VIRSH(1) Virtualization Support VIRSH(1)NAMEvirsh - management user interface
SYNOPSISvirsh [OPTION]... [COMMAND_STRING]
virsh [OPTION]... COMMAND [ARG]...
DESCRIPTION
The virsh program is the main interface for managing virsh guest
domains. The program can be used to create, pause, and shutdown
domains. It can also be used to list current domains. Libvirt is a C
toolkit to interact with the virtualization capabilities of recent
versions of Linux (and other OSes). It is free software available under
the GNU Lesser General Public License. Virtualization of the Linux
Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the
basic resources are driven by a Linux instance. The library aims at
providing a long term stable C API. It currently supports Xen, QEmu,
KVM, LXC, OpenVZ, VirtualBox and VMware ESX.
The basic structure of most virsh usage is:
virsh [OPTION]... <command> <domain> [ARG]...
Where command is one of the commands listed below; domain is the
numeric domain id, or the domain name, or the domain UUID; and ARGS are
command specific options. There are a few exceptions to this rule in
the cases where the command in question acts on all domains, the entire
machine, or directly on the xen hypervisor. Those exceptions will be
clear for each of those commands. Note: it is permissible to give
numeric names to domains, however, doing so will result in a domain
that can only be identified by domain id. In other words, if a numeric
value is supplied it will be interpreted as a domain id, not as a name.
The virsh program can be used either to run one COMMAND by giving the
command and its arguments on the shell command line, or a
COMMAND_STRING which is a single shell argument consisting of multiple
COMMAND actions and their arguments joined with whitespace, and
separated by semicolons between commands. Within COMMAND_STRING, virsh
understands the same single, double, and backslash escapes as the
shell, although you must add another layer of shell escaping in
creating the single shell argument. If no command is given in the
command line, virsh will then start a minimal interpreter waiting for
your commands, and the quit command will then exit the program.
The virsh program understands the following OPTIONS.
-h, --help
Ignore all other arguments, and behave as if the help command were
given instead.
-v, --version[=short]
Ignore all other arguments, and prints the version of the libvirt
library virsh is coming from
-V, --version=long
Ignore all other arguments, and prints the version of the libvirt
library virsh is coming from and which options and driver are
compiled in.
-c, --connect URI
Connect to the specified URI, as if by the connect command, instead
of the default connection.
-d, --debug LEVEL
Enable debug messages at integer LEVEL and above. LEVEL can range
from 0 to 4 (default). See the documentation of VIRSH_DEBUG
environment variable below for the description of each LEVEL.
-l, --log FILE
Output logging details to FILE.
-q, --quiet
Avoid extra informational messages.
-r, --readonly
Make the initial connection read-only, as if by the --readonly
option of the connect command.
-t, --timing
Output elapsed time information for each command.
-e, --escape string
Set alternative escape sequence for console command. By default,
telnet's ^] is used. Allowed characters when using hat notation
are: alphabetic character, @, [, ], \, ^, _.
NOTES
Most virsh operations rely upon the libvirt library being able to
connect to an already running libvirtd service. This can usually be
done using the command service libvirtd start.
Most virsh commands require root privileges to run due to the
communications channels used to talk to the hypervisor. Running as non
root will return an error.
Most virsh commands act synchronously, except maybe shutdown, setvcpus
and setmem. In those cases the fact that the virsh program returned,
may not mean the action is complete and you must poll periodically to
detect that the guest completed the operation.
virsh strives for backward compatibility. Although the help command
only lists the preferred usage of a command, if an older version of
virsh supported an alternate spelling of a command or option (such as
--tunnelled instead of --tunneled), then scripts using that older
spelling will continue to work.
Several virsh commands take an optionally scaled integer; if no scale
is provided, then the default is listed in the command (for historical
reasons, some commands default to bytes, while other commands default
to kibibytes). The following case-insensitive suffixes can be used to
select a specific scale:
b, byte byte 1
KB kilobyte 1,000
k, KiB kibibyte 1,024
MB megabyte 1,000,000
M, MiB mebibyte 1,048,576
GB gigabyte 1,000,000,000
G, GiB gibibyte 1,073,741,824
TB terabyte 1,000,000,000,000
T, TiB tebibyte 1,099,511,627,776
PB petabyte 1,000,000,000,000,000
P, PiB pebibyte 1,125,899,906,842,624
EB exabyte 1,000,000,000,000,000,000
E, EiB exbibyte 1,152,921,504,606,846,976
GENERIC COMMANDS
The following commands are generic i.e. not specific to a domain.
help [command-or-group]
This lists each of the virsh commands. When used without options,
all commands are listed, one per line, grouped into related
categories, displaying the keyword for each group.
To display only commands for a specific group, give the keyword for
that group as an option. For example:
virsh # help host
Host and Hypervisor (help keyword 'host'):
capabilities capabilities
connect (re)connect to hypervisor
freecell NUMA free memory
hostname print the hypervisor hostname
qemu-attach Attach to existing QEMU process
qemu-monitor-command QEMU Monitor Command
qemu-agent-command QEMU Guest Agent Command
sysinfo print the hypervisor sysinfo
uri print the hypervisor canonical URI
To display detailed information for a specific command, give its
name as the option instead. For example:
virsh # help list
NAME
list - list domains
SYNOPSIS
list [--inactive] [--all]
DESCRIPTION
Returns list of domains.
OPTIONS
--inactive list inactive domains
--all list inactive & active domains
quit, exit
quit this interactive terminal
version
Will print out the major version info about what this built from.
Example
virsh version
Compiled against library: libvir 0.0.6
Using library: libvir 0.0.6
Using API: Xen 3.0.0
Running hypervisor: Xen 3.0.0
cd [directory]
Will change current directory to directory. The default directory
for the cd command is the home directory or, if there is no HOME
variable in the environment, the root directory.
This command is only available in interactive mode.
pwd Will print the current directory.
connect URI [--readonly]
(Re)-Connect to the hypervisor. When the shell is first started,
this is automatically run with the URI parameter requested by the
"-c" option on the command line. The URI parameter specifies how to
connect to the hypervisor. The documentation page at
<http://libvirt.org/uri.html> list the values supported, but the
most common are:
xen:///
this is used to connect to the local Xen hypervisor, this is
the default
qemu:///system
connect locally as root to the daemon supervising QEmu and KVM
domains
qemu:///session
connect locally as a normal user to his own set of QEmu and KVM
domains
lxc:///
connect to a local linux container
For remote access see the documentation page at
<http://libvirt.org/uri.html> on how to make URIs. The --readonly
option allows for read-only connection
uri Prints the hypervisor canonical URI, can be useful in shell mode.
hostname
Print the hypervisor hostname.
sysinfo
Print the XML representation of the hypervisor sysinfo, if
available.
nodeinfo
Returns basic information about the node, like number and type of
CPU, and size of the physical memory. The output corresponds to
virNodeInfo structure. Specifically, the "CPU socket(s)" field
means number of CPU sockets per NUMA cell.
nodecpumap
Displays the node's total number of CPUs, the number of online CPUs
and the list of online CPUs.
nodecpustats [cpu] [--percent]
Returns cpu stats of the node. If cpu is specified, this will
prints specified cpu statistics only. If --percent is specified,
this will prints percentage of each kind of cpu statistics during 1
second.
nodememstats [cell]
Returns memory stats of the node. If cell is specified, this will
prints specified cell statistics only.
nodesuspend [target] [duration]
Puts the node (host machine) into a system-wide sleep state such as
Suspend-to-RAM, Suspend-to-Disk or Hybrid-Suspend and sets up a
Real-Time-Clock interrupt to fire (to wake up the node) after a
time delay specified by the 'duration' parameter. The duration time
should be at least 60 seconds.
node-memory-tune [shm-pages-to-scan] [shm-sleep-millisecs]
Allows you to display or set the node memory parameters. shm-
pages-to-scan can be used to set the number of pages to scan before
the shared memory service goes to sleep; shm-sleep-millisecs can be
used to set the number of millisecs the shared memory service
should sleep before next scan; shm-merge-across-nodes specifies if
pages from different numa nodes can be merged. When set to 0, only
pages which physically reside in the memory area of same NUMA node
can be merged. When set to 1, pages from all nodes can be merged.
Default to 1.
capabilities
Print an XML document describing the capabilities of the hypervisor
we are currently connected to. This includes a section on the host
capabilities in terms of CPU and features, and a set of description
for each kind of guest which can be virtualized. For a more
complete description see:
<http://libvirt.org/formatcaps.html> The XML also show the NUMA
topology information if available.
inject-nmi domain
Inject NMI to the guest.
list [--inactive | --all] [--managed-save] [--title] { [--table] |
--name | --uuid } [--persistent] [--transient] [--with-managed-save]
[--without-managed-save] [--autostart] [--no-autostart]
[--with-snapshot] [--without-snapshot] [--state-running]
[--state-paused] [--state-shutoff] [--state-other]
Prints information about existing domains. If no options are
specified it prints out information about running domains.
An example format for the list is as follows:
virsh list
Id Name State
----------------------------------------------------
0 Domain-0 running
2 fedora paused
Name is the name of the domain. ID the domain numeric id. State
is the run state (see below).
STATES
The State field lists 8 states for a domain, and which ones the
current domain is in.
running
The domain is currently running on a CPU
idle
The domain is idle, and not running or runnable. This can be
caused because the domain is waiting on IO (a traditional wait
state) or has gone to sleep because there was nothing else for
it to do.
paused
The domain has been paused, usually occurring through the
administrator running virsh suspend. When in a paused state
the domain will still consume allocated resources like memory,
but will not be eligible for scheduling by the hypervisor.
shutdown
The domain is in the process of shutting down, i.e. the guest
operating system has been notified and should be in the process
of stopping its operations gracefully.
shut off
The domain is not running. Usually this indicates the domain
has been shut down completely, or has not been started.
crashed
The domain has crashed, which is always a violent ending.
Usually this state can only occur if the domain has been
configured not to restart on crash.
dying
The domain is in process of dying, but hasn't completely
shutdown or crashed.
pmsuspended
The domain has been suspended by guest power management, e.g.
entered into s3 state.
Normally only active domains are listed. To list inactive domains
specify --inactive or --all to list both active and inactive
domains.
To further filter the list of domains you may specify one or more
of filtering flags supported by the list command. These flags are
grouped by function. Specifying one or more flags from a group
enables the filter group. Note that some combinations of flags may
yield no results. Supported filtering flags and groups:
Persistence
Flag --persistent is used to include persistent domains in the
returned list. To include transient domains specify
--transient.
Existence of managed save image
To list domains having a managed save image specify flag
--with-managed-save. For domains that don't have a managed save
image specify --without-managed-save.
Domain state
The following filter flags select a domain by its state:
--state-running for running domains, --state-paused for paused
domains, --state-shutoff for turned off domains and
--state-other for all other states as a fallback.
Autostarting domains
To list autostarting domains use the flag --autostart. To list
domains with this feature disabled use --no-autostart.
Snapshot existence
Domains that have snapshot images can be listed using flag
--with-snapshot, domains without a snapshot --without-snapshot.
When talking to older servers, this command is forced to use a
series of API calls with an inherent race, where a domain might not
be listed or might appear more than once if it changed state
between calls while the list was being collected. Newer servers do
not have this problem.
If --managed-save is specified, then domains that have managed save
state (only possible if they are in the shut off state, so you need
to specify --inactive or --all to actually list them) will instead
show as saved in the listing. This flag is usable only with the
default --table output. Note that this flag does not filter the
list of domains.
If --name is specified, domain names are printed instead of the
table formatted one per line. If --uuid is specified domain's
UUID's are printed instead of names. Flag --table specifies that
the legacy table-formatted output should be used. This is the
default. All of these are mutually exclusive.
If --title is specified, then the short domain description (title)
is printed in an extra column. This flag is usable only with the
default --table output.
Example:
virsh list --title
Id Name State Title
--------------------------------------------------------------------------
0 Domain-0 running Mailserver 1
2 fedora paused
freecell [{ [--cellno] cellno | --all }]
Prints the available amount of memory on the machine or within a
NUMA cell. The freecell command can provide one of three different
displays of available memory on the machine depending on the
options specified. With no options, it displays the total free
memory on the machine. With the --all option, it displays the free
memory in each cell and the total free memory on the machine.
Finally, with a numeric argument or with --cellno plus a cell
number it will display the free memory for the specified cell only.
cpu-baseline FILE
Compute baseline CPU which will be supported by all host CPUs given
in <file>. The list of host CPUs is built by extracting all <cpu>
elements from the <file>. Thus, the <file> can contain either a set
of <cpu> elements separated by new lines or even a set of complete
<capabilities> elements printed by capabilities command.
cpu-compare FILE
Compare CPU definition from XML <file> with host CPU. The XML
<file> may contain either host or guest CPU definition. The host
CPU definition is the <cpu> element and its contents as printed by
capabilities command. The guest CPU definition is the <cpu> element
and its contents from domain XML definition. For more information
on guest CPU definition see:
<http://libvirt.org/formatdomain.html#elementsCPU>
echo [--shell] [--xml] [arg...]
Echo back each arg, separated by space. If --shell is specified,
then the output will be single-quoted where needed, so that it is
suitable for reuse in a shell context. If --xml is specified, then
the output will be escaped for use in XML.
DOMAIN COMMANDS
The following commands manipulate domains directly, as stated
previously most commands take domain as the first parameter. The domain
can be specified as a short integer, a name or a full UUID.
autostart [--disable] domain
Configure a domain to be automatically started at boot.
The option --disable disables autostarting.
console domain [devname] [--safe] [--force]
Connect the virtual serial console for the guest. The optional
devname parameter refers to the device alias of an alternate
console, serial or parallel device configured for the guest. If
omitted, the primary console will be opened.
If the flag --safe is specified, the connection is only attempted
if the driver supports safe console handling. This flag specifies
that the server has to ensure exclusive access to console devices.
Optionally the --force flag may be specified, requesting to
disconnect any existing sessions, such as in a case of a broken
connection.
create FILE [--console] [--paused] [--autodestroy] [--pass-fds N,M,...]
Create a domain from an XML <file>. An easy way to create the XML
<file> is to use the dumpxml command to obtain the definition of a
pre-existing guest. The domain will be paused if the --paused
option is used and supported by the driver; otherwise it will be
running. If --console is requested, attach to the console after
creation. If --autodestroy is requested, then the guest will be
automatically destroyed when virsh closes its connection to
libvirt, or otherwise exits.
If --pass-fds is specified, the argument is a comma separated list
of open file descriptors which should be pass on into the guest.
The file descriptors will be re-numered in the guest, starting from
3. This is only supported with container based virtualization.
Example
virsh dumpxml <domain> > domain.xml
vi domain.xml (or make changes with your other text editor)
virsh create domain.xml
define FILE
Define a domain from an XML <file>. The domain definition is
registered but not started. If domain is already running, the
changes will take effect on the next boot.
desc domain [[--live] [--config] | [--current]] [--title] [--edit]
[--new-desc New description or title message]
Show or modify description and title of a domain. These values are
user fields that allow to store arbitrary textual data to allow
easy identification of domains. Title should be short, although
it's not enforced.
Flags --live or --config select whether this command works on live
or persistent definitions of the domain. If both --live and
--config are specified, the --config option takes precedence on
getting the current description and both live configuration and
config are updated while setting the description. --current is
exclusive and implied if none of these was specified.
Flag --edit specifies that an editor with the contents of current
description or title should be opened and the contents saved back
afterwards.
Flag --title selects operation on the title field instead of
description.
If neither of --edit and --new-desc are specified the note or
description is displayed instead of being modified.
destroy domain [--graceful]
Immediately terminate the domain domain. This doesn't give the
domain OS any chance to react, and it's the equivalent of ripping
the power cord out on a physical machine. In most cases you will
want to use the shutdown command instead. However, this does not
delete any storage volumes used by the guest, and if the domain is
persistent, it can be restarted later.
If domain is transient, then the metadata of any snapshots will be
lost once the guest stops running, but the snapshot contents still
exist, and a new domain with the same name and UUID can restore the
snapshot metadata with snapshot-create.
If --graceful is specified, don't resort to extreme measures (e.g.
SIGKILL) when the guest doesn't stop after a reasonable timeout;
return an error instead.
domblkstat domain block-device [--human]
Get device block stats for a running domain. A block-device
corresponds to a unique target name (<target dev='name'/>) or
source file (<source file='name'/>) for one of the disk devices
attached to domain (see also domblklist for listing these names).
Use --human for a more human readable output.
Availability of these fields depends on hypervisor. Unsupported
fields are missing from the output. Other fields may appear if
communicating with a newer version of libvirtd.
Explanation of fields (fields appear in the following order):
rd_req - count of read operations
rd_bytes - count of read bytes
wr_req - count of write operations
wr_bytes - count of written bytes
errs - error count
flush_operations - count of flush operations
rd_total_times - total time read operations took (ns)
wr_total_times - total time write operations took (ns)
flush_total_times - total time flush operations took (ns)
<-- other fields provided by hypervisor -->
domifstat domain interface-device
Get network interface stats for a running domain.
domif-setlink domain interface-device state [--config]
Modify link state of the domain's virtual interface. Possible
values for state are "up" and "down. If --config is specified, only
the persistent configuration of the domain is modified, for
compatibility purposes, --persistent is alias of --config.
interface-device can be the interface's target name or the MAC
address.
domif-getlink domain interface-device [--config]
Query link state of the domain's virtual interface. If --config is
specified, query the persistent configuration, for compatibility
purposes, --persistent is alias of --config.
interface-device can be the interface's target name or the MAC
address.
domiftune domain interface-device [[--config] [--live] | [--current]]
[--inbound average,peak,burst] [--outbound average,peak,burst]
Set or query the domain's network interface's bandwidth parameters.
interface-device can be the interface's target name (<target
dev='name'/>), or the MAC address.
If no --inbound or --outbound is specified, this command will query
and show the bandwidth settings. Otherwise, it will set the inbound
or outbound bandwidth. average,peak,burst is the same as in command
attach-interface.
If --live is specified, affect a running guest. If --config is
specified, affect the next boot of a persistent guest. If
--current is specified, affect the current guest state. Both
--live and --current flags may be given, but --current is
exclusive. If no flag is specified, behavior is different depending
on hypervisor.
dommemstat domain [--period seconds] [[--config] [--live] |
[--current]]
Get memory stats for a running domain.
Depending on the hypervisor a variety of statistics can be returned
For QEMU/KVM with a memory balloon, setting the optional --period
to a value larger than 0 in seconds will allow the balloon driver
to return additional statistics which will be displayed by
subsequent dommemstat commands. Setting the --period to 0 will stop
the balloon driver collection, but does not clear the statistics in
the balloon driver. Requires at least QEMU/KVM 1.5 to be running on
the host.
The --live, --config, and --current flags are only valid when using
the --period option in order to set the collection period for the
balloon driver. If --live is specified, only the running guest
collection period is affected. If --config is specified, affect the
next boot of a persistent guest. If --current is specified, affect
the current guest state.
Both --live and --config flags may be given, but --current is
exclusive. If no flag is specified, behavior is different depending
on the guest state.
domblkerror domain
Show errors on block devices. This command usually comes handy
when domstate command says that a domain was paused due to I/O
error. The domblkerror command lists all block devices in error
state and the error seen on each of them.
domblkinfo domain block-device
Get block device size info for a domain. A block-device
corresponds to a unique target name (<target dev='name'/>) or
source file (<source file='name'/>) for one of the disk devices
attached to domain (see also domblklist for listing these names).
domblklist domain [--inactive] [--details]
Print a table showing the brief information of all block devices
associated with domain. If --inactive is specified, query the block
devices that will be used on the next boot, rather than those
currently in use by a running domain. If --details is specified,
disk type and device value will also be printed. Other contexts
that require a block device name (such as domblkinfo or snapshot-
create for disk snapshots) will accept either target or unique
source names printed by this command.
domiflist domain [--inactive]
Print a table showing the brief information of all virtual
interfaces associated with domain. If --inactive is specified,
query the virtual interfaces that will be used on the next boot,
rather than those currently in use by a running domain. Other
contexts that require a MAC address of virtual interface (such as
detach-interface or domif-setlink) will accept the MAC address
printed by this command.
blockcommit domain path [bandwidth] {[base] | [--shallow]} [top]
[--delete] [--wait [--verbose] [--timeout seconds]]
Reduce the length of a backing image chain, by committing changes
at the top of the chain (snapshot or delta files) into backing
images. By default, this command attempts to flatten the entire
chain. If base and/or top are specified as files within the
backing chain, then the operation is constrained to committing just
that portion of the chain; --shallow can be used instead of base to
specify the immediate backing file of the resulting top image to be
committed. The files being committed are rendered invalid,
possibly as soon as the operation starts; using the --delete flag
will remove these files at the successful completion of the commit
operation.
By default, this command returns as soon as possible, and data for
the entire disk is committed in the background; the progress of the
operation can be checked with blockjob. However, if --wait is
specified, then this command will block until the operation
completes, or cancel the operation if the optional timeout in
seconds elapses or SIGINT is sent (usually with "Ctrl-C"). Using
--verbose along with --wait will produce periodic status updates.
path specifies fully-qualified path of the disk; it corresponds to
a unique target name (<target dev='name'/>) or source file (<source
file='name'/>) for one of the disk devices attached to domain (see
also domblklist for listing these names). bandwidth specifies
copying bandwidth limit in MiB/s, although for qemu, it may be non-
zero only for an online domain.
blockcopy domain path dest [bandwidth] [--shallow] [--reuse-external]
[--raw] [--wait [--verbose] [{--pivot | --finish}] [--timeout seconds]
[--async]]
Copy a disk backing image chain to dest. By default, this command
flattens the entire chain; but if --shallow is specified, the copy
shares the backing chain.
If --reuse-external is specified, then dest must exist and have
contents identical to the resulting backing file (that is, it must
start with contents matching the backing file disk if --shallow is
used, otherwise it must start empty); this option is typically used
to set up a relative backing file name in the destination.
The format of the destination is determined by the first match in
the following list: if --raw is specified, it will be raw; if
--reuse-external is specified, the existing destination is probed
for a format; and in all other cases, the destination format will
match the source format.
By default, the copy job runs in the background, and consists of
two phases. Initially, the job must copy all data from the source,
and during this phase, the job can only be canceled to revert back
to the source disk, with no guarantees about the destination.
After this phase completes, both the source and the destination
remain mirrored until a call to blockjob with the --abort and
--pivot flags pivots over to the copy, or a call without --pivot
leaves the destination as a faithful copy of that point in time.
However, if --wait is specified, then this command will block until
the mirroring phase begins, or cancel the operation if the optional
timeout in seconds elapses or SIGINT is sent (usually with
"Ctrl-C"). Using --verbose along with --wait will produce periodic
status updates. Using --pivot or --finish along with --wait will
additionally end the job cleanly rather than leaving things in the
mirroring phase. If job cancellation is triggered, --async will
return control to the user as fast as possible, otherwise the
command may continue to block a little while longer until the job
is done cleaning up.
path specifies fully-qualified path of the disk. bandwidth
specifies copying bandwidth limit in MiB/s.
blockpull domain path [bandwidth] [base] [--wait [--verbose] [--timeout
seconds] [--async]]
Populate a disk from its backing image chain. By default, this
command flattens the entire chain; but if base is specified,
containing the name of one of the backing files in the chain, then
that file becomes the new backing file and only the intermediate
portion of the chain is pulled. Once all requested data from the
backing image chain has been pulled, the disk no longer depends on
that portion of the backing chain.
By default, this command returns as soon as possible, and data for
the entire disk is pulled in the background; the progress of the
operation can be checked with blockjob. However, if --wait is
specified, then this command will block until the operation
completes, or cancel the operation if the optional timeout in
seconds elapses or SIGINT is sent (usually with "Ctrl-C"). Using
--verbose along with --wait will produce periodic status updates.
If job cancellation is triggered, --async will return control to
the user as fast as possible, otherwise the command may continue to
block a little while longer until the job is done cleaning up.
path specifies fully-qualified path of the disk; it corresponds to
a unique target name (<target dev='name'/>) or source file (<source
file='name'/>) for one of the disk devices attached to domain (see
also domblklist for listing these names). bandwidth specifies
copying bandwidth limit in MiB/s.
blkdeviotune domain device [[--config] [--live] | [--current]] [[total-
bytes-sec] | [read-bytes-sec] [write-bytes-sec]] [[total-iops-sec] |
[read-iops-sec] [write-iops-sec]]
Set or query the block disk io parameters for a block device of
domain. device specifies a unique target name (<target
dev='name'/>) or source file (<source file='name'/>) for one of the
disk devices attached to domain (see also domblklist for listing
these names).
If no limit is specified, it will query current I/O limits setting.
Otherwise, alter the limits with these flags: --total-bytes-sec
specifies total throughput limit in bytes per second.
--read-bytes-sec specifies read throughput limit in bytes per
second. --write-bytes-sec specifies write throughput limit in
bytes per second. --total-iops-sec specifies total I/O operations
limit per second. --read-iops-sec specifies read I/O operations
limit per second. --write-iops-sec specifies write I/O operations
limit per second.
Older versions of virsh only accepted these options with underscore
instead of dash, as in --total_bytes_sec.
Bytes and iops values are independent, but setting only one value
(such as --read-bytes-sec) resets the other two in that category to
unlimited. An explicit 0 also clears any limit. A non-zero value
for a given total cannot be mixed with non-zero values for read or
write.
If --live is specified, affect a running guest. If --config is
specified, affect the next boot of a persistent guest. If
--current is specified, affect the current guest state. Both
--live and --current flags may be given, but --current is
exclusive. If no flag is specified, behavior is different depending
on hypervisor.
blockjob domain path { [--abort] [--async] [--pivot] | [--info] |
[bandwidth] }
Manage active block operations. There are three modes: --info,
bandwidth, and --abort; --info is default except that --async or
--pivot implies --abort.
path specifies fully-qualified path of the disk; it corresponds to
a unique target name (<target dev='name'/>) or source file (<source
file='name'/>) for one of the disk devices attached to domain (see
also domblklist for listing these names).
If --abort is specified, the active job on the specified disk will
be aborted. If --async is also specified, this command will return
immediately, rather than waiting for the cancelation to complete.
If --pivot is specified, this requests that an active copy job be
pivoted over to the new copy. If --info is specified, the active
job information on the specified disk will be printed. bandwidth
can be used to set bandwidth limit for the active job.
blockresize domain path size
Resize a block device of domain while the domain is running, path
specifies the absolute path of the block device; it corresponds to
a unique target name (<target dev='name'/>) or source file (<source
file='name'/>) for one of the disk devices attached to domain (see
also domblklist for listing these names).
size is a scaled integer (see NOTES above) which defaults to KiB
(blocks of 1024 bytes) if there is no suffix. You must use a
suffix of "B" to get bytes (note that for historical reasons, this
differs from vol-resize which defaults to bytes without a suffix).
domdisplay domain [--include-password]
Output a URI which can be used to connect to the graphical display
of the domain via VNC, SPICE or RDP. If --include-password is
specified, the SPICE channel password will be included in the URI.
domfstrim domain [--minimum bytes] [--mountpoint mountPoint]
Issue a fstrim command on all mounted filesystems within a running
domain. It discards blocks which are not in use by the filesystem.
If --minimum bytes is specified, it tells guest kernel length of
contiguous free range. Smaller than this may be ignored (this is a
hint and the guest may not respect it). By increasing this value,
the fstrim operation will complete more quickly for filesystems
with badly fragmented free space, although not all blocks will be
discarded. The default value is zero, meaning "discard every free
block". Moreover, a if user wants to trim only one mount point, it
can be specified via optional --mountpoint parameter.
domhostname domain
Returns the hostname of a domain, if the hypervisor makes it
available.
dominfo domain
Returns basic information about the domain.
domuuid domain-name-or-id
Convert a domain name or id to domain UUID
domid domain-name-or-uuid
Convert a domain name (or UUID) to a domain id
domjobabort domain
Abort the currently running domain job.
domjobinfo domain
Returns information about jobs running on a domain.
domname domain-id-or-uuid
Convert a domain Id (or UUID) to domain name
domstate domain [--reason]
Returns state about a domain. --reason tells virsh to also print
reason for the state.
domcontrol domain
Returns state of an interface to VMM used to control a domain. For
states other than "ok" or "error" the command also prints number of
seconds elapsed since the control interface entered its current
state.
domxml-from-native format config
Convert the file config in the native guest configuration format
named by format to a domain XML format. For QEMU/KVM hypervisor,
the format argument must be qemu-argv. For Xen hypervisor, the
format argument may be xen-xm or xen-sxpr.
domxml-to-native format xml
Convert the file xml in domain XML format to the native guest
configuration format named by format. For QEMU/KVM hypervisor, the
format argument must be qemu-argv. For Xen hypervisor, the format
argument may be xen-xm or xen-sxpr.
dump domain corefilepath [--bypass-cache] { [--live] | [--crash] |
[--reset] } [--verbose] [--memory-only]
Dumps the core of a domain to a file for analysis. If --live is
specified, the domain continues to run until the core dump is
complete, rather than pausing up front. If --crash is specified,
the domain is halted with a crashed status, rather than merely left
in a paused state. If --reset is specified, the domain is reset
after successful dump. Note, these three switches are mutually
exclusive. If --bypass-cache is specified, the save will avoid the
file system cache, although this may slow down the operation. If
--memory-only is specified, the file is elf file, and will only
include domain's memory and cpu common register value. It is very
useful if the domain uses host devices directly.
The progress may be monitored using domjobinfo virsh command and
canceled with domjobabort command (sent by another virsh instance).
Another option is to send SIGINT (usually with "Ctrl-C") to the
virsh process running dump command. --verbose displays the progress
of dump.
NOTE: Some hypervisors may require the user to manually ensure
proper permissions on file and path specified by argument
corefilepath.
dumpxml domain [--inactive] [--security-info] [--update-cpu]
[--migratable]
Output the domain information as an XML dump to stdout, this format
can be used by the create command. Additional options affecting the
XML dump may be used. --inactive tells virsh to dump domain
configuration that will be used on next start of the domain as
opposed to the current domain configuration. Using --security-info
will also include security sensitive information in the XML dump.
--update-cpu updates domain CPU requirements according to host CPU.
With --migratable one can request an XML that is suitable for
migrations, i.e., compatible with older libvirt releases and
possibly amended with internal run-time options. This option may
automatically enable other options (--update-cpu, --security-info,
...) as necessary.
edit domain
Edit the XML configuration file for a domain, which will affect the
next boot of the guest.
This is equivalent to:
virsh dumpxml --inactive --security-info domain > domain.xml
vi domain.xml (or make changes with your other text editor)
virsh define domain.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR
environment variables, and defaults to "vi".
managedsave domain [--bypass-cache] [{--running | --paused}]
[--verbose]
Save and destroy (stop) a running domain, so it can be restarted
from the same state at a later time. When the virsh start command
is next run for the domain, it will automatically be started from
this saved state. If --bypass-cache is specified, the save will
avoid the file system cache, although this may slow down the
operation.
The progress may be monitored using domjobinfo virsh command and
canceled with domjobabort command (sent by another virsh instance).
Another option is to send SIGINT (usually with "Ctrl-C") to the
virsh process running managedsave command. --verbose displays the
progress of save.
Normally, starting a managed save will decide between running or
paused based on the state the domain was in when the save was done;
passing either the --running or --paused flag will allow overriding
which state the start should use.
The dominfo command can be used to query whether a domain currently
has any managed save image.
managedsave-remove domain
Remove the managedsave state file for a domain, if it exists. This
ensures the domain will do a full boot the next time it is started.
maxvcpus [type]
Provide the maximum number of virtual CPUs supported for a guest VM
on this connection. If provided, the type parameter must be a
valid type attribute for the <domain> element of XML.
cpu-stats domain [--total] [start] [count]
Provide cpu statistics information of a domain. The domain should
be running. Default it shows stats for all CPUs, and a total. Use
--total for only the total stats, start for only the per-cpu stats
of the CPUs from start, count for only count CPUs' stats.
migrate [--live] [--offline] [--direct] [--p2p [--tunnelled]]
[--persistent] [--undefinesource] [--suspend] [--copy-storage-all]
[--copy-storage-inc] [--change-protection] [--unsafe] [--verbose]
[--compressed] [--abort-on-error] domain desturi [migrateuri]
[graphicsuri] [listen-address] [dname] [--timeout seconds] [--xml file]
Migrate domain to another host. Add --live for live migration;
<--p2p> for peer-2-peer migration; --direct for direct migration;
or --tunnelled for tunnelled migration. --offline migrates domain
definition without starting the domain on destination and without
stopping it on source host. Offline migration may be used with
inactive domains and it must be used with --persistent option.
--persistent leaves the domain persistent on destination host,
--undefinesource undefines the domain on the source host, and
--suspend leaves the domain paused on the destination host.
--copy-storage-all indicates migration with non-shared storage with
full disk copy, --copy-storage-inc indicates migration with non-
shared storage with incremental copy (same base image shared
between source and destination). In both cases the disk images
have to exist on destination host, the --copy-storage-... options
only tell libvirt to transfer data from the images on source host
to the images found at the same place on the destination host.
--change-protection enforces that no incompatible configuration
changes will be made to the domain while the migration is underway;
this flag is implicitly enabled when supported by the hypervisor,
but can be explicitly used to reject the migration if the
hypervisor lacks change protection support. --verbose displays the
progress of migration. --compressed activates compression of
memory pages that have to be transferred repeatedly during live
migration. --abort-on-error cancels the migration if a soft error
(for example I/O error) happens during the migration.
Note: Individual hypervisors usually do not support all possible
types of migration. For example, QEMU does not support direct
migration.
In some cases libvirt may refuse to migrate the domain because
doing so may lead to potential problems such as data corruption,
and thus the migration is considered unsafe. For QEMU domain, this
may happen if the domain uses disks without explicitly setting
cache mode to "none". Migrating such domains is unsafe unless the
disk images are stored on coherent clustered filesystem, such as
GFS2 or GPFS. If you are sure the migration is safe or you just do
not care, use --unsafe to force the migration.
The desturi is the connection URI of the destination host, and
migrateuri is the migration URI, which usually can be omitted (see
below). dname is used for renaming the domain to new name during
migration, which also usually can be omitted. Likewise, --xml file
is usually omitted, but can be used to supply an alternative XML
file for use on the destination to supply a larger set of changes
to any host-specific portions of the domain XML, such as accounting
for naming differences between source and destination in accessing
underlying storage.
--timeout seconds forces guest to suspend when live migration
exceeds that many seconds, and then the migration will complete
offline. It can only be used with --live.
Running migration can be canceled by interrupting virsh (usually
using "Ctrl-C") or by domjobabort command sent from another virsh
instance.
Note: The desturi parameter for normal migration and peer2peer
migration has different semantics:
· normal migration: the desturi is an address of the target host
as seen from the client machine.
· peer2peer migration: the desturi is an address of the target
host as seen from the source machine.
When migrateuri is not specified, libvirt will automatically
determine the hypervisor specific URI, by looking up the target
host's configured hostname. There are a few scenarios where
specifying migrateuri may help:
· The configured hostname is incorrect, or DNS is broken. If a
host has a hostname which will not resolve to match one of its
public IP addresses, then libvirt will generate an incorrect
URI. In this case migrateuri should be explicitly specified,
using an IP address, or a correct hostname.
· The host has multiple network interaces. If a host has
multiple network interfaces, it might be desirable for the
migration data stream to be sent over a specific interface for
either security or performance reasons. In this case
migrateuri should be explicitly specified, using an IP address
associated with the network to be used.
· The firewall restricts what ports are available. When libvirt
generates a migration URI, it will pick a port number using
hypervisor specific rules. Some hypervisors only require a
single port to be open in the firewalls, while others require a
whole range of port numbers. In the latter case migrateuri
might be specified to choose a specific port number outside the
default range in order to comply with local firewall policies.
Optional graphicsuri overrides connection parameters used for
automatically reconnecting a graphical clients at the end of
migration. If omitted, libvirt will compute the parameters based on
target host IP address. In case the client does not have a direct
access to the network virtualization hosts are connected to and
needs to connect through a proxy, graphicsuri may be used to
specify the address the client should connect to. The URI is formed
as follows:
protocol://hostname[:port]/[?parameters]
where protocol is either "spice" or "vnc" and parameters is a list
of protocol specific parameters separated by '&'. Currently
recognized parameters are "tlsPort" and "tlsSubject". For example,
spice://target.host.com:1234/?tlsPort=4567
Optional listen-address sets the listen address that hypervisor on
the destination side should bind to for incoming migration. Both
IPv4 and IPv6 addresses are accepted as well as hostnames (the
resolving is done on destination). Some hypervisors do not support
this feature and will return an error if this parameter is used.
migrate-setmaxdowntime domain downtime
Set maximum tolerable downtime for a domain which is being live-
migrated to another host. The downtime is a number of milliseconds
the guest is allowed to be down at the end of live migration.
migrate-compcache domain [--size bytes]
Sets and/or gets size of the cache (in bytes) used for compressing
repeatedly transferred memory pages during live migration. When
called without size, the command just prints current size of the
compression cache. When size is specified, the hypervisor is asked
to change compression cache to size bytes and then the current size
is printed (the result may differ from the requested size due to
rounding done by the hypervisor). The size option is supposed to be
used while the domain is being live-migrated as a reaction to
migration progress and increasing number of compression cache
misses obtained from domjobinfo.
migrate-setspeed domain bandwidth
Set the maximum migration bandwidth (in MiB/s) for a domain which
is being migrated to another host.
migrate-getspeed domain
Get the maximum migration bandwidth (in MiB/s) for a domain.
numatune domain [--mode mode] [--nodeset nodeset] [[--config] [--live]
| [--current]]
Set or get a domain's numa parameters, corresponding to the
<numatune> element of domain XML. Without flags, the current
settings are displayed.
mode can be one of `strict', `interleave' and `preferred'. For a
running domain, the mode can't be changed, and the nodeset can be
changed only if the domain was started with a mode of `strict'.
nodeset is a list of numa nodes used by the host for running the
domain. Its syntax is a comma separated list, with '-' for ranges
and '^' for excluding a node.
If --live is specified, set scheduler information of a running
guest. If --config is specified, affect the next boot of a
persistent guest. If --current is specified, affect the current
guest state.
reboot domain [--mode MODE-LIST]
Reboot a domain. This acts just as if the domain had the reboot
command run from the console. The command returns as soon as it
has executed the reboot action, which may be significantly before
the domain actually reboots.
The exact behavior of a domain when it reboots is set by the
on_reboot parameter in the domain's XML definition.
By default the hypervisor will try to pick a suitable shutdown
method. To specify an alternative method, the --mode parameter can
specify a comma separated list which includes "acpi", "agent",
"initctl" and "signal". The order in which drivers will try each
mode is undefined, and not related to the order specified to virsh.
For strict control over ordering, use a single mode at a time and
repeat the command.
reset domain
Reset a domain immediately without any guest shutdown. reset
emulates the power reset button on a machine, where all guest
hardware sees the RST line set and reinitializes internal state.
Note: Reset without any guest OS shutdown risks data loss.
restore state-file [--bypass-cache] [--xml file] [{--running |
--paused}]
Restores a domain from a virsh save state file. See save for more
info.
If --bypass-cache is specified, the restore will avoid the file
system cache, although this may slow down the operation.
--xml file is usually omitted, but can be used to supply an
alternative XML file for use on the restored guest with changes
only in the host-specific portions of the domain XML. For example,
it can be used to account for file naming differences in underlying
storage due to disk snapshots taken after the guest was saved.
Normally, restoring a saved image will use the state recorded in
the save image to decide between running or paused; passing either
the --running or --paused flag will allow overriding which state
the domain should be started in.
Note: To avoid corrupting file system contents within the domain,
you should not reuse the saved state file for a second restore
unless you have also reverted all storage volumes back to the same
contents as when the state file was created.
save domain state-file [--bypass-cache] [--xml file] [{--running |
--paused}] [--verbose]
Saves a running domain (RAM, but not disk state) to a state file so
that it can be restored later. Once saved, the domain will no
longer be running on the system, thus the memory allocated for the
domain will be free for other domains to use. virsh restore
restores from this state file. If --bypass-cache is specified, the
save will avoid the file system cache, although this may slow down
the operation.
The progress may be monitored using domjobinfo virsh command and
canceled with domjobabort command (sent by another virsh instance).
Another option is to send SIGINT (usually with "Ctrl-C") to the
virsh process running save command. --verbose displays the progress
of save.
This is roughly equivalent to doing a hibernate on a running
computer, with all the same limitations. Open network connections
may be severed upon restore, as TCP timeouts may have expired.
--xml file is usually omitted, but can be used to supply an
alternative XML file for use on the restored guest with changes
only in the host-specific portions of the domain XML. For example,
it can be used to account for file naming differences that are
planned to be made via disk snapshots of underlying storage after
the guest is saved.
Normally, restoring a saved image will decide between running or
paused based on the state the domain was in when the save was done;
passing either the --running or --paused flag will allow overriding
which state the restore should use.
Domain saved state files assume that disk images will be unchanged
between the creation and restore point. For a more complete system
restore point, where the disk state is saved alongside the memory
state, see the snapshot family of commands.
save-image-define file xml [{--running | --paused}]
Update the domain XML that will be used when file is later used in
the restore command. The xml argument must be a file name
containing the alternative XML, with changes only in the host-
specific portions of the domain XML. For example, it can be used
to account for file naming differences resulting from creating disk
snapshots of underlying storage after the guest was saved.
The save image records whether the domain should be restored to a
running or paused state. Normally, this command does not alter the
recorded state; passing either the --running or --paused flag will
allow overriding which state the restore should use.
save-image-dumpxml file [--security-info]
Extract the domain XML that was in effect at the time the saved
state file file was created with the save command. Using
--security-info will also include security sensitive information.
save-image-edit file [{--running | --paused}]
Edit the XML configuration associated with a saved state file file
created by the save command.
The save image records whether the domain should be restored to a
running or paused state. Normally, this command does not alter the
recorded state; passing either the --running or --paused flag will
allow overriding which state the restore should use.
This is equivalent to:
virsh save-image-dumpxml state-file > state-file.xml
vi state-file.xml (or make changes with your other text editor)
virsh save-image-define state-file state-file-xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR
environment variables, and defaults to "vi".
schedinfo domain [[--config] [--live] | [--current]] [[--set]
parameter=value]...
schedinfo [--weight number] [--cap number] domain
Allows you to show (and set) the domain scheduler parameters. The
parameters available for each hypervisor are:
LXC (posix scheduler) : cpu_shares
QEMU/KVM (posix scheduler): cpu_shares, vcpu_period, vcpu_quota,
emulator_period, emulator_quota
Xen (credit scheduler): weight, cap
ESX (allocation scheduler): reservation, limit, shares
If --live is specified, set scheduler information of a running
guest. If --config is specified, affect the next boot of a
persistent guest. If --current is specified, affect the current
guest state.
Note: The cpu_shares parameter has a valid value range of 0-262144;
Negative values are wrapped to positive, and larger values are
capped at the maximum. Therefore, -1 is a useful shorthand for
262144. On the Linux kernel, the values 0 and 1 are automatically
converted to a minimal value of 2.
Note: The weight and cap parameters are defined only for the
XEN_CREDIT scheduler and are now DEPRECATED.
Note: The vcpu_period/emulator_period parameters have a valid value
range of 1000-1000000 or 0, and the vcpu_quota/emulator_quota
parameters have a valid value range of 1000-18446744073709551 or
less than 0. The value 0 for either parameter is the same as not
specifying that parameter.
screenshot domain [imagefilepath] [--screen screenID]
Takes a screenshot of a current domain console and stores it into a
file. Optionally, if hypervisor supports more displays for a
domain, screenID allows to specify which screen will be captured.
It is the sequential number of screen. In case of multiple graphics
cards, heads are enumerated before devices, e.g. having two
graphics cards, both with four heads, screen ID 5 addresses the
second head on the second card.
send-key domain [--codeset codeset] [--holdtime holdtime] keycode...
Parse the keycode sequence as keystrokes to send to domain. Each
keycode can either be a numeric value or a symbolic name from the
corresponding codeset. If --holdtime is given, each keystroke will
be held for that many milliseconds. The default codeset is linux,
but use of the --codeset option allows other codesets to be chosen.
If multiple keycodes are specified, they are all sent
simultaneously to the guest, and they may be received in random
order. If you need distinct keypresses, you must use multiple send-
key invocations.
linux
The numeric values are those defined by the Linux generic input
event subsystem. The symbolic names match the corresponding
Linux key constant macro names.
xt The numeric values are those defined by the original XT
keyboard controller. No symbolic names are provided
atset1
The numeric values are those defined by the AT keyboard
controller, set 1 (aka XT compatible set). Extended keycoes
from atset1 may differ from extended keycodes in the xt
codeset. No symbolic names are provided
atset2
The numeric values are those defined by the AT keyboard
controller, set 2. No symbolic names are provided
atset3
The numeric values are those defined by the AT keyboard
controller, set 3 (aka PS/2 compatible set). No symbolic names
are provided
os_x
The numeric values are those defined by the OS-X keyboard input
subsystem. The symbolic names match the corresponding OS-X key
constant macro names
xt_kbd
The numeric values are those defined by the Linux KBD device.
These are a variant on the original XT codeset, but often with
different encoding for extended keycodes. No symbolic names are
provided.
win32
The numeric values are those defined by the Win32 keyboard
input subsystem. The symbolic names match the corresponding
Win32 key constant macro names
usb The numeric values are those defined by the USB HID
specification for keyboard input. No symbolic names are
provided
rfb The numeric values are those defined by the RFB extension for
sending raw keycodes. These are a variant on the XT codeset,
but extended keycodes have the low bit of the second byte set,
instead of the high bit of the first byte. No symbolic names
are provided.
Examples
# send three strokes 'k', 'e', 'y', using xt codeset. these
# are all pressed simultaneously and may be received by the guest
# in random order
virsh send-key dom --codeset xt 37 18 21
# send one stroke 'right-ctrl+C'
virsh send-key dom KEY_RIGHTCTRL KEY_C
# send a tab, held for 1 second
virsh send-key --holdtime 1000 0xf
send-process-signal domain-id pid signame
Send a signal signame to the process identified by pid running in
the virtual domain domain-id. The pid is a process ID in the
virtual domain namespace.
The signame argument may be either an integer signal constant
number, or one of the symbolic names:
"nop", "hup", "int", "quit", "ill",
"trap", "abrt", "bus", "fpe", "kill",
"usr1", "segv", "usr2", "pipe", "alrm",
"term", "stkflt", "chld", "cont", "stop",
"tstp", "ttin", "ttou", "urg", "xcpu",
"xfsz", "vtalrm", "prof", "winch", "poll",
"pwr", "sys", "rt0", "rt1", "rt2", "rt3",
"rt4", "rt5", "rt6", "rt7", "rt8", "rt9",
"rt10", "rt11", "rt12", "rt13", "rt14", "rt15",
"rt16", "rt17", "rt18", "rt19", "rt20", "rt21",
"rt22", "rt23", "rt24", "rt25", "rt26", "rt27",
"rt28", "rt29", "rt30", "rt31", "rt32"
The symbol name may optionally be prefixed with 'sig' or 'sig_' and
may be in uppercase or lowercase.
Examples
virsh send-process-signal myguest 1 15
virsh send-process-signal myguest 1 term
virsh send-process-signal myguest 1 sigterm
virsh send-process-signal myguest 1 SIG_HUP
setmem domain size [[--config] [--live] | [--current]]
Change the memory allocation for a guest domain. If --live is
specified, perform a memory balloon of a running guest. If
--config is specified, affect the next boot of a persistent guest.
If --current is specified, affect the current guest state. Both
--live and --config flags may be given, but --current is exclusive.
If no flag is specified, behavior is different depending on
hypervisor.
size is a scaled integer (see NOTES above); it defaults to
kibibytes (blocks of 1024 bytes) unless you provide a suffix (and
the older option name --kilobytes is available as a deprecated
synonym) . Libvirt rounds up to the nearest kibibyte. Some
hypervisors require a larger granularity than KiB, and requests
that are not an even multiple will be rounded up. For example,
vSphere/ESX rounds the parameter up to mebibytes (1024 kibibytes).
For Xen, you can only adjust the memory of a running domain if the
domain is paravirtualized or running the PV balloon driver.
setmaxmem domain size [[--config] [--live] | [--current]]
Change the maximum memory allocation limit for a guest domain. If
--live is specified, affect a running guest. If --config is
specified, affect the next boot of a persistent guest. If
--current is specified, affect the current guest state. Both
--live and --config flags may be given, but --current is exclusive.
If no flag is specified, behavior is different depending on
hypervisor.
Some hypervisors such as QEMU/KVM don't support live changes
(especially increasing) of the maximum memory limit.
size is a scaled integer (see NOTES above); it defaults to
kibibytes (blocks of 1024 bytes) unless you provide a suffix (and
the older option name --kilobytes is available as a deprecated
synonym) . Libvirt rounds up to the nearest kibibyte. Some
hypervisors require a larger granularity than KiB, and requests
that are not an even multiple will be rounded up. For example,
vSphere/ESX rounds the parameter up to mebibytes (1024 kibibytes).
memtune domain [--hard-limit size] [--soft-limit size]
[--swap-hard-limit size] [--min-guarantee size] [[--config] [--live] |
[--current]]
Allows you to display or set the domain memory parameters. Without
flags, the current settings are displayed; with a flag, the
appropriate limit is adjusted if supported by the hypervisor. LXC
and QEMU/KVM support --hard-limit, --soft-limit, and
--swap-hard-limit.--min-guarantee is supported only by ESX
hypervisor. Each of these limits are scaled integers (see NOTES
above), with a default of kibibytes (blocks of 1024 bytes) if no
suffix is present. Libvirt rounds up to the nearest kibibyte. Some
hypervisors require a larger granularity than KiB, and requests
that are not an even multiple will be rounded up. For example,
vSphere/ESX rounds the parameter up to mebibytes (1024 kibibytes).
If --live is specified, affect a running guest. If --config is
specified, affect the next boot of a persistent guest. If
--current is specified, affect the current guest state. Both
--live and --config flags may be given, but --current is exclusive.
If no flag is specified, behavior is different depending on
hypervisor.
For QEMU/KVM, the parameters are applied to the QEMU process as a
whole. Thus, when counting them, one needs to add up guest RAM,
guest video RAM, and some memory overhead of QEMU itself. The last
piece is hard to determine so one needs guess and try.
--hard-limit
The maximum memory the guest can use.
--soft-limit
The memory limit to enforce during memory contention.
--swap-hard-limit
The maximum memory plus swap the guest can use. This has to be
more than hard-limit value provided.
--min-guarantee
The guaranteed minimum memory allocation for the guest.
Specifying -1 as a value for these limits is interpreted as
unlimited.
blkiotune domain [--weight weight] [--device-weights device-weights]
[[--config] [--live] | [--current]]
Display or set the blkio parameters. QEMU/KVM supports --weight.
--weight is in range [100, 1000].
device-weights is a single string listing one or more device/weight
pairs, in the format of
/path/to/device,weight,/path/to/device,weight. Each weight is in
the range [100, 1000], or the value 0 to remove that device from
per-device listings. Only the devices listed in the string are
modified; any existing per-device weights for other devices remain
unchanged.
If --live is specified, affect a running guest. If --config is
specified, affect the next boot of a persistent guest. If
--current is specified, affect the current guest state. Both
--live and --config flags may be given, but --current is exclusive.
If no flag is specified, behavior is different depending on
hypervisor.
setvcpus domain count [--maximum] [[--config] [--live] | [--current]]
[--guest]
Change the number of virtual CPUs active in a guest domain. By
default, this command works on active guest domains. To change the
settings for an inactive guest domain, use the --config flag.
The count value may be limited by host, hypervisor, or a limit
coming from the original description of the guest domain. For Xen,
you can only adjust the virtual CPUs of a running domain if the
domain is paravirtualized.
If the --config flag is specified, the change is made to the stored
XML configuration for the guest domain, and will only take effect
when the guest domain is next started.
If --live is specified, the guest domain must be active, and the
change takes place immediately. Both the --config and --live flags
may be specified together if supported by the hypervisor.
If --current is specified, affect the current guest state.
When no flags are given, the --live flag is assumed and the guest
domain must be active. In this situation it is up to the
hypervisor whether the --config flag is also assumed, and therefore
whether the XML configuration is adjusted to make the change
persistent.
If --guest is specified, then the count of cpus is modified in the
guest instead of the hypervisor. This flag is usable only for live
domains and may require guest agent to be configured in the guest.
The --maximum flag controls the maximum number of virtual cpus that
can be hot-plugged the next time the domain is booted. As such, it
must only be used with the --config flag, and not with the --live
flag.
shutdown domain [--mode MODE-LIST]
Gracefully shuts down a domain. This coordinates with the domain
OS to perform graceful shutdown, so there is no guarantee that it
will succeed, and may take a variable length of time depending on
what services must be shutdown in the domain.
The exact behavior of a domain when it shuts down is set by the
on_shutdown parameter in the domain's XML definition.
If domain is transient, then the metadata of any snapshots will be
lost once the guest stops running, but the snapshot contents still
exist, and a new domain with the same name and UUID can restore the
snapshot metadata with snapshot-create.
By default the hypervisor will try to pick a suitable shutdown
method. To specify an alternative method, the --mode parameter can
specify a comma separated list which includes "acpi", "agent",
"initctl" and "signal". The order in which drivers will try each
mode is undefined, and not related to the order specified to virsh.
For strict control over ordering, use a single mode at a time and
repeat the command.
start domain-name-or-uuid [--console] [--paused] [--autodestroy]
[--bypass-cache] [--force-boot] [--pass-fds N,M,...]
Start a (previously defined) inactive domain, either from the last
managedsave state, or via a fresh boot if no managedsave state is
present. The domain will be paused if the --paused option is used
and supported by the driver; otherwise it will be running. If
--console is requested, attach to the console after creation. If
--autodestroy is requested, then the guest will be automatically
destroyed when virsh closes its connection to libvirt, or otherwise
exits. If --bypass-cache is specified, and managedsave state
exists, the restore will avoid the file system cache, although this
may slow down the operation. If --force-boot is specified, then
any managedsave state is discarded and a fresh boot occurs.
If --pass-fds is specified, the argument is a comma separated list
of open file descriptors which should be pass on into the guest.
The file descriptors will be re-numered in the guest, starting from
3. This is only supported with container based virtualization.
suspend domain
Suspend a running domain. It is kept in memory but won't be
scheduled anymore.
resume domain
Moves a domain out of the suspended state. This will allow a
previously suspended domain to now be eligible for scheduling by
the underlying hypervisor.
dompmsuspend domain target [--duration]
Suspend a running domain into one of these states (possible target
values):
mem equivallent of S3 ACPI state
disk equivallent of S4 ACPI state
hybrid RAM is saved to disk but not powered off
The --duration argument specifies number of seconds before the
domain is woken up after it was suspended (see also dompmwakeup).
Default is 0 for unlimited suspend time. (This feature isn't
currently supported by any hypervisor driver and 0 should be
used.).
Note that this command requires a guest agent configured and
running in the domain's guest OS.
Beware that at least for QEMU, the domain's process will be
terminated when target disk is used and a new process will be
launched when libvirt is asked to wake up the domain. As a result
of this, any runtime changes, such as device hotplug or memory
settings, are lost unless such changes were made with --config
flag.
dompmwakeup domain
Wakeup a domain from pmsuspended state (either suspended by
dompmsuspend or from the guest itself). Injects a wakeup into the
guest that is in pmsuspended state, rather than waiting for the
previously requested duration (if any) to elapse. This operation
doesn't not necessarily fail if the domain is running.
ttyconsole domain
Output the device used for the TTY console of the domain. If the
information is not available the processes will provide an exit
code of 1.
undefine domain [--managed-save] [--snapshots-metadata] [ {--storage
volumes | --remove-all-storage} --wipe-storage]
Undefine a domain. If the domain is running, this converts it to a
transient domain, without stopping it. If the domain is inactive,
the domain configuration is removed.
The --managed-save flag guarantees that any managed save image (see
the managedsave command) is also cleaned up. Without the flag,
attempts to undefine a domain with a managed save image will fail.
The --snapshots-metadata flag guarantees that any snapshots (see
the snapshot-list command) are also cleaned up when undefining an
inactive domain. Without the flag, attempts to undefine an
inactive domain with snapshot metadata will fail. If the domain is
active, this flag is ignored.
The --storage flag takes a parameter volumes, which is a comma
separated list of volume target names or source paths of storage
volumes to be removed along with the undefined domain. Volumes can
be undefined and thus removed only on inactive domains. Volume
deletion is only attempted after the domain is undefined; if not
all of the requested volumes could be deleted, the error message
indicates what still remains behind. If a volume path is not found
in the domain definition, it's treated as if the volume was
successfully deleted. (See domblklist for list of target names
associated to a domain). Example: --storage
vda,/path/to/storage.img
The --remove-all-storage flag specifies that all of the domain's
storage volumes should be deleted.
The flag --wipe-storage specifies that the storage volumes should
be wiped before removal.
NOTE: For an inactive domain, the domain name or UUID must be used
as the domain.
vcpucount domain [{--maximum | --active} {--config | --live |
--current}] [--guest]
Print information about the virtual cpu counts of the given domain.
If no flags are specified, all possible counts are listed in a
table; otherwise, the output is limited to just the numeric value
requested. For historical reasons, the table lists the label
"current" on the rows that can be queried in isolation via the
--active flag, rather than relating to the --current flag.
--maximum requests information on the maximum cap of vcpus that a
domain can add via setvcpus, while --active shows the current
usage; these two flags cannot both be specified. --config requires
a persistent domain and requests information regarding the next
time the domain will be booted, --live requires a running domain
and lists current values, and --current queries according to the
current state of the domain (corresponding to --live if running, or
--config if inactive); these three flags are mutually exclusive.
If --guest is specified, then the count of cpus is reported from
the perspective of the guest. This flag is usable only for live
domains and may require guest agent to be configured in the guest.
vcpuinfo domain
Returns basic information about the domain virtual CPUs, like the
number of vCPUs, the running time, the affinity to physical
processors.
vcpupin domain [vcpu] [cpulist] [[--live] [--config] | [--current]]
Query or change the pinning of domain VCPUs to host physical CPUs.
To pin a single vcpu, specify cpulist; otherwise, you can query one
vcpu or omit vcpu to list all at once.
cpulist is a list of physical CPU numbers. Its syntax is a comma
separated list and a special markup using '-' and '^' (ex. '0-4',
'0-3,^2') can also be allowed. The '-' denotes the range and the
'^' denotes exclusive. If you want to reset vcpupin setting, that
is, to pin vcpu all physical cpus, simply specify 'r' as a cpulist.
If --live is specified, affect a running guest. If --config is
specified, affect the next boot of a persistent guest. If
--current is specified, affect the current guest state. Both
--live and --config flags may be given if cpulist is present, but
--current is exclusive. If no flag is specified, behavior is
different depending on hypervisor.
Note: The expression is sequentially evaluated, so "0-15,^8" is
identical to "9-14,0-7,15" but not identical to "^8,0-15".
emulatorpin domain [cpulist] [[--live] [--config] | [--current]]
Query or change the pinning of domain's emulator threads to host
physical CPUs.
See vcpupin for cpulist.
If --live is specified, affect a running guest. If --config is
specified, affect the next boot of a persistent guest. If
--current is specified, affect the current guest state. Both
--live and --config flags may be given if cpulist is present, but
--current is exclusive. If no flag is specified, behavior is
different depending on hypervisor.
vncdisplay domain
Output the IP address and port number for the VNC display. If the
information is not available the processes will provide an exit
code of 1.
DEVICE COMMANDS
The following commands manipulate devices associated to domains. The
domain can be specified as a short integer, a name or a full UUID. To
better understand the values allowed as options for the command reading
the documentation at <http://libvirt.org/formatdomain.html> on the
format of the device sections to get the most accurate set of accepted
values.
attach-device domain FILE [[[--live] [--config] | [--current]] |
[--persistent]]
Attach a device to the domain, using a device definition in an XML
file using a device definition element such as <disk> or
<interface> as the top-level element. See the documentation at
<http://libvirt.org/formatdomain.html#elementsDevices> to learn
about libvirt XML format for a device. If --config is specified
the command alters the persistent domain configuration with the
device attach taking effect the next time libvirt starts the
domain. For cdrom and floppy devices, this command only replaces
the media within an existing device; consider using update-device
for this usage. For passthrough host devices, see also nodedev-
detach, needed if the device does not use managed mode.
If --live is specified, affect a running domain. If --config is
specified, affect the next startup of a persistent domain. If
--current is specified, affect the current domain state. Both
--live and --config flags may be given, but --current is exclusive.
When no flag is specified legacy API is used whose behavior depends
on the hypervisor driver.
For compatibility purposes, --persistent behaves like --config for
an offline domain, and like --live --config for a running domain.
Note: using of partial device definition XML files may lead to
unexpected results as some fields may be autogenerated and thus
match devices other than expected.
attach-disk domain source target [[[--live] [--config] | [--current]] |
[--persistent]] [--driver driver] [--subdriver subdriver] [--cache
cache] [--type type] [--mode mode] [--config] [--sourcetype soucetype]
[--serial serial] [--wwn wwn] [--shareable] [--rawio] [--address
address] [--multifunction] [--print-xml]
Attach a new disk device to the domain. source is path for the
files and devices. target controls the bus or device under which
the disk is exposed to the guest OS. It indicates the "logical"
device name. driver can be file, tap or phy for the Xen hypervisor
depending on the kind of access; or qemu for the QEMU emulator.
Further details to the driver can be passed using subdriver. For
Xen subdriver can be aio, while for QEMU subdriver should match the
format of the disk source, such as raw or qcow2. Hypervisor
default will be used if subdriver is not specified. However, the
default may not be correct, esp. for QEMU as for security reasons
it is configured not to detect disk formats. type can indicate
lun, cdrom or floppy as alternative to the disk default, although
this use only replaces the media within the existing virtual cdrom
or floppy device; consider using update-device for this usage
instead. mode can specify the two specific mode readonly or
shareable. sourcetype can indicate the type of source (block|file)
cache can be one of "default", "none", "writethrough", "writeback",
"directsync" or "unsafe". serial is the serial of disk device. wwn
is the wwn of disk device. shareable indicates the disk device is
shareable between domains. rawio indicates the disk needs rawio
capability. address is the address of disk device in the form of
pci:domain.bus.slot.function, scsi:controller.bus.unit or
ide:controller.bus.unit. multifunction indicates specified pci
address is a multifunction pci device address.
If --print-xml is specified, then the XML of the disk that would be
attached is printed instead.
If --live is specified, affect a running domain. If --config is
specified, affect the next startup of a persistent domain. If
--current is specified, affect the current domain state. Both
--live and --config flags may be given, but --current is exclusive.
When no flag is specified legacy API is used whose behavior depends
on the hypervisor driver.
For compatibility purposes, --persistent behaves like --config for
an offline domain, and like --live --config for a running domain.
attach-interface domain type source [[[--live] [--config] |
[--current]] | [--persistent]] [--target target] [--mac mac] [--script
script] [--model model] [--config] [--inbound average,peak,burst]
[--outbound average,peak,burst]
Attach a new network interface to the domain. type can be either
network to indicate a physical network device or bridge to indicate
a bridge to a device. source indicates the source device. target
allows to indicate the target device in the guest. Names starting
with 'vnet' are considered as auto-generated an hence blanked out.
mac allows to specify the MAC address of the network interface.
script allows to specify a path to a script handling a bridge
instead of the default one. model allows to specify the model
type. inbound and outbound control the bandwidth of the interface.
peak and burst are optional, so "average,peak", "average,,burst"
and "average" are also legal.
If --live is specified, affect a running domain. If --config is
specified, affect the next startup of a persistent domain. If
--current is specified, affect the current domain state. Both
--live and --config flags may be given, but --current is exclusive.
When no flag is specified legacy API is used whose behavior depends
on the hypervisor driver.
For compatibility purposes, --persistent behaves like --config for
an offline domain, and like --live --config for a running domain.
Note: the optional target value is the name of a device to be
created as the back-end on the node. If not provided a device named
"vnetN" or "vifN" will be created automatically.
detach-device domain FILE [[[--live] [--config] | [--current]] |
[--persistent]]
Detach a device from the domain, takes the same kind of XML
descriptions as command attach-device. For passthrough host
devices, see also nodedev-reattach, needed if the device does not
use managed mode.
Note: using of partial device definition XML files may lead to
unexpected results as some fields may be autogenerated and thus
match devices other than expected.
If --live is specified, affect a running domain. If --config is
specified, affect the next startup of a persistent domain. If
--current is specified, affect the current domain state. Both
--live and --config flags may be given, but --current is exclusive.
When no flag is specified legacy API is used whose behavior depends
on the hypervisor driver.
For compatibility purposes, --persistent behaves like --config for
an offline domain, and like --live --config for a running domain.
Note that older versions of virsh used --config as an alias for
--persistent.
detach-disk domain target [[[--live] [--config] | [--current]] |
[--persistent]]
Detach a disk device from a domain. The target is the device as
seen from the domain.
If --live is specified, affect a running domain. If --config is
specified, affect the next startup of a persistent domain. If
--current is specified, affect the current domain state. Both
--live and --config flags may be given, but --current is exclusive.
When no flag is specified legacy API is used whose behavior depends
on the hypervisor driver.
For compatibility purposes, --persistent behaves like --config for
an offline domain, and like --live --config for a running domain.
Note that older versions of virsh used --config as an alias for
--persistent.
detach-interface domain type [--mac mac] [[[--live] [--config] |
[--current]] | [--persistent]]
Detach a network interface from a domain. type can be either
network to indicate a physical network device or bridge to indicate
a bridge to a device. It is recommended to use the mac option to
distinguish between the interfaces if more than one are present on
the domain.
If --live is specified, affect a running domain. If --config is
specified, affect the next startup of a persistent domain. If
--current is specified, affect the current domain state. Both
--live and --config flags may be given, but --current is exclusive.
When no flag is specified legacy API is used whose behavior depends
on the hypervisor driver.
For compatibility purposes, --persistent behaves like --config for
an offline domain, and like --live --config for a running domain.
Note that older versions of virsh used --config as an alias for
--persistent.
update-device domain file [--force] [[[--live] [--config] |
[--current]] | [--persistent]]
Update the characteristics of a device associated with domain,
based on the device definition in an XML file. The --force option
can be used to force device update, e.g., to eject a CD-ROM even if
it is locked/mounted in the domain. See the documentation at
<http://libvirt.org/formatdomain.html#elementsDevices> to learn
about libvirt XML format for a device.
If --live is specified, affect a running domain. If --config is
specified, affect the next startup of a persistent domain. If
--current is specified, affect the current domain state. Both
--live and --config flags may be given, but --current is exclusive.
Not specifying any flag is the same as specifying --current.
For compatibility purposes, --persistent behaves like --config for
an offline domain, and like --live --config for a running domain.
Note that older versions of virsh used --config as an alias for
--persistent.
Note: using of partial device definition XML files may lead to
unexpected results as some fields may be autogenerated and thus
match devices other than expected.
change-media domain path [--eject] [--insert] [--update] [source]
[--force] [[--live] [--config] | [--current]]
Change media of CDROM or floppy drive. path can be the fully-
qualified path or the unique target name (<target dev='hdc'>) of
the disk device. source specifies the path of the media to be
inserted or updated.
--eject indicates the media will be ejected. --insert indicates
the media will be inserted. source must be specified. If the
device has source (e.g. <source file='media'>), and source is not
specified, --update is equal to --eject. If the device has no
source, and source is specified, --update is equal to --insert. If
the device has source, and source is specified, --update behaves
like combination of --eject and --insert. If none of --eject,
--insert, and --update is specified, --update is used by default.
The --force option can be used to force media changing. If --live
is specified, alter live configuration of running guest. If
--config is specified, alter persistent configuration, effect
observed on next boot. --current can be either or both of live and
config, depends on the hypervisor's implementation. Both --live
and --config flags may be given, but --current is exclusive. If no
flag is specified, behavior is different depending on hypervisor.
NODEDEV COMMANDS
The following commands manipulate host devices that are intended to be
passed through to guest domains via <hostdev> elements in a domain's
<devices> section. A node device key is generally specified by the bus
name followed by its address, using underscores between all components,
such as pci_0000_00_02_1, usb_1_5_3, or net_eth1_00_27_13_6a_fe_00.
The nodedev-list gives the full list of host devices that are known to
libvirt, although this includes devices that cannot be assigned to a
guest (for example, attempting to detach the PCI device that controls
the host's hard disk controller where the guest's disk images live
could cause the host system to lock up or reboot).
For more information on node device definition see:
<http://libvirt.org/formatnode.html>.
Passthrough devices cannot be simultaneously used by the host and its
guest domains, nor by multiple active guests at once. If the <hostdev>
description includes the attribute managed='yes', and the hypervisor
driver supports it, then the device is in managed mode, and attempts to
use that passthrough device in an active guest will automatically
behave as if nodedev-detach (guest start, device hot-plug) and nodedev-
reattach (guest stop, device hot-unplug) were called at the right
points (currently, qemu does this for PCI devices, but not USB). If a
device is not marked as managed, then it must manually be detached
before guests can use it, and manually reattached to be returned to the
host. Also, if a device is manually detached, then the host does not
regain control of the device without a matching reattach, even if the
guests use the device in managed mode.
nodedev-create FILE
Create a device on the host node that can then be assigned to
virtual machines. Normally, libvirt is able to automatically
determine which host nodes are available for use, but this allows
registration of host hardware that libvirt did not automatically
detect. file contains xml for a top-level <device> description of
a node device.
nodedev-destroy device
Destroy (stop) a device on the host. device can be either device
name or wwn pair in "wwnn,wwpn" format (only works for HBA). Note
that this makes libvirt quit managing a host device, and may even
make that device unusable by the rest of the physical host until a
reboot.
nodedev-detach nodedev [--driver backend_driver]
Detach nodedev from the host, so that it can safely be used by
guests via <hostdev> passthrough. This is reversed with nodedev-
reattach, and is done automatically for managed devices. For
compatibility purposes, this command can also be spelled nodedev-
dettach.
Different backend drivers expect the device to be bound to
different dummy devices. For example, QEMU's "kvm" backend driver
(the default) expects the device to be bound to pci-stub, but its
"vfio" backend driver expects the device to be bound to vfio-pci.
The --driver parameter can be used to specify the desired backend
driver.
nodedev-dumpxml device
Dump a <device> XML representation for the given node device,
including such information as the device name, which bus owns the
device, the vendor and product id, and any capabilities of the
device usable by libvirt (such as whether device reset is
supported). device can be either device name or wwn pair in
"wwnn,wwpn" format (only works for HBA).
nodedev-list cap --tree
List all of the devices available on the node that are known by
libvirt. cap is used to filter the list by capability types, the
types must be separated by comma, e.g. --cap pci,scsi, valid
capability types include 'system', 'pci', 'usb_device', 'usb',
'net', 'scsi_host', 'scsi_target', 'scsi', 'storage', 'fc_host',
'vports', 'scsi_generic'. If --tree is used, the output is
formatted in a tree representing parents of each node. cap and
--tree are mutually exclusive.
nodedev-reattach nodedev
Declare that nodedev is no longer in use by any guests, and that
the host can resume normal use of the device. This is done
automatically for devices in managed mode, but must be done
explicitly to match any explicit nodedev-detach.
nodedev-reset nodedev
Trigger a device reset for nodedev, useful prior to transferring a
node device between guest passthrough or the host. Libvirt will
often do this action implicitly when required, but this command
allows an explicit reset when needed.
VIRTUAL NETWORK COMMANDS
The following commands manipulate networks. Libvirt has the capability
to define virtual networks which can then be used by domains and linked
to actual network devices. For more detailed information about this
feature see the documentation at
<http://libvirt.org/formatnetwork.html> . Many of the commands for
virtual networks are similar to the ones used for domains, but the way
to name a virtual network is either by its name or UUID.
net-autostart network [--disable]
Configure a virtual network to be automatically started at boot.
The --disable option disable autostarting.
net-create file
Create a transient (temporary) virtual network from an XML file and
instantiate (start) the network. See the documentation at
<http://libvirt.org/formatnetwork.html> to get a description of the
XML network format used by libvirt.
net-define file
Define a persistent virtual network from an XML file, the network
is just defined but not instantiated (started).
net-destroy network
Destroy (stop) a given transient or persistent virtual network
specified by its name or UUID. This takes effect immediately.
net-dumpxml network [--inactive]
Output the virtual network information as an XML dump to stdout.
If --inactive is specified, then physical functions are not
expanded into their associated virtual functions.
net-edit network
Edit the XML configuration file for a network.
This is equivalent to:
virsh net-dumpxml --inactive network > network.xml
vi network.xml (or make changes with your other text editor)
virsh net-define network.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR
environment variables, and defaults to "vi".
net-info network
Returns basic information about the network object.
net-list [--inactive | --all] [--persistent] [<--transient>]
[--autostart] [<--no-autostart>]
Returns the list of active networks, if --all is specified this
will also include defined but inactive networks, if --inactive is
specified only the inactive ones will be listed. You may also want
to filter the returned networks by --persistent to list the
persistent ones, --transient to list the transient ones,
--autostart to list the ones with autostart enabled, and
--no-autostart to list the ones with autostart disabled.
NOTE: When talking to older servers, this command is forced to use
a series of API calls with an inherent race, where a pool might not
be listed or might appear more than once if it changed state
between calls while the list was being collected. Newer servers do
not have this problem.
net-name network-UUID
Convert a network UUID to network name.
net-start network
Start a (previously defined) inactive network.
net-undefine network
Undefine the configuration for an inactive network.
net-uuid network-name
Convert a network name to network UUID.
net-update network command section xml [--parent-index index] [[--live]
[--config] | [--current]]
Update the given section of an existing network definition, with
the changes optionally taking effect immediately, without needing
to destroy and re-start the network.
command is one of "add-first", "add-last", "add" (a synonym for
add-last), "delete", or "modify".
section is one of "bridge", "domain", "ip", "ip-dhcp-host", "ip-
dhcp-range", "forward", "forward-interface", "forward-pf",
"portgroup", "dns-host", "dns-txt", or "dns-srv", each section
being named by a concatenation of the xml element hierarchy leading
to the element being changed. For example, "ip-dhcp-host" will
change a <host> element that is contained inside a <dhcp> element
inside an <ip> element of the network.
xml is either the text of a complete xml element of the type being
changed (e.g. "<host mac="00:11:22:33:44:55' ip='1.2.3.4'/>", or
the name of a file that contains a complete xml element.
Disambiguation is done by looking at the first character of the
provided text - if the first character is "<", it is xml text, if
the first character is not "<", it is the name of a file that
contains the xml text to be used.
The --parent-index option is used to specify which of several
parent elements the requested element is in (0-based). For example,
a dhcp <host> element could be in any one of multiple <ip> elements
in the network; if a parent-index isn't provided, the "most
appropriate" <ip> element will be selected (usually the only one
that already has a <dhcp> element), but if --parent-index is given,
that particular instance of <ip> will get the modification.
If --live is specified, affect a running network. If --config is
specified, affect the next startup of a persistent network. If
--current is specified, affect the current network state. Both
--live and --config flags may be given, but --current is exclusive.
Not specifying any flag is the same as specifying --current.
INTERFACE COMMANDS
The following commands manipulate host interfaces. Often, these host
interfaces can then be used by name within domain <interface> elements
(such as a system-created bridge interface), but there is no
requirement that host interfaces be tied to any particular guest
configuration XML at all.
Many of the commands for host interfaces are similar to the ones used
for domains, and the way to name an interface is either by its name or
its MAC address. However, using a MAC address for an iface argument
only works when that address is unique (if an interface and a bridge
share the same MAC address, which is often the case, then using that
MAC address results in an error due to ambiguity, and you must resort
to a name instead).
iface-bridge interface bridge [--no-stp] [delay] [--no-start]
Create a bridge device named bridge, and attach the existing
network device interface to the new bridge. The new bridge
defaults to starting immediately, with STP enabled and a delay of
0; these settings can be altered with --no-stp, --no-start, and an
integer number of seconds for delay. All IP address configuration
of interface will be moved to the new bridge device.
See also iface-unbridge for undoing this operation.
iface-define file
Define a host interface from an XML file, the interface is just
defined but not started.
iface-destroy interface
Destroy (stop) a given host interface, such as by running "if-down"
to disable that interface from active use. This takes effect
immediately.
iface-dumpxml interface [--inactive]
Output the host interface information as an XML dump to stdout. If
--inactive is specified, then the output reflects the persistent
state of the interface that will be used the next time it is
started.
iface-edit interface
Edit the XML configuration file for a host interface.
This is equivalent to:
virsh iface-dumpxml iface > iface.xml
vi iface.xml (or make changes with your other text editor)
virsh iface-define iface.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR
environment variables, and defaults to "vi".
iface-list [--inactive | --all]
Returns the list of active host interfaces. If --all is specified
this will also include defined but inactive interfaces. If
--inactive is specified only the inactive ones will be listed.
iface-name interface
Convert a host interface MAC to interface name, if the MAC address
is unique among the host's interfaces.
interface specifies the interface MAC address.
iface-mac interface
Convert a host interface name to MAC address.
interface specifies the interface name.
iface-start interface
Start a (previously defined) host interface, such as by running
"if-up".
iface-unbridge bridge [--no-start]
Tear down a bridge device named bridge, releasing its underlying
interface back to normal usage, and moving all IP address
configuration from the bridge device to the underlying device. The
underlying interface is restarted unless --no-start is present;
this flag is present for symmetry, but generally not recommended.
See also iface-bridge for creating a bridge.
iface-undefine interface
Undefine the configuration for an inactive host interface.
iface-begin
Create a snapshot of current host interface settings, which can
later be committed (iface-commit) or restored (iface-rollback). If
a snapshot already exists, then this command will fail until the
previous snapshot has been committed or restored. Undefined
behavior results if any external changes are made to host
interfaces outside of the libvirt API between the beginning of a
snapshot and its eventual commit or rollback.
iface-commit
Declare all changes since the last iface-begin as working, and
delete the rollback point. If no interface snapshot has already
been started, then this command will fail.
iface-rollback
Revert all host interface settings back to the state recorded in
the last iface-begin. If no interface snapshot has already been
started, then this command will fail. Rebooting the host also
serves as an implicit rollback point.
STORAGE POOL COMMANDS
The following commands manipulate storage pools. Libvirt has the
capability to manage various storage solutions, including files, raw
partitions, and domain-specific formats, used to provide the storage
volumes visible as devices within virtual machines. For more detailed
information about this feature, see the documentation at
<http://libvirt.org/formatstorage.html> . Many of the commands for
pools are similar to the ones used for domains.
find-storage-pool-sources type [srcSpec]
Returns XML describing all storage pools of a given type that could
be found. If srcSpec is provided, it is a file that contains XML
to further restrict the query for pools.
find-storage-pool-sources-as type [host] [port] [initiator]
Returns XML describing all storage pools of a given type that could
be found. If host, port, or initiator are provided, they control
where the query is performed.
pool-autostart pool-or-uuid [--disable]
Configure whether pool should automatically start at boot.
pool-build pool-or-uuid [--overwrite] [--no-overwrite]
Build a given pool.
Options --overwrite and --no-overwrite can only be used for pool-
build a filesystem pool. If neither of them is specified, pool-
build on a filesystem pool only makes the directory; If
--no-overwrite is specified, it probes to determine if a filesystem
already exists on the target device, returning an error if exists,
or using mkfs to format the target device if not; If --overwrite is
specified, mkfs is always executed, any existed data on the target
device is overwritten unconditionally.
pool-create file
Create and start a pool object from the XML file.
pool-create-as name --print-xml type [source-host] [source-path]
[source-dev] [source-name] [<target>] [--source-format format]
Create and start a pool object name from the raw parameters. If
--print-xml is specified, then print the XML of the pool object
without creating the pool. Otherwise, the pool has the specified
type.
pool-define file
Create, but do not start, a pool object from the XML file.
pool-define-as name --print-xml type [source-host] [source-path]
[source-dev] [source-name] [<target>] [--source-format format]
Create, but do not start, a pool object name from the raw
parameters. If --print-xml is specified, then print the XML of the
pool object without defining the pool. Otherwise, the pool has the
specified type.
pool-destroy pool-or-uuid
Destroy (stop) a given pool object. Libvirt will no longer manage
the storage described by the pool object, but the raw data
contained in the pool is not changed, and can be later recovered
with pool-create.
pool-delete pool-or-uuid
Destroy the resources used by a given pool object. This operation
is non-recoverable. The pool object will still exist after this
command, ready for the creation of new storage volumes.
pool-dumpxml [--inactive] pool-or-uuid
Returns the XML information about the pool object. --inactive
tells virsh to dump pool configuration that will be used on next
start of the pool as opposed to the current pool configuration.
pool-edit pool-or-uuid
Edit the XML configuration file for a storage pool.
This is equivalent to:
virsh pool-dumpxml pool > pool.xml
vi pool.xml (or make changes with your other text editor)
virsh pool-define pool.xml
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR
environment variables, and defaults to "vi".
pool-info pool-or-uuid
Returns basic information about the pool object.
pool-list [--inactive] [--all] [--persistent] [--transient]
[--autostart] [--no-autostart] [[--details] [<type>]
List pool objects known to libvirt. By default, only active pools
are listed; --inactive lists just the inactive pools, and --all
lists all pools.
In addition, there are several sets of filtering flags.
--persistent is to list the persistent pools, --transient is to
list the transient pools. --autostart lists the autostarting
pools, --no-autostart lists the pools with autostarting disabled.
You may also want to list pools with specified types using type,
the pool types must be separated by comma, e.g. --type dir,disk.
The valid pool types include 'dir', 'fs', 'netfs', 'logical',
'disk', 'iscsi', 'scsi', 'mpath', 'rbd', and 'sheepdog'.
The --details option instructs virsh to additionally display pool
persistence and capacity related information where available.
NOTE: When talking to older servers, this command is forced to use
a series of API calls with an inherent race, where a pool might not
be listed or might appear more than once if it changed state
between calls while the list was being collected. Newer servers do
not have this problem.
pool-name uuid
Convert the uuid to a pool name.
pool-refresh pool-or-uuid
Refresh the list of volumes contained in pool.
pool-start pool-or-uuid
Start the storage pool, which is previously defined but inactive.
pool-undefine pool-or-uuid
Undefine the configuration for an inactive pool.
pool-uuid pool
Returns the UUID of the named pool.
VOLUME COMMANDS
vol-create pool-or-uuid FILE [--prealloc-metadata]
Create a volume from an XML <file>. pool-or-uuid is the name or
UUID of the storage pool to create the volume in. FILE is the XML
<file> with the volume definition. An easy way to create the XML
<file> is to use the vol-dumpxml command to obtain the definition
of a pre-existing volume. [--prealloc-metadata] preallocate
metadata (for qcow2 images which don't support full allocation).
This option creates a sparse image file with metadata, resulting in
higher performance compared to images with no preallocation and
only slightly higher initial disk space usage.
Example
virsh vol-dumpxml --pool storagepool1 appvolume1 > newvolume.xml
vi newvolume.xml (or make changes with your other text editor)
virsh vol-create differentstoragepool newvolume.xml
vol-create-from pool-or-uuid FILE [--inputpool pool-or-uuid] vol-name-
or-key-or-path [--prealloc-metadata]
Create a volume, using another volume as input. pool-or-uuid is
the name or UUID of the storage pool to create the volume in. FILE
is the XML <file> with the volume definition. --inputpool pool-or-
uuid is the name or uuid of the storage pool the source volume is
in. vol-name-or-key-or-path is the name or key or path of the
source volume. [--prealloc-metadata] preallocate metadata (for
qcow2 images which don't support full allocation). This option
creates a sparse image file with metadata, resulting in higher
performance compared to images with no preallocation and only
slightly higher initial disk space usage.
vol-create-as pool-or-uuid name capacity [--allocation size] [--format
string] [--backing-vol vol-name-or-key-or-path] [--backing-vol-format
string] [--prealloc-metadata]
Create a volume from a set of arguments. pool-or-uuid is the name
or UUID of the storage pool to create the volume in. name is the
name of the new volume. capacity is the size of the volume to be
created, as a scaled integer (see NOTES above), defaulting to bytes
if there is no suffix. --allocation size is the initial size to be
allocated in the volume, also as a scaled integer defaulting to
bytes. --format string is used in file based storage pools to
specify the volume file format to use; raw, bochs, qcow, qcow2,
vmdk, qed. --backing-vol vol-name-or-key-or-path is the source
backing volume to be used if taking a snapshot of an existing
volume. --backing-vol-format string is the format of the snapshot
backing volume; raw, bochs, qcow, qcow2, qed, vmdk, host_device.
These are, however, meant for file based storage pools.
[--prealloc-metadata] preallocate metadata (for qcow2 images which
don't support full allocation). This option creates a sparse image
file with metadata, resulting in higher performance compared to
images with no preallocation and only slightly higher initial disk
space usage.
vol-clone [--pool pool-or-uuid] vol-name-or-key-or-path name
[--prealloc-metadata]
Clone an existing volume. Less powerful, but easier to type,
version of vol-create-from. --pool pool-or-uuid is the name or
UUID of the storage pool to create the volume in. vol-name-or-key-
or-path is the name or key or path of the source volume. name is
the name of the new volume. [--prealloc-metadata] preallocate
metadata (for qcow2 images which don't support full allocation).
This option creates a sparse image file with metadata, resulting in
higher performance compared to images with no preallocation and
only slightly higher initial disk space usage.
vol-delete [--pool pool-or-uuid] vol-name-or-key-or-path
Delete a given volume. --pool pool-or-uuid is the name or UUID of
the storage pool the volume is in. vol-name-or-key-or-path is the
name or key or path of the volume to delete.
vol-upload [--pool pool-or-uuid] [--offset bytes] [--length bytes] vol-
name-or-key-or-path local-file
Upload the contents of local-file to a storage volume. --pool
pool-or-uuid is the name or UUID of the storage pool the volume is
in. vol-name-or-key-or-path is the name or key or path of the
volume where the file will be uploaded. --offset is the position
in the storage volume at which to start writing the data. --length
is an upper bound of the amount of data to be uploaded. An error
will occur if the local-file is greater than the specified length.
vol-download [--pool pool-or-uuid] [--offset bytes] [--length bytes]
vol-name-or-key-or-path local-file
Download the contents of a storage volume to local-file. --pool
pool-or-uuid is the name or UUID of the storage pool the volume is
in. vol-name-or-key-or-path is the name or key or path of the
volume to download. --offset is the position in the storage volume
at which to start reading the data. --length is an upper bound of
the amount of data to be downloaded.
vol-wipe [--pool pool-or-uuid] [--algorithm algorithm] vol-name-or-key-
or-path
Wipe a volume, ensure data previously on the volume is not
accessible to future reads. --pool pool-or-uuid is the name or UUID
of the storage pool the volume is in. vol-name-or-key-or-path is
the name or key or path of the volume to wipe. It is possible to
choose different wiping algorithms instead of re-writing volume
with zeroes. This can be done via --algorithm switch.
Supported algorithms
zero - 1-pass all zeroes
nnsa - 4-pass NNSA Policy Letter NAP-14.1-C (XVI-8) for
sanitizing removable and non-removable hard disks:
random x2, 0x00, verify.
dod - 4-pass DoD 5220.22-M section 8-306 procedure for
sanitizing removeable and non-removeable rigid
disks: random, 0x00, 0xff, verify.
bsi - 9-pass method recommended by the German Center of
Security in Information Technologies
(http://www.bsi.bund.de): 0xff, 0xfe, 0xfd, 0xfb,
0xf7, 0xef, 0xdf, 0xbf, 0x7f.
gutmann - The canonical 35-pass sequence described in
Gutmann's paper.
schneier - 7-pass method described by Bruce Schneier in
"Applied Cryptography" (1996): 0x00, 0xff,
random x5.
pfitzner7 - Roy Pfitzner's 7-random-pass method: random x7.
pfitzner33 - Roy Pfitzner's 33-random-pass method: random x33.
random - 1-pass pattern: random.
Note: The availability of algorithms may be limited by the version
of the "scrub" binary installed on the host.
vol-dumpxml [--pool pool-or-uuid] vol-name-or-key-or-path
Output the volume information as an XML dump to stdout. --pool
pool-or-uuid is the name or UUID of the storage pool the volume is
in. vol-name-or-key-or-path is the name or key or path of the
volume to output the XML of.
vol-info [--pool pool-or-uuid] vol-name-or-key-or-path
Returns basic information about the given storage volume. --pool
pool-or-uuid is the name or UUID of the storage pool the volume is
in. vol-name-or-key-or-path is the name or key or path of the
volume to return information for.
vol-list [--pool pool-or-uuid] [--details]
Return the list of volumes in the given storage pool. --pool pool-
or-uuid is the name or UUID of the storage pool. The --details
option instructs virsh to additionally display volume type and
capacity related information where available.
vol-pool [--uuid] vol-key-or-path
Return the pool name or UUID for a given volume. By default, the
pool name is returned. If the --uuid option is given, the pool UUID
is returned instead. vol-key-or-path is the key or path of the
volume to return the pool information for.
vol-path [--pool pool-or-uuid] vol-name-or-key
Return the path for a given volume. --pool pool-or-uuid is the
name or UUID of the storage pool the volume is in. vol-name-or-key
is the name or key of the volume to return the path for.
vol-name vol-key-or-path
Return the name for a given volume. vol-key-or-path is the key or
path of the volume to return the name for.
vol-key [--pool pool-or-uuid] vol-name-or-path
Return the volume key for a given volume. --pool pool-or-uuid is
the name or UUID of the storage pool the volume is in. vol-name-or-
path is the name or path of the volume to return the volume key
for.
vol-resize [--pool pool-or-uuid] vol-name-or-path pool-or-uuid capacity
[--allocate] [--delta] [--shrink]
Resize the capacity of the given volume, in bytes. --pool pool-or-
uuid is the name or UUID of the storage pool the volume is in. vol-
name-or-key-or-path is the name or key or path of the volume to
resize. The new capacity might be sparse unless --allocate is
specified. Normally, capacity is the new size, but if --delta is
present, then it is added to the existing size. Attempts to shrink
the volume will fail unless --shrink is present; capacity cannot be
negative unless --shrink is provided, but a negative sign is not
necessary. capacity is a scaled integer (see NOTES above), which
defaults to bytes if there is no suffix. This command is only safe
for storage volumes not in use by an active guest; see also
blockresize for live resizing.
SECRET COMMMANDS
The following commands manipulate "secrets" (e.g. passwords,
passphrases and encryption keys). Libvirt can store secrets
independently from their use, and other objects (e.g. volumes or
domains) can refer to the secrets for encryption or possibly other
uses. Secrets are identified using an UUID. See
<http://libvirt.org/formatsecret.html> for documentation of the XML
format used to represent properties of secrets.
secret-define file
Create a secret with the properties specified in file, with no
associated secret value. If file does not specify a UUID, choose
one automatically. If file specifies an UUID of an existing
secret, replace its properties by properties defined in file,
without affecting the secret value.
secret-dumpxml secret
Output properties of secret (specified by its UUID) as an XML dump
to stdout.
secret-set-value secret base64
Set the value associated with secret (specified by its UUID) to the
value Base64-encoded value base64.
secret-get-value secret
Output the value associated with secret (specified by its UUID) to
stdout, encoded using Base64.
secret-undefine secret
Delete a secret (specified by its UUID), including the associated
value, if any.
secret-list [--ephemeral] [--no-ephemeral] [--private] [--no-private]
Returns the list of secrets. You may also want to filter the
returned secrets by --ephemeral to list the ephemeral ones,
--no-ephemeral to list the non-ephemeral ones, --private to list
the private ones, and --no-private to list the non-private ones.
SNAPSHOT COMMMANDS
The following commands manipulate domain snapshots. Snapshots take the
disk, memory, and device state of a domain at a point-of-time, and save
it for future use. They have many uses, from saving a "clean" copy of
an OS image to saving a domain's state before a potentially destructive
operation. Snapshots are identified with a unique name. See
<http://libvirt.org/formatsnapshot.html> for documentation of the XML
format used to represent properties of snapshots.
snapshot-create domain [xmlfile] {[--redefine [--current]] |
[--no-metadata] [--halt] [--disk-only] [--reuse-external] [--quiesce]
[--atomic] [--live]}
Create a snapshot for domain domain with the properties specified
in xmlfile. Normally, the only properties settable for a domain
snapshot are the <name> and <description> elements, as well as
<disks> if --disk-only is given; the rest of the fields are
ignored, and automatically filled in by libvirt. If xmlfile is
completely omitted, then libvirt will choose a value for all
fields. The new snapshot will become current, as listed by
snapshot-current.
If --halt is specified, the domain will be left in an inactive
state after the snapshot is created.
If --disk-only is specified, the snapshot will only include disk
state rather than the usual system checkpoint with vm state. Disk
snapshots are faster than full system checkpoints, but reverting to
a disk snapshot may require fsck or journal replays, since it is
like the disk state at the point when the power cord is abruptly
pulled; and mixing --halt and --disk-only loses any data that was
not flushed to disk at the time.
If --redefine is specified, then all XML elements produced by
snapshot-dumpxml are valid; this can be used to migrate snapshot
hierarchy from one machine to another, to recreate hierarchy for
the case of a transient domain that goes away and is later
recreated with the same name and UUID, or to make slight
alterations in the snapshot metadata (such as host-specific aspects
of the domain XML embedded in the snapshot). When this flag is
supplied, the xmlfile argument is mandatory, and the domain's
current snapshot will not be altered unless the --current flag is
also given.
If --no-metadata is specified, then the snapshot data is created,
but any metadata is immediately discarded (that is, libvirt does
not treat the snapshot as current, and cannot revert to the
snapshot unless --redefine is later used to teach libvirt about the
metadata again).
If --reuse-external is specified, and the snapshot XML requests an
external snapshot with a destination of an existing file, then the
destination must exist, and is reused; otherwise, a snapshot is
refused to avoid losing contents of the existing files.
If --quiesce is specified, libvirt will try to use guest agent to
freeze and unfreeze domain's mounted file systems. However, if
domain has no guest agent, snapshot creation will fail. Currently,
this requires --disk-only to be passed as well.
If --atomic is specified, libvirt will guarantee that the snapshot
either succeeds, or fails with no changes; not all hypervisors
support this. If this flag is not specified, then some hypervisors
may fail after partially performing the action, and dumpxml must be
used to see whether any partial changes occurred.
If --live is specified, libvirt takes the snapshot while the guest
is running. This increases the size of the memory image of the
external checkpoint. This is currently supported only for external
checkpoints.
Existence of snapshot metadata will prevent attempts to undefine a
persistent domain. However, for transient domains, snapshot
metadata is silently lost when the domain quits running (whether by
command such as destroy or by internal guest action).
snapshot-create-as domain {[--print-xml] | [--no-metadata] [--halt]
[--reuse-external]} [name] [description] [--disk-only [--quiesce]]
[--atomic] [[--live] [--memspec memspec]] [--diskspec] diskspec]...
Create a snapshot for domain domain with the given <name> and
<description>; if either value is omitted, libvirt will choose a
value. If --print-xml is specified, then XML appropriate for
snapshot-create is output, rather than actually creating a
snapshot. Otherwise, if --halt is specified, the domain will be
left in an inactive state after the snapshot is created, and if
--disk-only is specified, the snapshot will not include vm state.
The --memspec option can be used to control whether a checkpoint is
internal or external. The --memspec flag is mandatory, followed by
a memspec of the form [file=]name[,snapshot=type], where type can
be none, internal, or external. To include a literal comma in
file=name, escape it with a second comma. --memspec cannot be used
together with --disk-only.
The --diskspec option can be used to control how --disk-only and
external checkpoints create external files. This option can occur
multiple times, according to the number of <disk> elements in the
domain xml. Each <diskspec> is in the form
disk[,snapshot=type][,driver=type][,file=name]. To include a
literal comma in disk or in file=name, escape it with a second
comma. A literal --diskspec must precede each diskspec unless all
three of domain, name, and description are also present. For
example, a diskspec of "vda,snapshot=external,file=/path/to,,new"
results in the following XML:
<disk name='vda' snapshot='external'>
<source file='/path/to,new'/>
</disk>
If --reuse-external is specified, and the domain XML or diskspec
option requests an external snapshot with a destination of an
existing file, then the destination must exist, and is reused;
otherwise, a snapshot is refused to avoid losing contents of the
existing files.
If --quiesce is specified, libvirt will try to use guest agent to
freeze and unfreeze domain's mounted file systems. However, if
domain has no guest agent, snapshot creation will fail. Currently,
this requires --disk-only to be passed as well.
If --no-metadata is specified, then the snapshot data is created,
but any metadata is immediately discarded (that is, libvirt does
not treat the snapshot as current, and cannot revert to the
snapshot unless snapshot-create is later used to teach libvirt
about the metadata again). This flag is incompatible with
--print-xml.
If --atomic is specified, libvirt will guarantee that the snapshot
either succeeds, or fails with no changes; not all hypervisors
support this. If this flag is not specified, then some hypervisors
may fail after partially performing the action, and dumpxml must be
used to see whether any partial changes occurred.
If --live is specified, libvirt takes the snapshot while the guest
is running. This increases the size of the memory image of the
external checkpoint. This is currently supported only for external
checkpoints.
snapshot-current domain {[--name] | [--security-info] | [snapshotname]}
Without snapshotname, this will output the snapshot XML for the
domain's current snapshot (if any). If --name is specified, just
the current snapshot name instead of the full xml. Otherwise,
using --security-info will also include security sensitive
information in the XML.
With snapshotname, this is a request to make the existing named
snapshot become the current snapshot, without reverting the domain.
snapshot-edit domain [snapshotname] [--current] {[--rename] |
[--clone]}
Edit the XML configuration file for snapshotname of a domain. If
both snapshotname and --current are specified, also force the
edited snapshot to become the current snapshot. If snapshotname is
omitted, then --current must be supplied, to edit the current
snapshot.
This is equivalent to:
virsh snapshot-dumpxml dom name > snapshot.xml
vi snapshot.xml (or make changes with your other text editor)
virsh snapshot-create dom snapshot.xml --redefine [--current]
except that it does some error checking.
The editor used can be supplied by the $VISUAL or $EDITOR
environment variables, and defaults to "vi".
If --rename is specified, then the edits can change the snapshot
name. If --clone is specified, then changing the snapshot name
will create a clone of the snapshot metadata. If neither is
specified, then the edits must not change the snapshot name. Note
that changing a snapshot name must be done with care, since the
contents of some snapshots, such as internal snapshots within a
single qcow2 file, are accessible only from the original name.
snapshot-info domain {snapshot | --current}
Output basic information about a named <snapshot>, or the current
snapshot with --current.
snapshot-list domain [--metadata] [--no-metadata] [{--parent | --roots
| [{--tree | --name}]}] [{[--from] snapshot | --current}
[--descendants]] [--leaves] [--no-leaves] p[--inactive] [--active]
[--disk-only] [--internal] [--external]
List all of the available snapshots for the given domain,
defaulting to show columns for the snapshot name, creation time,
and domain state.
If --parent is specified, add a column to the output table giving
the name of the parent of each snapshot. If --roots is specified,
the list will be filtered to just snapshots that have no parents.
If --tree is specified, the output will be in a tree format,
listing just snapshot names. These three options are mutually
exclusive. If --name is specified only the snapshot name is
printed. This option is mutually exclusive with --tree.
If --from is provided, filter the list to snapshots which are
children of the given snapshot; or if --current is provided, start
at the current snapshot. When used in isolation or with --parent,
the list is limited to direct children unless --descendants is also
present. When used with --tree, the use of --descendants is
implied. This option is not compatible with --roots. Note that
the starting point of --from or --current is not included in the
list unless the --tree option is also present.
If --leaves is specified, the list will be filtered to just
snapshots that have no children. Likewise, if --no-leaves is
specified, the list will be filtered to just snapshots with
children. (Note that omitting both options does no filtering,
while providing both options will either produce the same list or
error out depending on whether the server recognizes the flags).
Filtering options are not compatible with --tree.
If --metadata is specified, the list will be filtered to just
snapshots that involve libvirt metadata, and thus would prevent
undefine of a persistent domain, or be lost on destroy of a
transient domain. Likewise, if --no-metadata is specified, the
list will be filtered to just snapshots that exist without the need
for libvirt metadata.
If --inactive is specified, the list will be filtered to snapshots
that were taken when the domain was shut off. If --active is
specified, the list will be filtered to snapshots that were taken
when the domain was running, and where the snapshot includes the
memory state to revert to that running state. If --disk-only is
specified, the list will be filtered to snapshots that were taken
when the domain was running, but where the snapshot includes only
disk state.
If --internal is specified, the list will be filtered to snapshots
that use internal storage of existing disk images. If --external
is specified, the list will be filtered to snapshots that use
external files for disk images or memory state.
snapshot-dumpxml domain snapshot [--security-info]
Output the snapshot XML for the domain's snapshot named snapshot.
Using --security-info will also include security sensitive
information. Use snapshot-current to easily access the XML of the
current snapshot.
snapshot-parent domain {snapshot | --current}
Output the name of the parent snapshot, if any, for the given
snapshot, or for the current snapshot with --current.
snapshot-revert domain {snapshot | --current} [{--running | --paused}]
[--force]
Revert the given domain to the snapshot specified by snapshot, or
to the current snapshot with --current. Be aware that this is a
destructive action; any changes in the domain since the last
snapshot was taken will be lost. Also note that the state of the
domain after snapshot-revert is complete will be the state of the
domain at the time the original snapshot was taken.
Normally, reverting to a snapshot leaves the domain in the state it
was at the time the snapshot was created, except that a disk
snapshot with no vm state leaves the domain in an inactive state.
Passing either the --running or --paused flag will perform
additional state changes (such as booting an inactive domain, or
pausing a running domain). Since transient domains cannot be
inactive, it is required to use one of these flags when reverting
to a disk snapshot of a transient domain.
There are two cases where a snapshot revert involves extra risk,
which requires the use of --force to proceed. One is the case of a
snapshot that lacks full domain information for reverting
configuration (such as snapshots created prior to libvirt 0.9.5);
since libvirt cannot prove that the current configuration matches
what was in use at the time of the snapshot, supplying --force
assures libvirt that the snapshot is compatible with the current
configuration (and if it is not, the domain will likely fail to
run). The other is the case of reverting from a running domain to
an active state where a new hypervisor has to be created rather
than reusing the existing hypervisor, because it implies drawbacks
such as breaking any existing VNC or Spice connections; this
condition happens with an active snapshot that uses a provably
incompatible configuration, as well as with an inactive snapshot
that is combined with the --start or --pause flag.
snapshot-delete domain {snapshot | --current} [--metadata] [{--children
| --children-only}]
Delete the snapshot for the domain named snapshot, or the current
snapshot with --current. If this snapshot has child snapshots,
changes from this snapshot will be merged into the children. If
--children is passed, then delete this snapshot and any children of
this snapshot. If --children-only is passed, then delete any
children of this snapshot, but leave this snapshot intact. These
two flags are mutually exclusive.
If --metadata is specified, then only delete the snapshot metadata
maintained by libvirt, while leaving the snapshot contents intact
for access by external tools; otherwise deleting a snapshot also
removes the data contents from that point in time.
NWFILTER COMMMANDS
The following commands manipulate network filters. Network filters
allow filtering of the network traffic coming from and going to virtual
machines. Individual network traffic filters are written in XML and
may contain references to other network filters, describe traffic
filtering rules, or contain both. Network filters are referenced by
virtual machines from within their interface description. A network
filter may be referenced by multiple virtual machines' interfaces.
nwfilter-define xmlfile
Make a new network filter known to libvirt. If a network filter
with the same name already exists, it will be replaced with the new
XML. Any running virtual machine referencing this network filter
will have its network traffic rules adapted. If for any reason the
network traffic filtering rules cannot be instantiated by any of
the running virtual machines, then the new XML will be rejected.
nwfilter-undefine nwfilter-name
Delete a network filter. The deletion will fail if any running
virtual machine is currently using this network filter.
nwfilter-list
List all of the available network filters.
nwfilter-dumpxml nwfilter-name
Output the network filter XML.
nwfilter-edit nwfilter-name
Edit the XML of a network filter.
This is equivalent to:
virsh nwfilter-dumpxml myfilter > myfilter.xml
vi myfilter.xml (or make changes with your other text editor)
virsh nwfilter-define myfilter.xml
except that it does some error checking. The new network filter
may be rejected due to the same reason as mentioned in nwfilter-
define.
The editor used can be supplied by the $VISUAL or $EDITOR
environment variables, and defaults to "vi".
QEMU-SPECIFIC COMMANDS
NOTE: Use of the following commands is strongly discouraged. They can
cause libvirt to become confused and do the wrong thing on subsequent
operations. Once you have used this command, please do not report
problems to the libvirt developers; the reports will be ignored.
qemu-attach pid
Attach an externally launched QEMU process to the libvirt QEMU
driver. The QEMU process must have been created with a monitor
connection using the UNIX driver. Ideally the process will also
have had the '-name' argument specified.
$ qemu-kvm -cdrom ~/demo.iso \
-monitor unix:/tmp/demo,server,nowait \
-name foo \
-uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea &
$ QEMUPID=$!
$ virsh qemu-attach $QEMUPID
Not all functions of libvirt are expected to work reliably after
attaching to an externally launched QEMU process. There may be
issues with the guest ABI changing upon migration, and hotunplug
may not work.
qemu-monitor-command domain { [--hmp] | [--pretty] } command...
Send an arbitrary monitor command command to domain domain through
the qemu monitor. The results of the command will be printed on
stdout. If --hmp is passed, the command is considered to be a
human monitor command and libvirt will automatically convert it
into QMP if needed. In that case the result will also be converted
back from QMP. If --pretty is given, and the monitor uses QMP,
then the output will be pretty-printed. If more than one argument
is provided for command, they are concatenated with a space in
between before passing the single command to the monitor.
qemu-agent-command domain [--timeout seconds | --async | --block]
command...
Send an arbitrary guest agent command command to domain domain
through qemu agent. --timeout, --async and --block options are
exclusive. --timeout requires timeout seconds seconds and it must
be positive. When --aysnc is given, the command waits for timeout
whether success or failed. And when --block is given, the command
waits forever with blocking timeout.
lxc-enter-namespace domain -- /path/to/binary [arg1, [arg2, ...]]
Enter the namespace of domain and execute the command
"/path/to/binary" passing the requested args. The binary path is
relative to the container root filesystem, not the host root
filesystem. The binary will inherit the environment variables /
console visible to virsh. This command only works when connected to
the LXC hypervisor driver.
ENVIRONMENT
The following environment variables can be set to alter the behaviour
of "virsh"
VIRSH_DEBUG=<0 to 4>
Turn on verbose debugging of virsh commands. Valid levels are
· VIRSH_DEBUG=0
DEBUG - Messages at ALL levels get logged
· VIRSH_DEBUG=1
INFO - Logs messages at levels INFO, NOTICE, WARNING and ERROR
· VIRSH_DEBUG=2
NOTICE - Logs messages at levels NOTICE, WARNING and ERROR
· VIRSH_DEBUG=3
WARNING - Logs messages at levels WARNING and ERROR
· VIRSH_DEBUG=4
ERROR - Messages at only ERROR level gets logged.
VIRSH_LOG_FILE="LOGFILE"
The file to log virsh debug messages.
VIRSH_DEFAULT_CONNECT_URI
The hypervisor to connect to by default. Set this to a URI, in the
same format as accepted by the connect option. This environment
variable is deprecated in favour of the global LIBVIRT_DEFAULT_URI
variable which serves the same purpose.
LIBVIRT_DEFAULT_URI
The hypervisor to connect to by default. Set this to a URI, in the
same format as accepted by the connect option. This overrides the
default URI set in any client config file and prevents libvirt from
probing for drivers.
VISUAL
The editor to use by the edit and related options.
EDITOR
The editor to use by the edit and related options, if "VISUAL" is
not set.
LIBVIRT_DEBUG=LEVEL
Turn on verbose debugging of all libvirt API calls. Valid levels
are
· LIBVIRT_DEBUG=1
Messages at level DEBUG or above
· LIBVIRT_DEBUG=2
Messages at level INFO or above
· LIBVIRT_DEBUG=3
Messages at level WARNING or above
· LIBVIRT_DEBUG=4
Messages at level ERROR or above
For further information about debugging options consult
"http://libvirt.org/logging.html"
BUGS
Report any bugs discovered to the libvirt community via the mailing
list "http://libvirt.org/contact.html" or bug tracker
"http://libvirt.org/bugs.html". Alternatively report bugs to your
software distributor / vendor.
AUTHORS
Please refer to the AUTHORS file distributed with libvirt.
Based on the xm man page by:
Sean Dague <sean at dague dot net>
Daniel Stekloff <dsteklof at us dot ibm dot com>
COPYRIGHT
Copyright (C) 2005, 2007-2010 Red Hat, Inc., and the authors listed in
the libvirt AUTHORS file.
LICENSEvirsh is distributed under the terms of the GNU LGPL v2+. This is free
software; see the source for copying conditions. There is NO warranty;
not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
SEE ALSOvirt-install(1), virt-xml-validate(1), virt-top(1), virt-df(1),
<http://www.libvirt.org/>
libvirt-1.1.1 2013-11-08 VIRSH(1)