The hosts must have a working installation of KVM, that usually requires:

• CPU with VT extensions
• libvirt >= 0.4.0
• kvm kernel modules (kvm.ko, kvm-{intel,amd}.ko). Available from kernel 2.6.20 onwards.
• the qemu user-land tools

• KVM currently only supports 4 IDE devices, for more disk devices you should better use SCSI or virtio. You have to take this into account when adding disks. See the Virtual Machine Template documentation for an explanation on how OpenNebula assigns disk targets.
• By default live migrations are started from the host the VM is currently running. If this is a problem in your setup you can activate local live migration adding -l migrate=migrate_local to vmm_mad arguments.
• If you get error messages similar to error: cannot close file: Bad file descriptor upgrade libvirt version. Version 0.8.7 has a bug related to file closing operations. https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=672725

OpenNebula uses the libvirt interface to interact with KVM, so the following steps are required in the hosts to get the KVM driver running:

• Qemu should be configured to not change file ownership. Modify /etc/libvirt/qemu.conf to include dynamic_ownership = 0. To be able to use the images copied by OpenNebula, change also the user and group under which the libvirtd is run to “oneadmin”:

<xterm> $ grep -vE '^($|#)' /etc/libvirt/qemu.conf user = “oneadmin” group = “oneadmin” dynamic_ownership = 0 </xterm>

• The remote hosts must have the libvirt daemon running.
• The user with access to these remotes hosts on behalf of OpenNebula (typically <oneadmin>) has to pertain to the <libvirtd> and <kvm> groups in order to use the deaemon and be able to launch VMs.

If apparmor is active (by default in Ubuntu it is), you should add /var/lib/one to the end of /etc/apparmor.d/libvirt-qemu

<xterm> owner /var/lib/one/** rw, </xterm>

If your distro is using PolicyKit you can use this recipe by Jan Horacek to add the require privileges to oneadmin user:

<xterm> # content of file: /etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage-opennebula.pkla [Allow oneadmin user to manage virtual machines] Identity=unix-user:oneadmin Action=org.libvirt.unix.manage #Action=org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes </xterm>

OpenNebula uses libvirt's migration capabilities. More precisely, it uses the TCP protocol offered by libvirt. In order to configure the physical hosts, the following files have to be modified:

• /etc/libvirt/libvirtd.conf : Uncomment “listen_tcp = 1”. Security configuration is left to the admin's choice, file is full of useful comments to achieve a correct configuration. As a tip, if you don't want to use TLS for connections set listen_tls = 0.

• /etc/default/libvirt-bin : add -l option to libvirtd_opts

OpenNebula needs to know if it is going to use the KVM Driver. To achieve this, uncomment these drivers in /etc/one/oned.conf:

    IM_MAD = [
        name       = "im_kvm",
        executable = "one_im_ssh",
        arguments  = "-r 0 -t 15 kvm" ]

    VM_MAD = [
        name       = "vmm_kvm",
        executable = "one_vmm_exec",
        arguments  = "-t 15 -r 0 kvm",
        default    = "vmm_exec/vmm_exec_kvm.conf",
        type       = "kvm" ]

The following are template attributes specific to KVM, please refer to the template reference documentation for a complete list of the attributes supported to define a VM.

There are some attributes required for KVM to boot a VM. You can set a suitable defaults for them so, all the VMs get needed values. These attributes are set in /etc/one/vmm_exec/vmm_exec_kvm.conf. The following can be set for KVM:

• emulator, path to the kvm executable. You may need to adjust it to your ditsro
• os, the attraibutes: kernel, initrd, boot, root, kernel_cmd, and arch
• vcpu
• features, attributes: acpi, pae
• disk, attributes driver and cache. All disks will use that driver and caching algorithm
• nic, attribute filter.

For example:

    OS   = [ 
      KERNEL = /vmlinuz,
      BOOT   = hd,
      ARCH   = "x86_64"]

    DISK = [ driver = "raw" , cache = "default"]

    NIC  = [ filter = "clean-traffic" ]

• type, This attribute defines the type of the media to be exposed to the VM, possible values are: disk (default), cdrom or floppy. This attribute corresponds to the media option of the -driver argument of the kvm command.

• driver, specifies the format of the disk image; possible values are raw, qcow2… This attribute corresponds to the format option of the -driver argument of the kvm command.

• cache, specifies the optional cache mechanism, possible values are “default”, “none”, “writethrough” and “writeback”.

• target, name for the tun device created for the VM. It corresponds to the ifname option of the '-net' argument of the kvm command.

• script, name of a shell script to be executed after creating the tun device for the VM. It corresponds to the script option of the '-net' argument of the kvm command.

• model, ethernet hardware to emulate. You can get the list of available models with this command:

$ kvm -net nic,model=? -nographic /dev/null

• filter to define a network filtering rule for the interface. Libvirt includes some predefined rules (e.g. clean-traffic) that can be used. Check the Libvirt documentation for more information, you can also list the rules in your system with:

$ virsh -c qemu:///system nwfilter-list

Virtio is the framework for IO virtualization in KVM. You will need a linux kernel with the virtio drivers for the guest, check the KVM documentation for more info.

If you want to use the virtio drivers add the following attributes to your devices:

• DISK, add the attribute DEV_PREFIX=vd
• NIC, add the attribute model=virtio

• pae: Physical address extension mode allows 32-bit guests to address more than 4 GB of memory:
• acpi: useful for power management, for example, with KVM guests it is required for graceful shutdown to work.

Format and valid values:

    FEATURES=[
        pae={yes|no},   
        acpi={yes|no} ]

Default values for this features can be set in the driver configuration file so they don't need to be specified for every VM.

The raw attribute offers the end user the possibility of passing by attributes not known by OpenNebula to KVM. Basically, everything placed here will be written literally into the KVM deployment file (use libvirt xml format and semantics).

  RAW = [ type = "kvm",
          data = "<devices><serial type=\"pty\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></serial><console type=\"pty\" tty=\"/dev/pts/5\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></console></devices>" ]

KVM supports hotplugging to the virtio and the SCSI buses. The bus the disk will be attached to is inferred from the DEV_PREFIX attribute of the disk template.

• sd: SCSI (default).
• vd: virtio.

If TARGET is passed instead of DEV_PREFIX the same rules apply (what happens behind the scenes is that OpenNebula generates a TARGET based on the DEV_PREFIX if no TARGET is provided).

The driver consists of the following files:

• /usr/lib/one/mads/one_vmm_exec : generic VMM driver.
• /var/lib/one/remotes/vmm/kvm : commands executed to perform actions.

And the following driver configuration files:

• /etc/one/vmm_exec/vmm_exec_kvm.conf : This file is home for default values for domain definitions (in other words, OpenNebula templates).

It is generally a good idea to place defaults for the KVM-specific attributes, that is, attributes mandatory in the KVM driver that are not mandatory for other hypervisors. Non mandatory attributes for KVM but specific to them are also recommended to have a default.

• /var/lib/one/remotes/vmm/kvm/kvmrc : This file holds instructions to be executed before the actual driver load to perform specific tasks or to pass environmental variables to the driver. The syntax used for the former is plain shell script that will be evaluated before the driver execution. For the latter, the syntax is the familiar:

  ENVIRONMENT_VARIABLE=VALUE

See the Virtual Machine drivers reference for more information.