1VIRSH(1) Virtualization Support VIRSH(1)
2
6 virsh - management user interface
7
9 virsh [OPTION]... [COMMAND_STRING]
10 virsh [OPTION]... COMMAND [ARG]...
12
14 The virsh program is the main interface for managing virsh guest
15 domains. The program can be used to create, pause, and shutdown
16 domains. It can also be used to list current domains. Libvirt is a C
17 toolkit to interact with the virtualization capabilities of recent ver‐
18 sions of Linux (and other OSes). It is free software available under
19 the GNU Lesser General Public License. Virtualization of the Linux
20 Operating System means the ability to run multiple instances of Operat‐
21 ing Systems concurrently on a single hardware system where the basic
22 resources are driven by a Linux instance. The library aims at providing
23 a long term stable C API. It currently supports Xen, QEMU, KVM, LXC,
24 OpenVZ, VirtualBox and VMware ESX.
25 The basic structure of most virsh usage is:
27 virsh [OPTION]... <command> <domain> [ARG]...
29 Where command is one of the commands listed below; domain is the
31 numeric domain id, or the domain name, or the domain UUID; and ARGS are
32 command specific options. There are a few exceptions to this rule in
33 the cases where the command in question acts on all domains, the entire
34 machine, or directly on the xen hypervisor. Those exceptions will be
35 clear for each of those commands. Note: it is permissible to give
36 numeric names to domains, however, doing so will result in a domain
37 that can only be identified by domain id. In other words, if a numeric
38 value is supplied it will be interpreted as a domain id, not as a name.
39 Any command starting with # is treated as a comment and silently
40 ignored, all other unrecognized commands are diagnosed.
41 The virsh program can be used either to run one COMMAND by giving the
43 command and its arguments on the shell command line, or a COM‐
44 MAND_STRING which is a single shell argument consisting of multiple
45 COMMAND actions and their arguments joined with whitespace and sepa‐
46 rated by semicolons or newlines between commands, where unquoted back‐
47 slash-newline pairs are elided. Within COMMAND_STRING, virsh under‐
48 stands the same single, double, and backslash escapes as the shell,
49 although you must add another layer of shell escaping in creating the
50 single shell argument, and any word starting with unquoted # begins a
51 comment that ends at newline. If no command is given in the command
52 line, virsh will then start a minimal interpreter waiting for your com‐
53 mands, and the quit command will then exit the program.
54 The virsh program understands the following OPTIONS.
56 -c, --connect URI
58 Connect to the specified URI, as if by the connect command, instead of
60 the default connection.
61 -d, --debug LEVEL
63 Enable debug messages at integer LEVEL and above. LEVEL can range from
65 0 to 4 (default). See the documentation of VIRSH_DEBUG environment
66 variable below for the description of each LEVEL.
67 · -e, --escape string
69 Set alternative escape sequence for console command. By default, tel‐
71 net's ^] is used. Allowed characters when using hat notation are:
72 alphabetic character, @, [, ], , ^, _.
73 · -h, --help
75 Ignore all other arguments, and behave as if the help command were
77 given instead.
78 · -k, --keepalive-interval INTERVAL
80 Set an INTERVAL (in seconds) for sending keepalive messages to check
82 whether connection to the server is still alive. Setting the interval
83 to 0 disables client keepalive mechanism.
84 · -K, --keepalive-count COUNT
86 Set a number of times keepalive message can be sent without getting an
88 answer from the server without marking the connection dead. There is
89 no effect to this setting in case the INTERVAL is set to 0.
90 · -l, --log FILE
92 Output logging details to FILE.
94 · -q, --quiet
96 Avoid extra informational messages.
98 · -r, --readonly
100 Make the initial connection read-only, as if by the --readonly option
102 of the connect command.
103 · -t, --timing
105 Output elapsed time information for each command.
107 · -v, --version[=short]
109 Ignore all other arguments, and prints the version of the libvirt
111 library virsh is coming from
112 · -V, --version=long
114 Ignore all other arguments, and prints the version of the libvirt
116 library virsh is coming from and which options and driver are compiled
117 in.
118
120 Most virsh operations rely upon the libvirt library being able to con‐
121 nect to an already running libvirtd service. This can usually be done
122 using the command service libvirtd start.
123 Most virsh commands require root privileges to run due to the communi‐
125 cations channels used to talk to the hypervisor. Running as non root
126 will return an error.
127 Most virsh commands act synchronously, except maybe shutdown, setvcpus
129 and setmem. In those cases the fact that the virsh program returned,
130 may not mean the action is complete and you must poll periodically to
131 detect that the guest completed the operation.
132 virsh strives for backward compatibility. Although the help command
134 only lists the preferred usage of a command, if an older version of
135 virsh supported an alternate spelling of a command or option (such as
136 --tunnelled instead of --tunneled), then scripts using that older
137 spelling will continue to work.
138 Several virsh commands take an optionally scaled integer; if no scale
140 is provided, then the default is listed in the command (for historical
141 reasons, some commands default to bytes, while other commands default
142 to kibibytes). The following case-insensitive suffixes can be used to
143 select a specific scale:
144 b, byte byte 1
146 KB kilobyte 1,000
147 k, KiB kibibyte 1,024
148 MB megabyte 1,000,000
149 M, MiB mebibyte 1,048,576
150 GB gigabyte 1,000,000,000
151 G, GiB gibibyte 1,073,741,824
152 TB terabyte 1,000,000,000,000
153 T, TiB tebibyte 1,099,511,627,776
154 PB petabyte 1,000,000,000,000,000
155 P, PiB pebibyte 1,125,899,906,842,624
156 EB exabyte 1,000,000,000,000,000,000
157 E, EiB exbibyte 1,152,921,504,606,846,976
158
160 The following commands are generic i.e. not specific to a domain.
161 help
163 Syntax:
164 help [command-or-group]
166 This lists each of the virsh commands. When used without options, all
168 commands are listed, one per line, grouped into related categories,
169 displaying the keyword for each group.
170 To display only commands for a specific group, give the keyword for
172 that group as an option. For example:
173 Example 1:
175 virsh # help host
177 Host and Hypervisor (help keyword 'host'):
179 capabilities capabilities
180 cpu-models show the CPU models for an architecture
181 connect (re)connect to hypervisor
182 freecell NUMA free memory
183 hostname print the hypervisor hostname
184 qemu-attach Attach to existing QEMU process
185 qemu-monitor-command QEMU Monitor Command
186 qemu-agent-command QEMU Guest Agent Command
187 sysinfo print the hypervisor sysinfo
188 uri print the hypervisor canonical URI
189 To display detailed information for a specific command, give its name
191 as the option instead. For example:
192 Example 2:
194 virsh # help list
196 NAME
197 list - list domains
198 SYNOPSIS
200 list [--inactive] [--all]
201 DESCRIPTION
203 Returns list of domains.
204 OPTIONS
206 --inactive list inactive domains
207 --all list inactive & active domains
208 quit, exit
210 Syntax:
211 quit
213 exit
214 quit this interactive terminal
216 version
218 Syntax:
219 version [--daemon]
221 Will print out the major version info about what this built from. If
223 --daemon is specified then the version of the libvirt daemon is
224 included in the output.
225 Example:
227 $ virsh version
229 Compiled against library: libvirt 1.2.3
230 Using library: libvirt 1.2.3
231 Using API: QEMU 1.2.3
232 Running hypervisor: QEMU 2.0.50
233 $ virsh version --daemon
235 Compiled against library: libvirt 1.2.3
236 Using library: libvirt 1.2.3
237 Using API: QEMU 1.2.3
238 Running hypervisor: QEMU 2.0.50
239 Running against daemon: 1.2.6
240 cd
242 Syntax:
243 cd [directory]
245 Will change current directory to directory. The default directory for
247 the cd command is the home directory or, if there is no HOME variable
248 in the environment, the root directory.
249 This command is only available in interactive mode.
251 pwd
253 Syntax:
254 pwd
256 Will print the current directory.
258 connect
260 Syntax:
261 connect [URI] [--readonly]
263 (Re)-Connect to the hypervisor. When the shell is first started, this
265 is automatically run with the URI parameter requested by the -c option
266 on the command line. The URI parameter specifies how to connect to the
267 hypervisor. The URI docs https://libvirt.org/uri.html list the values
268 supported, but the most common are:
269 · xen:///system
271 this is used to connect to the local Xen hypervisor
273 · qemu:///system
275 connect locally as root to the daemon supervising QEMU and KVM
277 domains
278 · qemu:///session
280 connect locally as a normal user to his own set of QEMU and KVM
282 domains
283 · lxc:///system
285 connect to a local linux container
287 To find the currently used URI, check the uri command documented below.
289 For remote access see the URI docs https://libvirt.org/uri.html on how
291 to make URIs. The --readonly option allows for read-only connection
292 uri
294 Syntax:
295 uri
297 Prints the hypervisor canonical URI, can be useful in shell mode.
299 hostname
301 Syntax:
302 hostname
304 Print the hypervisor hostname.
306 sysinfo
308 Syntax:
309 sysinfo
311 Print the XML representation of the hypervisor sysinfo, if available.
313 nodeinfo
315 Syntax:
316 nodeinfo
318 Returns basic information about the node, like number and type of CPU,
320 and size of the physical memory. The output corresponds to virNodeInfo
321 structure. Specifically, the "CPU socket(s)" field means number of CPU
322 sockets per NUMA cell. The information libvirt displays is dependent
323 upon what each architecture may provide.
324 nodecpumap
326 Syntax:
327 nodecpumap [--pretty]
329 Displays the node's total number of CPUs, the number of online CPUs and
331 the list of online CPUs.
332 With --pretty the online CPUs are printed as a range instead of a list.
334 nodecpustats
336 Syntax:
337 nodecpustats [cpu] [--percent]
339 Returns cpu stats of the node. If cpu is specified, this will print
341 the specified cpu statistics only. If --percent is specified, this
342 will print the percentage of each kind of cpu statistics during 1 sec‐
343 ond.
344 nodememstats
346 Syntax:
347 nodememstats [cell]
349 Returns memory stats of the node. If cell is specified, this will
351 print the specified cell statistics only.
352 nodesuspend
354 Syntax:
355 nodesuspend [target] [duration]
357 Puts the node (host machine) into a system-wide sleep state and sched‐
359 ule the node's Real-Time-Clock interrupt to resume the node after the
360 time duration specified by duration is out. target specifies the state
361 to which the host will be suspended to, it can be "mem" (suspend to
362 RAM), "disk" (suspend to disk), or "hybrid" (suspend to both RAM and
363 disk). duration specifies the time duration in seconds for which the
364 host has to be suspended, it should be at least 60 seconds.
365 node
367 Syntax:
368 node-memory-tune [shm-pages-to-scan] [shm-sleep-millisecs] [shm-merge-across-nodes]
370 Allows you to display or set the node memory parameters.
372 shm-pages-to-scan can be used to set the number of pages to scan before
373 the shared memory service goes to sleep; shm-sleep-millisecs can be
374 used to set the number of millisecs the shared memory service should
375 sleep before next scan; shm-merge-across-nodes specifies if pages from
376 different numa nodes can be merged. When set to 0, only pages which
377 physically reside in the memory area of same NUMA node can be merged.
378 When set to 1, pages from all nodes can be merged. Default to 1.
379 Note: Currently the "shared memory service" only means KSM (Kernel
381 Samepage Merging).
382 capabilities
384 Syntax:
385 capabilities
387 Print an XML document describing the capabilities of the hypervisor we
389 are currently connected to. This includes a section on the host capa‐
390 bilities in terms of CPU and features, and a set of description for
391 each kind of guest which can be virtualized. For a more complete
392 description see:
393 https://libvirt.org/formatcaps.html
395 The XML also show the NUMA topology information if available.
397 domcapabilities
399 Syntax:
400 domcapabilities [virttype] [emulatorbin] [arch] [machine]
402 Print an XML document describing the domain capabilities for the hyper‐
404 visor we are connected to using information either sourced from an
405 existing domain or taken from the virsh capabilities output. This may
406 be useful if you intend to create a new domain and are curious if for
407 instance it could make use of VFIO by creating a domain for the hyper‐
408 visor with a specific emulator and architecture.
409 Each hypervisor will have different requirements regarding which
411 options are required and which are optional. A hypervisor can support
412 providing a default value for any of the options.
413 The virttype option specifies the virtualization type used. The value
415 to be used is either from the 'type' attribute of the <domain/> top
416 level element from the domain XML or the 'type' attribute found within
417 each <guest/> element from the virsh capabilities output. The emula‐
418 torbin option specifies the path to the emulator. The value to be used
419 is either the <emulator> element in the domain XML or the virsh capa‐
420 bilities output. The arch option specifies the architecture to be used
421 for the domain. The value to be used is either the "arch" attribute
422 from the domain's XML <os/> element and <type/> subelement or the
423 "name" attribute of an <arch/> element from the virsh capabililites
424 output. The machine specifies the machine type for the emulator. The
425 value to be used is either the "machine" attribute from the domain's
426 XML <os/> element and <type/> subelement or one from a list of machines
427 from the virsh capabilities output for a specific architecture and
428 domain type.
429 For the QEMU hypervisor, a virttype of either 'qemu' or 'kvm' must be
431 supplied along with either the emulatorbin or arch in order to generate
432 output for the default machine. Supplying a machine value will gener‐
433 ate output for the specific machine.
434 pool-capabilities
436 Syntax:
437 pool-capabilities
439 Print an XML document describing the storage pool capabilities for the
441 connected storage driver. This may be useful if you intend to create a
442 new storage pool and need to know the available pool types and sup‐
443 ported storage pool source and target volume formats as well as the
444 required source elements to create the pool.
445 inject
447 Syntax:
448 inject-nmi domain
450 Inject NMI to the guest.
452 list
454 Syntax:
455 list [--inactive | --all]
457 [--managed-save] [--title]
458 { [--table] | --name | --uuid }
459 [--persistent] [--transient]
460 [--with-managed-save] [--without-managed-save]
461 [--autostart] [--no-autostart]
462 [--with-snapshot] [--without-snapshot]
463 [--with-checkpoint] [--without-checkpoint]
464 [--state-running] [--state-paused]
465 [--state-shutoff] [--state-other]
466 Prints information about existing domains. If no options are specified
468 it prints out information about running domains.
469 Example 1:
471 An example format for the list is as follows:
473 ``virsh`` list
475 Id Name State
476 ----------------------------------------------------
477 0 Domain-0 running
478 2 fedora paused
479 Name is the name of the domain. ID the domain numeric id. State is
481 the run state (see below).
482 STATES
484 The State field lists what state each domain is currently in. A domain
486 can be in one of the following possible states:
487 · running
489 The domain is currently running on a CPU
491 · idle
493 The domain is idle, and not running or runnable. This can be caused
495 because the domain is waiting on IO (a traditional wait state) or has
496 gone to sleep because there was nothing else for it to do.
497 · paused
499 The domain has been paused, usually occurring through the administra‐
501 tor running virsh suspend. When in a paused state the domain will
502 still consume allocated resources like memory, but will not be eligi‐
503 ble for scheduling by the hypervisor.
504 · in shutdown
506 The domain is in the process of shutting down, i.e. the guest operat‐
508 ing system has been notified and should be in the process of stopping
509 its operations gracefully.
510 · shut off
512 The domain is not running. Usually this indicates the domain has
514 been shut down completely, or has not been started.
515 · crashed
517 The domain has crashed, which is always a violent ending. Usually
519 this state can only occur if the domain has been configured not to
520 restart on crash.
521 · pmsuspended
523 The domain has been suspended by guest power management, e.g. entered
525 into s3 state.
526 Normally only active domains are listed. To list inactive domains spec‐
528 ify --inactive or --all to list both active and inactive domains.
529 Filtering
531 To further filter the list of domains you may specify one or more of
533 filtering flags supported by the list command. These flags are grouped
534 by function. Specifying one or more flags from a group enables the
535 filter group. Note that some combinations of flags may yield no
536 results. Supported filtering flags and groups:
537 Persistence
539 Flag --persistent is used to include persistent domains in the returned
540 list. To include transient domains specify --transient.
541 Existence of managed save image
543 To list domains having a managed save image specify flag --with-man‐
544 aged-save. For domains that don't have a managed save image specify
545 --without-managed-save.
546 Domain state
548 The following filter flags select a domain by its state: --state-run‐
549 ning for running domains, --state-paused for paused domains,
550 --state-shutoff for turned off domains and --state-other for all other
551 states as a fallback.
552 Autostarting domains
554 To list autostarting domains use the flag --autostart. To list domains
555 with this feature disabled use --no-autostart.
556 Snapshot existence
558 Domains that have snapshot images can be listed using flag --with-snap‐
559 shot, domains without a snapshot --without-snapshot.
560 Checkpoint existence
562 Domains that have checkpoints can be listed using flag --with-check‐
563 point, domains without a checkpoint --without-checkpoint.
564 When talking to older servers, this command is forced to use a series
566 of API calls with an inherent race, where a domain might not be listed
567 or might appear more than once if it changed state between calls while
568 the list was being collected. Newer servers do not have this problem.
569 If --managed-save is specified, then domains that have managed save
571 state (only possible if they are in the shut off state, so you need to
572 specify --inactive or --all to actually list them) will instead show as
573 saved in the listing. This flag is usable only with the default --table
574 output. Note that this flag does not filter the list of domains.
575 If --name is specified, domain names are printed instead of the table
577 formatted one per line. If --uuid is specified domain's UUID's are
578 printed instead of names. Flag --table specifies that the legacy ta‐
579 ble-formatted output should be used. This is the default.
580 If both --name and --uuid are specified, domain UUID's and names are
582 printed side by side without any header. Flag --table specifies that
583 the legacy table-formatted output should be used. This is the default
584 if neither --name nor --uuid are specified. Option --table is mutually
585 exclusive with options --uuid and --name.
586 If --title is specified, then the short domain description (title) is
588 printed in an extra column. This flag is usable only with the default
589 --table output.
590 Example 2:
592 $ virsh list --title
594 Id Name State Title
595 -------------------------------------------
596 0 Domain-0 running Mailserver 1
597 2 fedora paused
598 freecell
600 Syntax:
601 freecell [{ [--cellno] cellno | --all }]
603 Prints the available amount of memory on the machine or within a NUMA
605 cell. The freecell command can provide one of three different displays
606 of available memory on the machine depending on the options specified.
607 With no options, it displays the total free memory on the machine.
608 With the --all option, it displays the free memory in each cell and the
609 total free memory on the machine. Finally, with a numeric argument or
610 with --cellno plus a cell number it will display the free memory for
611 the specified cell only.
612 freepages
614 Syntax:
615 freepages [{ [--cellno] cellno [--pagesize] pagesize | --all }]
617 Prints the available amount of pages within a NUMA cell. cellno refers
619 to the NUMA cell you're interested in. pagesize is a scaled integer
620 (see NOTES above). Alternatively, if --all is used, info on each pos‐
621 sible combination of NUMA cell and page size is printed out.
622 allocpages
624 Syntax:
625 allocpages [--pagesize] pagesize [--pagecount] pagecount [[--cellno] cellno] [--add] [--all]
627 Change the size of pages pool of pagesize on the host. If --add is
629 specified, then pagecount pages are added into the pool. However, if
630 --add wasn't specified, then the pagecount is taken as the new absolute
631 size of the pool (this may be used to free some pages and size the pool
632 down). The cellno modifier can be used to narrow the modification down
633 to a single host NUMA cell. On the other end of spectrum lies --all
634 which executes the modification on all NUMA cells.
635 cpu-baseline
637 Syntax:
638 cpu-baseline FILE [--features] [--migratable]
640 Compute baseline CPU which will be supported by all host CPUs given in
642 <file>. (See hypervisor-cpu-baseline command to get a CPU which can be
643 provided by a specific hypervisor.) The list of host CPUs is built by
644 extracting all <cpu> elements from the <file>. Thus, the <file> can
645 contain either a set of <cpu> elements separated by new lines or even a
646 set of complete <capabilities> elements printed by capabilities com‐
647 mand. If --features is specified, then the resulting XML description
648 will explicitly include all features that make up the CPU, without this
649 option features that are part of the CPU model will not be listed in
650 the XML description. If --migratable is specified, features that
651 block migration will not be included in the resulting CPU.
652 cpu-compare
654 Syntax:
655 cpu-compare FILE [--error]
657 Compare CPU definition from XML <file> with host CPU. (See hypervi‐
659 sor-cpu-compare command for comparing the CPU definition with the CPU
660 which a specific hypervisor is able to provide on the host.) The XML
661 <file> may contain either host or guest CPU definition. The host CPU
662 definition is the <cpu> element and its contents as printed by capabil‐
663 ities command. The guest CPU definition is the <cpu> element and its
664 contents from domain XML definition or the CPU definition created from
665 the host CPU model found in domain capabilities XML (printed by domca‐
666 pabilities command). In addition to the <cpu> element itself, this com‐
667 mand accepts full domain XML, capabilities XML, or domain capabilities
668 XML containing the CPU definition. For more information on guest CPU
669 definition see: https://libvirt.org/formatdomain.html#elementsCPU. If
670 --error is specified, the command will return an error when the given
671 CPU is incompatible with host CPU and a message providing more details
672 about the incompatibility will be printed out.
673 cpu-models
675 Syntax:
676 cpu-models arch
678 Print the list of CPU models known by libvirt for the specified archi‐
680 tecture. Whether a specific hypervisor is able to create a domain
681 which uses any of the printed CPU models is a separate question which
682 can be answered by looking at the domain capabilities XML returned by
683 domcapabilities command. Moreover, for some architectures libvirt does
684 not know any CPU models and the usable CPU models are only limited by
685 the hypervisor. This command will print that all CPU models are
686 accepted for these architectures and the actual list of supported CPU
687 models can be checked in the domain capabilities XML.
688 echo
690 Syntax:
691 echo [--shell] [--xml] [err...] [arg...]
693 Echo back each arg, separated by space. If --shell is specified, then
695 the output will be single-quoted where needed, so that it is suitable
696 for reuse in a shell context. If --xml is specified, then the output
697 will be escaped for use in XML. If --err is specified, prefix "error:
698 " and output to stderr instead of stdout.
699 hypervisor-cpu-compare
701 Syntax:
702 hypervisor-cpu-compare FILE [virttype] [emulator] [arch] [machine] [--error]
704 Compare CPU definition from XML <file> with the CPU the hypervisor is
706 able to provide on the host. (This is different from cpu-compare which
707 compares the CPU definition with the host CPU without considering any
708 specific hypervisor and its abilities.)
709 The XML FILE may contain either a host or guest CPU definition. The
711 host CPU definition is the <cpu> element and its contents as printed by
712 the capabilities command. The guest CPU definition is the <cpu> element
713 and its contents from the domain XML definition or the CPU definition
714 created from the host CPU model found in the domain capabilities XML
715 (printed by the domcapabilities command). In addition to the <cpu> ele‐
716 ment itself, this command accepts full domain XML, capabilities XML, or
717 domain capabilities XML containing the CPU definition. For more infor‐
718 mation on guest CPU definition see:
719 https://libvirt.org/formatdomain.html#elementsCPU.
720 The virttype option specifies the virtualization type (usable in the
722 'type' attribute of the <domain> top level element from the domain
723 XML). emulator specifies the path to the emulator, arch specifies the
724 CPU architecture, and machine specifies the machine type. If --error is
725 specified, the command will return an error when the given CPU is
726 incompatible with the host CPU and a message providing more details
727 about the incompatibility will be printed out.
728 hypervisor-cpu-baseline
730 Syntax:
731 hypervisor-cpu-baseline FILE [virttype] [emulator] [arch] [machine] [--features] [--migratable]
733 Compute a baseline CPU which will be compatible with all CPUs defined
735 in an XML file and with the CPU the hypervisor is able to provide on
736 the host. (This is different from cpu-baseline which does not consider
737 any hypervisor abilities when computing the baseline CPU.)
738 The XML FILE may contain either host or guest CPU definitions describ‐
740 ing the host CPU model. The host CPU definition is the <cpu> element
741 and its contents as printed by capabilities command. The guest CPU def‐
742 inition may be created from the host CPU model found in domain capabil‐
743 ities XML (printed by domcapabilities command). In addition to the
744 <cpu> elements, this command accepts full capabilities XMLs, or domain
745 capabilities XMLs containing the CPU definitions. For best results, use
746 only the CPU definitions from domain capabilities.
747 When FILE contains only a single CPU definition, the command will print
749 the same CPU with restrictions imposed by the capabilities of the
750 hypervisor. Specifically, running th virsh hypervisor-cpu-baseline
751 command with no additional options on the result of virsh domcapabili‐
752 ties will transform the host CPU model from domain capabilities XML to
753 a form directly usable in domain XML.
754 The virttype option specifies the virtualization type (usable in the
756 'type' attribute of the <domain> top level element from the domain
757 XML). emulator specifies the path to the emulator, arch specifies the
758 CPU architecture, and machine specifies the machine type. If --features
759 is specified, then the resulting XML description will explicitly
760 include all features that make up the CPU, without this option features
761 that are part of the CPU model will not be listed in the XML descrip‐
762 tion. If --migratable is specified, features that block migration will
763 not be included in the resulting CPU.
764
766 The following commands manipulate domains directly, as stated previ‐
767 ously most commands take domain as the first parameter. The domain can
768 be specified as a short integer, a name or a full UUID.
769 autostart
771 Syntax:
772 autostart [--disable] domain
774 Configure a domain to be automatically started at boot.
776 The option --disable disables autostarting.
778 blkdeviotune
780 Syntax:
781 blkdeviotune domain device [[--config] [--live] | [--current]]
783 [[total-bytes-sec] | [read-bytes-sec] [write-bytes-sec]]
784 [[total-iops-sec] | [read-iops-sec] [write-iops-sec]]
785 [[total-bytes-sec-max] | [read-bytes-sec-max] [write-bytes-sec-max]]
786 [[total-iops-sec-max] | [read-iops-sec-max] [write-iops-sec-max]]
787 [[total-bytes-sec-max-length] |
788 [read-bytes-sec-max-length] [write-bytes-sec-max-length]]
789 [[total-iops-sec-max-length] |
790 [read-iops-sec-max-length] [write-iops-sec-max-length]]
791 [size-iops-sec] [group-name]
792 Set or query the block disk io parameters for a block device of domain.
794 device specifies a unique target name (<target dev='name'/>) or source
795 file (<source file='name'/>) for one of the disk devices attached to
796 domain (see also domblklist for listing these names).
797 If no limit is specified, it will query current I/O limits setting.
799 Otherwise, alter the limits with these flags: --total-bytes-sec speci‐
800 fies total throughput limit as a scaled integer, the default being
801 bytes per second if no suffix is specified. --read-bytes-sec specifies
802 read throughput limit as a scaled integer, the default being bytes per
803 second if no suffix is specified. --write-bytes-sec specifies write
804 throughput limit as a scaled integer, the default being bytes per sec‐
805 ond if no suffix is specified. --total-iops-sec specifies total I/O
806 operations limit per second. --read-iops-sec specifies read I/O opera‐
807 tions limit per second. --write-iops-sec specifies write I/O opera‐
808 tions limit per second. --total-bytes-sec-max specifies maximum total
809 throughput limit as a scaled integer, the default being bytes per sec‐
810 ond if no suffix is specified --read-bytes-sec-max specifies maximum
811 read throughput limit as a scaled integer, the default being bytes per
812 second if no suffix is specified. --write-bytes-sec-max specifies max‐
813 imum write throughput limit as a scaled integer, the default being
814 bytes per second if no suffix is specified. --total-iops-sec-max spec‐
815 ifies maximum total I/O operations limit per second.
816 --read-iops-sec-max specifies maximum read I/O operations limit per
817 second. --write-iops-sec-max specifies maximum write I/O operations
818 limit per second. --total-bytes-sec-max-length specifies duration in
819 seconds to allow maximum total throughput limit.
820 --read-bytes-sec-max-length specifies duration in seconds to allow max‐
821 imum read throughput limit. --write-bytes-sec-max-length specifies
822 duration in seconds to allow maximum write throughput limit.
823 --total-iops-sec-max-length specifies duration in seconds to allow max‐
824 imum total I/O operations limit. --read-iops-sec-max-length specifies
825 duration in seconds to allow maximum read I/O operations limit.
826 --write-iops-sec-max-length specifies duration in seconds to allow max‐
827 imum write I/O operations limit. --size-iops-sec specifies size I/O
828 operations limit per second. --group-name specifies group name to
829 share I/O quota between multiple drives. For a QEMU domain, if no name
830 is provided, then the default is to have a single group for each
831 device.
832 Older versions of virsh only accepted these options with underscore
834 instead of dash, as in --total_bytes_sec.
835 Bytes and iops values are independent, but setting only one value (such
837 as --read-bytes-sec) resets the other two in that category to unlim‐
838 ited. An explicit 0 also clears any limit. A non-zero value for a
839 given total cannot be mixed with non-zero values for read or write.
840 It is up to the hypervisor to determine how to handle the length val‐
842 ues. For the QEMU hypervisor, if an I/O limit value or maximum value
843 is set, then the default value of 1 second will be displayed. Supplying
844 a 0 will reset the value back to the default.
845 If --live is specified, affect a running guest. If --config is speci‐
847 fied, affect the next boot of a persistent guest. If --current is
848 specified, affect the current guest state. When setting the disk io
849 parameters both --live and --config flags may be given, but --current
850 is exclusive. For querying only one of --live, --config or --current
851 can be specified. If no flag is specified, behavior is different
852 depending on hypervisor.
853 blkiotune
855 Syntax:
856 blkiotune domain [--weight weight] [--device-weights device-weights]
858 [--device-read-iops-sec device-read-iops-sec]
859 [--device-write-iops-sec device-write-iops-sec]
860 [--device-read-bytes-sec device-read-bytes-sec]
861 [--device-write-bytes-sec device-write-bytes-sec]
862 [[--config] [--live] | [--current]]
863 Display or set the blkio parameters. QEMU/KVM supports --weight.
865 --weight is in range [100, 1000]. After kernel 2.6.39, the value could
866 be in the range [10, 1000].
867 device-weights is a single string listing one or more device/weight
869 pairs, in the format of /path/to/device,weight,/path/to/device,weight.
870 Each weight is in the range [100, 1000], [10, 1000] after kernel
871 2.6.39, or the value 0 to remove that device from per-device listings.
872 Only the devices listed in the string are modified; any existing
873 per-device weights for other devices remain unchanged.
874 device-read-iops-sec is a single string listing one or more
876 device/read_iops_sec pairs, int the format of
877 /path/to/device,read_iops_sec,/path/to/device,read_iops_sec. Each
878 read_iops_sec is a number which type is unsigned int, value 0 to remove
879 that device from per-device listing. Only the devices listed in the
880 string are modified; any existing per-device read_iops_sec for other
881 devices remain unchanged.
882 device-write-iops-sec is a single string listing one or more
884 device/write_iops_sec pairs, int the format of
885 /path/to/device,write_iops_sec,/path/to/device,write_iops_sec. Each
886 write_iops_sec is a number which type is unsigned int, value 0 to
887 remove that device from per-device listing. Only the devices listed in
888 the string are modified; any existing per-device write_iops_sec for
889 other devices remain unchanged.
890 device-read-bytes-sec is a single string listing one or more
892 device/read_bytes_sec pairs, int the format of
893 /path/to/device,read_bytes_sec,/path/to/device,read_bytes_sec. Each
894 read_bytes_sec is a number which type is unsigned long long, value 0 to
895 remove that device from per-device listing. Only the devices listed in
896 the string are modified; any existing per-device read_bytes_sec for
897 other devices remain unchanged.
898 device-write-bytes-sec is a single string listing one or more
900 device/write_bytes_sec pairs, int the format of
901 /path/to/device,write_bytes_sec,/path/to/device,write_bytes_sec. Each
902 write_bytes_sec is a number which type is unsigned long long, value 0
903 to remove that device from per-device listing. Only the devices listed
904 in the string are modified; any existing per-device write_bytes_sec for
905 other devices remain unchanged.
906 If --live is specified, affect a running guest. If --config is speci‐
908 fied, affect the next boot of a persistent guest. If --current is
909 specified, affect the current guest state. Both --live and --config
910 flags may be given, but --current is exclusive. If no flag is speci‐
911 fied, behavior is different depending on hypervisor.
912 blockcommit
914 Syntax:
915 blockcommit domain path [bandwidth] [--bytes] [base]
917 [--shallow] [top] [--delete] [--keep-relative]
918 [--wait [--async] [--verbose]] [--timeout seconds]
919 [--active] [{--pivot | --keep-overlay}]
920 Reduce the length of a backing image chain, by committing changes at
922 the top of the chain (snapshot or delta files) into backing images. By
923 default, this command attempts to flatten the entire chain. If base
924 and/or top are specified as files within the backing chain, then the
925 operation is constrained to committing just that portion of the chain;
926 --shallow can be used instead of base to specify the immediate backing
927 file of the resulting top image to be committed. The files being com‐
928 mitted are rendered invalid, possibly as soon as the operation starts;
929 using the --delete flag will attempt to remove these invalidated files
930 at the successful completion of the commit operation. When the
931 --keep-relative flag is used, the backing file paths will be kept rela‐
932 tive.
933 When top is omitted or specified as the active image, it is also possi‐
935 ble to specify --active to trigger a two-phase active commit. In the
936 first phase, top is copied into base and the job can only be canceled,
937 with top still containing data not yet in base. In the second phase,
938 top and base remain identical until a call to blockjob with the --abort
939 flag (keeping top as the active image that tracks changes from that
940 point in time) or the --pivot flag (making base the new active image
941 and invalidating top).
942 By default, this command returns as soon as possible, and data for the
944 entire disk is committed in the background; the progress of the opera‐
945 tion can be checked with blockjob. However, if --wait is specified,
946 then this command will block until the operation completes (or for
947 --active, enters the second phase), or until the operation is canceled
948 because the optional timeout in seconds elapses or SIGINT is sent (usu‐
949 ally with Ctrl-C). Using --verbose along with --wait will produce
950 periodic status updates. If job cancellation is triggered, --async
951 will return control to the user as fast as possible, otherwise the com‐
952 mand may continue to block a little while longer until the job is done
953 cleaning up. Using --pivot is shorthand for combining --active --wait
954 with an automatic blockjob --pivot; and using --keep-overlay is short‐
955 hand for combining --active --wait with an automatic blockjob --abort.
956 path specifies fully-qualified path of the disk; it corresponds to a
958 unique target name (<target dev='name'/>) or source file (<source
959 file='name'/>) for one of the disk devices attached to domain (see also
960 domblklist for listing these names). bandwidth specifies copying band‐
961 width limit in MiB/s, although for QEMU, it may be non-zero only for an
962 online domain. For further information on the bandwidth argument see
963 the corresponding section for the blockjob command.
964 blockcopy
966 Syntax:
967 blockcopy domain path { dest [format] [--blockdev] | --xml file }
969 [--shallow] [--reuse-external] [bandwidth]
970 [--wait [--async] [--verbose]] [{--pivot | --finish}]
971 [--timeout seconds] [granularity] [buf-size] [--bytes]
972 [--transient-job]
973 Copy a disk backing image chain to a destination. Either dest as the
975 destination file name, or --xml with the name of an XML file containing
976 a top-level <disk> element describing the destination, must be present.
977 Additionally, if dest is given, format should be specified to declare
978 the format of the destination (if format is omitted, then libvirt will
979 reuse the format of the source, or with --reuse-external will be forced
980 to probe the destination format, which could be a potential security
981 hole). The command supports --raw as a boolean flag synonym for --for‐
982 mat=raw. When using dest, the destination is treated as a regular file
983 unless --blockdev is used to signal that it is a block device. By
984 default, this command flattens the entire chain; but if --shallow is
985 specified, the copy shares the backing chain.
986 If --reuse-external is specified, then the destination must exist and
988 have sufficient space to hold the copy. If --shallow is used in con‐
989 junction with --reuse-external then the pre-created image must have
990 guest visible contents identical to guest visible contents of the back‐
991 ing file of the original image. This may be used to modify the backing
992 file names on the destination.
993 By default, the copy job runs in the background, and consists of two
995 phases. Initially, the job must copy all data from the source, and
996 during this phase, the job can only be canceled to revert back to the
997 source disk, with no guarantees about the destination. After this
998 phase completes, both the source and the destination remain mirrored
999 until a call to blockjob with the --abort and --pivot flags pivots over
1000 to the copy, or a call without --pivot leaves the destination as a
1001 faithful copy of that point in time. However, if --wait is specified,
1002 then this command will block until the mirroring phase begins, or can‐
1003 cel the operation if the optional timeout in seconds elapses or SIGINT
1004 is sent (usually with Ctrl-C). Using --verbose along with --wait will
1005 produce periodic status updates. Using --pivot (similar to blockjob
1006 --pivot) or --finish (similar to blockjob --abort) implies --wait, and
1007 will additionally end the job cleanly rather than leaving things in the
1008 mirroring phase. If job cancellation is triggered by timeout or by
1009 --finish, --async will return control to the user as fast as possible,
1010 otherwise the command may continue to block a little while longer until
1011 the job has actually cancelled.
1012 path specifies fully-qualified path of the disk. bandwidth specifies
1014 copying bandwidth limit in MiB/s. Specifying a negative value is inter‐
1015 preted as an unsigned long long value that might be essentially unlim‐
1016 ited, but more likely would overflow; it is safer to use 0 for that
1017 purpose. For further information on the bandwidth argument see the cor‐
1018 responding section for the blockjob command. Specifying granularity
1019 allows fine-tuning of the granularity that will be copied when a dirty
1020 region is detected; larger values trigger less I/O overhead but may end
1021 up copying more data overall (the default value is usually correct);
1022 hypervisors may restrict this to be a power of two or fall within a
1023 certain range. Specifying buf-size will control how much data can be
1024 simultaneously in-flight during the copy; larger values use more memory
1025 but may allow faster completion (the default value is usually correct).
1026 --transient-job allows specifying that the user does not require the
1028 job to be recovered if the VM crashes or is turned off before the job
1029 completes. This flag removes the restriction of copy jobs to transient
1030 domains if that restriction is applied by the hypervisor.
1031 blockjob
1033 Syntax:
1034 blockjob domain path { [--abort] [--async] [--pivot] |
1036 [--info] [--raw] [--bytes] | [bandwidth] }
1037 Manage active block operations. There are three mutually-exclusive
1039 modes: --info, bandwidth, and --abort. --async and --pivot imply abort
1040 mode; --raw implies info mode; and if no mode was given, --info mode is
1041 assumed.
1042 path specifies fully-qualified path of the disk; it corresponds to a
1044 unique target name (<target dev='name'/>) or source file (<source
1045 file='name'/>) for one of the disk devices attached to domain (see also
1046 domblklist for listing these names).
1047 In --abort mode, the active job on the specified disk will be aborted.
1049 If --async is also specified, this command will return immediately,
1050 rather than waiting for the cancellation to complete. If --pivot is
1051 specified, this requests that an active copy or active commit job be
1052 pivoted over to the new image.
1053 In --info mode, the active job information on the specified disk will
1055 be printed. By default, the output is a single human-readable summary
1056 line; this format may change in future versions. Adding --raw lists
1057 each field of the struct, in a stable format. If the --bytes flag is
1058 set, then the command errors out if the server could not supply bytes/s
1059 resolution; when omitting the flag, raw output is listed in MiB/s and
1060 human-readable output automatically selects the best resolution sup‐
1061 ported by the server.
1062 bandwidth can be used to set bandwidth limit for the active job in
1064 MiB/s. If --bytes is specified then the bandwidth value is interpreted
1065 in bytes/s. Specifying a negative value is interpreted as an unsigned
1066 long value or essentially unlimited. The hypervisor can choose whether
1067 to reject the value or convert it to the maximum value allowed. Option‐
1068 ally a scaled positive number may be used as bandwidth (see NOTES
1069 above). Using --bytes with a scaled value permits a finer granularity
1070 to be selected. A scaled value used without --bytes will be rounded
1071 down to MiB/s. Note that the --bytes may be unsupported by the hypervi‐
1072 sor.
1073 Note that the progress reported for blockjobs corresponding to a
1075 pull-mode backup don't report progress of the backup but rather usage
1076 of temporary space required for the backup.
1077 blockpull
1079 Syntax:
1080 blockpull domain path [bandwidth] [--bytes] [base]
1082 [--wait [--verbose] [--timeout seconds] [--async]]
1083 [--keep-relative]
1084 Populate a disk from its backing image chain. By default, this command
1086 flattens the entire chain; but if base is specified, containing the
1087 name of one of the backing files in the chain, then that file becomes
1088 the new backing file and only the intermediate portion of the chain is
1089 pulled. Once all requested data from the backing image chain has been
1090 pulled, the disk no longer depends on that portion of the backing
1091 chain.
1092 By default, this command returns as soon as possible, and data for the
1094 entire disk is pulled in the background; the progress of the operation
1095 can be checked with blockjob. However, if --wait is specified, then
1096 this command will block until the operation completes, or cancel the
1097 operation if the optional timeout in seconds elapses or SIGINT is sent
1098 (usually with Ctrl-C). Using --verbose along with --wait will produce
1099 periodic status updates. If job cancellation is triggered, --async
1100 will return control to the user as fast as possible, otherwise the com‐
1101 mand may continue to block a little while longer until the job is done
1102 cleaning up.
1103 Using the --keep-relative flag will keep the backing chain names rela‐
1105 tive.
1106 path specifies fully-qualified path of the disk; it corresponds to a
1108 unique target name (<target dev='name'/>) or source file (<source
1109 file='name'/>) for one of the disk devices attached to domain (see also
1110 domblklist for listing these names). bandwidth specifies copying band‐
1111 width limit in MiB/s. For further information on the bandwidth argument
1112 see the corresponding section for the blockjob command.
1113 blockresize
1115 Syntax:
1116 blockresize domain path size
1118 Resize a block device of domain while the domain is running, path spec‐
1120 ifies the absolute path of the block device; it corresponds to a unique
1121 target name (<target dev='name'/>) or source file (<source
1122 file='name'/>) for one of the disk devices attached to domain (see also
1123 domblklist for listing these names).
1124 size is a scaled integer (see NOTES above) which defaults to KiB
1126 (blocks of 1024 bytes) if there is no suffix. You must use a suffix of
1127 "B" to get bytes (note that for historical reasons, this differs from
1128 vol-resize which defaults to bytes without a suffix).
1129 console
1131 Syntax:
1132 console domain [devname] [--safe] [--force]
1134 Connect the virtual serial console for the guest. The optional devname
1136 parameter refers to the device alias of an alternate console, serial or
1137 parallel device configured for the guest. If omitted, the primary con‐
1138 sole will be opened.
1139 If the flag --safe is specified, the connection is only attempted if
1141 the driver supports safe console handling. This flag specifies that the
1142 server has to ensure exclusive access to console devices. Optionally
1143 the --force flag may be specified, requesting to disconnect any exist‐
1144 ing sessions, such as in a case of a broken connection.
1145 cpu-stats
1147 Syntax:
1148 cpu-stats domain [--total] [start] [count]
1150 Provide cpu statistics information of a domain. The domain should be
1152 running. Default it shows stats for all CPUs, and a total. Use --total
1153 for only the total stats, start for only the per-cpu stats of the CPUs
1154 from start, count for only count CPUs' stats.
1155 create
1157 Syntax:
1158 create FILE [--console] [--paused] [--autodestroy]
1160 [--pass-fds N,M,...] [--validate]
1161 Create a domain from an XML <file>. Optionally, --validate option can
1163 be passed to validate the format of the input XML file against an
1164 internal RNG schema (identical to using virt-xml-validate(1) tool).
1165 Domains created using this command are going to be either transient
1166 (temporary ones that will vanish once destroyed) or existing persistent
1167 domains that will run with one-time use configuration, leaving the per‐
1168 sistent XML untouched (this can come handy during an automated testing
1169 of various configurations all based on the original XML). See the
1170 example below for usage demonstration.
1171 The domain will be paused if the --paused option is used and supported
1173 by the driver; otherwise it will be running. If --console is requested,
1174 attach to the console after creation. If --autodestroy is requested,
1175 then the guest will be automatically destroyed when virsh closes its
1176 connection to libvirt, or otherwise exits.
1177 If --pass-fds is specified, the argument is a comma separated list of
1179 open file descriptors which should be pass on into the guest. The file
1180 descriptors will be re-numbered in the guest, starting from 3. This is
1181 only supported with container based virtualization.
1182 Example:
1184 1. prepare a template from an existing domain (skip directly to 3a if
1186 writing one from scratch)
1187 # virsh dumpxml <domain> > domain.xml
1189 2. edit the template using an editor of your choice and:
1191 a. DO CHANGE! <name> and <uuid> (<uuid> can also be removed), or
1193 b. DON'T CHANGE! either <name> or <uuid>
1195 # $EDITOR domain.xml
1197 3. create a domain from domain.xml, depending on whether following 2a
1199 or 2b respectively:
1200 a. the domain is going to be transient
1202 b. an existing persistent domain will run with a modified one-time
1204 configuration
1205 # virsh create domain.xml
1207 define
1209 Syntax:
1210 define FILE [--validate]
1212 Define a domain from an XML <file>. Optionally, the format of the input
1214 XML file can be validated against an internal RNG schema with --vali‐
1215 date (identical to using virt-xml-validate(1) tool). The domain defini‐
1216 tion is registered but not started. If domain is already running, the
1217 changes will take effect on the next boot.
1218 desc
1220 Syntax:
1221 desc domain [[--live] [--config] |
1223 [--current]] [--title] [--edit] [--new-desc
1224 New description or title message]
1225 Show or modify description and title of a domain. These values are user
1227 fields that allow storing arbitrary textual data to allow easy identi‐
1228 fication of domains. Title should be short, although it's not enforced.
1229 (See also metadata that works with XML based domain metadata.)
1230 Flags --live or --config select whether this command works on live or
1232 persistent definitions of the domain. If both --live and --config are
1233 specified, the --config option takes precedence on getting the current
1234 description and both live configuration and config are updated while
1235 setting the description. --current is exclusive and implied if none of
1236 these was specified.
1237 Flag --edit specifies that an editor with the contents of current
1239 description or title should be opened and the contents saved back
1240 afterwards.
1241 Flag --title selects operation on the title field instead of descrip‐
1243 tion.
1244 If neither of --edit and --new-desc are specified the note or descrip‐
1246 tion is displayed instead of being modified.
1247 destroy
1249 Syntax:
1250 destroy domain [--graceful]
1252 Immediately terminate the domain domain. This doesn't give the domain
1254 OS any chance to react, and it's the equivalent of ripping the power
1255 cord out on a physical machine. In most cases you will want to use the
1256 shutdown command instead. However, this does not delete any storage
1257 volumes used by the guest, and if the domain is persistent, it can be
1258 restarted later.
1259 If domain is transient, then the metadata of any snapshots will be lost
1261 once the guest stops running, but the snapshot contents still exist,
1262 and a new domain with the same name and UUID can restore the snapshot
1263 metadata with snapshot-create. Similarly, the metadata of any check‐
1264 points will be lost, but can be restored with checkpoint-create.
1265 If --graceful is specified, don't resort to extreme measures (e.g.
1267 SIGKILL) when the guest doesn't stop after a reasonable timeout; return
1268 an error instead.
1269 domblkerror
1271 Syntax:
1272 domblkerror domain
1274 Show errors on block devices. This command usually comes handy when
1276 domstate command says that a domain was paused due to I/O error. The
1277 domblkerror command lists all block devices in error state and the
1278 error seen on each of them.
1279 domblkinfo
1281 Syntax:
1282 domblkinfo domain [block-device --all] [--human]
1284 Get block device size info for a domain. A block-device corresponds to
1286 a unique target name (<target dev='name'/>) or source file (<source
1287 file='name'/>) for one of the disk devices attached to domain (see also
1288 domblklist for listing these names). If --human is set, the output will
1289 have a human readable output. If --all is set, the output will be a
1290 table showing all block devices size info associated with domain. The
1291 --all option takes precedence of the others.
1292 domblklist
1294 Syntax:
1295 domblklist domain [--inactive] [--details]
1297 Print a table showing the brief information of all block devices asso‐
1299 ciated with domain. If --inactive is specified, query the block devices
1300 that will be used on the next boot, rather than those currently in use
1301 by a running domain. If --details is specified, disk type and device
1302 value will also be printed. Other contexts that require a block device
1303 name (such as domblkinfo or snapshot-create for disk snapshots) will
1304 accept either target or unique source names printed by this command.
1305 domblkstat
1307 Syntax:
1308 domblkstat domain [block-device] [--human]
1310 Get device block stats for a running domain. A block-device corre‐
1312 sponds to a unique target name (<target dev='name'/>) or source file
1313 (<source file='name'/>) for one of the disk devices attached to domain
1314 (see also domblklist for listing these names). On a LXC or QEMU domain,
1315 omitting the block-device yields device block stats summarily for the
1316 entire domain.
1317 Use --human for a more human readable output.
1319 Availability of these fields depends on hypervisor. Unsupported fields
1321 are missing from the output. Other fields may appear if communicating
1322 with a newer version of libvirtd.
1323 Explanation of fields (fields appear in the following order):
1325 · rd_req - count of read operations
1327 · rd_bytes - count of read bytes
1329 · wr_req - count of write operations
1331 · wr_bytes - count of written bytes
1333 · errs - error count
1335 · flush_operations - count of flush operations
1337 · rd_total_times - total time read operations took (ns)
1339 · wr_total_times - total time write operations took (ns)
1341 · flush_total_times - total time flush operations took (ns)
1343 · <-- other fields provided by hypervisor -->
1345 domblkthreshold
1347 Syntax:
1348 domblkthreshold domain dev threshold
1350 Set the threshold value for delivering the block-threshold event. dev
1352 specifies the disk device target or backing chain element of given
1353 device using the 'target[1]' syntax. threshold is a scaled value of the
1354 offset. If the block device should write beyond that offset the event
1355 will be delivered.
1356 domcontrol
1358 Syntax:
1359 domcontrol domain
1361 Returns state of an interface to VMM used to control a domain. For
1363 states other than "ok" or "error" the command also prints number of
1364 seconds elapsed since the control interface entered its current state.
1365 domdisplay
1367 Syntax:
1368 domdisplay domain [--include-password] [[--type] type] [--all]
1370 Output a URI which can be used to connect to the graphical display of
1372 the domain via VNC, SPICE or RDP. The particular graphical display
1373 type can be selected using the type parameter (e.g. "vnc", "spice",
1374 "rdp"). If --include-password is specified, the SPICE channel password
1375 will be included in the URI. If --all is specified, then all show all
1376 possible graphical displays, for a VM could have more than one graphi‐
1377 cal displays.
1378 domfsfreeze
1380 Syntax:
1381 domfsfreeze domain [[--mountpoint] mountpoint...]
1383 Freeze mounted filesystems within a running domain to prepare for con‐
1385 sistent snapshots.
1386 The --mountpoint option takes a parameter mountpoint, which is a mount
1388 point path of the filesystem to be frozen. This option can occur multi‐
1389 ple times. If this is not specified, every mounted filesystem is
1390 frozen.
1391 Note: snapshot-create command has a --quiesce option to freeze and thaw
1393 the filesystems automatically to keep snapshots consistent. domfs‐
1394 freeze command is only needed when a user wants to utilize the native
1395 snapshot features of storage devices not supported by libvirt.
1396 domfsinfo
1398 Syntax:
1399 domfsinfo domain
1401 Show a list of mounted filesystems within the running domain. The list
1403 contains mountpoints, names of a mounted device in the guest, filesys‐
1404 tem types, and unique target names used in the domain XML (<target
1405 dev='name'/>).
1406 Note that this command requires a guest agent configured and running in
1408 the domain's guest OS.
1409 domfsthaw
1411 Syntax:
1412 domfsthaw domain [[--mountpoint] mountpoint...]
1414 Thaw mounted filesystems within a running domain, which have been
1416 frozen by domfsfreeze command.
1417 The --mountpoint option takes a parameter mountpoint, which is a mount
1419 point path of the filesystem to be thawed. This option can occur multi‐
1420 ple times. If this is not specified, every mounted filesystem is
1421 thawed.
1422 domfstrim
1424 Syntax:
1425 domfstrim domain [--minimum bytes] [--mountpoint mountPoint]
1427 Issue a fstrim command on all mounted filesystems within a running
1429 domain. It discards blocks which are not in use by the filesystem. If
1430 --minimum bytes is specified, it tells guest kernel length of contigu‐
1431 ous free range. Smaller than this may be ignored (this is a hint and
1432 the guest may not respect it). By increasing this value, the fstrim
1433 operation will complete more quickly for filesystems with badly frag‐
1434 mented free space, although not all blocks will be discarded. The
1435 default value is zero, meaning "discard every free block". Moreover, if
1436 a user wants to trim only one mount point, it can be specified via
1437 optional --mountpoint parameter.
1438 domhostname
1440 Syntax:
1441 domhostname domain [--source lease|agent]
1443 Returns the hostname of a domain, if the hypervisor makes it available.
1445 The --source argument specifies what data source to use for the host‐
1447 names, currently 'lease' to read DHCP leases or 'agent' to query the
1448 guest OS via an agent. If unspecified, driver returns the default
1449 method available (some drivers support only one type of source).
1450 domid
1452 Syntax:
1453 domid domain-name-or-uuid
1455 Convert a domain name (or UUID) to a domain id
1457 domif-getlink
1459 Syntax:
1460 domif-getlink domain interface-device [--config]
1462 Query link state of the domain's virtual interface. If --config is
1464 specified, query the persistent configuration, for compatibility pur‐
1465 poses, --persistent is alias of --config.
1466 interface-device can be the interface's target name or the MAC address.
1468 domif-setlink
1470 Syntax:
1471 domif-setlink domain interface-device state [--config]
1473 Modify link state of the domain's virtual interface. Possible values
1475 for state are "up" and "down". If --config is specified, only the per‐
1476 sistent configuration of the domain is modified, for compatibility pur‐
1477 poses, --persistent is alias of --config. interface-device can be the
1478 interface's target name or the MAC address.
1479 domifaddr
1481 Syntax:
1482 domifaddr domain [interface] [--full]
1484 [--source lease|agent|arp]
1485 Get a list of interfaces of a running domain along with their IP and
1487 MAC addresses, or limited output just for one interface if interface is
1488 specified. Note that interface can be driver dependent, it can be the
1489 name within guest OS or the name you would see in domain XML. Moreover,
1490 the whole command may require a guest agent to be configured for the
1491 queried domain under some hypervisors, notably QEMU.
1492 If --full is specified, the interface name and MAC address is always
1494 displayed when the interface has multiple IP addresses or aliases; oth‐
1495 erwise, only the interface name and MAC address is displayed for the
1496 first name and MAC address with "-" for the others using the same name
1497 and MAC address.
1498 The --source argument specifies what data source to use for the
1500 addresses, currently 'lease' to read DHCP leases, 'agent' to query the
1501 guest OS via an agent, or 'arp' to get IP from host's arp tables. If
1502 unspecified, 'lease' is the default.
1503 backup-begin
1505 Syntax:
1506 backup-begin domain [backupxml] [checkpointxml] [--reuse-external]
1508 Begin a new backup job. If backupxml is omitted, this defaults to a
1510 full backup using a push model to filenames generated by libvirt; sup‐
1511 plying XML allows fine-tuning such as requesting an incremental backup
1512 relative to an earlier checkpoint, controlling which disks participate
1513 or which filenames are involved, or requesting the use of a pull model
1514 backup. The backup-dumpxml command shows any resulting values assigned
1515 by libvirt. For more information on backup XML, see:
1516 https://libvirt.org/formatbackup.html
1517 If --reuse-external is used it instructs libvirt to reuse temporary and
1519 output files provided by the user in backupxml.
1520 If checkpointxml is specified, a second file with a top-level element
1522 of domaincheckpoint is used to create a simultaneous checkpoint, for
1523 doing a later incremental backup relative to the time the backup was
1524 created. See checkpoint-create for more details on checkpoints.
1525 This command returns as soon as possible, and the backup job runs in
1527 the background; the progress of a push model backup can be checked with
1528 domjobinfo or by waiting for an event with event (the progress of a
1529 pull model backup is under the control of whatever third party connects
1530 to the NBD export). The job is ended with domjobabort.
1531 backup-dumpxml
1533 Syntax:
1534 backup-dumpxml domain
1536 Output XML describing the current backup job.
1538 domiflist
1540 Syntax:
1541 domiflist domain [--inactive]
1543 Print a table showing the brief information of all virtual interfaces
1545 associated with domain. If --inactive is specified, query the virtual
1546 interfaces that will be used on the next boot, rather than those cur‐
1547 rently in use by a running domain. Other contexts that require a MAC
1548 address of virtual interface (such as detach-interface or
1549 domif-setlink) will accept the MAC address printed by this command.
1550 domifstat
1552 Syntax:
1553 domifstat domain interface-device
1555 Get network interface stats for a running domain. The network interface
1557 stats are only available for interfaces that have a physical source
1558 interface. This does not include, for example, a 'user' interface type
1559 since it is a virtual LAN with NAT to the outside world. inter‐
1560 face-device can be the interface target by name or MAC address.
1561 domiftune
1563 Syntax:
1564 domiftune domain interface-device [[--config] [--live] | [--current]]
1566 [*--inbound average,peak,burst,floor*]
1567 [*--outbound average,peak,burst*]
1568 Set or query the domain's network interface's bandwidth parameters.
1570 interface-device can be the interface's target name (<target
1571 dev='name'/>), or the MAC address.
1572 If no --inbound or --outbound is specified, this command will query and
1574 show the bandwidth settings. Otherwise, it will set the inbound or out‐
1575 bound bandwidth. average,peak,burst,floor is the same as in command
1576 attach-interface. Values for average, peak and floor are expressed in
1577 kilobytes per second, while burst is expressed in kilobytes in a single
1578 burst at peak speed as described in the Network XML documentation at
1579 https://libvirt.org/formatnetwork.html#elementQoS.
1580 To clear inbound or outbound settings, use --inbound or --outbound
1582 respectfully with average value of zero.
1583 If --live is specified, affect a running guest. If --config is speci‐
1585 fied, affect the next boot of a persistent guest. If --current is
1586 specified, affect the current guest state. Both --live and --config
1587 flags may be given, but --current is exclusive. If no flag is speci‐
1588 fied, behavior is different depending on hypervisor.
1589 dominfo
1591 Syntax:
1592 dominfo domain
1594 Returns basic information about the domain.
1596 domjobabort
1598 Syntax:
1599 domjobabort domain
1601 Abort the currently running domain job.
1603 domjobinfo
1605 Syntax:
1606 domjobinfo domain [--completed [--keep-completed]] [--anystats] [--rawstats]
1608 Returns information about jobs running on a domain. --completed tells
1610 virsh to return information about a recently finished job. Statistics
1611 of a completed job are automatically destroyed once read (unless
1612 --keep-completed is used) or when libvirtd is restarted.
1613 Normally only statistics for running and successful completed jobs are
1615 printed. --anystats can be used to also display statistics for failed
1616 jobs.
1617 In case --rawstats is used, all fields are printed as received from the
1619 server without any attempts to interpret the data. The "Job type:"
1620 field is special, since it's reported by the API and not part of stats.
1621 Note that time information returned for completed migrations may be
1623 completely irrelevant unless both source and destination hosts have
1624 synchronized time (i.e., NTP daemon is running on both of them).
1625 dommemstat
1627 Syntax:
1628 dommemstat domain [--period seconds] [[--config] [--live] | [--current]]
1630 Get memory stats for a running domain.
1632 Availability of these fields depends on hypervisor. Unsupported fields
1634 are missing from the output. Other fields may appear if communicating
1635 with a newer version of libvirtd.
1636 Explanation of fields:
1638 · swap_in - The amount of data read from swap space (in KiB)
1640 · swap_out - The amount of memory written out to swap space
1642 (in KiB)
1643 · major_fault - The number of page faults where disk IO was
1645 required
1646 · minor_fault - The number of other page faults
1648 · unused - The amount of memory left unused by the system
1650 (in KiB)
1651 · available - The amount of usable memory as seen by the domain
1653 (in KiB)
1654 · actual - Current balloon value (in KiB)
1656 · rss - Resident Set Size of the running domain's process
1658 (in KiB)
1659 · usable - The amount of memory which can be reclaimed by
1661 balloon without causing host swapping (in KiB)
1662 · last-update - Timestamp of the last update of statistics (in
1664 seconds)
1665 · disk_caches - The amount of memory that can be reclaimed with‐
1667 out additional I/O, typically disk caches (in KiB)
1668 · hugetlb_pgalloc - The number of successful huge page allocations
1670 initiated from within the domain
1671 · hugetlb_pgfail - The number of failed huge page allocations initi‐
1673 ated from within the domain
1674 For QEMU/KVM with a memory balloon, setting the optional --period to a
1676 value larger than 0 in seconds will allow the balloon driver to return
1677 additional statistics which will be displayed by subsequent dommemstat
1678 commands. Setting the --period to 0 will stop the balloon driver col‐
1679 lection, but does not clear the statistics in the balloon driver.
1680 Requires at least QEMU/KVM 1.5 to be running on the host.
1681 The --live, --config, and --current flags are only valid when using the
1683 --period option in order to set the collection period for the balloon
1684 driver. If --live is specified, only the running guest collection
1685 period is affected. If --config is specified, affect the next boot of a
1686 persistent guest. If --current is specified, affect the current guest
1687 state.
1688 Both --live and --config flags may be given, but --current is exclu‐
1690 sive. If no flag is specified, behavior is different depending on the
1691 guest state.
1692 domname
1694 Syntax:
1695 domname domain-id-or-uuid
1697 Convert a domain Id (or UUID) to domain name
1699 dompmsuspend
1701 Syntax:
1702 dompmsuspend domain target [--duration]
1704 Suspend a running domain into one of these states (possible target val‐
1706 ues):
1707 · mem - equivalent of S3 ACPI state
1709 · disk - equivalent of S4 ACPI state
1711 · hybrid - RAM is saved to disk but not powered off
1713 The --duration argument specifies number of seconds before the domain
1715 is woken up after it was suspended (see also dompmwakeup). Default is 0
1716 for unlimited suspend time. (This feature isn't currently supported by
1717 any hypervisor driver and 0 should be used.).
1718 Note that this command requires a guest agent configured and running in
1720 the domain's guest OS.
1721 Beware that at least for QEMU, the domain's process will be terminated
1723 when target disk is used and a new process will be launched when lib‐
1724 virt is asked to wake up the domain. As a result of this, any runtime
1725 changes, such as device hotplug or memory settings, are lost unless
1726 such changes were made with --config flag.
1727 dompmwakeup
1729 Syntax:
1730 dompmwakeup domain
1732 Wakeup a domain from pmsuspended state (either suspended by dompmsus‐
1734 pend or from the guest itself). Injects a wakeup into the guest that is
1735 in pmsuspended state, rather than waiting for the previously requested
1736 duration (if any) to elapse. This operation doesn't not necessarily
1737 fail if the domain is running.
1738 domrename
1740 Syntax:
1741 domrename domain new-name
1743 Rename a domain. This command changes current domain name to the new
1745 name specified in the second argument.
1746 Note: Domain must be inactive and without snapshots or checkpoints.
1748 domstate
1750 Syntax:
1751 domstate domain [--reason]
1753 Returns state about a domain. --reason tells virsh to also print rea‐
1755 son for the state.
1756 domstats
1758 Syntax:
1759 domstats [--raw] [--enforce] [--backing] [--nowait] [--state]
1761 [--cpu-total] [--balloon] [--vcpu] [--interface]
1762 [--block] [--perf] [--iothread] [--memory]
1763 [[--list-active] [--list-inactive]
1764 [--list-persistent] [--list-transient] [--list-running]y
1765 [--list-paused] [--list-shutoff] [--list-other]] | [domain ...]
1766 Get statistics for multiple or all domains. Without any argument this
1768 command prints all available statistics for all domains.
1769 The list of domains to gather stats for can be either limited by list‐
1771 ing the domains as a space separated list, or by specifying one of the
1772 filtering flags --list-NNN. (The approaches can't be combined.)
1773 By default some of the returned fields may be converted to more human
1775 friendly values by a set of pretty-printers. To suppress this behavior
1776 use the --raw flag.
1777 The individual statistics groups are selectable via specific flags. By
1779 default all supported statistics groups are returned. Supported statis‐
1780 tics groups flags are: --state, --cpu-total, --balloon, --vcpu,
1781 --interface, --block, --perf, --iothread, --memory.
1782 Note that - depending on the hypervisor type and version or the domain
1784 state - not all of the following statistics may be returned.
1785 When selecting the --state group the following fields are returned:
1787 · state.state - state of the VM, returned as number from virDomainState
1789 enum
1790 · state.reason - reason for entering given state, returned as int from
1792 virDomain*Reason enum corresponding to given state
1793 --cpu-total returns:
1795 · cpu.time - total cpu time spent for this domain in nanoseconds
1797 · cpu.user - user cpu time spent in nanoseconds
1799 · cpu.system - system cpu time spent in nanoseconds
1801 · cpu.cache.monitor.count - the number of cache monitors for this
1803 domain
1804 · cpu.cache.monitor.<num>.name - the name of cache monitor <num>
1806 · cpu.cache.monitor.<num>.vcpus - vcpu list of cache monitor <num>
1808 · cpu.cache.monitor.<num>.bank.count - the number of cache banks in
1810 cache monitor <num>
1811 · cpu.cache.monitor.<num>.bank.<index>.id - host allocated cache id for
1813 bank <index> in cache monitor <num>
1814 · cpu.cache.monitor.<num>.bank.<index>.bytes - the number of bytes of
1816 last level cache that the domain is using on cache bank <index>
1817 --balloon returns:
1819 · balloon.current - the memory in KiB currently used
1821 · balloon.maximum - the maximum memory in KiB allowed
1823 · balloon.swap_in - the amount of data read from swap space (in KiB)
1825 · balloon.swap_out - the amount of memory written out to swap space (in
1827 KiB)
1828 · balloon.major_fault - the number of page faults then disk IO was
1830 required
1831 · balloon.minor_fault - the number of other page faults
1833 · balloon.unused - the amount of memory left unused by the system (in
1835 KiB)
1836 · balloon.available - the amount of usable memory as seen by the domain
1838 (in KiB)
1839 · balloon.rss - Resident Set Size of running domain's process (in KiB)
1841 · balloon.usable - the amount of memory which can be reclaimed by bal‐
1843 loon without causing host swapping (in KiB)
1844 · balloon.last-update - timestamp of the last update of statistics (in
1846 seconds)
1847 · balloon.disk_caches - the amount of memory that can be reclaimed
1849 without additional I/O, typically disk (in KiB)
1850 --vcpu returns:
1852 · vcpu.current - current number of online virtual CPUs
1854 · vcpu.maximum - maximum number of online virtual CPUs
1856 · vcpu.<num>.state - state of the virtual CPU <num>, as number from
1858 virVcpuState enum
1859 · vcpu.<num>.time - virtual cpu time spent by virtual CPU <num> (in
1861 microseconds)
1862 · vcpu.<num>.wait - virtual cpu time spent by virtual CPU <num> waiting
1864 on I/O (in microseconds)
1865 · vcpu.<num>.halted - virtual CPU <num> is halted: yes or no (may indi‐
1867 cate the processor is idle or even disabled, depending on the archi‐
1868 tecture)
1869 --interface returns:
1871 · net.count - number of network interfaces on this domain
1873 · net.<num>.name - name of the interface <num>
1875 · net.<num>.rx.bytes - number of bytes received
1877 · net.<num>.rx.pkts - number of packets received
1879 · net.<num>.rx.errs - number of receive errors
1881 · net.<num>.rx.drop - number of receive packets dropped
1883 · net.<num>.tx.bytes - number of bytes transmitted
1885 · net.<num>.tx.pkts - number of packets transmitted
1887 · net.<num>.tx.errs - number of transmission errors
1889 · net.<num>.tx.drop - number of transmit packets dropped
1891 --perf returns the statistics of all enabled perf events:
1893 · perf.cmt - the cache usage in Byte currently used
1895 · perf.mbmt - total system bandwidth from one level of cache
1897 · perf.mbml - bandwidth of memory traffic for a memory controller
1899 · perf.cpu_cycles - the count of cpu cycles (total/elapsed)
1901 · perf.instructions - the count of instructions
1903 · perf.cache_references - the count of cache hits
1905 · perf.cache_misses - the count of caches misses
1907 · perf.branch_instructions - the count of branch instructions
1909 · perf.branch_misses - the count of branch misses
1911 · perf.bus_cycles - the count of bus cycles
1913 · perf.stalled_cycles_frontend - the count of stalled frontend cpu
1915 cycles
1916 · perf.stalled_cycles_backend - the count of stalled backend cpu cycles
1918 · perf.ref_cpu_cycles - the count of ref cpu cycles
1920 · perf.cpu_clock - the count of cpu clock time
1922 · perf.task_clock - the count of task clock time
1924 · perf.page_faults - the count of page faults
1926 · perf.context_switches - the count of context switches
1928 · perf.cpu_migrations - the count of cpu migrations
1930 · perf.page_faults_min - the count of minor page faults
1932 · perf.page_faults_maj - the count of major page faults
1934 · perf.alignment_faults - the count of alignment faults
1936 · perf.emulation_faults - the count of emulation faults
1938 See the perf command for more details about each event.
1940 --block returns information about disks associated with each domain.
1942 Using the --backing flag extends this information to cover all
1943 resources in the backing chain, rather than the default of limiting
1944 information to the active layer for each guest disk. Information
1945 listed includes:
1946 · block.count - number of block devices being listed
1948 · block.<num>.name - name of the target of the block device <num> (the
1950 same name for multiple entries if --backing is present)
1951 · block.<num>.backingIndex - when --backing is present, matches up with
1953 the <backingStore> index listed in domain XML for backing files
1954 · block.<num>.path - file source of block device <num>, if it is a
1956 local file or block device
1957 · block.<num>.rd.reqs - number of read requests
1959 · block.<num>.rd.bytes - number of read bytes
1961 · block.<num>.rd.times - total time (ns) spent on reads
1963 · block.<num>.wr.reqs - number of write requests
1965 · block.<num>.wr.bytes - number of written bytes
1967 · block.<num>.wr.times - total time (ns) spent on writes
1969 · block.<num>.fl.reqs - total flush requests
1971 · block.<num>.fl.times - total time (ns) spent on cache flushing
1973 · block.<num>.errors - Xen only: the 'oo_req' value
1975 · block.<num>.allocation - offset of highest written sector in bytes
1977 · block.<num>.capacity - logical size of source file in bytes
1979 · block.<num>.physical - physical size of source file in bytes
1981 · block.<num>.threshold - threshold (in bytes) for delivering the
1983 VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD event. See domblkthreshold.
1984 --iothread returns information about IOThreads on the running guest if
1986 supported by the hypervisor.
1987 The "poll-max-ns" for each thread is the maximum nanoseconds to allow
1989 each polling interval to occur. A polling interval is a period of time
1990 allowed for a thread to process data before being the guest gives up
1991 its CPU quantum back to the host. A value set too small will not allow
1992 the IOThread to run long enough on a CPU to process data. A value set
1993 too high will consume too much CPU time per IOThread failing to allow
1994 other threads running on the CPU to get time. The polling interval is
1995 not available for statistical purposes.
1996 · iothread.<id>.poll-max-ns - maximum polling time in nanoseconds used
1998 by the <id> IOThread. A value of 0 (zero) indicates polling is dis‐
1999 abled.
2000 · iothread.<id>.poll-grow - polling time grow value. A value of 0
2002 (zero) growth is managed by the hypervisor.
2003 · iothread.<id>.poll-shrink - polling time shrink value. A value of
2005 (zero) indicates shrink is managed by hypervisor.
2006 --memory returns:
2008 · memory.bandwidth.monitor.count - the number of memory bandwidth moni‐
2010 tors for this domain
2011 · memory.bandwidth.monitor.<num>.name - the name of monitor <num>
2013 · memory.bandwidth.monitor.<num>.vcpus - the vcpu list of monitor <num>
2015 ·
2017 memory.bandwidth.monitor.<num>.node.count - the number of memory
2019 controller in monitor <num>
2020 · memory.bandwidth.monitor.<num>.node.<index>.id - host allocated mem‐
2022 ory controller id for controller <index> of monitor <num>
2023 · memory.bandwidth.monitor.<num>.node.<index>.bytes.local - the accumu‐
2025 lative bytes consumed by @vcpus that passing through the memory con‐
2026 troller in the same processor that the scheduled host CPU belongs to.
2027 · memory.bandwidth.monitor.<num>.node.<index>.bytes.total - the total
2029 bytes consumed by @vcpus that passing through all memory controllers,
2030 either local or remote controller.
2031 Selecting a specific statistics groups doesn't guarantee that the dae‐
2033 mon supports the selected group of stats. Flag --enforce forces the
2034 command to fail if the daemon doesn't support the selected group.
2035 When collecting stats libvirtd may wait for some time if there's
2037 already another job running on given domain for it to finish. This may
2038 cause unnecessary delay in delivering stats. Using --nowait suppresses
2039 this behaviour. On the other hand some statistics might be missing for
2040 such domain.
2041 domtime
2043 Syntax:
2044 domtime domain { [--now] [--pretty] [--sync] [--time time] }
2046 Gets or sets the domain's system time. When run without any arguments
2048 (but domain), the current domain's system time is printed out. The
2049 --pretty modifier can be used to print the time in more human readable
2050 form.
2051 When --time time is specified, the domain's time is not gotten but set
2053 instead. The --now modifier acts like if it was an alias for --time
2054 $now, which means it sets the time that is currently on the host virsh
2055 is running at. In both cases (setting and getting), time is in seconds
2056 relative to Epoch of 1970-01-01 in UTC. The --sync modifies the set
2057 behavior a bit: The time passed is ignored, but the time to set is read
2058 from domain's RTC instead. Please note, that some hypervisors may
2059 require a guest agent to be configured in order to get or set the guest
2060 time.
2061 domuuid
2063 Syntax:
2064 domuuid domain-name-or-id
2066 Convert a domain name or id to domain UUID
2068 domxml-from-native
2070 Syntax:
2071 domxml-from-native format config
2073 Convert the file config in the native guest configuration format named
2075 by format to a domain XML format. For QEMU/KVM hypervisor, the format
2076 argument must be qemu-argv. For Xen hypervisor, the format argument may
2077 be xen-xm, xen-xl, or xen-sxpr. For LXC hypervisor, the format argument
2078 must be lxc-tools. For VMware/ESX hypervisor, the format argument must
2079 be vmware-vmx. For the Bhyve hypervisor, the format argument must be
2080 bhyve-argv.
2081 domxml-to-native
2083 Syntax:
2084 domxml-to-native format { [--xml] xml | --domain domain-name-or-id-or-uuid }
2086 Convert the file xml into domain XML format or convert an existing
2088 --domain to the native guest configuration format named by format. The
2089 xml and --domain arguments are mutually exclusive. For the types of
2090 format argument, refer to domxml-from-native.
2091 dump
2093 Syntax:
2094 dump domain corefilepath [--bypass-cache]
2096 { [--live] | [--crash] | [--reset] }
2097 [--verbose] [--memory-only] [--format string]
2098 Dumps the core of a domain to a file for analysis. If --live is speci‐
2100 fied, the domain continues to run until the core dump is complete,
2101 rather than pausing up front. If --crash is specified, the domain is
2102 halted with a crashed status, rather than merely left in a paused
2103 state. If --reset is specified, the domain is reset after successful
2104 dump. Note, these three switches are mutually exclusive. If
2105 --bypass-cache is specified, the save will avoid the file system cache,
2106 although this may slow down the operation. If --memory-only is speci‐
2107 fied, the file is elf file, and will only include domain's memory and
2108 cpu common register value. It is very useful if the domain uses host
2109 devices directly. --format string is used to specify the format of
2110 'memory-only' dump, and string can be one of them: elf,
2111 kdump-zlib(kdump-compressed format with zlib-compressed),
2112 kdump-lzo(kdump-compressed format with lzo-compressed),
2113 kdump-snappy(kdump-compressed format with snappy-compressed).
2114 The progress may be monitored using domjobinfo virsh command and can‐
2116 celed with domjobabort command (sent by another virsh instance).
2117 Another option is to send SIGINT (usually with Ctrl-C) to the virsh
2118 process running dump command. --verbose displays the progress of dump.
2119 NOTE: Some hypervisors may require the user to manually ensure proper
2121 permissions on file and path specified by argument corefilepath.
2122 NOTE: Crash dump in a old kvmdump format is being obsolete and cannot
2124 be loaded and processed by crash utility since its version 6.1.0. A
2125 --memory-only option is required in order to produce valid ELF file
2126 which can be later processed by the crash utility.
2127 dumpxml
2129 Syntax:
2130 dumpxml domain [--inactive] [--security-info] [--update-cpu] [--migratable]
2132 Output the domain information as an XML dump to stdout, this format can
2134 be used by the create command. Additional options affecting the XML
2135 dump may be used. --inactive tells virsh to dump domain configuration
2136 that will be used on next start of the domain as opposed to the current
2137 domain configuration. Using --security-info will also include security
2138 sensitive information in the XML dump. --update-cpu updates domain CPU
2139 requirements according to host CPU. With --migratable one can request
2140 an XML that is suitable for migrations, i.e., compatible with older
2141 libvirt releases and possibly amended with internal run-time options.
2142 This option may automatically enable other options (--update-cpu,
2143 --security-info, ...) as necessary.
2144 edit
2146 Syntax:
2147 edit domain
2149 Edit the XML configuration file for a domain, which will affect the
2151 next boot of the guest.
2152 This is equivalent to:
2154 virsh dumpxml --inactive --security-info domain > domain.xml
2156 vi domain.xml (or make changes with your other text editor)
2157 virsh define domain.xml
2158 except that it does some error checking.
2160 The editor used can be supplied by the $VISUAL or $EDITOR environment
2162 variables, and defaults to vi.
2163 emulatorpin
2165 Syntax:
2166 emulatorpin domain [cpulist] [[--live] [--config] | [--current]]
2168 Query or change the pinning of domain's emulator threads to host physi‐
2170 cal CPUs.
2171 See vcpupin for cpulist.
2173 If --live is specified, affect a running guest. If --config is speci‐
2175 fied, affect the next boot of a persistent guest. If --current is
2176 specified, affect the current guest state. Both --live and --config
2177 flags may be given if cpulist is present, but --current is exclusive.
2178 If no flag is specified, behavior is different depending on hypervisor.
2179 event
2181 Syntax:
2182 event {[domain] { event | --all } [--loop] [--timeout seconds] [--timestamp] | --list}
2184 Wait for a class of domain events to occur, and print appropriate
2186 details of events as they happen. The events can optionally be fil‐
2187 tered by domain. Using --list as the only argument will provide a list
2188 of possible event values known by this client, although the connection
2189 might not allow registering for all these events. It is also possible
2190 to use --all instead of event to register for all possible event types
2191 at once.
2192 By default, this command is one-shot, and returns success once an event
2194 occurs; you can send SIGINT (usually via Ctrl-C) to quit immediately.
2195 If --timeout is specified, the command gives up waiting for events
2196 after seconds have elapsed. With --loop, the command prints all
2197 events until a timeout or interrupt key.
2198 When --timestamp is used, a human-readable timestamp will be printed
2200 before the event.
2201 guest
2203 Syntax:
2204 guest-agent-timeout domain --timeout value
2206 Set how long to wait for a response from guest agent commands. By
2208 default, agent commands block forever waiting for a response. value
2209 must be a positive value (wait for given amount of seconds) or one of
2210 the following values:
2211 · -2 - block forever waiting for a result,
2213 · -1 - reset timeout to the default value,
2215 · 0 - do not wait at all,
2217 guestinfo
2219 Syntax:
2220 guestinfo domain [--user] [--os] [--timezone] [--hostname] [--filesystem]
2222 Print information about the guest from the point of view of the guest
2224 agent. Note that this command requires a guest agent to be configured
2225 and running in the domain's guest OS.
2226 When run without any arguments, this command prints all information
2228 types that are supported by the guest agent. You can limit the types of
2229 information that are returned by specifying one or more flags. If a
2230 requested information type is not supported, the processes will provide
2231 an exit code of 1. Available information types flags are --user, --os,
2232 --timezone, --hostname, and --filesystem.
2233 Note that depending on the hypervisor type and the version of the guest
2235 agent running within the domain, not all of the following information
2236 may be returned.
2237 When selecting the --user information type, the following fields may be
2239 returned:
2240 · user.count - the number of active users on this domain
2242 · user.<num>.name - username of user <num>
2244 · user.<num>.domain - domain of the user <num> (may only be present on
2246 certain guets types)
2247 · user.<num>.login-time - the login time of user <num> in milliseconds
2249 since the epoch
2250 --os returns:
2252 · os.id - a string identifying the operating system
2254 · os.name - the name of the operating system
2256 · os.pretty-name - a pretty name for the operating system
2258 · os.version - the version of the operating system
2260 · os.version-id - the version id of the operating system
2262 · os.kernel-release - the release of the operating system kernel
2264 · os.kernel-version - the version of the operating system kernel
2266 · os.machine - the machine hardware name
2268 · os.variant - a specific variant or edition of the operating system
2270 · os.variant-id - the id for a specific variant or edition of the oper‐
2272 ating system
2273 --timezone returns:
2275 · timezone.name - the name of the timezone
2277 · timezone.offset - the offset to UTC in seconds
2279 --hostname returns:
2281 · hostname - the hostname of the domain
2283 --filesystem returns:
2285 · fs.count - the number of filesystems defined on this domain
2287 · fs.<num>.mountpoint - the path to the mount point for filesystem
2289 <num>
2290 · fs.<num>.name - device name in the guest (e.g. sda1) for filesystem
2292 <num>
2293 · fs.<num>.fstype - the type of filesystem <num>
2295 · fs.<num>.total-bytes - the total size of filesystem <num>
2297 · fs.<num>.used-bytes - the number of bytes used in filesystem <num>
2299 · fs.<num>.disk.count - the number of disks targeted by filesystem
2301 <num>
2302 · fs.<num>.disk.<num>.alias - the device alias of disk <num> (e.g. sda)
2304 · fs.<num>.disk.<num>.serial - the serial number of disk <num>
2306 · fs.<num>.disk.<num>.device - the device node of disk <num>
2308 guestvcpus
2310 Syntax:
2311 guestvcpus domain [[--enable] | [--disable]] [cpulist]
2313 Query or change state of vCPUs from guest's point of view using the
2315 guest agent. When invoked without cpulist the guest is queried for
2316 available guest vCPUs, their state and possibility to be offlined.
2317 If cpulist is provided then one of --enable or --disable must be pro‐
2319 vided too. The desired operation is then executed on the domain.
2320 See vcpupin for information on cpulist.
2322 iothreadadd
2324 Syntax:
2325 iothreadadd domain iothread_id [[--config] [--live] | [--current]]
2327 Add a new IOThread to the domain using the specified iothread_id. If
2329 the iothread_id already exists, the command will fail. The iothread_id
2330 must be greater than zero.
2331 If --live is specified, affect a running guest. If the guest is not
2333 running an error is returned. If --config is specified, affect the
2334 next boot of a persistent guest. If --current is specified or --live
2335 and --config are not specified, affect the current guest state.
2336 iothreaddel
2338 Syntax:
2339 iothreaddel domain iothread_id [[--config] [--live] | [--current]]
2341 Delete an IOThread from the domain using the specified iothread_id. If
2343 an IOThread is currently assigned to a disk resource such as via the
2344 attach-disk command, then the attempt to remove the IOThread will fail.
2345 If the iothread_id does not exist an error will occur.
2346 If --live is specified, affect a running guest. If the guest is not
2348 running an error is returned. If --config is specified, affect the
2349 next boot of a persistent guest. If --current is specified or --live
2350 and --config are not specified, affect the current guest state.
2351 iothreadinfo
2353 Syntax:
2354 iothreadinfo domain [[--live] [--config] | [--current]]
2356 Display basic domain IOThreads information including the IOThread ID
2358 and the CPU Affinity for each IOThread.
2359 If --live is specified, get the IOThreads data from the running guest.
2361 If the guest is not running, an error is returned. If --config is
2362 specified, get the IOThreads data from the next boot of a persistent
2363 guest. If --current is specified or --live and --config are not speci‐
2364 fied, then get the IOThread data based on the current guest state.
2365 iothreadpin
2367 Syntax:
2368 iothreadpin domain iothread cpulist [[--live] [--config] | [--current]]
2370 Change the pinning of a domain IOThread to host physical CPUs. In order
2372 to retrieve a list of all IOThreads, use iothreadinfo. To pin an
2373 iothread specify the cpulist desired for the IOThread ID as listed in
2374 the iothreadinfo output.
2375 cpulist is a list of physical CPU numbers. Its syntax is a comma sepa‐
2377 rated list and a special markup using '-' and '^' (ex. '0-4', '0-3,^2')
2378 can also be allowed. The '-' denotes the range and the '^' denotes
2379 exclusive. If you want to reset iothreadpin setting, that is, to pin
2380 an iothread to all physical cpus, simply specify 'r' as a cpulist.
2381 If --live is specified, affect a running guest. If the guest is not
2383 running, an error is returned. If --config is specified, affect the
2384 next boot of a persistent guest. If --current is specified or --live
2385 and --config are not specified, affect the current guest state. Both
2386 --live and --config flags may be given if cpulist is present, but
2387 --current is exclusive. If no flag is specified, behavior is different
2388 depending on hypervisor.
2389 Note: The expression is sequentially evaluated, so "0-15,^8" is identi‐
2391 cal to "9-14,0-7,15" but not identical to "^8,0-15".
2392 iothreadset
2394 Syntax:
2395 iothreadset domain iothread_id [[--poll-max-ns ns] [--poll-grow factor]
2397 [--poll-shrink divisor]]
2398 [[--config] [--live] | [--current]]
2399 Modifies an existing iothread of the domain using the specified
2401 iothread_id. The --poll-max-ns provides the maximum polling interval to
2402 be allowed for an IOThread in ns. If a 0 (zero) is provided, then
2403 polling for the IOThread is disabled. The --poll-grow is the factor by
2404 which the current polling time will be adjusted in order to reach the
2405 maximum polling time. If a 0 (zero) is provided, then the default fac‐
2406 tor will be used. The --poll-shrink is the quotient by which the cur‐
2407 rent polling time will be reduced in order to get below the maximum
2408 polling interval. If a 0 (zero) is provided, then the default quotient
2409 will be used. The polling values are purely dynamic for a running
2410 guest. Saving, destroying, stopping, etc. the guest will result in the
2411 polling values returning to hypervisor defaults at the next start,
2412 restore, etc.
2413 If --live is specified, affect a running guest. If the guest is not
2415 running an error is returned. If --current is specified or --live is
2416 not specified, then handle as if --live was specified.
2417 managedsave
2419 Syntax:
2420 managedsave domain [--bypass-cache] [{--running | --paused}] [--verbose]
2422 Save and destroy (stop) a running domain, so it can be restarted from
2424 the same state at a later time. When the virsh start command is next
2425 run for the domain, it will automatically be started from this saved
2426 state. If --bypass-cache is specified, the save will avoid the file
2427 system cache, although this may slow down the operation.
2428 The progress may be monitored using domjobinfo virsh command and can‐
2430 celed with domjobabort command (sent by another virsh instance).
2431 Another option is to send SIGINT (usually with Ctrl-C) to the virsh
2432 process running managedsave command. --verbose displays the progress of
2433 save.
2434 Normally, starting a managed save will decide between running or paused
2436 based on the state the domain was in when the save was done; passing
2437 either the --running or --paused flag will allow overriding which state
2438 the start should use.
2439 The dominfo command can be used to query whether a domain currently has
2441 any managed save image.
2442 managedsave-define
2444 Syntax:
2445 managedsave-define domain xml [{--running | --paused}]
2447 Update the domain XML that will be used when domain is later started.
2449 The xml argument must be a file name containing the alternative XML,
2450 with changes only in the host-specific portions of the domain XML. For
2451 example, it can be used to change disk file paths.
2452 The managed save image records whether the domain should be started to
2454 a running or paused state. Normally, this command does not alter the
2455 recorded state; passing either the --running or --paused flag will
2456 allow overriding which state the start should use.
2457 managedsave-dumpxml
2459 Syntax:
2460 managedsave-dumpxml domain [--security-info]
2462 Extract the domain XML that was in effect at the time the saved state
2464 file file was created with the managedsave command. Using --secu‐
2465 rity-info will also include security sensitive information.
2466 managedsave-edit
2468 Syntax:
2469 managedsave-edit domain [{--running | --paused}]
2471 Edit the XML configuration associated with a saved state file of a
2473 domain was created by the managedsave command.
2474 The managed save image records whether the domain should be started to
2476 a running or paused state. Normally, this command does not alter the
2477 recorded state; passing either the --running or --paused flag will
2478 allow overriding which state the restore should use.
2479 This is equivalent to:
2481 virsh managedsave-dumpxml domain-name > state-file.xml
2483 vi state-file.xml (or make changes with your other text editor)
2484 virsh managedsave-define domain-name state-file-xml
2485 except that it does some error checking.
2487 The editor used can be supplied by the $VISUAL or $EDITOR environment
2489 variables, and defaults to vi.
2490 managedsave-remove
2492 Syntax:
2493 managedsave-remove domain
2495 Remove the managedsave state file for a domain, if it exists. This
2497 ensures the domain will do a full boot the next time it is started.
2498 maxvcpus
2500 Syntax:
2501 maxvcpus [type]
2503 Provide the maximum number of virtual CPUs supported for a guest VM on
2505 this connection. If provided, the type parameter must be a valid type
2506 attribute for the <domain> element of XML.
2507 memtune
2509 Syntax:
2510 memtune domain [--hard-limit size] [--soft-limit size] [--swap-hard-limit size]
2512 [--min-guarantee size] [[--config] [--live] | [--current]]
2513 Allows you to display or set the domain memory parameters. Without
2515 flags, the current settings are displayed; with a flag, the appropriate
2516 limit is adjusted if supported by the hypervisor. LXC and QEMU/KVM
2517 support --hard-limit, --soft-limit, and --swap-hard-limit. --min-guar‐
2518 antee is supported only by ESX hypervisor. Each of these limits are
2519 scaled integers (see NOTES above), with a default of kibibytes (blocks
2520 of 1024 bytes) if no suffix is present. Libvirt rounds up to the near‐
2521 est kibibyte. Some hypervisors require a larger granularity than KiB,
2522 and requests that are not an even multiple will be rounded up. For
2523 example, vSphere/ESX rounds the parameter up to mebibytes (1024
2524 kibibytes).
2525 If --live is specified, affect a running guest. If --config is speci‐
2527 fied, affect the next boot of a persistent guest. If --current is
2528 specified, affect the current guest state. Both --live and --config
2529 flags may be given, but --current is exclusive. If no flag is speci‐
2530 fied, behavior is different depending on hypervisor.
2531 For QEMU/KVM, the parameters are applied to the QEMU process as a
2533 whole. Thus, when counting them, one needs to add up guest RAM, guest
2534 video RAM, and some memory overhead of QEMU itself. The last piece is
2535 hard to determine so one needs guess and try.
2536 For LXC, the displayed hard_limit value is the current memory setting
2538 from the XML or the results from a virsh setmem command.
2539 · --hard-limit
2541 The maximum memory the guest can use.
2543 · --soft-limit
2545 The memory limit to enforce during memory contention.
2547 · --swap-hard-limit
2549 The maximum memory plus swap the guest can use. This has to be more
2551 than hard-limit value provided.
2552 · --min-guarantee
2554 The guaranteed minimum memory allocation for the guest.
2556 Specifying -1 as a value for these limits is interpreted as unlimited.
2558 metadata
2560 Syntax:
2561 metadata domain [[--live] [--config] | [--current]]
2563 [--edit] [uri] [key] [set] [--remove]
2564 Show or modify custom XML metadata of a domain. The metadata is a user
2566 defined XML that allows storing arbitrary XML data in the domain defi‐
2567 nition. Multiple separate custom metadata pieces can be stored in the
2568 domain XML. The pieces are identified by a private XML namespace pro‐
2569 vided via the uri argument. (See also desc that works with textual
2570 metadata of a domain.)
2571 Flags --live or --config select whether this command works on live or
2573 persistent definitions of the domain. If both --live and --config are
2574 specified, the --config option takes precedence on getting the current
2575 description and both live configuration and config are updated while
2576 setting the description. --current is exclusive and implied if none of
2577 these was specified.
2578 Flag --remove specifies that the metadata element specified by the uri
2580 argument should be removed rather than updated.
2581 Flag --edit specifies that an editor with the metadata identified by
2583 the uri argument should be opened and the contents saved back after‐
2584 wards. Otherwise the new contents can be provided via the set argu‐
2585 ment.
2586 When setting metadata via --edit or set the key argument must be speci‐
2588 fied and is used to prefix the custom elements to bind them to the pri‐
2589 vate namespace.
2590 If neither of --edit and set are specified the XML metadata correspond‐
2592 ing to the uri namespace is displayed instead of being modified.
2593 migrate
2595 Syntax:
2596 migrate [--live] [--offline] [--direct] [--p2p [--tunnelled]]
2598 [--persistent] [--undefinesource] [--suspend] [--copy-storage-all]
2599 [--copy-storage-inc] [--change-protection] [--unsafe] [--verbose]
2600 [--rdma-pin-all] [--abort-on-error] [--postcopy] [--postcopy-after-precopy]
2601 domain desturi [migrateuri] [graphicsuri] [listen-address] [dname]
2602 [--timeout seconds [--timeout-suspend | --timeout-postcopy]]
2603 [--xml file] [--migrate-disks disk-list] [--disks-port port]
2604 [--compressed] [--comp-methods method-list]
2605 [--comp-mt-level] [--comp-mt-threads] [--comp-mt-dthreads]
2606 [--comp-xbzrle-cache] [--auto-converge] [auto-converge-initial]
2607 [auto-converge-increment] [--persistent-xml file] [--tls]
2608 [--postcopy-bandwidth bandwidth]
2609 [--parallel [--parallel-connections connections]]
2610 [--bandwidth bandwidth] [--tls-destination hostname]
2611 Migrate domain to another host. Add --live for live migration; <--p2p>
2613 for peer-2-peer migration; --direct for direct migration; or --tun‐
2614 nelled for tunnelled migration. --offline migrates domain definition
2615 without starting the domain on destination and without stopping it on
2616 source host. Offline migration may be used with inactive domains and
2617 it must be used with --persistent option. --persistent leaves the
2618 domain persistent on destination host, --undefinesource undefines the
2619 domain on the source host, and --suspend leaves the domain paused on
2620 the destination host. --copy-storage-all indicates migration with
2621 non-shared storage with full disk copy, --copy-storage-inc indicates
2622 migration with non-shared storage with incremental copy (same base
2623 image shared between source and destination). In both cases the disk
2624 images have to exist on destination host, the --copy-storage-...
2625 options only tell libvirt to transfer data from the images on source
2626 host to the images found at the same place on the destination host. By
2627 default only non-shared non-readonly images are transferred. Use
2628 --migrate-disks to explicitly specify a list of disk targets to trans‐
2629 fer via the comma separated disk-list argument. --change-protection
2630 enforces that no incompatible configuration changes will be made to the
2631 domain while the migration is underway; this flag is implicitly enabled
2632 when supported by the hypervisor, but can be explicitly used to reject
2633 the migration if the hypervisor lacks change protection support.
2634 --verbose displays the progress of migration. --abort-on-error cancels
2635 the migration if a soft error (for example I/O error) happens during
2636 the migration. --postcopy enables post-copy logic in migration, but
2637 does not actually start post-copy, i.e., migration is started in
2638 pre-copy mode. Once migration is running, the user may switch to
2639 post-copy using the migrate-postcopy command sent from another virsh
2640 instance or use --postcopy-after-precopy along with --postcopy to let
2641 libvirt automatically switch to post-copy after the first pass of
2642 pre-copy is finished. The maximum bandwidth consumed during the
2643 post-copy phase may be limited using --postcopy-bandwidth. The maximum
2644 bandwidth consumed during the pre-copy phase may be limited using
2645 --bandwidth.
2646 --auto-converge forces convergence during live migration. The initial
2648 guest CPU throttling rate can be set with auto-converge-initial. If the
2649 initial throttling rate is not enough to ensure convergence, the rate
2650 is periodically increased by auto-converge-increment.
2651 --rdma-pin-all can be used with RDMA migration (i.e., when migrateuri
2653 starts with rdma://) to tell the hypervisor to pin all domain's memory
2654 at once before migration starts rather than letting it pin memory pages
2655 as needed. For QEMU/KVM this requires hard_limit memory tuning element
2656 (in the domain XML) to be used and set to the maximum memory configured
2657 for the domain plus any memory consumed by the QEMU process itself.
2658 Beware of setting the memory limit too high (and thus allowing the
2659 domain to lock most of the host's memory). Doing so may be dangerous to
2660 both the domain and the host itself since the host's kernel may run out
2661 of memory.
2662 Note: Individual hypervisors usually do not support all possible types
2664 of migration. For example, QEMU does not support direct migration.
2665 In some cases libvirt may refuse to migrate the domain because doing so
2667 may lead to potential problems such as data corruption, and thus the
2668 migration is considered unsafe. For QEMU domain, this may happen if the
2669 domain uses disks without explicitly setting cache mode to "none".
2670 Migrating such domains is unsafe unless the disk images are stored on
2671 coherent clustered filesystem, such as GFS2 or GPFS. If you are sure
2672 the migration is safe or you just do not care, use --unsafe to force
2673 the migration.
2674 dname is used for renaming the domain to new name during migration,
2676 which also usually can be omitted. Likewise, --xml file is usually
2677 omitted, but can be used to supply an alternative XML file for use on
2678 the destination to supply a larger set of changes to any host-specific
2679 portions of the domain XML, such as accounting for naming differences
2680 between source and destination in accessing underlying storage. If
2681 --persistent is enabled, --persistent-xml file can be used to supply an
2682 alternative XML file which will be used as the persistent domain defi‐
2683 nition on the destination host.
2684 --timeout seconds tells virsh to run a specified action when live
2686 migration exceeds that many seconds. It can only be used with --live.
2687 If --timeout-suspend is specified, the domain will be suspended after
2688 the timeout and the migration will complete offline; this is the
2689 default if no --timeout-\`` option is specified on the command line.
2690 When *--timeout-postcopy is used, virsh will switch migration from
2691 pre-copy to post-copy upon timeout; migration has to be started with
2692 --postcopy option for this to work.
2693 --compressed activates compression, the compression method is chosen
2695 with --comp-methods. Supported methods are "mt" and "xbzrle" and can be
2696 used in any combination. When no methods are specified, a hypervisor
2697 default methods will be used. QEMU defaults to "xbzrle". Compression
2698 methods can be tuned further. --comp-mt-level sets compression level.
2699 Values are in range from 0 to 9, where 1 is maximum speed and 9 is max‐
2700 imum compression. --comp-mt-threads and --comp-mt-dthreads set the num‐
2701 ber of compress threads on source and the number of decompress threads
2702 on target respectively. --comp-xbzrle-cache sets size of page cache in
2703 bytes.
2704 Providing --tls causes the migration to use the host configured TLS
2706 setup (see migrate_tls_x509_cert_dir in /etc/libvirt/qemu.conf) in
2707 order to perform the migration of the domain. Usage requires proper TLS
2708 setup for both source and target. Normally the TLS certificate from the
2709 destination host must match +the host's name for TLS verification to
2710 succeed. When the certificate does not +match the destination hostname
2711 and the expected certificate's hostname is +known, --tls-destination
2712 can be used to pass the expected hostname when +starting the migration.
2713 --parallel option will cause migration data to be sent over multiple
2715 parallel connections. The number of such connections can be set using
2716 --parallel-connections. Parallel connections may help with saturating
2717 the network link between the source and the target and thus speeding up
2718 the migration.
2719 Running migration can be canceled by interrupting virsh (usually using
2721 Ctrl-C) or by domjobabort command sent from another virsh instance.
2722 The desturi and migrateuri parameters can be used to control which des‐
2724 tination the migration uses. desturi is important for managed migra‐
2725 tion, but unused for direct migration; migrateuri is required for
2726 direct migration, but can usually be automatically determined for man‐
2727 aged migration.
2728 Note: The desturi parameter for normal migration and peer2peer migra‐
2730 tion has different semantics:
2731 · normal migration: the desturi is an address of the target host as
2733 seen from the client machine.
2734 · peer2peer migration: the desturi is an address of the target host as
2736 seen from the source machine.
2737 When migrateuri is not specified, libvirt will automatically determine
2739 the hypervisor specific URI. Some hypervisors, including QEMU, have an
2740 optional "migration_host" configuration parameter (useful when the host
2741 has multiple network interfaces). If this is unspecified, libvirt
2742 determines a name by looking up the target host's configured hostname.
2743 There are a few scenarios where specifying migrateuri may help:
2745 · The configured hostname is incorrect, or DNS is broken. If a host
2747 has a hostname which will not resolve to match one of its public IP
2748 addresses, then libvirt will generate an incorrect URI. In this case
2749 migrateuri should be explicitly specified, using an IP address, or a
2750 correct hostname.
2751 · The host has multiple network interfaces. If a host has multiple
2753 network interfaces, it might be desirable for the migration data
2754 stream to be sent over a specific interface for either security or
2755 performance reasons. In this case migrateuri should be explicitly
2756 specified, using an IP address associated with the network to be
2757 used.
2758 · The firewall restricts what ports are available. When libvirt gener‐
2760 ates a migration URI, it will pick a port number using hypervisor
2761 specific rules. Some hypervisors only require a single port to be
2762 open in the firewalls, while others require a whole range of port
2763 numbers. In the latter case migrateuri might be specified to choose
2764 a specific port number outside the default range in order to comply
2765 with local firewall policies.
2766 See https://libvirt.org/migration.html#uris for more details on migra‐
2768 tion URIs.
2769 Optional graphicsuri overrides connection parameters used for automati‐
2771 cally reconnecting a graphical clients at the end of migration. If
2772 omitted, libvirt will compute the parameters based on target host IP
2773 address. In case the client does not have a direct access to the net‐
2774 work virtualization hosts are connected to and needs to connect through
2775 a proxy, graphicsuri may be used to specify the address the client
2776 should connect to. The URI is formed as follows:
2777 protocol://hostname[:port]/[?parameters]
2779 where protocol is either "spice" or "vnc" and parameters is a list of
2781 protocol specific parameters separated by '&'. Currently recognized
2782 parameters are "tlsPort" and "tlsSubject". For example,
2783 spice://target.host.com:1234/?tlsPort=4567
2785 Optional listen-address sets the listen address that hypervisor on the
2787 destination side should bind to for incoming migration. Both IPv4 and
2788 IPv6 addresses are accepted as well as hostnames (the resolving is done
2789 on destination). Some hypervisors do not support this feature and will
2790 return an error if this parameter is used.
2791 Optional disks-port sets the port that hypervisor on destination side
2793 should bind to for incoming disks traffic. Currently it is supported
2794 only by QEMU.
2795 migrate-compcache
2797 Syntax:
2798 migrate-compcache domain [--size bytes]
2800 Sets and/or gets size of the cache (in bytes) used for compressing
2802 repeatedly transferred memory pages during live migration. When called
2803 without size, the command just prints current size of the compression
2804 cache. When size is specified, the hypervisor is asked to change com‐
2805 pression cache to size bytes and then the current size is printed (the
2806 result may differ from the requested size due to rounding done by the
2807 hypervisor). The size option is supposed to be used while the domain is
2808 being live-migrated as a reaction to migration progress and increasing
2809 number of compression cache misses obtained from domjobinfo.
2810 migrate-getmaxdowntime
2812 Syntax:
2813 migrate-getmaxdowntime domain
2815 Get the maximum tolerable downtime for a domain which is being
2817 live-migrated to another host. This is the number of milliseconds the
2818 guest is allowed to be down at the end of live migration.
2819 migrate-getspeed
2821 Syntax:
2822 migrate-getspeed domain [--postcopy]
2824 Get the maximum migration bandwidth (in MiB/s) for a domain. If the
2826 --postcopy option is specified, the command will get the maximum band‐
2827 width allowed during a post-copy migration phase.
2828 migrate-postcopy
2830 Syntax:
2831 migrate-postcopy domain
2833 Switch the current migration from pre-copy to post-copy. This is only
2835 supported for a migration started with --postcopy option.
2836 migrate-setmaxdowntime
2838 Syntax:
2839 migrate-setmaxdowntime domain downtime
2841 Set maximum tolerable downtime for a domain which is being
2843 live-migrated to another host. The downtime is a number of millisec‐
2844 onds the guest is allowed to be down at the end of live migration.
2845 migrate-setspeed
2847 Syntax:
2848 migrate-setspeed domain bandwidth [--postcopy]
2850 Set the maximum migration bandwidth (in MiB/s) for a domain which is
2852 being migrated to another host. bandwidth is interpreted as an unsigned
2853 long long value. Specifying a negative value results in an essentially
2854 unlimited value being provided to the hypervisor. The hypervisor can
2855 choose whether to reject the value or convert it to the maximum value
2856 allowed. If the --postcopy option is specified, the command will set
2857 the maximum bandwidth allowed during a post-copy migration phase.
2858 numatune
2860 Syntax:
2861 numatune domain [--mode mode] [--nodeset nodeset]
2863 [[--config] [--live] | [--current]]
2864 Set or get a domain's numa parameters, corresponding to the <numatune>
2866 element of domain XML. Without flags, the current settings are dis‐
2867 played.
2868 mode can be one of `strict', `interleave' and `preferred' or any valid
2870 number from the virDomainNumatuneMemMode enum in case the daemon sup‐
2871 ports it. For a running domain, the mode can't be changed, and the
2872 nodeset can be changed only if the domain was started with a mode of
2873 `strict'.
2874 nodeset is a list of numa nodes used by the host for running the
2876 domain. Its syntax is a comma separated list, with '-' for ranges and
2877 '^' for excluding a node.
2878 If --live is specified, set scheduler information of a running guest.
2880 If --config is specified, affect the next boot of a persistent guest.
2881 If --current is specified, affect the current guest state.
2882 perf
2884 Syntax:
2885 perf domain [--enable eventSpec] [--disable eventSpec]
2887 [[--config] [--live] | [--current]]
2888 Get the current perf events setting or enable/disable specific perf
2890 events for a guest domain.
2891 Perf is a performance analyzing tool in Linux, and it can instrument
2893 CPU performance counters, tracepoints, kprobes, and uprobes (dynamic
2894 tracing). Perf supports a list of measurable events, and can measure
2895 events coming from different sources. For instance, some event are pure
2896 kernel counters, in this case they are called software events, includ‐
2897 ing context-switches, minor-faults, etc.. Now dozens of events from
2898 different sources can be supported by perf.
2899 Currently only QEMU/KVM supports this command. The --enable and --dis‐
2901 able option combined with eventSpec can be used to enable or disable
2902 specific performance event. eventSpec is a string list of one or more
2903 events separated by commas. Valid event names are as follows:
2904 Valid perf event names
2906 · cmt - A PQos (Platform Qos) feature to monitor the usage of cache by
2908 applications running on the platform.
2909 · mbmt - Provides a way to monitor the total system memory bandwidth
2911 between one level of cache and another.
2912 · mbml - Provides a way to limit the amount of data (bytes/s) send
2914 through the memory controller on the socket.
2915 · cache_misses - Provides the count of cache misses by applications
2917 running on the platform.
2918 · cache_references - Provides the count of cache hits by applications
2920 running on th e platform.
2921 · instructions - Provides the count of instructions executed by appli‐
2923 cations running on the platform.
2924 · cpu_cycles - Provides the count of cpu cycles (total/elapsed). May be
2926 used with instructions in order to get a cycles per instruction.
2927 · branch_instructions - Provides the count of branch instructions exe‐
2929 cuted by applications running on the platform.
2930 · branch_misses - Provides the count of branch misses executed by
2932 applications running on the platform.
2933 · bus_cycles - Provides the count of bus cycles executed by applica‐
2935 tions running on the platform.
2936 · stalled_cycles_frontend - Provides the count of stalled cpu cycles in
2938 the frontend of the instruction processor pipeline by applications
2939 running on the platform.
2940 · stalled_cycles_backend - Provides the count of stalled cpu cycles in
2942 the backend of the instruction processor pipeline by applications
2943 running on the platform.
2944 · ref_cpu_cycles - Provides the count of total cpu cycles not affected
2946 by CPU frequency scaling by applications running on the platform.
2947 · cpu_clock - Provides the cpu clock time consumed by applications run‐
2949 ning on the platform.
2950 · task_clock - Provides the task clock time consumed by applications
2952 running on the platform.
2953 · page_faults - Provides the count of page faults by applications run‐
2955 ning on the platform.
2956 · context_switches - Provides the count of context switches by applica‐
2958 tions running on the platform.
2959 · cpu_migrations - Provides the count cpu migrations by applications
2961 running on the platform.
2962 · page_faults_min - Provides the count minor page faults by applica‐
2964 tions running on the platform.
2965 · page_faults_maj - Provides the count major page faults by applica‐
2967 tions running on the platform.
2968 · alignment_faults - Provides the count alignment faults by applica‐
2970 tions running on the platform.
2971 · emulation_faults - Provides the count emulation faults by applica‐
2973 tions running on the platform.
2974 Note: The statistics can be retrieved using the domstats command using
2976 the --perf flag.
2977 If --live is specified, affect a running guest. If --config is speci‐
2979 fied, affect the next boot of a persistent guest. If --current is
2980 specified, affect the current guest state. Both --live and --config
2981 flags may be given, but --current is exclusive. If no flag is speci‐
2982 fied, behavior is different depending on hypervisor.
2983 reboot
2985 Syntax:
2986 reboot domain [--mode MODE-LIST]
2988 Reboot a domain. This acts just as if the domain had the reboot com‐
2990 mand run from the console. The command returns as soon as it has exe‐
2991 cuted the reboot action, which may be significantly before the domain
2992 actually reboots.
2993 The exact behavior of a domain when it reboots is set by the on_reboot
2995 parameter in the domain's XML definition.
2996 By default the hypervisor will try to pick a suitable shutdown method.
2998 To specify an alternative method, the --mode parameter can specify a
2999 comma separated list which includes acpi, agent, initctl, signal and
3000 paravirt. The order in which drivers will try each mode is undefined,
3001 and not related to the order specified to virsh. For strict control
3002 over ordering, use a single mode at a time and repeat the command.
3003 reset
3005 Syntax:
3006 reset domain
3008 Reset a domain immediately without any guest shutdown. reset emulates
3010 the power reset button on a machine, where all guest hardware sees the
3011 RST line set and reinitializes internal state.
3012 Note: Reset without any guest OS shutdown risks data loss.
3014 restore
3016 Syntax:
3017 restore state-file [--bypass-cache] [--xml file]
3019 [{--running | --paused}]
3020 Restores a domain from a virsh save state file. See save for more info.
3022 If --bypass-cache is specified, the restore will avoid the file system
3024 cache, although this may slow down the operation.
3025 --xml file is usually omitted, but can be used to supply an alternative
3027 XML file for use on the restored guest with changes only in the
3028 host-specific portions of the domain XML. For example, it can be used
3029 to account for file naming differences in underlying storage due to
3030 disk snapshots taken after the guest was saved.
3031 Normally, restoring a saved image will use the state recorded in the
3033 save image to decide between running or paused; passing either the
3034 --running or --paused flag will allow overriding which state the domain
3035 should be started in.
3036 Note: To avoid corrupting file system contents within the domain, you
3038 should not reuse the saved state file for a second restore unless you
3039 have also reverted all storage volumes back to the same contents as
3040 when the state file was created.
3041 resume
3043 Syntax:
3044 resume domain
3046 Moves a domain out of the suspended state. This will allow a previ‐
3048 ously suspended domain to now be eligible for scheduling by the under‐
3049 lying hypervisor.
3050 save
3052 Syntax:
3053 save domain state-file [--bypass-cache] [--xml file]
3055 [{--running | --paused}] [--verbose]
3056 Saves a running domain (RAM, but not disk state) to a state file so
3058 that it can be restored later. Once saved, the domain will no longer
3059 be running on the system, thus the memory allocated for the domain will
3060 be free for other domains to use. virsh restore restores from this
3061 state file. If --bypass-cache is specified, the save will avoid the
3062 file system cache, although this may slow down the operation.
3063 The progress may be monitored using domjobinfo virsh command and can‐
3065 celed with domjobabort command (sent by another virsh instance).
3066 Another option is to send SIGINT (usually with Ctrl-C) to the virsh
3067 process running save command. --verbose displays the progress of save.
3068 This is roughly equivalent to doing a hibernate on a running computer,
3070 with all the same limitations. Open network connections may be severed
3071 upon restore, as TCP timeouts may have expired.
3072 --xml file is usually omitted, but can be used to supply an alternative
3074 XML file for use on the restored guest with changes only in the
3075 host-specific portions of the domain XML. For example, it can be used
3076 to account for file naming differences that are planned to be made via
3077 disk snapshots of underlying storage after the guest is saved.
3078 Normally, restoring a saved image will decide between running or paused
3080 based on the state the domain was in when the save was done; passing
3081 either the --running or --paused flag will allow overriding which state
3082 the restore should use.
3083 Domain saved state files assume that disk images will be unchanged
3085 between the creation and restore point. For a more complete system
3086 restore point, where the disk state is saved alongside the memory
3087 state, see the snapshot family of commands.
3088 save-image-define
3090 Syntax:
3091 save-image-define file xml [{--running | --paused}]
3093 Update the domain XML that will be used when file is later used in the
3095 restore command. The xml argument must be a file name containing the
3096 alternative XML, with changes only in the host-specific portions of the
3097 domain XML. For example, it can be used to account for file naming
3098 differences resulting from creating disk snapshots of underlying stor‐
3099 age after the guest was saved.
3100 The save image records whether the domain should be restored to a run‐
3102 ning or paused state. Normally, this command does not alter the
3103 recorded state; passing either the --running or --paused flag will
3104 allow overriding which state the restore should use.
3105 save-image-dumpxml
3107 Syntax:
3108 save-image-dumpxml file [--security-info]
3110 Extract the domain XML that was in effect at the time the saved state
3112 file file was created with the save command. Using --security-info
3113 will also include security sensitive information.
3114 save-image-edit
3116 Syntax:
3117 save-image-edit file [{--running | --paused}]
3119 Edit the XML configuration associated with a saved state file file cre‐
3121 ated by the save command.
3122 The save image records whether the domain should be restored to a run‐
3124 ning or paused state. Normally, this command does not alter the
3125 recorded state; passing either the --running or --paused flag will
3126 allow overriding which state the restore should use.
3127 This is equivalent to:
3129 virsh save-image-dumpxml state-file > state-file.xml
3131 vi state-file.xml (or make changes with your other text editor)
3132 virsh save-image-define state-file state-file-xml
3133 except that it does some error checking.
3135 The editor used can be supplied by the $VISUAL or $EDITOR environment
3137 variables, and defaults to vi.
3138 schedinfo
3140 Syntax:
3141 schedinfo domain [[--config] [--live] | [--current]] [[--set] parameter=value]...
3143 schedinfo [--weight number] [--cap number] domain
3144 Allows you to show (and set) the domain scheduler parameters. The
3146 parameters available for each hypervisor are:
3147 LXC (posix scheduler) : cpu_shares, vcpu_period, vcpu_quota
3149 QEMU/KVM (posix scheduler): cpu_shares, vcpu_period, vcpu_quota, emula‐
3151 tor_period, emulator_quota, iothread_quota, iothread_period
3152 Xen (credit scheduler): weight, cap
3154 ESX (allocation scheduler): reservation, limit, shares
3156 If --live is specified, set scheduler information of a running guest.
3158 If --config is specified, affect the next boot of a persistent guest.
3159 If --current is specified, affect the current guest state.
3160 Note: The cpu_shares parameter has a valid value range of 0-262144;
3162 Negative values are wrapped to positive, and larger values are capped
3163 at the maximum. Therefore, -1 is a useful shorthand for 262144. On the
3164 Linux kernel, the values 0 and 1 are automatically converted to a mini‐
3165 mal value of 2.
3166 Note: The weight and cap parameters are defined only for the XEN_CREDIT
3168 scheduler.
3169 Note: The vcpu_period, emulator_period, and iothread_period parameters
3171 have a valid value range of 1000-1000000 or 0, and the vcpu_quota, emu‐
3172 lator_quota, and iothread_quota parameters have a valid value range of
3173 1000-18446744073709551 or less than 0. The value 0 for either parameter
3174 is the same as not specifying that parameter.
3175 screenshot
3177 Syntax:
3178 screenshot domain [imagefilepath] [--screen screenID]
3180 Takes a screenshot of a current domain console and stores it into a
3182 file. Optionally, if the hypervisor supports more displays for a
3183 domain, screenID allows specifying which screen will be captured. It is
3184 the sequential number of screen. In case of multiple graphics cards,
3185 heads are enumerated before devices, e.g. having two graphics cards,
3186 both with four heads, screen ID 5 addresses the second head on the sec‐
3187 ond card.
3188 send-key
3190 Syntax:
3191 send-key domain [--codeset codeset] [--holdtime holdtime] keycode...
3193 Parse the keycode sequence as keystrokes to send to domain. Each key‐
3195 code can either be a numeric value or a symbolic name from the corre‐
3196 sponding codeset. If --holdtime is given, each keystroke will be held
3197 for that many milliseconds. The default codeset is linux, but use of
3198 the --codeset option allows other codesets to be chosen.
3199 If multiple keycodes are specified, they are all sent simultaneously to
3201 the guest, and they may be received in random order. If you need dis‐
3202 tinct keypresses, you must use multiple send-key invocations.
3203 · linux
3205 The numeric values are those defined by the Linux generic input event
3207 subsystem. The symbolic names match the corresponding Linux key con‐
3208 stant macro names.
3209 See virkeycode-linux(7) and virkeyname-linux(7)
3211 · xt
3213 The numeric values are those defined by the original XT keyboard con‐
3215 troller. No symbolic names are provided
3216 See virkeycode-xt(7)
3218 · atset1
3220 The numeric values are those defined by the AT keyboard controller,
3222 set 1 (aka XT compatible set). Extended keycoes from atset1 may dif‐
3223 fer from extended keycodes in the xt codeset. No symbolic names are
3224 provided
3225 See virkeycode-atset1(7)
3227 · atset2
3229 The numeric values are those defined by the AT keyboard controller,
3231 set 2. No symbolic names are provided
3232 See virkeycode-atset2(7)
3234 · atset3
3236 The numeric values are those defined by the AT keyboard controller,
3238 set 3 (aka PS/2 compatible set). No symbolic names are provided
3239 See virkeycode-atset3(7)
3241 · os_x
3243 The numeric values are those defined by the macOS keyboard input sub‐
3245 system. The symbolic names match the corresponding macOS key constant
3246 macro names
3247 See virkeycode-osx(7) and virkeyname-osx(7)
3249 · xt_kbd
3251 The numeric values are those defined by the Linux KBD device. These
3253 are a variant on the original XT codeset, but often with different
3254 encoding for extended keycodes. No symbolic names are provided.
3255 See virkeycode-xtkbd(7)
3257 · win32
3259 The numeric values are those defined by the Win32 keyboard input sub‐
3261 system. The symbolic names match the corresponding Win32 key constant
3262 macro names
3263 See virkeycode-win32(7) and virkeyname-win32(7)
3265 · usb
3267 The numeric values are those defined by the USB HID specification for
3269 keyboard input. No symbolic names are provided
3270 See virkeycode-usb(7)
3272 · qnum
3274 The numeric values are those defined by the QNUM extension for send‐
3276 ing raw keycodes. These are a variant on the XT codeset, but extended
3277 keycodes have the low bit of the second byte set, instead of the high
3278 bit of the first byte. No symbolic names are provided.
3279 See virkeycode-qnum(7)
3281 Examples:
3283 # send three strokes 'k', 'e', 'y', using xt codeset. these
3285 # are all pressed simultaneously and may be received by the guest
3286 # in random order
3287 virsh send-key dom --codeset xt 37 18 21
3288 # send one stroke 'right-ctrl+C'
3290 virsh send-key dom KEY_RIGHTCTRL KEY_C
3291 # send a tab, held for 1 second
3293 virsh send-key --holdtime 1000 0xf
3294 send-process-signal
3296 Syntax:
3297 send-process-signal domain-id pid signame
3299 Send a signal signame to the process identified by pid running in the
3301 virtual domain domain-id. The pid is a process ID in the virtual domain
3302 namespace.
3303 The signame argument may be either an integer signal constant number,
3305 or one of the symbolic names:
3306 "nop", "hup", "int", "quit", "ill",
3308 "trap", "abrt", "bus", "fpe", "kill",
3309 "usr1", "segv", "usr2", "pipe", "alrm",
3310 "term", "stkflt", "chld", "cont", "stop",
3311 "tstp", "ttin", "ttou", "urg", "xcpu",
3312 "xfsz", "vtalrm", "prof", "winch", "poll",
3313 "pwr", "sys", "rt0", "rt1", "rt2", "rt3",
3314 "rt4", "rt5", "rt6", "rt7", "rt8", "rt9",
3315 "rt10", "rt11", "rt12", "rt13", "rt14", "rt15",
3316 "rt16", "rt17", "rt18", "rt19", "rt20", "rt21",
3317 "rt22", "rt23", "rt24", "rt25", "rt26", "rt27",
3318 "rt28", "rt29", "rt30", "rt31", "rt32"
3319 The symbol name may optionally be prefixed with sig or sig_ and may be
3321 in uppercase or lowercase.
3322 Examples:
3324 virsh send-process-signal myguest 1 15
3326 virsh send-process-signal myguest 1 term
3327 virsh send-process-signal myguest 1 sigterm
3328 virsh send-process-signal myguest 1 SIG_HUP
3329 set-lifecycle-action
3331 Syntax:
3332 set-lifecycle-action domain type action
3334 [[--config] [--live] | [--current]]
3335 Set the lifecycle action for specified lifecycle type. The valid types
3337 are "poweroff", "reboot" and "crash", and for each of them valid action
3338 is one of "destroy", "restart", "rename-restart", "preserve". For type
3339 "crash", additional actions "coredump-destroy" and "coredump-restart"
3340 are supported.
3341 set-user-password
3343 Syntax:
3344 set-user-password domain user password [--encrypted]
3346 Set the password for the user account in the guest domain.
3348 If --encrypted is specified, the password is assumed to be already
3350 encrypted by the method required by the guest OS.
3351 For QEMU/KVM, this requires the guest agent to be configured and run‐
3353 ning.
3354 setmaxmem
3356 Syntax:
3357 setmaxmem domain size [[--config] [--live] | [--current]]
3359 Change the maximum memory allocation limit for a guest domain. If
3361 --live is specified, affect a running guest. If --config is specified,
3362 affect the next boot of a persistent guest. If --current is specified,
3363 affect the current guest state. Both --live and --config flags may be
3364 given, but --current is exclusive. If no flag is specified, behavior is
3365 different depending on hypervisor.
3366 Some hypervisors such as QEMU/KVM don't support live changes (espe‐
3368 cially increasing) of the maximum memory limit. Even persistent con‐
3369 figuration changes might not be performed with some hypervisors/config‐
3370 uration (e.g. on NUMA enabled domains on QEMU). For complex configura‐
3371 tion changes use command edit instead).
3372 size is a scaled integer (see NOTES above); it defaults to kibibytes
3374 (blocks of 1024 bytes) unless you provide a suffix (and the older
3375 option name --kilobytes is available as a deprecated synonym) . Lib‐
3376 virt rounds up to the nearest kibibyte. Some hypervisors require a
3377 larger granularity than KiB, and requests that are not an even multiple
3378 will be rounded up. For example, vSphere/ESX rounds the parameter up
3379 to mebibytes (1024 kibibytes).
3380 setmem
3382 Syntax:
3383 setmem domain size [[--config] [--live] | [--current]]
3385 Change the memory allocation for a guest domain. If --live is speci‐
3387 fied, perform a memory balloon of a running guest. If --config is
3388 specified, affect the next boot of a persistent guest. If --current is
3389 specified, affect the current guest state. Both --live and --config
3390 flags may be given, but --current is exclusive. If no flag is speci‐
3391 fied, behavior is different depending on hypervisor.
3392 size is a scaled integer (see NOTES above); it defaults to kibibytes
3394 (blocks of 1024 bytes) unless you provide a suffix (and the older
3395 option name --kilobytes is available as a deprecated synonym) . Lib‐
3396 virt rounds up to the nearest kibibyte. Some hypervisors require a
3397 larger granularity than KiB, and requests that are not an even multiple
3398 will be rounded up. For example, vSphere/ESX rounds the parameter up
3399 to mebibytes (1024 kibibytes).
3400 For Xen, you can only adjust the memory of a running domain if the
3402 domain is paravirtualized or running the PV balloon driver.
3403 For LXC, the value being set is the cgroups value for limit_in_bytes or
3405 the maximum amount of user memory (including file cache). When viewing
3406 memory inside the container, this is the /proc/meminfo "MemTotal"
3407 value. When viewing the value from the host, use the virsh memtune com‐
3408 mand. In order to view the current memory in use and the maximum value
3409 allowed to set memory, use the virsh dominfo command.
3410 setvcpus
3412 Syntax:
3413 setvcpus domain count [--maximum] [[--config] [--live] | [--current]] [--guest] [--hotpluggable]
3415 Change the number of virtual CPUs active in a guest domain. By
3417 default, this command works on active guest domains. To change the
3418 settings for an inactive guest domain, use the --config flag.
3419 The count value may be limited by host, hypervisor, or a limit coming
3421 from the original description of the guest domain. For Xen, you can
3422 only adjust the virtual CPUs of a running domain if the domain is par‐
3423 avirtualized.
3424 If the --config flag is specified, the change is made to the stored XML
3426 configuration for the guest domain, and will only take effect when the
3427 guest domain is next started.
3428 If --live is specified, the guest domain must be active, and the change
3430 takes place immediately. Both the --config and --live flags may be
3431 specified together if supported by the hypervisor. If this command is
3432 run before the guest has finished booting, the guest may fail to
3433 process the change.
3434 If --current is specified, affect the current guest state.
3436 When no flags are given, the --live flag is assumed and the guest
3438 domain must be active. In this situation it is up to the hypervisor
3439 whether the --config flag is also assumed, and therefore whether the
3440 XML configuration is adjusted to make the change persistent.
3441 If --guest is specified, then the count of cpus is modified in the
3443 guest instead of the hypervisor. This flag is usable only for live
3444 domains and may require guest agent to be configured in the guest.
3445 To allow adding vcpus to persistent definitions that can be later
3447 hotunplugged after the domain is booted it is necessary to specify the
3448 --hotpluggable flag. Vcpus added to live domains supporting vcpu unplug
3449 are automatically marked as hotpluggable.
3450 The --maximum flag controls the maximum number of virtual cpus that can
3452 be hot-plugged the next time the domain is booted. As such, it must
3453 only be used with the --config flag, and not with the --live or the
3454 --current flag. Note that it may not be possible to change the maximum
3455 vcpu count if the processor topology is specified for the guest.
3456 setvcpu
3458 Syntax:
3459 setvcpu domain vcpulist [--enable] | [--disable]
3461 [[--live] [--config] | [--current]]
3462 Change state of individual vCPUs using hot(un)plug mechanism.
3464 See vcpupin for information on format of vcpulist. Hypervisor drivers
3466 may require that vcpulist contains exactly vCPUs belonging to one hot‐
3467 pluggable entity. This is usually just a single vCPU but certain archi‐
3468 tectures such as ppc64 require a full core to be specified at once.
3469 Note that hypervisors may refuse to disable certain vcpus such as vcpu
3471 0 or others.
3472 If --live is specified, affect a running domain. If --config is speci‐
3474 fied, affect the next startup of a persistent domain. If --current is
3475 specified, affect the current domain state. This is the default. Both
3476 --live and --config flags may be given, but --current is exclusive.
3477 shutdown
3479 Syntax:
3480 shutdown domain [--mode MODE-LIST]
3482 Gracefully shuts down a domain. This coordinates with the domain OS to
3484 perform graceful shutdown, so there is no guarantee that it will suc‐
3485 ceed, and may take a variable length of time depending on what services
3486 must be shutdown in the domain.
3487 The exact behavior of a domain when it shuts down is set by the
3489 on_poweroff parameter in the domain's XML definition.
3490 If domain is transient, then the metadata of any snapshots and check‐
3492 points will be lost once the guest stops running, but the underlying
3493 contents still exist, and a new domain with the same name and UUID can
3494 restore the snapshot metadata with snapshot-create, and the checkpoint
3495 metadata with checkpoint-create.
3496 By default the hypervisor will try to pick a suitable shutdown method.
3498 To specify an alternative method, the --mode parameter can specify a
3499 comma separated list which includes acpi, agent, initctl, signal and
3500 paravirt. The order in which drivers will try each mode is undefined,
3501 and not related to the order specified to virsh. For strict control
3502 over ordering, use a single mode at a time and repeat the command.
3503 start
3505 Syntax:
3506 start domain-name-or-uuid [--console] [--paused]
3508 [--autodestroy] [--bypass-cache] [--force-boot]
3509 [--pass-fds N,M,...]
3510 Start a (previously defined) inactive domain, either from the last man‐
3512 agedsave state, or via a fresh boot if no managedsave state is present.
3513 The domain will be paused if the --paused option is used and supported
3514 by the driver; otherwise it will be running. If --console is
3515 requested, attach to the console after creation. If --autodestroy is
3516 requested, then the guest will be automatically destroyed when virsh
3517 closes its connection to libvirt, or otherwise exits. If
3518 --bypass-cache is specified, and managedsave state exists, the restore
3519 will avoid the file system cache, although this may slow down the oper‐
3520 ation. If --force-boot is specified, then any managedsave state is
3521 discarded and a fresh boot occurs.
3522 If --pass-fds is specified, the argument is a comma separated list of
3524 open file descriptors which should be pass on into the guest. The file
3525 descriptors will be re-numbered in the guest, starting from 3. This is
3526 only supported with container based virtualization.
3527 suspend
3529 Syntax:
3530 suspend domain
3532 Suspend a running domain. It is kept in memory but won't be scheduled
3534 anymore.
3535 ttyconsole
3537 Syntax:
3538 ttyconsole domain
3540 Output the device used for the TTY console of the domain. If the infor‐
3542 mation is not available the processes will provide an exit code of 1.
3543 undefine
3545 Syntax:
3546 undefine domain [--managed-save] [--snapshots-metadata]
3548 [--checkpoints-metadata] [--nvram] [--keep-nvram]
3549 [ {--storage volumes | --remove-all-storage
3550 [--delete-storage-volume-snapshots]} --wipe-storage]
3551 Undefine a domain. If the domain is running, this converts it to a
3553 transient domain, without stopping it. If the domain is inactive, the
3554 domain configuration is removed.
3555 The --managed-save flag guarantees that any managed save image (see the
3557 managedsave command) is also cleaned up. Without the flag, attempts to
3558 undefine a domain with a managed save image will fail.
3559 The --snapshots-metadata flag guarantees that any snapshots (see the
3561 snapshot-list command) are also cleaned up when undefining an inactive
3562 domain. Without the flag, attempts to undefine an inactive domain with
3563 snapshot metadata will fail. If the domain is active, this flag is
3564 ignored.
3565 The --checkpoints-metadata flag guarantees that any checkpoints (see
3567 the checkpoint-list command) are also cleaned up when undefining an
3568 inactive domain. Without the flag, attempts to undefine an inactive
3569 domain with checkpoint metadata will fail. If the domain is active,
3570 this flag is ignored.
3571 --nvram and --keep-nvram specify accordingly to delete or keep nvram
3573 (/domain/os/nvram/) file. If the domain has an nvram file and the flags
3574 are omitted, the undefine will fail.
3575 The --storage flag takes a parameter volumes, which is a comma sepa‐
3577 rated list of volume target names or source paths of storage volumes to
3578 be removed along with the undefined domain. Volumes can be undefined
3579 and thus removed only on inactive domains. Volume deletion is only
3580 attempted after the domain is undefined; if not all of the requested
3581 volumes could be deleted, the error message indicates what still
3582 remains behind. If a volume path is not found in the domain definition,
3583 it's treated as if the volume was successfully deleted. Only volumes
3584 managed by libvirt in storage pools can be removed this way. (See
3585 domblklist for list of target names associated to a domain). Example:
3586 --storage vda,/path/to/storage.img
3587 The --remove-all-storage flag specifies that all of the domain's stor‐
3589 age volumes should be deleted.
3590 The --delete-storage-volume-snapshots (previously --delete-snapshots)
3592 flag specifies that any snapshots associated with the storage volume
3593 should be deleted as well. Requires the --remove-all-storage flag to be
3594 provided. Not all storage drivers support this option, presently only
3595 rbd. Using this when also removing volumes handled by a storage driver
3596 which does not support the flag will result in failure.
3597 The flag --wipe-storage specifies that the storage volumes should be
3599 wiped before removal.
3600 NOTE: For an inactive domain, the domain name or UUID must be used as
3602 the domain.
3603 vcpucount
3605 Syntax:
3606 vcpucount domain [{--maximum | --active}
3608 {--config | --live | --current}] [--guest]
3609 Print information about the virtual cpu counts of the given domain. If
3611 no flags are specified, all possible counts are listed in a table; oth‐
3612 erwise, the output is limited to just the numeric value requested. For
3613 historical reasons, the table lists the label "current" on the rows
3614 that can be queried in isolation via the --active flag, rather than
3615 relating to the --current flag.
3616 --maximum requests information on the maximum cap of vcpus that a
3618 domain can add via setvcpus, while --active shows the current usage;
3619 these two flags cannot both be specified. --config requires a persis‐
3620 tent domain and requests information regarding the next time the domain
3621 will be booted, --live requires a running domain and lists current val‐
3622 ues, and --current queries according to the current state of the domain
3623 (corresponding to --live if running, or --config if inactive); these
3624 three flags are mutually exclusive.
3625 If --guest is specified, then the count of cpus is reported from the
3627 perspective of the guest. This flag is usable only for live domains and
3628 may require guest agent to be configured in the guest.
3629 vcpuinfo
3631 Syntax:
3632 vcpuinfo domain [--pretty]
3634 Returns basic information about the domain virtual CPUs, like the num‐
3636 ber of vCPUs, the running time, the affinity to physical processors.
3637 With --pretty, cpu affinities are shown as ranges.
3639 Example:
3641 $ virsh vcpuinfo fedora
3643 VCPU: 0
3644 CPU: 0
3645 State: running
3646 CPU time: 7,0s
3647 CPU Affinity: yyyy
3648 VCPU: 1
3650 CPU: 1
3651 State: running
3652 CPU time: 0,7s
3653 CPU Affinity: yyyy
3654 STATES
3656 The State field displays the current operating state of a virtual CPU
3658 · offline
3660 The virtual CPU is offline and not usable by the domain. This state
3662 is not supported by all hypervisors.
3663 · running
3665 The virtual CPU is available to the domain and is operating.
3667 · blocked
3669 The virtual CPU is available to the domain but is waiting for a
3671 resource. This state is not supported by all hypervisors, in which
3672 case running may be reported instead.
3673 · no state
3675 The virtual CPU state could not be determined. This could happen if
3677 the hypervisor is newer than virsh.
3678 · N/A
3680 There's no information about the virtual CPU state available. This
3682 can be the case if the domain is not running or the hypervisor does
3683 not report the virtual CPU state.
3684 vcpupin
3686 Syntax:
3687 vcpupin domain [vcpu] [cpulist] [[--live] [--config] | [--current]]
3689 Query or change the pinning of domain VCPUs to host physical CPUs. To
3691 pin a single vcpu, specify cpulist; otherwise, you can query one vcpu
3692 or omit vcpu to list all at once.
3693 cpulist is a list of physical CPU numbers. Its syntax is a comma sepa‐
3695 rated list and a special markup using '-' and '^' (ex. '0-4', '0-3,^2')
3696 can also be allowed. The '-' denotes the range and the '^' denotes
3697 exclusive. For pinning the vcpu to all physical cpus specify 'r' as a
3698 cpulist. If --live is specified, affect a running guest. If --config
3699 is specified, affect the next boot of a persistent guest. If --current
3700 is specified, affect the current guest state. Both --live and --config
3701 flags may be given if cpulist is present, but --current is exclusive.
3702 If no flag is specified, behavior is different depending on hypervisor.
3703 Note: The expression is sequentially evaluated, so "0-15,^8" is identi‐
3705 cal to "9-14,0-7,15" but not identical to "^8,0-15".
3706 vncdisplay
3708 Syntax:
3709 vncdisplay domain
3711 Output the IP address and port number for the VNC display. If the
3713 information is not available the processes will provide an exit code of
3714 1.
3715
3717 The following commands manipulate devices associated to domains. The
3718 domain can be specified as a short integer, a name or a full UUID. To
3719 better understand the values allowed as options for the command reading
3720 the documentation at https://libvirt.org/formatdomain.html on the for‐
3721 mat of the device sections to get the most accurate set of accepted
3722 values.
3723 attach-device
3725 Syntax:
3726 attach-device domain FILE [[[--live] [--config] | [--current]] | [--persistent]]
3728 Attach a device to the domain, using a device definition in an XML file
3730 using a device definition element such as <disk> or <interface> as the
3731 top-level element. See the documentation at
3732 https://libvirt.org/formatdomain.html#elementsDevices to learn about
3733 libvirt XML format for a device. If --config is specified the command
3734 alters the persistent domain configuration with the device attach tak‐
3735 ing effect the next time libvirt starts the domain. For cdrom and
3736 floppy devices, this command only replaces the media within an existing
3737 device; consider using update-device for this usage. For passthrough
3738 host devices, see also nodedev-detach, needed if the PCI device does
3739 not use managed mode.
3740 If --live is specified, affect a running domain. If --config is speci‐
3742 fied, affect the next startup of a persistent domain. If --current is
3743 specified, affect the current domain state. Both --live and --config
3744 flags may be given, but --current is exclusive. When no flag is speci‐
3745 fied legacy API is used whose behavior depends on the hypervisor
3746 driver.
3747 For compatibility purposes, --persistent behaves like --config for an
3749 offline domain, and like --live --config for a running domain.
3750 Note: using of partial device definition XML files may lead to unex‐
3752 pected results as some fields may be autogenerated and thus match
3753 devices other than expected.
3754 attach-disk
3756 Syntax:
3757 attach-disk domain source target [[[--live] [--config] |
3759 [--current]] | [--persistent]] [--targetbus bus]
3760 [--driver driver] [--subdriver subdriver] [--iothread iothread]
3761 [--cache cache] [--io io] [--type type] [--alias alias]
3762 [--mode mode] [--sourcetype sourcetype] [--serial serial]
3763 [--wwn wwn] [--rawio] [--address address] [--multifunction]
3764 [--print-xml]
3765 Attach a new disk device to the domain. source is path for the files
3767 and devices. target controls the bus or device under which the disk is
3768 exposed to the guest OS. It indicates the "logical" device name; the
3769 optional targetbus attribute specifies the type of disk device to emu‐
3770 late; possible values are driver specific, with typical values being
3771 ide, scsi, virtio, xen, usb, sata, or sd, if omitted, the bus type is
3772 inferred from the style of the device name (e.g. a device named 'sda'
3773 will typically be exported using a SCSI bus). driver can be file, tap
3774 or phy for the Xen hypervisor depending on the kind of access; or qemu
3775 for the QEMU emulator. Further details to the driver can be passed
3776 using subdriver. For Xen subdriver can be aio, while for QEMU subdriver
3777 should match the format of the disk source, such as raw or qcow2.
3778 Hypervisor default will be used if subdriver is not specified. How‐
3779 ever, the default may not be correct, esp. for QEMU as for security
3780 reasons it is configured not to detect disk formats. type can indicate
3781 lun, cdrom or floppy as alternative to the disk default, although this
3782 use only replaces the media within the existing virtual cdrom or floppy
3783 device; consider using update-device for this usage instead. alias can
3784 set user supplied alias. mode can specify the two specific mode read‐
3785 only or shareable. sourcetype can indicate the type of source
3786 (block|file) cache can be one of "default", "none", "writethrough",
3787 "writeback", "directsync" or "unsafe". io controls specific policies
3788 on I/O; QEMU guests support "threads" and "native". iothread is the
3789 number within the range of domain IOThreads to which this disk may be
3790 attached (QEMU only). serial is the serial of disk device. wwn is the
3791 wwn of disk device. rawio indicates the disk needs rawio capability.
3792 address is the address of disk device in the form of
3793 pci:domain.bus.slot.function, scsi:controller.bus.unit, ide:con‐
3794 troller.bus.unit, usb:bus.port, sata:controller.bus.unit or
3795 ccw:cssid.ssid.devno. Virtio-ccw devices must have their cssid set to
3796 0xfe. multifunction indicates specified pci address is a multifunction
3797 pci device address.
3798 If --print-xml is specified, then the XML of the disk that would be
3800 attached is printed instead.
3801 If --live is specified, affect a running domain. If --config is speci‐
3803 fied, affect the next startup of a persistent domain. If --current is
3804 specified, affect the current domain state. Both --live and --config
3805 flags may be given, but --current is exclusive. When no flag is speci‐
3806 fied legacy API is used whose behavior depends on the hypervisor
3807 driver.
3808 For compatibility purposes, --persistent behaves like --config for an
3810 offline domain, and like --live --config for a running domain. Like‐
3811 wise, --shareable is an alias for --mode shareable.
3812 attach-interface
3814 Syntax:
3815 attach-interface domain type source [[[--live]
3817 [--config] | [--current]] | [--persistent]]
3818 [--target target] [--mac mac] [--script script] [--model model]
3819 [--inbound average,peak,burst,floor] [--outbound average,peak,burst]
3820 [--alias alias] [--managed] [--print-xml]
3821 Attach a new network interface to the domain.
3823 type can be one of the:
3825 network to indicate connection via a libvirt virtual network,
3827 bridge to indicate connection via a bridge device on the host,
3829 direct to indicate connection directly to one of the host's network
3831 interfaces or bridges,
3832 hostdev to indicate connection using a passthrough of PCI device on the
3834 host.
3835 source indicates the source of the connection. The source depends on
3837 the type of the interface:
3838 network name of the virtual network,
3840 bridge the name of the bridge device,
3842 direct the name of the host's interface or bridge,
3844 hostdev the PCI address of the host's interface formatted as
3846 domain:bus:slot.function.
3847 --target is used to specify the tap/macvtap device to be used to con‐
3849 nect the domain to the source. Names starting with 'vnet' are consid‐
3850 ered as auto-generated and are blanked out/regenerated each time the
3851 interface is attached.
3852 --mac specifies the MAC address of the network interface; if a MAC
3854 address is not given, a new address will be automatically generated
3855 (and stored in the persistent configuration if "--config" is given on
3856 the command line).
3857 --script is used to specify a path to a custom script to be called
3859 while attaching to a bridge - this will be called instead of the
3860 default script not in addition to it. This is valid only for inter‐
3861 faces of bridge type and only for Xen domains.
3862 --model specifies the network device model to be presented to the
3864 domain.
3865 alias can set user supplied alias.
3867 --inbound and --outbound control the bandwidth of the interface. At
3869 least one from the average, floor pair must be specified. The other
3870 two peak and burst are optional, so "average,peak", "average,,burst",
3871 "average,,,floor", "average" and ",,,floor" are also legal. Values for
3872 average, floor and peak are expressed in kilobytes per second, while
3873 burst is expressed in kilobytes in a single burst at peak speed as
3874 described in the Network XML documentation at
3875 https://libvirt.org/formatnetwork.html#elementQoS.
3876 --managed is usable only for hostdev type and tells libvirt that the
3878 interface should be managed, which means detached and reattached
3879 from/to the host by libvirt.
3880 If --print-xml is specified, then the XML of the interface that would
3882 be attached is printed instead.
3883 If --live is specified, affect a running domain. If --config is speci‐
3885 fied, affect the next startup of a persistent domain. If --current is
3886 specified, affect the current domain state. Both --live and --config
3887 flags may be given, but --current is exclusive. When no flag is speci‐
3888 fied legacy API is used whose behavior depends on the hypervisor
3889 driver.
3890 For compatibility purposes, --persistent behaves like --config for an
3892 offline domain, and like --live --config for a running domain.
3893 Note: the optional target value is the name of a device to be created
3895 as the back-end on the node. If not provided a device named "vnetN" or
3896 "vifN" will be created automatically.
3897 detach-device
3899 Syntax:
3900 detach-device domain FILE [[[--live] [--config] |
3902 [--current]] | [--persistent]]
3903 Detach a device from the domain, takes the same kind of XML descrip‐
3905 tions as command attach-device. For passthrough host devices, see also
3906 nodedev-reattach, needed if the device does not use managed mode.
3907 Note: The supplied XML description of the device should be as specific
3909 as its definition in the domain XML. The set of attributes used to
3910 match the device are internal to the drivers. Using a partial defini‐
3911 tion, or attempting to detach a device that is not present in the
3912 domain XML, but shares some specific attributes with one that is
3913 present, may lead to unexpected results.
3914 Quirk: Device unplug is asynchronous in most cases and requires guest
3916 cooperation. This means that it's up to the discretion of the guest to
3917 disallow or delay the unplug arbitrarily. As the libvirt API used in
3918 this command was designed as synchronous it returns success after some
3919 timeout even if the device was not unplugged yet to allow further
3920 interactions with the domain e.g. if the guest is unresponsive. Callers
3921 which need to make sure that the device was unplugged can use libvirt
3922 events (see virsh event) to be notified when the device is removed.
3923 Note that the event may arrive before the command returns.
3924 If --live is specified, affect a running domain. If --config is speci‐
3926 fied, affect the next startup of a persistent domain. If --current is
3927 specified, affect the current domain state. Both --live and --config
3928 flags may be given, but --current is exclusive. When no flag is speci‐
3929 fied legacy API is used whose behavior depends on the hypervisor
3930 driver.
3931 For compatibility purposes, --persistent behaves like --config for an
3933 offline domain, and like --live --config for a running domain.
3934 Note that older versions of virsh used --config as an alias for --per‐
3936 sistent.
3937 detach-device-alias
3939 Syntax:
3940 detach-device-alias domain alias [[[--live] [--config] | [--current]]]]
3942 Detach a device with given alias from the domain. This command returns
3944 successfully after the unplug request was sent to the hypervisor. The
3945 actual removal of the device is notified asynchronously via libvirt
3946 events (see virsh event).
3947 If --live is specified, affect a running domain. If --config is speci‐
3949 fied, affect the next startup of a persistent domain. If --current is
3950 specified, affect the current domain state. Both --live and --config
3951 flags may be given, but --current is exclusive.
3952 detach-disk
3954 Syntax:
3955 detach-disk domain target [[[--live] [--config] |
3957 [--current]] | [--persistent]] [--print-xml]
3958 Detach a disk device from a domain. The target is the device as seen
3960 from the domain.
3961 If --live is specified, affect a running domain. If --config is speci‐
3963 fied, affect the next startup of a persistent domain. If --current is
3964 specified, affect the current domain state. Both --live and --config
3965 flags may be given, but --current is exclusive. When no flag is speci‐
3966 fied legacy API is used whose behavior depends on the hypervisor
3967 driver.
3968 For compatibility purposes, --persistent behaves like --config for an
3970 offline domain, and like --live --config for a running domain.
3971 Note that older versions of virsh used --config as an alias for --per‐
3973 sistent.
3974 If --print-xml is specified, then the XML which would be used to detach
3976 the disk is printed instead.
3977 Please see documentation for detach-device for known quirks.
3979 detach-interface
3981 Syntax:
3982 detach-interface domain type [--mac mac]
3984 [[[--live] [--config] | [--current]] | [--persistent]]
3985 Detach a network interface from a domain. type can be either network
3987 to indicate a physical network device or bridge to indicate a bridge to
3988 a device. It is recommended to use the mac option to distinguish
3989 between the interfaces if more than one are present on the domain.
3990 If --live is specified, affect a running domain. If --config is speci‐
3992 fied, affect the next startup of a persistent domain. If --current is
3993 specified, affect the current domain state. Both --live and --config
3994 flags may be given, but --current is exclusive. When no flag is speci‐
3995 fied legacy API is used whose behavior depends on the hypervisor
3996 driver.
3997 For compatibility purposes, --persistent behaves like --config for an
3999 offline domain, and like --live --config for a running domain.
4000 Note that older versions of virsh used --config as an alias for --per‐
4002 sistent.
4003 Please see documentation for detach-device for known quirks.
4005 update-device
4007 Syntax:
4008 update-device domain file [--force] [[[--live]
4010 [--config] | [--current]] | [--persistent]]
4011 Update the characteristics of a device associated with domain, based on
4013 the device definition in an XML file. The --force option can be used
4014 to force device update, e.g., to eject a CD-ROM even if it is
4015 locked/mounted in the domain. See the documentation at
4016 https://libvirt.org/formatdomain.html#elementsDevices to learn about
4017 libvirt XML format for a device.
4018 If --live is specified, affect a running domain. If --config is speci‐
4020 fied, affect the next startup of a persistent domain. If --current is
4021 specified, affect the current domain state. Both --live and --config
4022 flags may be given, but --current is exclusive. Not specifying any flag
4023 is the same as specifying --current.
4024 For compatibility purposes, --persistent behaves like --config for an
4026 offline domain, and like --live --config for a running domain.
4027 Note that older versions of virsh used --config as an alias for --per‐
4029 sistent.
4030 Note: using of partial device definition XML files may lead to unex‐
4032 pected results as some fields may be autogenerated and thus match
4033 devices other than expected.
4034 change-media
4036 Syntax:
4037 change-media domain path [--eject] [--insert]
4039 [--update] [source] [--force] [[--live] [--config] |
4040 [--current]] [--print-xml] [--block]
4041 Change media of CDROM or floppy drive. path can be the fully-qualified
4043 path or the unique target name (<target dev='hdc'>) of the disk device.
4044 source specifies the path of the media to be inserted or updated. The
4045 --block flag allows setting the backing type in case a block device is
4046 used as media for the CDROM or floppy drive instead of a file.
4047 --eject indicates the media will be ejected. --insert indicates the
4049 media will be inserted. source must be specified. If the device has
4050 source (e.g. <source file='media'>), and source is not specified,
4051 --update is equal to --eject. If the device has no source, and source
4052 is specified, --update is equal to --insert. If the device has source,
4053 and source is specified, --update behaves like combination of --eject
4054 and --insert. If none of --eject, --insert, and --update is specified,
4055 --update is used by default. The --force option can be used to force
4056 media changing. If --live is specified, alter live configuration of
4057 running guest. If --config is specified, alter persistent configura‐
4058 tion, effect observed on next boot. --current can be either or both of
4059 live and config, depends on the hypervisor's implementation. Both
4060 --live and --config flags may be given, but --current is exclusive. If
4061 no flag is specified, behavior is different depending on hypervisor.
4062 If --print-xml is specified, the XML that would be used to change media
4063 is printed instead of changing the media.
4064
4066 The following commands manipulate host devices that are intended to be
4067 passed through to guest domains via <hostdev> elements in a domain's
4068 <devices> section. A node device key is generally specified by the bus
4069 name followed by its address, using underscores between all components,
4070 such as pci_0000_00_02_1, usb_1_5_3, or net_eth1_00_27_13_6a_fe_00.
4071 The nodedev-list gives the full list of host devices that are known to
4072 libvirt, although this includes devices that cannot be assigned to a
4073 guest (for example, attempting to detach the PCI device that controls
4074 the host's hard disk controller where the guest's disk images live
4075 could cause the host system to lock up or reboot).
4076 For more information on node device definition see:
4078 https://libvirt.org/formatnode.html.
4079 Passthrough devices cannot be simultaneously used by the host and its
4081 guest domains, nor by multiple active guests at once. If the <hostdev>
4082 description of a PCI device includes the attribute managed='yes', and
4083 the hypervisor driver supports it, then the device is in managed mode,
4084 and attempts to use that passthrough device in an active guest will
4085 automatically behave as if nodedev-detach (guest start, device
4086 hot-plug) and nodedev-reattach (guest stop, device hot-unplug) were
4087 called at the right points. If a PCI device is not marked as managed,
4088 then it must manually be detached before guests can use it, and manu‐
4089 ally reattached to be returned to the host. Also, if a device is manu‐
4090 ally detached, then the host does not regain control of the device
4091 without a matching reattach, even if the guests use the device in man‐
4092 aged mode.
4093 nodedev-create
4095 Syntax:
4096 nodedev-create FILE
4098 Create a device on the host node that can then be assigned to virtual
4100 machines. Normally, libvirt is able to automatically determine which
4101 host nodes are available for use, but this allows registration of host
4102 hardware that libvirt did not automatically detect. file contains xml
4103 for a top-level <device> description of a node device.
4104 nodedev-destroy
4106 Syntax:
4107 nodedev-destroy device
4109 Destroy (stop) a device on the host. device can be either device name
4111 or wwn pair in "wwnn,wwpn" format (only works for vHBA currently).
4112 Note that this makes libvirt quit managing a host device, and may even
4113 make that device unusable by the rest of the physical host until a
4114 reboot.
4115 nodedev-detach
4117 Syntax:
4118 nodedev-detach nodedev [--driver backend_driver]
4120 Detach nodedev from the host, so that it can safely be used by guests
4122 via <hostdev> passthrough. This is reversed with nodedev-reattach, and
4123 is done automatically for managed devices.
4124 Different backend drivers expect the device to be bound to different
4126 dummy devices. For example, QEMU's "kvm" backend driver (the default)
4127 expects the device to be bound to pci-stub, but its "vfio" backend
4128 driver expects the device to be bound to vfio-pci. The --driver parame‐
4129 ter can be used to specify the desired backend driver.
4130 nodedev-dumpxml
4132 Syntax:
4133 nodedev-dumpxml device
4135 Dump a <device> XML representation for the given node device, including
4137 such information as the device name, which bus owns the device, the
4138 vendor and product id, and any capabilities of the device usable by
4139 libvirt (such as whether device reset is supported). device can be
4140 either device name or wwn pair in "wwnn,wwpn" format (only works for
4141 HBA).
4142 nodedev-list
4144 Syntax:
4145 nodedev-list cap --tree
4147 List all of the devices available on the node that are known by lib‐
4149 virt. cap is used to filter the list by capability types, the types
4150 must be separated by comma, e.g. --cap pci,scsi. Valid capability types
4151 include 'system', 'pci', 'usb_device', 'usb', 'net', 'scsi_host',
4152 'scsi_target', 'scsi', 'storage', 'fc_host', 'vports', 'scsi_generic',
4153 'drm', 'mdev', 'mdev_types', 'ccw'. If --tree is used, the output is
4154 formatted in a tree representing parents of each node. cap and --tree
4155 are mutually exclusive.
4156 nodedev-reattach
4158 Syntax:
4159 nodedev-reattach nodedev
4161 Declare that nodedev is no longer in use by any guests, and that the
4163 host can resume normal use of the device. This is done automatically
4164 for PCI devices in managed mode and USB devices, but must be done
4165 explicitly to match any explicit nodedev-detach.
4166 nodedev-reset
4168 Syntax:
4169 nodedev-reset nodedev
4171 Trigger a device reset for nodedev, useful prior to transferring a node
4173 device between guest passthrough or the host. Libvirt will often do
4174 this action implicitly when required, but this command allows an
4175 explicit reset when needed.
4176 nodedev-event
4178 Syntax:
4179 nodedev-event {[nodedev] event [--loop] [--timeout seconds] [--timestamp] | --list}
4181 Wait for a class of node device events to occur, and print appropriate
4183 details of events as they happen. The events can optionally be fil‐
4184 tered by nodedev. Using --list as the only argument will provide a
4185 list of possible event values known by this client, although the con‐
4186 nection might not allow registering for all these events.
4187 By default, this command is one-shot, and returns success once an event
4189 occurs; you can send SIGINT (usually via Ctrl-C) to quit immediately.
4190 If --timeout is specified, the command gives up waiting for events
4191 after seconds have elapsed. With --loop, the command prints all
4192 events until a timeout or interrupt key.
4193 When --timestamp is used, a human-readable timestamp will be printed
4195 before the event.
4196
4198 The following commands manipulate networks. Libvirt has the capability
4199 to define virtual networks which can then be used by domains and linked
4200 to actual network devices. For more detailed information about this
4201 feature see the documentation at https://libvirt.org/formatnetwork.html
4202 . Many of the commands for virtual networks are similar to the ones
4203 used for domains, but the way to name a virtual network is either by
4204 its name or UUID.
4205 net-autostart
4207 Syntax:
4208 net-autostart network [--disable]
4210 Configure a virtual network to be automatically started at boot. The
4212 --disable option disable autostarting.
4213 net-create
4215 Syntax:
4216 net-create file
4218 Create a transient (temporary) virtual network from an XML file and
4220 instantiate (start) the network. See the documentation at
4221 https://libvirt.org/formatnetwork.html to get a description of the XML
4222 network format used by libvirt.
4223 net-define
4225 Syntax:
4226 net-define file
4228 Define an inactive persistent virtual network or modify an existing
4230 persistent one from the XML file.
4231 net-destroy
4233 Syntax:
4234 net-destroy network
4236 Destroy (stop) a given transient or persistent virtual network speci‐
4238 fied by its name or UUID. This takes effect immediately.
4239 net-dumpxml
4241 Syntax:
4242 net-dumpxml network [--inactive]
4244 Output the virtual network information as an XML dump to stdout. If
4246 --inactive is specified, then physical functions are not expanded into
4247 their associated virtual functions.
4248 net-edit
4250 Syntax:
4251 net-edit network
4253 Edit the XML configuration file for a network.
4255 This is equivalent to:
4257 virsh net-dumpxml --inactive network > network.xml
4259 vi network.xml (or make changes with your other text editor)
4260 virsh net-define network.xml
4261 except that it does some error checking.
4263 The editor used can be supplied by the $VISUAL or $EDITOR environment
4265 variables, and defaults to vi.
4266 net-event
4268 Syntax:
4269 net-event {[network] event [--loop] [--timeout seconds] [--timestamp] | --list}
4271 Wait for a class of network events to occur, and print appropriate
4273 details of events as they happen. The events can optionally be fil‐
4274 tered by network. Using --list as the only argument will provide a
4275 list of possible event values known by this client, although the con‐
4276 nection might not allow registering for all these events.
4277 By default, this command is one-shot, and returns success once an event
4279 occurs; you can send SIGINT (usually via Ctrl-C) to quit immediately.
4280 If --timeout is specified, the command gives up waiting for events
4281 after seconds have elapsed. With --loop, the command prints all
4282 events until a timeout or interrupt key.
4283 When --timestamp is used, a human-readable timestamp will be printed
4285 before the event.
4286 net-info
4288 Syntax:
4289 net-info network
4291 Returns basic information about the network object.
4293 net-list
4295 Syntax:
4296 net-list [--inactive | --all]
4298 { [--table] | --name | --uuid }
4299 [--persistent] [<--transient>]
4300 [--autostart] [<--no-autostart>]
4301 Returns the list of active networks, if --all is specified this will
4303 also include defined but inactive networks, if --inactive is specified
4304 only the inactive ones will be listed. You may also want to filter the
4305 returned networks by --persistent to list the persistent ones, --tran‐
4306 sient to list the transient ones, --autostart to list the ones with
4307 autostart enabled, and --no-autostart to list the ones with autostart
4308 disabled.
4309 If --name is specified, network names are printed instead of the table
4311 formatted one per line. If --uuid is specified network's UUID's are
4312 printed instead of names. Flag --table specifies that the legacy ta‐
4313 ble-formatted output should be used. This is the default. All of these
4314 are mutually exclusive.
4315 NOTE: When talking to older servers, this command is forced to use a
4317 series of API calls with an inherent race, where a pool might not be
4318 listed or might appear more than once if it changed state between calls
4319 while the list was being collected. Newer servers do not have this
4320 problem.
4321 net-name
4323 Syntax:
4324 net-name network-UUID
4326 Convert a network UUID to network name.
4328 net-start
4330 Syntax:
4331 net-start network
4333 Start a (previously defined) inactive network.
4335 net-undefine
4337 Syntax:
4338 net-undefine network
4340 Undefine the configuration for a persistent network. If the network is
4342 active, make it transient.
4343 net-uuid
4345 Syntax:
4346 net-uuid network-name
4348 Convert a network name to network UUID.
4350 net-update
4352 Syntax:
4353 net-update network command section xml
4355 [--parent-index index] [[--live] [--config] | [--current]]
4356 Update the given section of an existing network definition, with the
4358 changes optionally taking effect immediately, without needing to
4359 destroy and re-start the network.
4360 command is one of "add-first", "add-last", "add" (a synonym for
4362 add-last), "delete", or "modify".
4363 section is one of "bridge", "domain", "ip", "ip-dhcp-host",
4365 "ip-dhcp-range", "forward", "forward-interface", "forward-pf", "port‐
4366 group", "dns-host", "dns-txt", or "dns-srv", each section being named
4367 by a concatenation of the xml element hierarchy leading to the element
4368 being changed. For example, "ip-dhcp-host" will change a <host> element
4369 that is contained inside a <dhcp> element inside an <ip> element of the
4370 network.
4371 xml is either the text of a complete xml element of the type being
4373 changed (e.g. "<host mac="00:11:22:33:44:55' ip='1.2.3.4'/>", or the
4374 name of a file that contains a complete xml element. Disambiguation is
4375 done by looking at the first character of the provided text - if the
4376 first character is "<", it is xml text, if the first character is not
4377 "<", it is the name of a file that contains the xml text to be used.
4378 The --parent-index option is used to specify which of several parent
4380 elements the requested element is in (0-based). For example, a dhcp
4381 <host> element could be in any one of multiple <ip> elements in the
4382 network; if a parent-index isn't provided, the "most appropriate" <ip>
4383 element will be selected (usually the only one that already has a
4384 <dhcp> element), but if --parent-index is given, that particular
4385 instance of <ip> will get the modification.
4386 If --live is specified, affect a running network. If --config is spec‐
4388 ified, affect the next startup of a persistent network. If --current
4389 is specified, affect the current network state. Both --live and --con‐
4390 fig flags may be given, but --current is exclusive. Not specifying any
4391 flag is the same as specifying --current.
4392 net-dhcp-leases
4394 Syntax:
4395 net-dhcp-leases network [mac]
4397 Get a list of dhcp leases for all network interfaces connected to the
4399 given virtual network or limited output just for one interface if mac
4400 is specified.
4401
4403 The following commands manipulate network ports. Libvirt virtual net‐
4404 works have ports created when a virtual machine has a virtual network
4405 interface added. In general there should be no need to use any of the
4406 commands here, since the hypervisor drivers run these commands are the
4407 right point in a virtual machine's lifecycle. They can be useful for
4408 debugging problems and / or recovering from bugs / stale state.
4409 net-port-list
4411 Syntax:
4412 net-port-list { [--table] | --uuid } network
4414 List all network ports recorded against the network.
4416 If --uuid is specified network ports' UUID's are printed instead of a
4418 table. Flag --table specifies that the legacy table-formatted output
4419 should be used. This is the default. All of these are mutually exclu‐
4420 sive.
4421 net-port-create
4423 Syntax:
4424 net-port-create network file
4426 Allocate a new network port reserving resources based on the port
4428 description.
4429 net-port-dumpxml
4431 Syntax:
4432 net-port-dumpxml network port
4434 Output the network port information as an XML dump to stdout.
4436 net-port-delete
4438 Syntax:
4439 net-port-delete network port
4441 Delete record of the network port and release its resources
4443
4445 The following commands manipulate host interfaces. Often, these host
4446 interfaces can then be used by name within domain <interface> elements
4447 (such as a system-created bridge interface), but there is no require‐
4448 ment that host interfaces be tied to any particular guest configuration
4449 XML at all.
4450 Many of the commands for host interfaces are similar to the ones used
4452 for domains, and the way to name an interface is either by its name or
4453 its MAC address. However, using a MAC address for an iface argument
4454 only works when that address is unique (if an interface and a bridge
4455 share the same MAC address, which is often the case, then using that
4456 MAC address results in an error due to ambiguity, and you must resort
4457 to a name instead).
4458 iface-bridge
4460 Syntax:
4461 iface-bridge interface bridge [--no-stp] [delay] [--no-start]
4463 Create a bridge device named bridge, and attach the existing network
4465 device interface to the new bridge. The new bridge defaults to start‐
4466 ing immediately, with STP enabled and a delay of 0; these settings can
4467 be altered with --no-stp, --no-start, and an integer number of seconds
4468 for delay. All IP address configuration of interface will be moved to
4469 the new bridge device.
4470 See also iface-unbridge for undoing this operation.
4472 iface-define
4474 Syntax:
4475 iface-define file
4477 Define an inactive persistent physical host interface or modify an
4479 existing persistent one from the XML file.
4480 iface-destroy
4482 Syntax:
4483 iface-destroy interface
4485 Destroy (stop) a given host interface, such as by running "if-down" to
4487 disable that interface from active use. This takes effect immediately.
4488 iface-dumpxml
4490 Syntax:
4491 iface-dumpxml interface [--inactive]
4493 Output the host interface information as an XML dump to stdout. If
4495 --inactive is specified, then the output reflects the persistent state
4496 of the interface that will be used the next time it is started.
4497 iface-edit
4499 Syntax:
4500 iface-edit interface
4502 Edit the XML configuration file for a host interface.
4504 This is equivalent to:
4506 virsh iface-dumpxml iface > iface.xml
4508 vi iface.xml (or make changes with your other text editor)
4509 virsh iface-define iface.xml
4510 except that it does some error checking.
4512 The editor used can be supplied by the $VISUAL or $EDITOR environment
4514 variables, and defaults to vi.
4515 iface-list
4517 Syntax:
4518 iface-list [--inactive | --all]
4520 Returns the list of active host interfaces. If --all is specified this
4522 will also include defined but inactive interfaces. If --inactive is
4523 specified only the inactive ones will be listed.
4524 iface-name
4526 Syntax:
4527 iface-name interface
4529 Convert a host interface MAC to interface name, if the MAC address is
4531 unique among the host's interfaces.
4532 interface specifies the interface MAC address.
4534 iface-mac
4536 Syntax:
4537 iface-mac interface
4539 Convert a host interface name to MAC address.
4541 interface specifies the interface name.
4543 iface-start
4545 Syntax:
4546 iface-start interface
4548 Start a (previously defined) host interface, such as by running
4550 "if-up".
4551 iface-unbridge
4553 Syntax:
4554 iface-unbridge bridge [--no-start]
4556 Tear down a bridge device named bridge, releasing its underlying inter‐
4558 face back to normal usage, and moving all IP address configuration from
4559 the bridge device to the underlying device. The underlying interface
4560 is restarted unless --no-start is present; this flag is present for
4561 symmetry, but generally not recommended.
4562 See also iface-bridge for creating a bridge.
4564 iface-undefine
4566 Syntax:
4567 iface-undefine interface
4569 Undefine the configuration for an inactive host interface.
4571 iface-begin
4573 Syntax:
4574 iface-begin
4576 Create a snapshot of current host interface settings, which can later
4578 be committed (iface-commit) or restored (iface-rollback). If a snap‐
4579 shot already exists, then this command will fail until the previous
4580 snapshot has been committed or restored. Undefined behavior results if
4581 any external changes are made to host interfaces outside of the libvirt
4582 API between the beginning of a snapshot and its eventual commit or
4583 rollback.
4584 iface-commit
4586 Syntax:
4587 iface-commit
4589 Declare all changes since the last iface-begin as working, and delete
4591 the rollback point. If no interface snapshot has already been started,
4592 then this command will fail.
4593 iface-rollback
4595 Syntax:
4596 iface-rollback
4598 Revert all host interface settings back to the state recorded in the
4600 last iface-begin. If no interface snapshot has already been started,
4601 then this command will fail. Rebooting the host also serves as an
4602 implicit rollback point.
4603
4605 The following commands manipulate storage pools. Libvirt has the capa‐
4606 bility to manage various storage solutions, including files, raw parti‐
4607 tions, and domain-specific formats, used to provide the storage volumes
4608 visible as devices within virtual machines. For more detailed informa‐
4609 tion about this feature, see the documentation at
4610 https://libvirt.org/formatstorage.html . Many of the commands for pools
4611 are similar to the ones used for domains.
4612 find-storage-pool-sources
4614 Syntax:
4615 find-storage-pool-sources type [srcSpec]
4617 Returns XML describing all possible available storage pool sources that
4619 could be used to create or define a storage pool of a given type. If
4620 srcSpec is provided, it is a file that contains XML to further restrict
4621 the query for pools.
4622 Not all storage pools support discovery in this manner. Furthermore,
4624 for those that do support discovery, only specific XML elements are
4625 required in order to return valid data, while other elements and even
4626 attributes of some elements are ignored since they are not necessary to
4627 find the pool based on the search criteria. The following lists the
4628 supported type options and the expected minimal XML elements used to
4629 perform the search.
4630 For a "netfs" or "gluster" pool, the minimal expected XML required is
4632 the <host> element with a "name" attribute describing the IP address or
4633 hostname to be used to find the pool. The "port" attribute will be
4634 ignored as will any other provided XML elements in srcSpec.
4635 For a "logical" pool, the contents of the srcSpec file are ignored,
4637 although if provided the file must at least exist.
4638 For an "iscsi" or "iscsi-direct" pool, the minimal expect XML required
4640 is the <host> element with a "name" attribute describing the IP address
4641 or hostname to be used to find the pool (the iSCSI server address).
4642 Optionally, the "port" attribute may be provided, although it will
4643 default to 3260. Optionally, an <initiator> XML element with a "name"
4644 attribute may be provided to further restrict the iSCSI target search
4645 to a specific initiator for multi-iqn iSCSI storage pools.
4646 find-pool-sources-as
4648 Syntax:
4649 find-storage-pool-sources-as type [host] [port] [initiator]
4651 Rather than providing srcSpec XML file for find-storage-pool-sources
4653 use this command option in order to have virsh generate the query XML
4654 file using the optional arguments. The command will return the same
4655 output XML as find-storage-pool-sources.
4656 Use host to describe a specific host to use for networked storage, such
4658 as netfs, gluster, and iscsi type pools.
4659 Use port to further restrict which networked port to utilize for the
4661 connection if required by the specific storage backend, such as iscsi.
4662 Use initiator to further restrict the iscsi type pool searches to spe‐
4664 cific target initiators.
4665 pool-autostart
4667 Syntax:
4668 pool-autostart pool-or-uuid [--disable]
4670 Configure whether pool should automatically start at boot.
4672 pool-build
4674 Syntax:
4675 pool-build pool-or-uuid [--overwrite] [--no-overwrite]
4677 Build a given pool.
4679 Options --overwrite and --no-overwrite can only be used for pool-build
4681 a filesystem, disk, or logical pool.
4682 For a file system pool if neither flag is specified, then pool-build
4684 just makes the target path directory and no attempt to run mkfs on the
4685 target volume device. If --no-overwrite is specified, it probes to
4686 determine if a filesystem already exists on the target device, return‐
4687 ing an error if one exists or using mkfs to format the target device if
4688 not. If --overwrite is specified, mkfs is always executed and any
4689 existing data on the target device is overwritten unconditionally.
4690 For a disk pool, if neither of them is specified or --no-overwrite is
4692 specified, pool-build will check the target volume device for existing
4693 filesystems or partitions before attempting to write a new label on the
4694 target volume device. If the target volume device already has a label,
4695 the command will fail. If --overwrite is specified, then no check will
4696 be made on the target volume device prior to writing a new label. Writ‐
4697 ing of the label uses the pool source format type or "dos" if not spec‐
4698 ified.
4699 For a logical pool, if neither of them is specified or --no-overwrite
4701 is specified, pool-build will check the target volume devices for
4702 existing filesystems or partitions before attempting to initialize and
4703 format each device for usage by the logical pool. If any target volume
4704 device already has a label, the command will fail. If --overwrite is
4705 specified, then no check will be made on the target volume devices
4706 prior to initializing and formatting each device. Once all the target
4707 volume devices are properly formatted via pvcreate, the volume group
4708 will be created using all the devices.
4709 pool-create
4711 Syntax:
4712 pool-create file [--build] [[--overwrite] | [--no-overwrite]]
4714 Create and start a pool object from the XML file.
4716 [--build] [[--overwrite] | [--no-overwrite]] perform a pool-build after
4718 creation in order to remove the need for a follow-up command to build
4719 the pool. The --overwrite and --no-overwrite flags follow the same
4720 rules as pool-build. If just --build is provided, then pool-build is
4721 called with no flags.
4722 pool-create-as
4724 Syntax:
4725 pool-create-as name type
4727 [--source-host hostname] [--source-path path] [--source-dev path]
4728 [--source-name name] [--target path] [--source-format format]
4729 [--auth-type authtype --auth-username username
4730 [--secret-usage usage | --secret-uuid uuid]]
4731 [--source-protocol-ver ver]
4732 [[--adapter-name name] | [--adapter-wwnn wwnn --adapter-wwpn wwpn]
4733 [--adapter-parent parent |
4734 --adapter-parent-wwnn parent_wwnn adapter-parent-wwpn parent_wwpn |
4735 --adapter-parent-fabric-wwn parent_fabric_wwn]]
4736 [--build] [[--overwrite] | [--no-overwrite]] [--print-xml]
4737 Create and start a pool object name from the raw parameters. If
4739 --print-xml is specified, then print the XML of the pool object without
4740 creating the pool. Otherwise, the pool has the specified type. When
4741 using pool-create-as for a pool of type "disk", the existing partitions
4742 found on the --source-dev path will be used to populate the disk pool.
4743 Therefore, it is suggested to use pool-define-as and pool-build with
4744 the --overwrite in order to properly initialize the disk pool.
4745 [--source-host hostname] provides the source hostname for pools backed
4747 by storage from a remote server (pool types netfs, iscsi, rbd, sheep‐
4748 dog, gluster).
4749 [--source-path path] provides the source directory path for pools
4751 backed by directories (pool type dir).
4752 [--source-dev path] provides the source path for pools backed by physi‐
4754 cal devices (pool types fs, logical, disk, iscsi, zfs).
4755 [--source-name name] provides the source name for pools backed by stor‐
4757 age from a named element (pool types logical, rbd, sheepdog, gluster).
4758 [--target path] is the path for the mapping of the storage pool into
4760 the host file system.
4761 [--source-format format] provides information about the format of the
4763 pool (pool types fs, netfs, disk, logical).
4764 [--auth-type authtype --auth-username username [--secret-usage usage |
4766 --secret-uuid uuid]] provides the elements required to generate authen‐
4767 tication credentials for the storage pool. The authtype is either chap
4768 for iscsi type pools or ceph for rbd type pools. Either the secret
4769 usage or uuid value may be provided, but not both.
4770 [--source-protocol-ver ver] provides the NFS protocol version number
4772 used to contact the server's NFS service via nfs mount option
4773 'nfsvers=n'. It is expect the ver value is an unsigned integer.
4774 [--adapter-name name] defines the scsi_hostN adapter name to be used
4776 for the scsi_host adapter type pool.
4777 [--adapter-wwnn wwnn --adapter-wwpn wwpn [--adapter-parent parent |
4779 --adapter-parent-wwnn parent_wwnn adapter-parent-wwpn parent_wwpn |
4780 --adapter-parent-fabric-wwn parent_fabric_wwn]] defines the wwnn and
4781 wwpn to be used for the fc_host adapter type pool. Optionally provide
4782 the parent scsi_hostN node device to be used for the vHBA either by
4783 parent name, parent_wwnn and parent_wwpn, or parent_fabric_wwn. The
4784 parent name could change between reboots if the hardware environment
4785 changes, so providing the parent_wwnn and parent_wwpn ensure usage of
4786 the same physical HBA even if the scsi_hostN node device changes. Usage
4787 of the parent_fabric_wwn allows a bit more flexibility to choose an HBA
4788 on the same storage fabric in order to define the pool.
4789 [--build] [[--overwrite] | [--no-overwrite]] perform a pool-build after
4791 creation in order to remove the need for a follow-up command to build
4792 the pool. The --overwrite and --no-overwrite flags follow the same
4793 rules as pool-build. If just --build is provided, then pool-build is
4794 called with no flags.
4795 For a "logical" pool only [--name] needs to be provided. The
4797 [--source-name] if provided must match the Volume Group name. If not
4798 provided, one will be generated using the [--name]. If provided the
4799 [--target] is ignored and a target source is generated using the
4800 [--source-name] (or as generated from the [--name]).
4801 pool-define
4803 Syntax:
4804 pool-define file
4806 Define an inactive persistent storage pool or modify an existing per‐
4808 sistent one from the XML file.
4809 pool-define-as
4811 Syntax:
4812 pool-define-as name type
4814 [--source-host hostname] [--source-path path] [--source-dev path]
4815 [*--source-name name*] [*--target path*] [*--source-format format*]
4816 [*--auth-type authtype* *--auth-username username*
4817 [*--secret-usage usage* | *--secret-uuid uuid*]]
4818 [*--source-protocol-ver ver*]
4819 [[*--adapter-name name*] | [*--adapter-wwnn* *--adapter-wwpn*]
4820 [*--adapter-parent parent*]] [*--print-xml*]
4821 Create, but do not start, a pool object name from the raw parameters.
4823 If --print-xml is specified, then print the XML of the pool object
4824 without defining the pool. Otherwise, the pool has the specified type.
4825 Use the same arguments as pool-create-as, except for the --build,
4827 --overwrite, and --no-overwrite options.
4828 pool-destroy
4830 Syntax:
4831 pool-destroy pool-or-uuid
4833 Destroy (stop) a given pool object. Libvirt will no longer manage the
4835 storage described by the pool object, but the raw data contained in the
4836 pool is not changed, and can be later recovered with pool-create.
4837 pool-delete
4839 Syntax:
4840 pool-delete pool-or-uuid
4842 Destroy the resources used by a given pool object. This operation is
4844 non-recoverable. The pool object will still exist after this command,
4845 ready for the creation of new storage volumes.
4846 pool-dumpxml
4848 Syntax:
4849 pool-dumpxml [--inactive] pool-or-uuid
4851 Returns the XML information about the pool object. --inactive tells
4853 virsh to dump pool configuration that will be used on next start of the
4854 pool as opposed to the current pool configuration.
4855 pool-edit
4857 Syntax:
4858 pool-edit pool-or-uuid
4860 Edit the XML configuration file for a storage pool.
4862 This is equivalent to:
4864 virsh pool-dumpxml pool > pool.xml
4866 vi pool.xml (or make changes with your other text editor)
4867 virsh pool-define pool.xml
4868 except that it does some error checking.
4870 The editor used can be supplied by the $VISUAL or $EDITOR environment
4872 variables, and defaults to vi.
4873 pool-info
4875 Syntax:
4876 pool-info [--bytes] pool-or-uuid
4878 Returns basic information about the pool object. If --bytes is speci‐
4880 fied the sizes of basic info are not converted to human friendly units.
4881 pool-list
4883 Syntax:
4884 pool-list [--inactive] [--all]
4886 [--persistent] [--transient]
4887 [--autostart] [--no-autostart]
4888 [[--details] [--uuid]
4889 [--name] [<type>]
4890 List pool objects known to libvirt. By default, only active pools are
4892 listed; --inactive lists just the inactive pools, and --all lists all
4893 pools.
4894 In addition, there are several sets of filtering flags. --persistent is
4896 to list the persistent pools, --transient is to list the transient
4897 pools. --autostart lists the autostarting pools, --no-autostart lists
4898 the pools with autostarting disabled. If --uuid is specified only
4899 pool's UUIDs are printed. If --name is specified only pool's names are
4900 printed. If both --name and --uuid are specified, pool's UUID and names
4901 are printed side by side without any header. Option --details is mutu‐
4902 ally exclusive with options --uuid and --name.
4903 You may also want to list pools with specified types using type, the
4905 pool types must be separated by comma, e.g. --type dir,disk. The valid
4906 pool types include 'dir', 'fs', 'netfs', 'logical', 'disk', 'iscsi',
4907 'scsi', 'mpath', 'rbd', 'sheepdog', 'gluster', 'zfs', 'vstorage' and
4908 'iscsi-direct'.
4909 The --details option instructs virsh to additionally display pool per‐
4911 sistence and capacity related information where available.
4912 NOTE: When talking to older servers, this command is forced to use a
4914 series of API calls with an inherent race, where a pool might not be
4915 listed or might appear more than once if it changed state between calls
4916 while the list was being collected. Newer servers do not have this
4917 problem.
4918 pool-name
4920 Syntax:
4921 pool-name uuid
4923 Convert the uuid to a pool name.
4925 pool-refresh
4927 Syntax:
4928 pool-refresh pool-or-uuid
4930 Refresh the list of volumes contained in pool.
4932 pool-start
4934 Syntax:
4935 pool-start pool-or-uuid [--build] [[--overwrite] | [--no-overwrite]]
4937 Start the storage pool, which is previously defined but inactive.
4939 [--build] [[--overwrite] | [--no-overwrite]] perform a pool-build prior
4941 to pool-start to ensure the pool environment is in an expected state
4942 rather than needing to run the build command prior to startup. The
4943 --overwrite and --no-overwrite flags follow the same rules as
4944 pool-build. If just --build is provided, then pool-build is called with
4945 no flags.
4946 Note: A storage pool that relies on remote resources such as an "iscsi"
4948 or a (v)HBA backed "scsi" pool may need to be refreshed multiple times
4949 in order to have all the volumes detected (see pool-refresh). This is
4950 because the corresponding volume devices may not be present in the
4951 host's filesystem during the initial pool startup or the current
4952 refresh attempt. The number of refresh retries is dependent upon the
4953 network connection and the time the host takes to export the corre‐
4954 sponding devices.
4955 pool-undefine
4957 Syntax:
4958 pool-undefine pool-or-uuid
4960 Undefine the configuration for an inactive pool.
4962 pool-uuid
4964 Syntax:
4965 pool-uuid pool
4967 Returns the UUID of the named pool.
4969 pool-event
4971 Syntax:
4972 pool-event {[pool] event [--loop] [--timeout seconds] [--timestamp] | --list}
4974 Wait for a class of storage pool events to occur, and print appropriate
4976 details of events as they happen. The events can optionally be fil‐
4977 tered by pool. Using --list as the only argument will provide a list
4978 of possible event values known by this client, although the connection
4979 might not allow registering for all these events.
4980 By default, this command is one-shot, and returns success once an event
4982 occurs; you can send SIGINT (usually via Ctrl-C) to quit immediately.
4983 If --timeout is specified, the command gives up waiting for events
4984 after seconds have elapsed. With --loop, the command prints all
4985 events until a timeout or interrupt key.
4986 When --timestamp is used, a human-readable timestamp will be printed
4988 before the event.
4989
4991 vol-create
4992 Syntax:
4993 vol-create pool-or-uuid FILE [--prealloc-metadata]
4995 Create a volume from an XML <file>.
4997 pool-or-uuid is the name or UUID of the storage pool to create the vol‐
4999 ume in.
5000 FILE is the XML <file> with the volume definition. An easy way to cre‐
5002 ate the XML <file> is to use the vol-dumpxml command to obtain the def‐
5003 inition of a pre-existing volume.
5004 [--prealloc-metadata] preallocate metadata (for qcow2 images which
5006 don't support full allocation). This option creates a sparse image file
5007 with metadata, resulting in higher performance compared to images with
5008 no preallocation and only slightly higher initial disk space usage.
5009 Example:
5011 virsh vol-dumpxml --pool storagepool1 appvolume1 > newvolume.xml
5013 vi newvolume.xml (or make changes with your other text editor)
5014 virsh vol-create differentstoragepool newvolume.xml
5015 vol-create-from
5017 Syntax:
5018 vol-create-from pool-or-uuid FILE vol-name-or-key-or-path
5020 [--inputpool pool-or-uuid] [--prealloc-metadata] [--reflink]
5021 Create a volume, using another volume as input.
5023 pool-or-uuid is the name or UUID of the storage pool to create the vol‐
5025 ume in.
5026 FILE is the XML <file> with the volume definition.
5028 vol-name-or-key-or-path is the name or key or path of the source vol‐
5030 ume.
5031 --inputpool pool-or-uuid is the name or uuid of the storage pool the
5033 source volume is in.
5034 [--prealloc-metadata] preallocate metadata (for qcow2 images which
5036 don't support full allocation). This option creates a sparse image file
5037 with metadata, resulting in higher performance compared to images with
5038 no preallocation and only slightly higher initial disk space usage.
5039 When --reflink is specified, perform a COW lightweight copy, where the
5041 data blocks are copied only when modified. If this is not possible,
5042 the copy fails.
5043 vol-create-as
5045 Syntax:
5046 vol-create-as pool-or-uuid name capacity [--allocation size] [--format string]
5048 [--backing-vol vol-name-or-key-or-path]
5049 [--backing-vol-format string] [--prealloc-metadata] [--print-xml]
5050 Create a volume from a set of arguments unless --print-xml is speci‐
5052 fied, in which case just the XML of the volume object is printed out
5053 without any actual object creation.
5054 pool-or-uuid is the name or UUID of the storage pool to create the vol‐
5056 ume in.
5057 name is the name of the new volume. For a disk pool, this must match
5059 the partition name as determined from the pool's source device path and
5060 the next available partition. For example, a source device path of
5061 /dev/sdb and there are no partitions on the disk, then the name must be
5062 sdb1 with the next name being sdb2 and so on.
5063 capacity is the size of the volume to be created, as a scaled integer
5065 (see NOTES above), defaulting to bytes if there is no suffix.
5066 --allocation size is the initial size to be allocated in the volume,
5068 also as a scaled integer defaulting to bytes.
5069 --format string is used in file based storage pools to specify the vol‐
5071 ume file format to use; raw, bochs, qcow, qcow2, vmdk, qed. Use
5072 extended for disk storage pools in order to create an extended parti‐
5073 tion (other values are validity checked but not preserved when libvirtd
5074 is restarted or the pool is refreshed).
5075 --backing-vol vol-name-or-key-or-path is the source backing volume to
5077 be used if taking a snapshot of an existing volume.
5078 --backing-vol-format string is the format of the snapshot backing vol‐
5080 ume; raw, bochs, qcow, qcow2, qed, vmdk, host_device. These are, how‐
5081 ever, meant for file based storage pools.
5082 [--prealloc-metadata] preallocate metadata (for qcow2 images which
5084 don't support full allocation). This option creates a sparse image file
5085 with metadata, resulting in higher performance compared to images with
5086 no preallocation and only slightly higher initial disk space usage.
5087 vol-clone
5089 Syntax:
5090 vol-clone vol-name-or-key-or-path name
5092 [--pool pool-or-uuid] [--prealloc-metadata] [--reflink]
5093 Clone an existing volume within the parent pool. Less powerful, but
5095 easier to type, version of vol-create-from.
5096 vol-name-or-key-or-path is the name or key or path of the source vol‐
5098 ume.
5099 name is the name of the new volume.
5101 --pool pool-or-uuid is the name or UUID of the storage pool that con‐
5103 tains the source volume and will contain the new volume. If the source
5104 volume name is provided instead of the key or path, then providing the
5105 pool is necessary to find the volume to be cloned; otherwise, the first
5106 volume found by the key or path will be used.
5107 [--prealloc-metadata] preallocate metadata (for qcow2 images which
5109 don't support full allocation). This option creates a sparse image file
5110 with metadata, resulting in higher performance compared to images with
5111 no preallocation and only slightly higher initial disk space usage.
5112 When --reflink is specified, perform a COW lightweight copy, where the
5114 data blocks are copied only when modified. If this is not possible,
5115 the copy fails.
5116 vol-delete
5118 Syntax:
5119 vol-delete vol-name-or-key-or-path [--pool pool-or-uuid] [--delete-snapshots]
5121 Delete a given volume.
5123 vol-name-or-key-or-path is the volume name or key or path of the volume
5125 to delete.
5126 [--pool pool-or-uuid] is the name or UUID of the storage pool the vol‐
5128 ume is in. If the volume name is provided instead of the key or path,
5129 then providing the pool is necessary to find the volume to be deleted;
5130 otherwise, the first volume found by the key or path will be used.
5131 The --delete-snapshots flag specifies that any snapshots associated
5133 with the storage volume should be deleted as well. Not all storage
5134 drivers support this option, presently only rbd.
5135 vol-upload
5137 Syntax:
5138 vol-upload vol-name-or-key-or-path local-file
5140 [--pool pool-or-uuid] [--offset bytes]
5141 [--length bytes] [--sparse]
5142 Upload the contents of local-file to a storage volume.
5144 vol-name-or-key-or-path is the name or key or path of the volume where
5146 the local-file will be uploaded.
5147 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5149 is in. If the volume name is provided instead of the key or path, then
5150 providing the pool is necessary to find the volume to be uploaded into;
5151 otherwise, the first volume found by the key or path will be used.
5152 --offset is the position in the storage volume at which to start writ‐
5154 ing the data. The value must be 0 or larger.
5155 --length is an upper bound of the amount of data to be uploaded. A
5157 negative value is interpreted as an unsigned long long value to essen‐
5158 tially include everything from the offset to the end of the volume.
5159 If --sparse is specified, this command will preserve volume sparseness.
5161 An error will occur if the local-file is greater than the specified
5163 length.
5164 See the description for the libvirt virStorageVolUpload API for details
5166 regarding possible target volume and pool changes as a result of the
5167 pool refresh when the upload is attempted.
5168 vol-download
5170 Syntax:
5171 vol-download vol-name-or-key-or-path local-file
5173 [--pool pool-or-uuid] [--offset bytes] [--length bytes]
5174 [--sparse]
5175 Download the contents of a storage volume to local-file.
5177 vol-name-or-key-or-path is the name or key or path of the volume to
5179 download into local-file.
5180 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5182 is in. If the volume name is provided instead of the key or path, then
5183 providing the pool is necessary to find the volume to be uploaded into;
5184 otherwise, the first volume found by the key or path will be used.
5185 --offset is the position in the storage volume at which to start read‐
5187 ing the data. The value must be 0 or larger.
5188 --length is an upper bound of the amount of data to be downloaded. A
5190 negative value is interpreted as an unsigned long long value to essen‐
5191 tially include everything from the offset to the end of the volume.
5192 If --sparse is specified, this command will preserve volume sparseness.
5194 vol-wipe
5196 Syntax:
5197 vol-wipe vol-name-or-key-or-path [--pool pool-or-uuid] [--algorithm algorithm]
5199 Wipe a volume, ensure data previously on the volume is not accessible
5201 to future reads.
5202 vol-name-or-key-or-path is the name or key or path of the volume to
5204 wipe. It is possible to choose different wiping algorithms instead of
5205 re-writing volume with zeroes.
5206 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5208 is in. If the volume name is provided instead of the key or path, then
5209 providing the pool is necessary to find the volume to be wiped; other‐
5210 wise, the first volume found by the key or path will be used.
5211 Use the --algorithm switch choosing from the list of the following
5213 algorithms in order to define which algorithm to use for the wipe.
5214 Supported algorithms
5216 · zero - 1-pass all zeroes
5218 · nnsa - 4-pass NNSA Policy Letter NAP-14.1-C (XVI-8) for sani‐
5220 tizing removable and non-removable hard disks: random x2, 0x00, ver‐
5221 ify.
5222 · dod - 4-pass DoD 5220.22-M section 8-306 procedure for sani‐
5224 tizing removable and non-removable rigid disks: random, 0x00, 0xff,
5225 verify.
5226 · bsi - 9-pass method recommended by the German Center of Secu‐
5228 rity in Information Technologies (http://www.bsi.bund.de): 0xff,
5229 0xfe, 0xfd, 0xfb, 0xf7, 0xef, 0xdf, 0xbf, 0x7f.
5230 · gutmann - The canonical 35-pass sequence described in Gutmann's
5232 paper.
5233 · schneier - 7-pass method described by Bruce Schneier in "Applied
5235 Cryptography" (1996): 0x00, 0xff, random x5.
5236 · pfitzner7 - Roy Pfitzner's 7-random-pass method: random x7.
5238 · pfitzner33 - Roy Pfitzner's 33-random-pass method: random x33.
5240 · random - 1-pass pattern: random.
5242 · trim - 1-pass trimming the volume using TRIM or DISCARD
5244 Note: The scrub binary will be used to handle the 'nnsa', 'dod', 'bsi',
5246 'gutmann', 'schneier', 'pfitzner7' and 'pfitzner33' algorithms. The
5247 availability of the algorithms may be limited by the version of the
5248 scrub binary installed on the host. The 'zero' algorithm will write
5249 zeroes to the entire volume. For some volumes, such as sparse or rbd
5250 volumes, this may result in completely filling the volume with zeroes
5251 making it appear to be completely full. As an alternative, the 'trim'
5252 algorithm does not overwrite all the data in a volume, rather it
5253 expects the storage driver to be able to discard all bytes in a volume.
5254 It is up to the storage driver to handle how the discarding occurs. Not
5255 all storage drivers or volume types can support 'trim'.
5256 vol-dumpxml
5258 Syntax:
5259 vol-dumpxml vol-name-or-key-or-path [--pool pool-or-uuid]
5261 Output the volume information as an XML dump to stdout.
5263 vol-name-or-key-or-path is the name or key or path of the volume to
5265 output the XML.
5266 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5268 is in. If the volume name is provided instead of the key or path, then
5269 providing the pool is necessary to find the volume to be uploaded into;
5270 otherwise, the first volume found by the key or path will be used.
5271 vol-info
5273 Syntax:
5274 vol-info vol-name-or-key-or-path [--pool pool-or-uuid] [--bytes] [--physical]
5276 Returns basic information about the given storage volume.
5278 vol-name-or-key-or-path is the name or key or path of the volume to
5280 return information for.
5281 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5283 is in. If the volume name is provided instead of the key or path, then
5284 providing the pool is necessary to find the volume to be uploaded into;
5285 otherwise, the first volume found by the key or path will be used.
5286 If --bytes is specified the sizes are not converted to human friendly
5288 units.
5289 If --physical is specified, then the host physical size is returned and
5291 displayed instead of the allocation value. The physical value for some
5292 file types, such as qcow2 may have a different (larger) physical value
5293 than is shown for allocation. Additionally sparse files will have dif‐
5294 ferent physical and allocation values.
5295 vol-list
5297 Syntax:
5298 vol-list [--pool pool-or-uuid] [--details]
5300 Return the list of volumes in the given storage pool.
5302 --pool pool-or-uuid is the name or UUID of the storage pool.
5304 The --details option instructs virsh to additionally display volume
5306 type and capacity related information where available.
5307 vol-pool
5309 Syntax:
5310 vol-pool vol-key-or-path [--uuid]
5312 Return the pool name or UUID for a given volume. By default, the pool
5314 name is returned.
5315 vol-key-or-path is the key or path of the volume to return the pool
5317 information.
5318 If the --uuid option is given, the pool UUID is returned instead.
5320 vol-path
5322 Syntax:
5323 vol-path vol-name-or-key [--pool pool-or-uuid]
5325 Return the path for a given volume.
5327 vol-name-or-key is the name or key of the volume to return the path.
5329 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5331 is in. If the volume name is provided instead of the key, then provid‐
5332 ing the pool is necessary to find the volume to be uploaded into; oth‐
5333 erwise, the first volume found by the key will be used.
5334 vol-name
5336 Syntax:
5337 vol-name vol-key-or-path
5339 Return the name for a given volume.
5341 vol-key-or-path is the key or path of the volume to return the name.
5343 vol-key
5345 Syntax:
5346 vol-key vol-name-or-path [--pool pool-or-uuid]
5348 Return the volume key for a given volume.
5350 vol-name-or-path is the name or path of the volume to return the volume
5352 key.
5353 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5355 is in. If the volume name is provided instead of the path, then provid‐
5356 ing the pool is necessary to find the volume to be uploaded into; oth‐
5357 erwise, the first volume found by the path will be used.
5358 vol-resize
5360 Syntax:
5361 vol-resize vol-name-or-path capacity [--pool pool-or-uuid] [--allocate] [--delta] [--shrink]
5363 Resize the capacity of the given volume, in bytes.
5365 vol-name-or-key-or-path is the name or key or path of the volume to
5367 resize.
5368 capacity is a scaled integer (see NOTES above) for the volume, which
5370 defaults to bytes if there is no suffix.
5371 --pool pool-or-uuid is the name or UUID of the storage pool the volume
5373 is in. If the volume name is provided instead of the key or path, then
5374 providing the pool is necessary to find the volume to be uploaded into;
5375 otherwise, the first volume found by the key or path will be used.
5376 The new capacity might be sparse unless --allocate is specified.
5378 Normally, capacity is the new size, but if --delta is present, then it
5380 is added to the existing size.
5381 Attempts to shrink the volume will fail unless --shrink is present.
5383 The capacity cannot be negative unless --shrink is provided, but a neg‐
5384 ative sign is not necessary.
5385 This command is only safe for storage volumes not in use by an active
5387 guest; see also blockresize for live resizing.
5388
5390 The following commands manipulate "secrets" (e.g. passwords,
5391 passphrases and encryption keys). Libvirt can store secrets indepen‐
5392 dently from their use, and other objects (e.g. volumes or domains) can
5393 refer to the secrets for encryption or possibly other uses. Secrets
5394 are identified using a UUID. See https://libvirt.org/formatsecret.html
5395 for documentation of the XML format used to represent properties of
5396 secrets.
5397 secret-define
5399 Syntax:
5400 secret-define file
5402 Create a secret with the properties specified in file, with no associ‐
5404 ated secret value. If file does not specify a UUID, choose one auto‐
5405 matically. If file specifies a UUID of an existing secret, replace its
5406 properties by properties defined in file, without affecting the secret
5407 value.
5408 secret-dumpxml
5410 Syntax:
5411 secret-dumpxml secret
5413 Output properties of secret (specified by its UUID) as an XML dump to
5415 stdout.
5416 secret-event
5418 Syntax:
5419 secret-event {[secret] event [--loop] [--timeout seconds] [--timestamp] | --list}
5421 Wait for a class of secret events to occur, and print appropriate
5423 details of events as they happen. The events can optionally be fil‐
5424 tered by secret. Using --list as the only argument will provide a list
5425 of possible event values known by this client, although the connection
5426 might not allow registering for all these events.
5427 By default, this command is one-shot, and returns success once an event
5429 occurs; you can send SIGINT (usually via Ctrl-C) to quit immediately.
5430 If --timeout is specified, the command gives up waiting for events
5431 after seconds have elapsed. With --loop, the command prints all
5432 events until a timeout or interrupt key.
5433 When --timestamp is used, a human-readable timestamp will be printed
5435 before the event.
5436 secret-set-value
5438 Syntax:
5439 secret-set-value secret (--file filename [--plain] | --interactive | base64)
5441 Set the value associated with secret (specified by its UUID) to the
5443 value Base64-encoded value base64 or Base-64-encoded contents of file
5444 named filename. Using the --plain flag is together with --file allows
5445 to use the file contents directly as the secret value.
5446 If --interactive flag is used the secret value is read as a password
5448 from the terminal.
5449 Note that --file, --interactive and base64 options are mutually exclu‐
5451 sive.
5452 Passing secrets via the base64 option on command line is INSECURE and
5454 deprecated. Use the --file option instead.
5455 secret-get-value
5457 Syntax:
5458 secret-get-value [--plain] secret
5460 Output the value associated with secret (specified by its UUID) to std‐
5462 out, encoded using Base64.
5463 If the --plain flag is used the value is not base64 encoded, but rather
5465 printed raw. Note that unless virsh is started in quiet mode (virsh -q)
5466 it prints a newline at the end of the command. This newline is not part
5467 of the secret.
5468 secret-undefine
5470 Syntax:
5471 secret-undefine secret
5473 Delete a secret (specified by its UUID), including the associated
5475 value, if any.
5476 secret-list
5478 Syntax:
5479 secret-list [--ephemeral] [--no-ephemeral]
5481 [--private] [--no-private]
5482 Returns the list of secrets. You may also want to filter the returned
5484 secrets by --ephemeral to list the ephemeral ones, --no-ephemeral to
5485 list the non-ephemeral ones, --private to list the private ones, and
5486 --no-private to list the non-private ones.
5487
5489 The following commands manipulate domain snapshots. Snapshots take the
5490 disk, memory, and device state of a domain at a point-of-time, and save
5491 it for future use. They have many uses, from saving a "clean" copy of
5492 an OS image to saving a domain's state before a potentially destructive
5493 operation. Snapshots are identified with a unique name. See
5494 https://libvirt.org/formatsnapshot.html for documentation of the XML
5495 format used to represent properties of snapshots.
5496 snapshot-create
5498 Syntax:
5499 snapshot-create domain [xmlfile] {[--redefine [--current]] |
5501 [--no-metadata] [--halt] [--disk-only] [--reuse-external]
5502 [--quiesce] [--atomic] [--live]} [--validate]
5503 Create a snapshot for domain domain with the properties specified in
5505 xmlfile. Optionally, the --validate option can be passed to validate
5506 the format of the input XML file against an internal RNG schema (iden‐
5507 tical to using the virt-xml-validate(1) tool). Normally, the only prop‐
5508 erties settable for a domain snapshot are the <name> and <description>
5509 elements, as well as <disks> if --disk-only is given; the rest of the
5510 fields are ignored, and automatically filled in by libvirt. If xmlfile
5511 is completely omitted, then libvirt will choose a value for all fields.
5512 The new snapshot will become current, as listed by snapshot-current.
5513 If --halt is specified, the domain will be left in an inactive state
5515 after the snapshot is created.
5516 If --disk-only is specified, the snapshot will only include disk con‐
5518 tent rather than the usual full system snapshot with vm state. Disk
5519 snapshots are captured faster than full system snapshots, but reverting
5520 to a disk snapshot may require fsck or journal replays, since it is
5521 like the disk state at the point when the power cord is abruptly
5522 pulled; and mixing --halt and --disk-only loses any data that was not
5523 flushed to disk at the time.
5524 If --redefine is specified, then all XML elements produced by snap‐
5526 shot-dumpxml are valid; this can be used to migrate snapshot hierarchy
5527 from one machine to another, to recreate hierarchy for the case of a
5528 transient domain that goes away and is later recreated with the same
5529 name and UUID, or to make slight alterations in the snapshot metadata
5530 (such as host-specific aspects of the domain XML embedded in the snap‐
5531 shot). When this flag is supplied, the xmlfile argument is mandatory,
5532 and the domain's current snapshot will not be altered unless the --cur‐
5533 rent flag is also given.
5534 If --no-metadata is specified, then the snapshot data is created, but
5536 any metadata is immediately discarded (that is, libvirt does not treat
5537 the snapshot as current, and cannot revert to the snapshot unless
5538 --redefine is later used to teach libvirt about the metadata again).
5539 If --reuse-external is specified, and the snapshot XML requests an
5541 external snapshot with a destination of an existing file, then the des‐
5542 tination must exist and be pre-created with correct format and meta‐
5543 data. The file is then reused; otherwise, a snapshot is refused to
5544 avoid losing contents of the existing files.
5545 If --quiesce is specified, libvirt will try to use guest agent to
5547 freeze and unfreeze domain's mounted file systems. However, if domain
5548 has no guest agent, snapshot creation will fail. Currently, this
5549 requires --disk-only to be passed as well.
5550 If --atomic is specified, libvirt will guarantee that the snapshot
5552 either succeeds, or fails with no changes; not all hypervisors support
5553 this. If this flag is not specified, then some hypervisors may fail
5554 after partially performing the action, and dumpxml must be used to see
5555 whether any partial changes occurred.
5556 If --live is specified, libvirt takes the snapshot while the guest is
5558 running. Both disk snapshot and domain memory snapshot are taken. This
5559 increases the size of the memory image of the external snapshot. This
5560 is currently supported only for full system external snapshots.
5561 Existence of snapshot metadata will prevent attempts to undefine a per‐
5563 sistent domain. However, for transient domains, snapshot metadata is
5564 silently lost when the domain quits running (whether by command such as
5565 destroy or by internal guest action).
5566 For now, it is not possible to create snapshots in a domain that has
5568 checkpoints, although this restriction will be lifted in a future
5569 release.
5570 snapshot-create-as
5572 Syntax:
5573 snapshot-create-as domain {[--print-xml] [--no-metadata]
5575 [--halt] [--reuse-external]} [name]
5576 [description] [--disk-only [--quiesce]] [--atomic]
5577 [[--live] [--memspec memspec]] [--diskspec] diskspec]...
5578 Create a snapshot for domain domain with the given <name> and <descrip‐
5580 tion>; if either value is omitted, libvirt will choose a value. If
5581 --print-xml is specified, then XML appropriate for snapshot-create is
5582 output, rather than actually creating a snapshot. Otherwise, if --halt
5583 is specified, the domain will be left in an inactive state after the
5584 snapshot is created, and if --disk-only is specified, the snapshot will
5585 not include vm state.
5586 The --memspec option can be used to control whether a full system snap‐
5588 shot is internal or external. The --memspec flag is mandatory, fol‐
5589 lowed by a memspec of the form [file=]name[,snapshot=type], where type
5590 can be no, internal, or external. To include a literal comma in
5591 file=name, escape it with a second comma. --memspec cannot be used
5592 together with --disk-only.
5593 The --diskspec option can be used to control how --disk-only and exter‐
5595 nal full system snapshots create external files. This option can occur
5596 multiple times, according to the number of <disk> elements in the
5597 domain xml. Each <diskspec> is in the form disk[,snap‐
5598 shot=type][,driver=type][,stype=type][,file=name]. A diskspec must be
5599 provided for disks backed by block devices as libvirt doesn't auto-gen‐
5600 erate file names for those. The optional stype parameter allows to
5601 control the type of the source file. Supported values are 'file'
5602 (default) and 'block'. To exclude a disk from an external snapshot use
5603 --diskspec disk,snapshot=no.
5604 To include a literal comma in disk or in file=name, escape it with a
5606 second comma. A literal --diskspec must precede each diskspec unless
5607 all three of domain, name, and description are also present. For exam‐
5608 ple, a diskspec of "vda,snapshot=external,file=/path/to,,new" results
5609 in the following XML:
5610 <disk name='vda' snapshot='external'>
5612 <source file='/path/to,new'/>
5613 </disk>
5614 If --reuse-external is specified, and the domain XML or diskspec option
5616 requests an external snapshot with a destination of an existing file,
5617 then the destination must exist and be pre-created with correct format
5618 and metadata. The file is then reused; otherwise, a snapshot is refused
5619 to avoid losing contents of the existing files.
5620 If --quiesce is specified, libvirt will try to use guest agent to
5622 freeze and unfreeze domain's mounted file systems. However, if domain
5623 has no guest agent, snapshot creation will fail. Currently, this
5624 requires --disk-only to be passed as well.
5625 If --no-metadata is specified, then the snapshot data is created, but
5627 any metadata is immediately discarded (that is, libvirt does not treat
5628 the snapshot as current, and cannot revert to the snapshot unless snap‐
5629 shot-create is later used to teach libvirt about the metadata again).
5630 If --atomic is specified, libvirt will guarantee that the snapshot
5632 either succeeds, or fails with no changes; not all hypervisors support
5633 this. If this flag is not specified, then some hypervisors may fail
5634 after partially performing the action, and dumpxml must be used to see
5635 whether any partial changes occurred.
5636 If --live is specified, libvirt takes the snapshot while the guest is
5638 running. This increases the size of the memory image of the external
5639 snapshot. This is currently supported only for external full system
5640 snapshots.
5641 For now, it is not possible to create snapshots in a domain that has
5643 checkpoints, although this restriction will be lifted in a future
5644 release.
5645 snapshot-current
5647 Syntax:
5648 snapshot-current domain {[--name] | [--security-info] | [snapshotname]}
5650 Without snapshotname, this will output the snapshot XML for the
5652 domain's current snapshot (if any). If --name is specified, just the
5653 current snapshot name instead of the full xml. Otherwise, using
5654 --security-info will also include security sensitive information in the
5655 XML.
5656 With snapshotname, this is a request to make the existing named snap‐
5658 shot become the current snapshot, without reverting the domain.
5659 snapshot-edit
5661 Syntax:
5662 snapshot-edit domain [snapshotname] [--current] {[--rename] | [--clone]}
5664 Edit the XML configuration file for snapshotname of a domain. If both
5666 snapshotname and --current are specified, also force the edited snap‐
5667 shot to become the current snapshot. If snapshotname is omitted, then
5668 --current must be supplied, to edit the current snapshot.
5669 This is equivalent to:
5671 virsh snapshot-dumpxml dom name > snapshot.xml
5673 vi snapshot.xml (or make changes with your other text editor)
5674 virsh snapshot-create dom snapshot.xml --redefine [--current]
5675 except that it does some error checking.
5677 The editor used can be supplied by the $VISUAL or $EDITOR environment
5679 variables, and defaults to vi.
5680 If --rename is specified, then the edits can change the snapshot name.
5682 If --clone is specified, then changing the snapshot name will create a
5683 clone of the snapshot metadata. If neither is specified, then the
5684 edits must not change the snapshot name. Note that changing a snapshot
5685 name must be done with care, since the contents of some snapshots, such
5686 as internal snapshots within a single qcow2 file, are accessible only
5687 from the original name.
5688 snapshot-info
5690 Syntax:
5691 snapshot-info domain {snapshot | --current}
5693 Output basic information about a named <snapshot>, or the current snap‐
5695 shot with --current.
5696 snapshot-list
5698 Syntax:
5699 snapshot-list domain [--metadata] [--no-metadata]
5701 [{--parent | --roots | [{--tree | --name}]}] [--topological]
5702 [{[--from] snapshot | --current} [--descendants]]
5703 [--leaves] [--no-leaves] [--inactive] [--active]
5704 [--disk-only] [--internal] [--external]
5705 List all of the available snapshots for the given domain, defaulting to
5707 show columns for the snapshot name, creation time, and domain state.
5708 Normally, table form output is sorted by snapshot name; using --topo‐
5710 logical instead sorts so that no child is listed before its ancestors
5711 (although there may be more than one possible ordering with this prop‐
5712 erty).
5713 If --parent is specified, add a column to the output table giving the
5715 name of the parent of each snapshot. If --roots is specified, the list
5716 will be filtered to just snapshots that have no parents. If --tree is
5717 specified, the output will be in a tree format, listing just snapshot
5718 names. These three options are mutually exclusive. If --name is speci‐
5719 fied only the snapshot name is printed. This option is mutually exclu‐
5720 sive with --tree.
5721 If --from is provided, filter the list to snapshots which are children
5723 of the given snapshot; or if --current is provided, start at the cur‐
5724 rent snapshot. When used in isolation or with --parent, the list is
5725 limited to direct children unless --descendants is also present. When
5726 used with --tree, the use of --descendants is implied. This option is
5727 not compatible with --roots. Note that the starting point of --from or
5728 --current is not included in the list unless the --tree option is also
5729 present.
5730 If --leaves is specified, the list will be filtered to just snapshots
5732 that have no children. Likewise, if --no-leaves is specified, the list
5733 will be filtered to just snapshots with children. (Note that omitting
5734 both options does no filtering, while providing both options will
5735 either produce the same list or error out depending on whether the
5736 server recognizes the flags). Filtering options are not compatible
5737 with --tree.
5738 If --metadata is specified, the list will be filtered to just snapshots
5740 that involve libvirt metadata, and thus would prevent undefine of a
5741 persistent domain, or be lost on destroy of a transient domain. Like‐
5742 wise, if --no-metadata is specified, the list will be filtered to just
5743 snapshots that exist without the need for libvirt metadata.
5744 If --inactive is specified, the list will be filtered to snapshots that
5746 were taken when the domain was shut off. If --active is specified, the
5747 list will be filtered to snapshots that were taken when the domain was
5748 running, and where the snapshot includes the memory state to revert to
5749 that running state. If --disk-only is specified, the list will be fil‐
5750 tered to snapshots that were taken when the domain was running, but
5751 where the snapshot includes only disk state.
5752 If --internal is specified, the list will be filtered to snapshots that
5754 use internal storage of existing disk images. If --external is speci‐
5755 fied, the list will be filtered to snapshots that use external files
5756 for disk images or memory state.
5757 snapshot-dumpxml
5759 Syntax:
5760 snapshot-dumpxml domain snapshot [--security-info]
5762 Output the snapshot XML for the domain's snapshot named snapshot.
5764 Using --security-info will also include security sensitive information.
5765 Use snapshot-current to easily access the XML of the current snapshot.
5766 snapshot-parent
5768 Syntax:
5769 snapshot-parent domain {snapshot | --current}
5771 Output the name of the parent snapshot, if any, for the given snapshot,
5773 or for the current snapshot with --current.
5774 snapshot-revert
5776 Syntax:
5777 snapshot-revert domain {snapshot | --current} [{--running | --paused}] [--force]
5779 Revert the given domain to the snapshot specified by snapshot, or to
5781 the current snapshot with --current. Be aware that this is a destruc‐
5782 tive action; any changes in the domain since the last snapshot was
5783 taken will be lost. Also note that the state of the domain after snap‐
5784 shot-revert is complete will be the state of the domain at the time the
5785 original snapshot was taken.
5786 Normally, reverting to a snapshot leaves the domain in the state it was
5788 at the time the snapshot was created, except that a disk snapshot with
5789 no vm state leaves the domain in an inactive state. Passing either the
5790 --running or --paused flag will perform additional state changes (such
5791 as booting an inactive domain, or pausing a running domain). Since
5792 transient domains cannot be inactive, it is required to use one of
5793 these flags when reverting to a disk snapshot of a transient domain.
5794 There are a number of cases where a snapshot revert involves extra
5796 risk, which requires the use of --force to proceed:
5797 · One is the case of a snapshot that lacks full domain information
5799 for reverting configuration (such as snapshots created prior to
5800 libvirt 0.9.5); since libvirt cannot prove that the current con‐
5801 figuration matches what was in use at the time of the snapshot,
5802 supplying --force assures libvirt that the snapshot is compatible
5803 with the current configuration (and if it is not, the domain will
5804 likely fail to run).
5805 · Another is the case of reverting from a running domain to an
5807 active state where a new hypervisor has to be created rather than
5808 reusing the existing hypervisor, because it implies drawbacks such
5809 as breaking any existing VNC or Spice connections; this condition
5810 happens with an active snapshot that uses a provably incompatible
5811 configuration, as well as with an inactive snapshot that is com‐
5812 bined with the --start or --pause flag.
5813 · Also, libvirt will refuse to restore snapshots of inactive QEMU
5815 domains while there is managed saved state. This is because those
5816 snapshots do not contain memory state and will therefore not
5817 replace the existing memory state. This ends up switching a disk
5818 underneath a running system and will likely cause extensive
5819 filesystem corruption or crashes due to swap content mismatches
5820 when run.
5821 snapshot-delete
5823 Syntax:
5824 snapshot-delete domain {snapshot | --current}
5826 [--metadata] [{--children | --children-only}]
5827 Delete the snapshot for the domain named snapshot, or the current snap‐
5829 shot with --current. If this snapshot has child snapshots, changes
5830 from this snapshot will be merged into the children. If --children is
5831 passed, then delete this snapshot and any children of this snapshot.
5832 If --children-only is passed, then delete any children of this snap‐
5833 shot, but leave this snapshot intact. These two flags are mutually
5834 exclusive.
5835 If --metadata is specified, then only delete the snapshot metadata
5837 maintained by libvirt, while leaving the snapshot contents intact for
5838 access by external tools; otherwise deleting a snapshot also removes
5839 the data contents from that point in time.
5840
5842 The following commands manipulate domain checkpoints. Checkpoints
5843 serve as a point in time to identify which portions of a guest's disks
5844 have changed after that time, making it possible to perform incremental
5845 and differential backups. Checkpoints are identified with a unique
5846 name. See https://libvirt.org/formatcheckpoint.html for documentation
5847 of the XML format used to represent properties of checkpoints.
5848 checkpoint-create
5850 Syntax:
5851 checkpoint-create domain [xmlfile] { --redefine | [--quiesce]}
5853 Create a checkpoint for domain domain with the properties specified in
5855 xmlfile describing a <domaincheckpoint> top-level element. The format
5856 of the input XML file will be validated against an internal RNG schema
5857 (idential to using the virt-xml-validate(1) tool). If xmlfile is com‐
5858 pletely omitted, then libvirt will create a checkpoint with a name
5859 based on the current time.
5860 If --redefine is specified, then all XML elements produced by check‐
5862 point-dumpxml are valid; this can be used to migrate checkpoint hierar‐
5863 chy from one machine to another, to recreate hierarchy for the case of
5864 a transient domain that goes away and is later recreated with the same
5865 name and UUID, or to make slight alterations in the checkpoint metadata
5866 (such as host-specific aspects of the domain XML embedded in the check‐
5867 point). When this flag is supplied, the xmlfile argument is mandatory.
5868 If --quiesce is specified, libvirt will try to use guest agent to
5870 freeze and unfreeze domain's mounted file systems. However, if domain
5871 has no guest agent, checkpoint creation will fail.
5872 Existence of checkpoint metadata will prevent attempts to undefine a
5874 persistent domain. However, for transient domains, checkpoint metadata
5875 is silently lost when the domain quits running (whether by command such
5876 as destroy or by internal guest action).
5877 For now, it is not possible to create checkpoints in a domain that has
5879 snapshots, although this restriction will be lifted in a future
5880 release.
5881 checkpoint-create-as
5883 Syntax:
5884 checkpoint-create-as domain [--print-xml] [name]
5886 [description] [--quiesce] [--diskspec] diskspec]...
5887 Create a checkpoint for domain domain with the given <name> and
5889 <description>; if either value is omitted, libvirt will choose a value.
5890 If --print-xml is specified, then XML appropriate for checkpoint-create
5891 is output, rather than actually creating a checkpoint.
5892 The --diskspec option can be used to control which guest disks partici‐
5894 pate in the checkpoint. This option can occur multiple times, according
5895 to the number of <disk> elements in the domain xml. Each <diskspec> is
5896 in the form disk[,checkpoint=type][,bitmap=name]. A literal --diskspec
5897 must precede each diskspec unless all three of domain, name, and
5898 description are also present. For example, a diskspec of "vda,check‐
5899 point=bitmap,bitmap=map1" results in the following XML:
5900 <disk name='vda' checkpoint='bitmap' bitmap='map1'/>
5902 If --quiesce is specified, libvirt will try to use guest agent to
5904 freeze and unfreeze domain's mounted file systems. However, if domain
5905 has no guest agent, checkpoint creation will fail.
5906 For now, it is not possible to create checkpoints in a domain that has
5908 snapshots, although this restriction will be lifted in a future
5909 release.
5910 checkpoint-edit
5912 Syntax:
5913 checkpoint-edit domain checkpointname
5915 Edit the XML configuration file for checkpointname of a domain.
5917 This is equivalent to:
5919 virsh checkpoint-dumpxml dom name > checkpoint.xml
5921 vi checkpoint.xml (or make changes with your other text editor)
5922 virsh checkpoint-create dom checkpoint.xml --redefine
5923 except that it does some error checking, including that the edits
5925 should not attempt to change the checkpoint name.
5926 The editor used can be supplied by the $VISUAL or $EDITOR environment
5928 variables, and defaults to vi.
5929 checkpoint-info
5931 Syntax:
5932 checkpoint-info domain checkpoint
5934 Output basic information about a named <checkpoint>.
5936 checkpoint-list
5938 Syntax:
5939 checkpoint-list domain [{--parent | --roots |
5941 [{--tree | --name}]}] [--topological]
5942 [[--from] checkpoint | [--descendants]]
5943 [--leaves] [--no-leaves]
5944 List all of the available checkpoints for the given domain, defaulting
5946 to show columns for the checkpoint name and creation time.
5947 Normally, table form output is sorted by checkpoint name; using --topo‐
5949 logical instead sorts so that no child is listed before its ancestors
5950 (although there may be more than one possible ordering with this prop‐
5951 erty).
5952 If --parent is specified, add a column to the output table giving the
5954 name of the parent of each checkpoint. If --roots is specified, the
5955 list will be filtered to just checkpoints that have no parents. If
5956 --tree is specified, the output will be in a tree format, listing just
5957 checkpoint names. These three options are mutually exclusive. If
5958 --name is specified only the checkpoint name is printed. This option is
5959 mutually exclusive with --tree.
5960 If --from is provided, filter the list to checkpoints which are chil‐
5962 dren of the given checkpoint. When used in isolation or with --parent,
5963 the list is limited to direct children unless --descendants is also
5964 present. When used with --tree, the use of --descendants is implied.
5965 This option is not compatible with --roots. Note that the starting
5966 point of --from is not included in the list unless the --tree option is
5967 also present.
5968 If --leaves is specified, the list will be filtered to just checkpoints
5970 that have no children. Likewise, if --no-leaves is specified, the list
5971 will be filtered to just checkpoints with children. (Note that omit‐
5972 ting both options does no filtering, while providing both options will
5973 either produce the same list or error out depending on whether the
5974 server recognizes the flags). Filtering options are not compatible
5975 with --tree.
5976 checkpoint-dumpxml
5978 Syntax:
5979 checkpoint-dumpxml domain checkpoint [--security-info] [--no-domain] [--size]
5981 Output the checkpoint XML for the domain's checkpoint named checkpoint.
5983 Using --security-info will also include security sensitive information.
5984 Using --size will add XML indicating the current size in bytes of guest
5985 data that has changed since the checkpoint was created (although remem‐
5986 ber that guest activity between a size check and actually creating a
5987 backup can result in the backup needing slightly more space). Using
5988 --no-domain will omit the <domain> element from the output for a more
5989 compact view.
5990 checkpoint-parent
5992 Syntax:
5993 checkpoint-parent domain checkpoint
5995 Output the name of the parent checkpoint, if any, for the given check‐
5997 point.
5998 checkpoint
6000 Syntax:
6001 checkpoint-delete domain checkpoint
6003 [--metadata] [{--children | --children-only}]
6004 Delete the checkpoint for the domain named checkpoint. The record of
6006 which portions of the disk changed since the checkpoint are merged into
6007 the parent checkpoint (if any). If --children is passed, then delete
6008 this checkpoint and any children of this checkpoint. If --chil‐
6009 dren-only is passed, then delete any children of this checkpoint, but
6010 leave this checkpoint intact. These two flags are mutually exclusive.
6011 If --metadata is specified, then only delete the checkpoint metadata
6013 maintained by libvirt, while leaving the checkpoint contents intact for
6014 access by external tools; otherwise deleting a checkpoint also removes
6015 the ability to perform an incremental backup from that point in time.
6016
6018 The following commands manipulate network filters. Network filters
6019 allow filtering of the network traffic coming from and going to virtual
6020 machines. Individual network traffic filters are written in XML and
6021 may contain references to other network filters, describe traffic fil‐
6022 tering rules, or contain both. Network filters are referenced by vir‐
6023 tual machines from within their interface description. A network filter
6024 may be referenced by multiple virtual machines' interfaces.
6025 nwfilter-define
6027 Syntax:
6028 nwfilter-define xmlfile
6030 Make a new network filter known to libvirt. If a network filter with
6032 the same name already exists, it will be replaced with the new XML.
6033 Any running virtual machine referencing this network filter will have
6034 its network traffic rules adapted. If for any reason the network traf‐
6035 fic filtering rules cannot be instantiated by any of the running vir‐
6036 tual machines, then the new XML will be rejected.
6037 nwfilter-undefine
6039 Syntax:
6040 nwfilter-undefine nwfilter-name
6042 Delete a network filter. The deletion will fail if any running virtual
6044 machine is currently using this network filter.
6045 nwfilter-list
6047 Syntax:
6048 nwfilter-list
6050 List all of the available network filters.
6052 nwfilter-dumpxml
6054 Syntax:
6055 nwfilter-dumpxml nwfilter-name
6057 Output the network filter XML.
6059 nwfilter-edit
6061 Syntax:
6062 nwfilter-edit nwfilter-name
6064 Edit the XML of a network filter.
6066 This is equivalent to:
6068 virsh nwfilter-dumpxml myfilter > myfilter.xml
6070 vi myfilter.xml (or make changes with your other text editor)
6071 virsh nwfilter-define myfilter.xml
6072 except that it does some error checking. The new network filter may be
6074 rejected due to the same reason as mentioned in nwfilter-define.
6075 The editor used can be supplied by the $VISUAL or $EDITOR environment
6077 variables, and defaults to vi.
6078
6080 The following commands manipulate network filter bindings. Network fil‐
6081 ter bindings track the association between a network port and a network
6082 filter. Generally the bindings are managed automatically by the hyper‐
6083 visor drivers when adding/removing NICs on a guest.
6084 If an admin is creating/deleting TAP devices for non-guest usage, how‐
6086 ever, the network filter binding commands provide a way to make use of
6087 the network filters directly.
6088 nwfilter-binding-create
6090 Syntax:
6091 nwfilter-binding-create xmlfile
6093 Associate a network port with a network filter. The network filter
6095 backend will immediately attempt to instantiate the filter rules on the
6096 port. This command may be used to associate a filter with a currently
6097 running guest that does not have a filter defined for a specific net‐
6098 work port. Since the bindings are generally automatically managed by
6099 the hypervisor, using this command to define a filter for a network
6100 port and then starting the guest afterwards may prevent the guest from
6101 starting if it attempts to use the network port and finds a filter
6102 already defined.
6103 nwfilter-binding-delete
6105 Syntax:
6106 nwfilter-binding-delete port-name
6108 Disassociate a network port from a network filter. The network filter
6110 backend will immediately tear down the filter rules that exist on the
6111 port. This command may be used to remove the network port binding for a
6112 filter currently in use for the guest while the guest is running with‐
6113 out needing to restart the guest. Restoring the network port binding
6114 filter for the running guest would be accomplished by using nwfil‐
6115 ter-binding-create.
6116 nwfilter-binding-list
6118 Syntax:
6119 nwfilter-binding-list
6121 List all of the network ports which have filters associated with them.
6123 nwfilter-binding-dumpxml
6125 Syntax:
6126 nwfilter-binding-dumpxml port-name
6128 Output the network filter binding XML for the network device called
6130 port-name.
6131
6133 NOTE: Use of the following commands is strongly discouraged. They can
6134 cause libvirt to become confused and do the wrong thing on subsequent
6135 operations. Once you have used these commands, please do not report
6136 problems to the libvirt developers; the reports will be ignored. If
6137 you find that these commands are the only way to accomplish something,
6138 then it is better to request that the feature be added as a first-class
6139 citizen in the regular libvirt library.
6140 qemu-attach
6142 Syntax:
6143 qemu-attach pid
6145 Attach an externally launched QEMU process to the libvirt QEMU driver.
6147 The QEMU process must have been created with a monitor connection using
6148 the UNIX driver. Ideally the process will also have had the '-name'
6149 argument specified.
6150 $ qemu-kvm -cdrom ~/demo.iso \
6152 -monitor unix:/tmp/demo,server,nowait \
6153 -name foo \
6154 -uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea &
6155 $ QEMUPID=$!
6156 $ virsh qemu-attach $QEMUPID
6157 Not all functions of libvirt are expected to work reliably after
6159 attaching to an externally launched QEMU process. There may be issues
6160 with the guest ABI changing upon migration and device hotplug or hotun‐
6161 plug may not work. The attached environment should be considered pri‐
6162 marily read-only.
6163 qemu-monitor-command
6165 Syntax:
6166 qemu-monitor-command domain { [--hmp] | [--pretty] [--return-value] } command...
6168 Send an arbitrary monitor command command to domain domain through the
6170 QEMU monitor. The results of the command will be printed on stdout.
6171 If more than one argument is provided for command, they are concate‐
6173 nated with a space in between before passing the single command to the
6174 monitor.
6175 Note that libvirt uses the QMP to talk to qemu so command must be valid
6177 JSON in QMP format to work properly.
6178 If --pretty is given the QMP reply is pretty-printed.
6180 If --return-value is given the 'return' key of the QMP response object
6182 is extracted rather than passing through the full reply from QEMU.
6183 If --hmp is passed, the command is considered to be a human monitor
6185 command and libvirt will automatically convert it into QMP and convert
6186 the result back.
6187 qemu-agent-command
6189 Syntax:
6190 qemu-agent-command domain [--timeout seconds | --async | --block] command...
6192 Send an arbitrary guest agent command command to domain domain through
6194 QEMU agent. --timeout, --async and --block options are exclusive.
6195 --timeout requires timeout seconds seconds and it must be positive.
6196 When --aysnc is given, the command waits for timeout whether success or
6197 failed. And when --block is given, the command waits forever with
6198 blocking timeout.
6199 qemu-monitor-event
6201 Syntax:
6202 qemu-monitor-event [domain] [--event event-name]
6204 [--loop] [--timeout seconds] [--pretty] [--regex] [--no-case]
6205 [--timestamp]
6206 Wait for arbitrary QEMU monitor events to occur, and print out the
6208 details of events as they happen. The events can optionally be fil‐
6209 tered by domain or event-name. The 'query-events' QMP command can be
6210 used via qemu-monitor-command to learn what events are supported. If
6211 --regex is used, event-name is a basic regular expression instead of a
6212 literal string. If --no-case is used, event-name will match
6213 case-insensitively.
6214 By default, this command is one-shot, and returns success once an event
6216 occurs; you can send SIGINT (usually via Ctrl-C) to quit immediately.
6217 If --timeout is specified, the command gives up waiting for events
6218 after seconds have elapsed. With --loop, the command prints all events
6219 until a timeout or interrupt key. If --pretty is specified, any JSON
6220 event details are pretty-printed for better legibility.
6221 When --timestamp is used, a human-readable timestamp will be printed
6223 before the event, and the timing information provided by QEMU will be
6224 omitted.
6225 lxc-enter-namespace
6227 Syntax:
6228 lxc-enter-namespace domain [--noseclabel] --
6230 /path/to/binary [arg1, [arg2, ...]]
6231 Enter the namespace of domain and execute the command /path/to/binary
6233 passing the requested args. The binary path is relative to the con‐
6234 tainer root filesystem, not the host root filesystem. The binary will
6235 inherit the environment variables / console visible to virsh. The com‐
6236 mand will be run with the same sVirt context and cgroups placement as
6237 processes within the container. This command only works when connected
6238 to the LXC hypervisor driver. This command succeeds only if
6239 /path/to/binary has 0 exit status.
6240 By default the new process will run with the security label of the new
6242 parent container. Use the --noseclabel option to instead have the
6243 process keep the same security label as virsh.
6244
6246 The following environment variables can be set to alter the behaviour
6247 of virsh
6248 · VIRSH_DEBUG=<0 to 4>
6250 Turn on verbose debugging of virsh commands. Valid levels are
6252 · VIRSH_DEBUG=0
6254 DEBUG - Messages at ALL levels get logged
6256 · VIRSH_DEBUG=1
6258 INFO - Logs messages at levels INFO, NOTICE, WARNING and ERROR
6260 · VIRSH_DEBUG=2
6262 NOTICE - Logs messages at levels NOTICE, WARNING and ERROR
6264 · VIRSH_DEBUG=3
6266 WARNING - Logs messages at levels WARNING and ERROR
6268 · VIRSH_DEBUG=4
6270 ERROR - Messages at only ERROR level gets logged.
6272 · VIRSH_LOG_FILE=``LOGFILE``
6274 The file to log virsh debug messages.
6276 · VIRSH_DEFAULT_CONNECT_URI
6278 The hypervisor to connect to by default. Set this to a URI, in the
6280 same format as accepted by the connect option. This environment vari‐
6281 able is deprecated in favour of the global LIBVIRT_DEFAULT_URI vari‐
6282 able which serves the same purpose.
6283 · LIBVIRT_DEFAULT_URI
6285 The hypervisor to connect to by default. Set this to a URI, in the
6287 same format as accepted by the connect option. This overrides the
6288 default URI set in any client config file and prevents libvirt from
6289 probing for drivers.
6290 · VISUAL
6292 The editor to use by the edit and related options.
6294 · EDITOR
6296 The editor to use by the edit and related options, if VISUAL is not
6298 set.
6299 · VIRSH_HISTSIZE
6301 The number of commands to remember in the command history. The
6303 default value is 500.
6304 · LIBVIRT_DEBUG=LEVEL
6306 Turn on verbose debugging of all libvirt API calls. Valid levels are
6308 · LIBVIRT_DEBUG=1
6310 Messages at level DEBUG or above
6312 · LIBVIRT_DEBUG=2
6314 Messages at level INFO or above
6316 · LIBVIRT_DEBUG=3
6318 Messages at level WARNING or above
6320 · LIBVIRT_DEBUG=4
6322 Messages at level ERROR
6324 For further information about debugging options consult
6326 https://libvirt.org/logging.html
6327
6329 Please report all bugs you discover. This should be done via either:
6330 1. the mailing list
6332 https://libvirt.org/contact.html
6334 2. the bug tracker
6336 https://libvirt.org/bugs.html
6338 Alternatively, you may report bugs to your software distributor / ven‐
6340 dor.
6341
6343 Please refer to the AUTHORS file distributed with libvirt.
6344
6346 Copyright (C) 2005, 2007-2015 Red Hat, Inc., and the authors listed in
6347 the libvirt AUTHORS file.
6348
6350 virsh is distributed under the terms of the GNU LGPL v2+. This is free
6351 software; see the source for copying conditions. There is NO warranty;
6352 not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
6353
6355 virt-install(1), virt-xml-validate(1), virt-top(1), virt-df(1),
6356 https://libvirt.org/
6357 VIRSH(1)