware
that this is a destructive action; any changes in the domain since the last
snapshot was taken will be lost. Also note that the state of the domain after
snapshot-revert is complete will be the state of the domain at the time
the original snapshot was taken.
Normally, reverting to a snapshot leaves the domain in the state it was at the time the snapshot was created, except that a disk snapshot with no vm state leaves the domain in an inactive state. Passing either the --running or --paused flag will perform additional state changes (such as booting an inactive domain, or pausing a running domain). Since transient domains cannot be inactive, it is required to use one of these flags when reverting to a disk snapshot of a transient domain.
There are two cases where a snapshot revert involves extra risk, which requires the use of --force to proceed. One is the case of a snapshot that lacks full domain information for reverting configuration (such as snapshots created prior to libvirt 0.9.5); since libvirt cannot prove that the current configuration matches what was in use at the time of the snapshot, supplying --force assures libvirt that the snapshot is compatible with the current configuration (and if it is not, the domain will likely fail to run). The other is the case of reverting from a running domain to an active state where a new hypervisor has to be created rather than reusing the existing hypervisor, because it implies drawbacks such as breaking any existing VNC or Spice connections; this condition happens with an active snapshot that uses a provably incompatible configuration, as well as with an inactive snapshot that is combined with the --start or --pause flag.
- snapshot-delete domain {snapshot | --current} [--metadata] [{--children | --children-only}]
-
Delete the snapshot for the domain named snapshot, or the current
snapshot with --current. If this snapshot
has child snapshots, changes from this snapshot will be merged into the
children. If --children is passed, then delete this snapshot and any
children of this snapshot. If --children-only is passed, then delete
any children of this snapshot, but leave this snapshot intact. These
two flags are mutually exclusive.
If --metadata is specified, then only delete the snapshot metadata maintained by libvirt, while leaving the snapshot contents intact for access by external tools; otherwise deleting a snapshot also removes the data contents from that point in time.
NWFILTER COMMMANDS
The following commands manipulate network filters. Network filters allow filtering of the network traffic coming from and going to virtual machines. Individual network traffic filters are written in XML and may contain references to other network filters, describe traffic filtering rules, or contain both. Network filters are referenced by virtual machines from within their interface description. A network filter may be referenced by multiple virtual machines' interfaces.- nwfilter-define xmlfile
- Make a new network filter known to libvirt. If a network filter with the same name already exists, it will be replaced with the new XML. Any running virtual machine referencing this network filter will have its network traffic rules adapted. If for any reason the network traffic filtering rules cannot be instantiated by any of the running virtual machines, then the new XML will be rejected.
- nwfilter-undefine nwfilter-name
- Delete a network filter. The deletion will fail if any running virtual machine is currently using this network filter.
- nwfilter-list
- List all of the available network filters.
- nwfilter-dumpxml nwfilter-name
- Output the network filter XML.
- nwfilter-edit nwfilter-name
-
Edit the XML of a network filter.
This is equivalent to:
virsh nwfilter-dumpxml myfilter > myfilter.xml vi myfilter.xml (or make changes with your other text editor) virsh nwfilter-define myfilter.xml
except that it does some error checking. The new network filter may be rejected due to the same reason as mentioned in nwfilter-define.
The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".
QEMU-SPECIFIC COMMANDS
NOTE: Use of the following commands is strongly discouraged. They can cause libvirt to become confused and do the wrong thing on subsequent operations. Once you have used this command, please do not report problems to the libvirt developers; the reports will be ignored.- qemu-attach pid
-
Attach an externally launched QEMU process to the libvirt QEMU driver.
The QEMU process must have been created with a monitor connection
using the UNIX driver. Ideally the process will also have had the
'-name' argument specified.
-
$ qemu-kvm -cdrom ~/demo.iso \ -monitor unix:/tmp/demo,server,nowait \ -name foo \ -uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea & $ QEMUPID=$! $ virsh qemu-attach $QEMUPID
-
Not all functions of libvirt are expected to work reliably after attaching to an externally launched QEMU process. There may be issues with the guest ABI changing upon migration, and hotunplug may not work.
-
- qemu-monitor-command domain [--hmp] command...
- Send an arbitrary monitor command command to domain domain through the qemu monitor. The results of the command will be printed on stdout. If --hmp is passed, the command is considered to be a human monitor command and libvirt will automatically convert it into QMP if needed. In that case the result will also be converted back from QMP. If more than one argument is provided for command, they are concatenated with a space in between before passing the single command to the monitor.
ENVIRONMENT
The following environment variables can be set to alter the behaviour of "virsh"- VIRSH_DEBUG=<0 to 4>
- Turn on verbose debugging of virsh commands. Valid levels are
- * VIRSH_DEBUG=0
- DEBUG - Messages at ALL levels get logged
- * VIRSH_DEBUG=1
- INFO - Logs messages at levels INFO, NOTICE, WARNING and ERROR
- * VIRSH_DEBUG=2
- NOTICE - Logs messages at levels NOTICE, WARNING and ERROR
- * VIRSH_DEBUG=3
- WARNING - Logs messages at levels WARNING and ERROR
- * VIRSH_DEBUG=4
- ERROR - Messages at only ERROR level gets logged.
- VIRSH_LOG_FILE=LOGFILE
- The file to log virsh debug messages.
- VIRSH_DEFAULT_CONNECT_URI
- The hypervisor to connect to by default. Set this to a URI, in the same format as accepted by the connect option.
- VISUAL
- The editor to use by the edit and related options.
- EDITOR
- The editor to use by the edit and related options, if "VISUAL" is not set.
- LIBVIRT_DEBUG=LEVEL
-
Turn on verbose debugging of all libvirt API calls. Valid levels are
-
- *
-
LIBVIRT_DEBUG=1
Messages at level DEBUG or above
- *
-
LIBVIRT_DEBUG=2
Messages at level INFO or above
- *
-
LIBVIRT_DEBUG=3
Messages at level WARNING or above
- *
-
LIBVIRT_DEBUG=4
Messages at level ERROR or above
-
For further information about debugging options consult "http://libvirt.org/logging.html"
-
BUGS
Report any bugs discovered to the libvirt community via the mailing list "http://libvirt.org/contact.html" or bug tracker "http://libvirt.org/bugs.html". Alternatively report bugs to your software distributor / vendor.AUTHORS
Please refer to the AUTHORS file distributed with libvirt. Based on the xm man page by: Sean Dague <sean at dague dot net> Daniel Stekloff <dsteklof at us dot ibm dot com>
COPYRIGHT
Copyright (C) 2005, 2007-2010 Red Hat, Inc., and the authors listed in the libvirt AUTHORS file.LICENSE
virsh is distributed under the terms of the GNU LGPL v2+. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSESEE ALSO
virt-install(1), virt-xml-validate(1), virt-top(1), virt-df(1), <http://www.libvirt.org/>POD ERRORS
Hey! The above document had some coding errors, which are explained below:Index
- NAME
- SYNOPSIS
- DESCRIPTION
- NOTES
- GENERIC COMMANDS
- DOMAIN COMMANDS
- DEVICE COMMANDS
- NODEDEV COMMANDS
- VIRTUAL NETWORK COMMANDS
- INTERFACE COMMANDS
- STORAGE POOL COMMANDS
- VOLUME COMMANDS
- SECRET COMMMANDS
- SNAPSHOT COMMMANDS
- NWFILTER COMMMANDS
- QEMU-SPECIFIC COMMANDS
- ENVIRONMENT
- BUGS
- AUTHORS
- COPYRIGHT
- LICENSE
- SEE ALSO
- POD ERRORS
This document was created by man2html, using the manual pages.
Time: 05:29:12 GMT, December 24, 2015