Comment by MuffinFlavored
3 years ago
> virtual machine monitor
Is it good to think of libvirt as a virtual machine mointor, or is that more "virtual machine management"?
3 years ago
> virtual machine monitor
Is it good to think of libvirt as a virtual machine mointor, or is that more "virtual machine management"?
I'd love to get a clear explanation of what libvirt actually does. As far as I can tell it's a qemu argument assembler and launcher. For my own use-case, I just launch qemu from systemd unit files:
https://wiki.archlinux.org/title/QEMU#With_systemd_service
The main important point is that Libvirt takes care of privilege separation.
It makes sure that if your VM and/or QEMU are broken out of, there are extra layers to prevent getting access to the whole physical machine. For example it runs QEMU as a very limited user and, if you're using SELinux, the QEMU process can hardly read any file other than the vm image file.
By contrast the method in the arch wiki runs QEMU as root. QEMU is exposed to all sort of untrusted input, so you really don't want it to run as root.
Libvirt also handles cross machine operations such as live migration, and makes it easier to query a bunch of things from QEMU.
For more info see https://www.redhat.com/en/blog/all-you-need-know-about-kvm-u...
Thank you, this is the best explanation of the utility that I've seen. I appreciate it.
> As far as I can tell it's a qemu argument assembler
Raises a few questions to me:
Can you use KVM/do KVM stuff without QEMU?
Can you do libvirt stuff without QEMU?
Hoping the answers to both aren't useless/"technically, but why would you want to?"
> Can you use KVM/do KVM stuff without QEMU?
Yes there's a few things out there like Firecracker that use KVM without using QEMU. I'm not completely aware of all of them but they do exist
> Can you do libvirt stuff without QEMU?
Yes it can also manager LXC containers and a few other types like Xen and Bhyve and Virtuozzo, like QEMU without KVM. The without KVM part is important to letting you run VMs that are emulating other architectures than the native one.
For a good bit of this, it is "why would you want to" but there are definitely real cases where you'd want to be able to do this. Like the LXC or Virtuozzo support means that you can run lighter weight containers (same underlying tech as Docker essentially) through the same orchestration/management that you use for virtual machines. And the Bhyve support lets you do the same thing for running things on top of FreeBSD (though I've never used it this way) so that a heterogeneous mix of hosts is managed through the same interfaces.
There is cute article from lwn demoing using kvm directly without anything else: https://lwn.net/Articles/658511/
1 reply →
> Can you use KVM/do KVM stuff without QEMU?
There are projects doing that althought qemu is the de facto standard and best bet if you don't need to boot your machines in 20ms
> Can you do libvirt stuff without QEMU?
Libvirt have many backends so yes. IIRC it can even manage virtualbox, althought I'm, not sure why anyone would want to
> Hoping the answers to both aren't useless/"technically, but why would you want to?"
...why? Is there a problem kvm+qemu+libvirt doesn't solve for you?
> Can you use KVM/do KVM stuff without QEMU?
Here's a post of someone using KVM from Python (raw, without needing a kvm library or anything): https://www.devever.net/~hl/kvm
libvirt supports other hypervisors than QEMU, such as VirtualBox, Xen and LXC.
1 reply →
It's a lot of glue to present a consistent interface but it also does the management part.
"API to virtualization system" would probably be closest approximation but it also does some more advanced stuff like coordinating cross-host VM migration