Contents
SUSE has developed virtio based drivers for Windows, which are available in the Virtual Machine Driver Pack (VMDP). See http://www.suse.com/products/vmdriverpack/ for more information on the VMDP. Installation instructions for the drivers are provided with the VMDP package.
In order to be able to create x509 client and server certificates you
need to issue them by a Certificate Authority (CA). It is recommended to
set up an independent CA that only issues certificates for
libvirt.
Set up a CA as described in Section “Creating a Root CA” (Chapter 17, Managing X.509 Certification, ↑Security Guide).
Create a server and a client certificate as described in Section “Creating or Revoking User Certificates” (Chapter 17, Managing X.509 Certification, ↑Security Guide). The Common Name (CN) for the server certificate must be the full qualified hostname, the Common Name for the client certificate can be freely chosen. For all other fields stick with the defaults suggested by YaST.
Export the client and server certificates to a temporary location (for
example, /tmp/x509/) by performing the following
steps:
Select the certificate on the tab.
Choose ++, provide the and the full path and the filename under
, for example,
/tmp/x509/server.pem or
/tmp/x509/client.pem.
Open a terminal and change to the directory where you have saved the certificate and issue the following commands to split it into certificate and key (this example splits the server key):
csplit -z -f s_ server.pem '/-----BEGIN/' '{1}'
mv s_00 servercert.pem
mv s_01 serverkey.pemRepeat the procedure for each client and server certificate you would like to export.
Finally export the CA certificate by performing the following steps:
Switch to the tab.
Choose++ and enter the full path and the filename under
, for example,
/tmp/x509/cacert.pem.
-alt-grab
|
-append ...
|
-audio-help
|
-balloon ...
|
-boot ...
|
-cdrom ...
|
-chardev ...
|
-clock
|
-cpu ...
|
-ctrl-grab
|
-d ...
|
-daemonize
|
-debugcon ...
|
-device
[isa-serial|isa-parallel|isa-fdc|ide-drive|
ide-hd|ide-cd|pci-assign|kvm-pci-assign|VGA|
cirrus-vga|rtl8139|virtio-net-pci|virtio-blk-pci|
virtio-balloon-pci|virtio-9p-pci|usb-hub|usb-ehci|
usb-tablet|usb-storage|usb-mouse|usb-kbd|virtserialport|
virtconsole|virtio-serial-pci|virtio-serial|sga|i
82559er|e1000|virtio-scsi-pci|scsi-cd|scsi-hd|scsi-generic|
scsi-disk|scsi-block|pc-sysfw|pci-serial|pci-serial-2x|
pci-serial-4x|ich9-ahci|piix-usb-uhci|usb-host|usb-serial
|usb-wacom-tablet|usb_braille|usb-net|pci-ohci|
piix4-usb-uhci|virtio-rng-pci]
|
-display ...
|
-drive if=[ide|floppy|virtio] format=[raw|qcow2|qed] snapshot=off
...
|
-echr ...
|
-enable-kvm
|
-fda/-fdb ...
|
-fsdev ...
|
-full-screen
|
-gdb ...
|
-global ...
|
-h
|
-hda/-hdb/-hdc/-hdd ...
|
-help
|
-incoming ...
|
-initrd ...
|
-kernel ...
|
-loadvm ...
|
-m ...
|
-machine [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4]
|
-mem-path ...
|
-mem-prealloc
|
-mon ...
|
-monitor ...
|
-M [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4]
|
-name ...
|
-netdev ...
|
-net [nic|user|tap|bridge|none]
mode=[rtl8139|e1000|virtio]
|
-no-acpi
|
-nodefaults
|
-nodefconfig
|
-no-frame
|
-nographic
|
-no-hpet
|
-no-quit
|
-no-reboot
|
-no-shutdown
|
-no-user-config
|
-object
|
-parallel ...
|
-pidfile ...
|
-qmp ...
|
-readconfig ...
|
-rtc ...
|
-runas ...
|
-s
|
-S
|
-sandbox ...
|
-sdl
|
-serial ...
|
-smbios ...
|
-smp ...
|
-tdf
|
-usb
|
-usbdevice [disk|host|serial|braille|net|tablet|mouse]
|
-uuid ..
|
-version
|
-vga [std|cirrus|none]
|
-virtfs ...
|
-vnc ...
|
-watchdog ...
|
-watchdog-action ...
|
-writeconfig ...
|
The use of boot=on for virtio disks is no longer
needed since the BIOS used supports the virtio block interface
directly. In fact, its usage may cause problems, and is now considered
deprecated.
The use of ? as a parameter to -cpu,
-soundhw, -device, -M,
-machine, -d, and
-clock is now considered deprecated. Use
help instead.
The -tdf command line option is now considered
deprecated. The unsupported -no-kvm-pit command line
option is now considered deprecated.
The unsupported -no-kvm-pit-reinjection command line
option is now considered deprecated.
The -pcidevice qemu-kvm command line option is no longer
recognized. Use -device pci-assign instead.
The unsupported -device testdev command line option is
no longer recognized. Use -device pc-testdev instead.
The unsupported -kvm-shadow-memory command line option
is no longer recognized. Its function is now accessible via the
kvm_shadow_mem= parameter to the
-machine command line option.
The unsupported -no-kvm-irqchip command line option is
now considered deprecated. Its function is now accessible via the
kernel_irqchip= parameter to the
-machine command line option.
The unsupported -osk qemu-kvm command
line option is no longer recognized.
The unsupported -M mac qemu-kvm
command line option is no longer recognized.
The unsupported -enable-nesting command line option is
no longer recognized.
The unsupported -old-param command line option is no
longer recognized.
The unsupported -semihosting command line option is no
longer recognized.
The unsupported -nvram command line option is no longer
recognized.
The unsupported cpu_set monitor command is no longer
recognized.
The deprecated Windows drivers
(win-virtio-drivers.iso) are no longer provided.
The Virtual Machine Driver Pack is the supported way to get virtio
drivers for Windows guests.
The following qemu-kvm command line options are not supported by SUSE:
-acpitable ...
|
-add-fd ...
|
-bios ...
|
-bt ...
|
-chroot ...
|
-curses
|
-device
[ipoctal232|sysbus-ohci|i82562|ccid-card-passthru|
smbus-eeprom|nec-usb-xhci|hda-duplex|hda-output|cfi.pflash01
|ivshmem|usb-bot|lsi53c895a|ich9-usb-uhci2|ich9-usb-uhci6|
q35-pcihost|ich9-usb-uhci5|ich9-usb-uhci3|i6300esb|
isa-debug-exit|ne2k_pci|vfio-pci|usb-uas|ich9-usb-uhci4|
ioh3420|isa-ide|esp|usb-ccid|ich9-usb-ehci2|pcnet|
ich9-intel-hda|dc390|ich9-usb-ehci1|sysbus-ahci|hda-micro|
pci-bridge|x3130-upstream|isa-cirrus-vga|ich9-usb-uhci1|
pc-testdev|ne2k_isa|isa-vga|cs4231a|sysbus-fdc|gus||
vmware-svga||i82801b11-bridge|i82557a|i82557c|i82557b|
i82801|AC97|am53c974|intel-hda||i82558a|i82558b|usb-audio|
i82550|isa-debugcon|ib700|sb16|megasas|i82551|
xio3130-downstream|vt82c686b-usb-uhci|tpci200|i82559a|
i82559b|i82559c|xlnx,ps7-usb|SUNW,fdtwo|isa-applesmc|
exynos4210-ehci-usb|mch|usb-bt-dongle]
|
-drive if=[scsi|mtd|pflash], snapshot=on,
format=[anything besides from raw, qcow2, qed]
|
-dtb
|
-g ...
|
-icount ...
|
-iscsi ...
|
-L ...
|
-machine
[q35|pc-q35-1.4|pc-1.3|pc-1.2|pc-1.1|pc-1.0|pc-0.13|pc-0.11|pc-0.10|isapc]
|
-M
[q35|pc-q35-1.4|pc-1.3|pc-1.2|pc-1.1|pc-1.0|pc-0.13|pc-0.11|pc-0.10|isapc]
|
-mtdblock ...
|
-net [socket|dump] ...
|
-no-fd-bootchk
|
-no-kvm
|
-no-kvm-irqchip
|
-no-kvm-pit
|
-no-kvm-pit-reinjection
|
-numa ...
|
-option-rom ...
|
-pflash ...
|
-portrait
|
-prom-env ...
|
-qtest ...
|
-qtest-log ...
|
-rotate
|
-sd ...
|
-set ...
|
-show-cursor
|
-singlestep
|
-snapshot
|
-soundhw ...
|
-spice ...
|
-tb-size ...
|
-trace ...
|
-vga [vmware|qxl|xenfb]
|
-virtioconsole ...
|
-win2k-hack
|
monitor Command Line Options¶
The following qemu-kvm monitor
command line options are supported by SUSE:
?
|
balloon target ...
|
block_resize ...
|
boot_set ...
|
[c|cont]
|
change device ...
|
cpu ...
|
delvm ...
|
device_add ...
|
device_del ...
|
drive_add ...
|
drive_del ...
|
dump_guest_memory ...
|
eject ...
|
gdbserver ...
|
help
|
info ...
|
loadvm ...
|
logfile ...
|
logitem ...
|
mce ...
|
memsave ...
|
migrate ...
|
migrate_set_cache_size ...
|
migrate_set_capability ...
|
migrate_set_downtime ...
|
migrate_set_speed ...
|
mouse_button ...
|
mouse_move ...
|
mouse_set ...
|
nmi ...
|
pci_add ...
|
pci_del ...
|
pmemsave ...
|
[p|print] ...
|
q
|
savevm ...
|
sendkey ...
|
stop
|
system_powerdown
|
system_reset
|
system_wakeup
|
usb_add ...
|
usb_del ...
|
watchdog_action ...
|
x ...
|
xp ...
|
monitor Command Line Options¶
The following qemu-kvm monitor
command line options are not supported by SUSE:
acl_add ...
|
acl_policy ...
|
acl_remove ...
|
acl_reset ...
|
acl_show ...
|
block_job_cancel ...
|
block_job_complete ...
|
block_job_pause ...
|
block_job_resume ...
|
block_job_set_speed ...
|
block_passwd ...
|
client_migrate_info ...
|
close_fd ...
|
commit ...
|
drive_mirror ...
|
expire_password ...
|
hostfwd_add ...
|
hostfwd_remove ...
|
host_net_add ...
|
host_net_remove ...
|
i ...
|
migrate_cancel
|
nbd_server_add ...
|
nbd server_start ...
|
nbd_server_stop ...
|
netdev_add
|
netdev_del ...
|
o ...
|
pcie_aer_inject_error ...
|
ringbuf_read ...
|
ringbuf_write ...
|
screendump ...
|
set_link ...
|
set_password ...
|
singlestep ...
|
snapshot_blkdev ...
|
stopcapture ...
|
sum ...
|
trace_event ...
|
wavcapture ...
|
In addition to the listed human monitor commands above, a JSON-based
monitor interface called QMP (Qemu Monitor Protocol) is provided which
allows for a more programmatic and control-oriented interaction with the
monitor. See
/usr/share/doc/packages/kvm/qmp-commands.txt for
details on executing QMP commands. Below is the list of QMP commands:
add_client
|
add-fd
|
balloon
|
block_passwd
|
block_resize
|
block_set_io_throttle
|
block-snapshot-sync
|
change
|
chardev-add
|
chardev-remove
|
client_migrate_info
|
closefd
|
cont
|
cpu
|
device_add
|
device_del
|
drive-mirror
|
eject
|
expire_password
|
getfd
|
human-monitor-command
|
inject-nmi
|
memsave
|
migrate
|
migrate_cancel
|
migrate-set-cache-size
|
migrate-set-capabilities
|
migrate_set_downtime
|
migrate_set_speed
|
netdev_add
|
netdev_del
|
pmemsave
|
qmp_capabilities
|
query-balloon
|
query-block
|
query-blockstats
|
query-chardev
|
query-commands
|
query-cpus
|
query-events
|
query-fdsets
|
query-kvm
|
query-mice
|
query-migrate
|
query-migrate-cache-size
|
query-name
|
query-pci
|
query-spice
|
query-status
|
query-uuid
|
query-version
|
query-vnc
|
quit
|
remove-fd
|
ringbuf-read
|
ringbuf-write
|
screendump
|
send-key
|
set_link
|
set_password
|
stop
|
system_powerdown
|
system_reset
|
system_wakeup
|
transaction
|
xen-save-devices-state
|
xen-set-global-dirty-flag
|