Appendix A. Appendix

Appendix A. Appendix¶

Contents

A.1. Installing Para-Virtualized Drivers
A.2. Generating x509 Client/Server Certificates
A.3. QEMU Command Line Options

A.1. Installing Para-Virtualized Drivers¶

A.1.1. Installing Para-Virtualized Drivers for SUSE Linux Enterprise Server 10 SP3¶

Support for para-virtualized drivers is already built into all SUSE Linux Enterprise Server 11 SP1 Kernels, so virtio devices are supported out of the box. Para-virtualized drivers for SUSE Linux Enterprise Server 10 SP3 are not shipped with the product and need to be installed from a repository provided by SUSE. It is recommended to install para-virtualized drivers during the installation as described in Section 5.3.1, “Adding para-virtualized Drivers During the Installation”. If you need to install the drivers on an existing virtual machine, follow the instructions below.

Add the para-virtualized drivers repository and the corresponding drivers update repositories with either the YaST Software Repositories module or with zypper ar.
Determine the flavor of the installed Kernel by running uname -r. The output string has the form Version-Flavor (for example 2.6.32.24-0.2-default).
Search for packages matching the string novell-virtio-drivers in the YaST Software Management module or with zypper se.
Install the novell-virtio-drivers package matching your Kernel flavor.

A.1.2. Installing virtio Drivers for Microsoft Windows*¶

SUSE has developed virtio based drivers for Windows, which are available in the Virtual Machine Driver Pack (VMDP). These drivers are preferred over the drivers provided in the /usr/share/qemu-kvm/win-virtio-drivers.iso image file (the latter being deprecated and will probably not be provided in future releases). See http://www.suse.com/products/vmdriverpack/ for more information on the VMDP. Installation instructions for the drivers are provided with the VMDP package.

A.2. Generating x509 Client/Server Certificates¶

In order to be able to create x509 client and server certificates you need to issue them by a Certificate Authority (CA). It is recommended to set up an independent CA that only issues certificates for libvirt.

Set up a CA as described in Section “Creating a Root CA” (Chapter 17, Managing X.509 Certification, ↑Security Guide).
Create a server and a client certificate as described in Section “Creating or Revoking User Certificates” (Chapter 17, Managing X.509 Certification, ↑Security Guide). The Common Name (CN) for the server certificate must be the full qualified hostname, the Common Name for the client certificate can be freely chosen. For all other fields stick with the defaults suggested by YaST.
Export the client and server certificates to a temporary location (for example, /tmp/x509/) by performing the following steps:
1. Select the certificate on the certificates tab.
2. Choose Export+Export to File+Certificate and the Key Unencrypted in PEM Format, provide the Certificate Password and the full path and the filename under File Name, for example, /tmp/x509/server.pem or /tmp/x509/client.pem.
3. Open a terminal and change to the directory where you have saved the certificate and issue the following commands to split it into certificate and key (this example splits the server key):
```
csplit -z -f s_ server.pem '/-----BEGIN/' '{1}'
       mv s_00 servercert.pem
       mv s_01 serverkey.pem
```
4. Repeat the procedure for each client and server certificate you would like to export.
Finally export the CA certificate by performing the following steps:
1. Switch to the Description tab.
2. ChooseAdvanced+Export to File+Only the Certificate in PEM Format and enter the full path and the filename under File Name, for example, /tmp/x509/cacert.pem.

A.3. QEMU Command Line Options¶

A.3.1. Supported qemu-kvm Command Line Options¶

-alt-grab

-append ...

-audio-help

-balloon ...

-boot ...

-cdrom ...

-chardev ..

-clock

-cpu [?|qemu64 ]

-ctrl-grab

-d ...

-daemonize

-debugcon ...

-device driver
      [isa-serial|isa-parallel|isa-fdc|ide-drive|
ide-hd|ide-cd|pci-assign|VGA|cirrus-vga|rtl8139|
virtio-net-pci|virtio-blk-pci|virtio-balloon-pci|virtio-9p-pci|
usb-tablet|usb-storage|usb-mouse|usb-kbd|virtserial|
virtconsole|virt-serial-pci|<all_the_supported_nics>|rtl8139|
i82559er]

-display ...

-drive if=[ide|floppy|virtio] format=[raw|qcow2|qed] snapshot=off
      ...

-echr ...

-enable-kvm

-fda/-fdb ...

-full-screen

-gdb ...

-global ...

-h

-hda/-hdb/-hdc/-hdd ...

-help

-incoming ...

-initrd ...

-k ...

-kernel ...

-loadvm ...

-m ...

-mem-path ...

-mem-prealloc

-mon ...

-monitor ...

-M [pc|pc-0.12|pc-0.14]

-name ...

-netdev ...

-net [nic|user|tap|none]
      mode=[rtl8139|virtio]

-no-acpi

-nodefaults

-nodefconfig

-no-frame

-nographic

-no-hpet

-no-quit

-no-reboot

-no-shutdown

-parallel ...

-pidfile ...

-readconfig ...

-rtc ...

-runas ...

-s

-S

-sdl

-serial ...

-smbios ...

-smp ...

-tdf

-usb

-usbdevice [tablet|mouse]

-uuid ..

-version

-vga [std|cirrus|none]

-vnc ...

-watchdog ...

-watchdog-action ...

-writeconfig ...

	Deprecated Options
The option `-pcidevice` no longer exists. Use `-device pci_assign` instead.

A.3.2. Unsupported qemu-kvm Command Line Options¶

The following qemu-kvm command line options are not supported by SUSE:

-acpitable ...

-bios ...

-bt ...

-chroot ...

-cpu [phenom|core2duo|qemu32|kvm64|coreduo|486|pentium|
pentium2|pentium3|athlon|n270]

-curses

-device driver [ivshmem|smbus-eeprom|scsi-disk|
scsi-cd|scsi-hd|scsi-generic|usb-hub|usb-wacom-tablet|usb-braille|
usb-serial|usb-net|usb-bt-dongle|ioh3240|x3130-upstream|
xio3130-downstream|ich9-usb-uhci1|ich9-usb-uhci2|ich9-usb-uhci3|
vt82c686b-usb-uhci|piix3-usb-uhci|piix4-usb-uhci|sysbus-ohci|pci-ohci|
ich9-usb-ehci1|usb-ehci|SUNW|sysbus-fdc|isa-applesmc|usb-ccid|
ccid-card-passthru|i6300esb|ne2k_pci|i82801|i825*|pcnet|ne2k_isa|ich9-ahci|
lsi53c895a|isa-vga|vmware-svga|sb16|AC97|gus|cs4231a|intel-hda|
hda-duplex|hda-output|ib700|isa-debugcon|testdev]

-drive if=[scsi|mtd|pflash], snapshot=on,
      format=[anything besides from raw, qcow2, qed]

-enable-nesting

-g ...

-icount ...

-kvm-shadow-memory ...

-L ...

-M [pc-0.13|pc-0.11|pc-0.10|isapc]

-mtdblock ...

-net dump ...

-net socket ...

-no-fd-bootchk

-no-kvm

-no-kvm-irqchip

-no-kvm-pit

-no-kvm-pit-reinjection

-numa ...

-nvram ...

-old-param

-option-rom ...

-pflash ...

-portrait

-prom-env ...

-qmp ...

-rotate

-sd ...

-semihosting ...

-set ...

-show-cursor

-singlestep

-snapshot

-soundhw ...

-spice ...

-tb-size ...

-usbdevice
      [disk|host|serial|braille|net]

-vga [vmware|qxl|xenfb]

-virtioconsole ...

-win2k-hack

	Deprecated options
The options `-M mac` and `-osk` no longer exist.

A.3.3. Supported qemu-kvm `monitor` Command Line Options¶

The following qemu-kvm monitor command line options are supported by SUSE:

?

balloon target ...

[c|cont]

change device ...

cpu ...

eject ...

gdbserver ...

help

info ...

logfile ...

logitem ...

mce ...

memsave ...

migrate ...

migrate_set_downtime ...

migrate_set_speed ...

mouse_button ...

mouse_move ...

mouse_set ...

pmemsave ...

[p|print] ...

q

sendkey ...

stop

system_powerdown

watchdog_action ...

x ...

xp ...

A.3.4. Unsupported qemu-kvm `monitor` Command Line Options¶

The following qemu-kvm monitor command line options are not supported by SUSE:

acl_add ...

acl_policy ...

acl_remove ...

acl_reset ...

acl_show ...

block_passwd ...

block_resize ...

boot_set

close_fd ...

client_migrate_info ...

commit ...

cpu_set ...

delvm ...

device_add ...

device_del ...

drive_add ...

drive_del ...

expire_password ...

hostfwd_add ...

hostfwd_remove ...

host_net_add ...

host_net_remove ...

i ...

loadvm ...

migrate_cancel

netdev_add ...

netdev_del ...

nmi ...

o ...

pci_add ...

pci_aer_inject_error ...

pci_del...

savevm ...

screendump ...

set_link ...

set_password ...

singlestep ...

snapshot_blkdev ...

stopcapture ...

sum ...

system_reset

usb_add ...

watchdog_action ...

wavcapture ...