1QEMU block drivers reference 2============================ 3 4.. |qemu_system| replace:: qemu-system-x86_64 5 6.. 7 We put the 'Synopsis' and 'See also' sections into the manpage, but not 8 the HTML. This makes the HTML docs read better and means the ToC in 9 the index has a more useful set of entries. Ideally, the section 10 headings 'Disk image file formats' would be top-level headings for 11 the HTML, but sub-headings of the conventional manpage 'Description' 12 header for the manpage. Unfortunately, due to deficiencies in 13 the Sphinx 'only' directive, this isn't possible: they must be headers 14 at the same level as 'Synopsis' and 'See also', otherwise Sphinx's 15 identification of which header underline style is which gets confused. 16 17.. only:: man 18 19 Synopsis 20 -------- 21 22 QEMU block driver reference manual 23 24Disk image file formats 25----------------------- 26 27QEMU supports many image file formats that can be used with VMs as well as with 28any of the tools (like ``qemu-img``). This includes the preferred formats 29raw and qcow2 as well as formats that are supported for compatibility with 30older QEMU versions or other hypervisors. 31 32Depending on the image format, different options can be passed to 33``qemu-img create`` and ``qemu-img convert`` using the ``-o`` option. 34This section describes each format and the options that are supported for it. 35 36.. program:: image-formats 37.. option:: raw 38 39 Raw disk image format. This format has the advantage of 40 being simple and easily exportable to all other emulators. If your 41 file system supports *holes* (for example in ext2 or ext3 on 42 Linux or NTFS on Windows), then only the written sectors will reserve 43 space. Use ``qemu-img info`` to know the real size used by the 44 image or ``ls -ls`` on Unix/Linux. 45 46 Supported options: 47 48 .. program:: raw 49 .. option:: preallocation 50 51 Preallocation mode (allowed values: ``off``, ``falloc``, 52 ``full``). ``falloc`` mode preallocates space for image by 53 calling ``posix_fallocate()``. ``full`` mode preallocates space 54 for image by writing data to underlying storage. This data may or 55 may not be zero, depending on the storage location. 56 57.. program:: image-formats 58.. option:: qcow2 59 60 QEMU image format, the most versatile format. Use it to have smaller 61 images (useful if your filesystem does not supports holes, for example 62 on Windows), zlib based compression and support of multiple VM 63 snapshots. 64 65 Supported options: 66 67 .. program:: qcow2 68 .. option:: compat 69 70 Determines the qcow2 version to use. ``compat=0.10`` uses the 71 traditional image format that can be read by any QEMU since 0.10. 72 ``compat=1.1`` enables image format extensions that only QEMU 1.1 and 73 newer understand (this is the default). Amongst others, this includes 74 zero clusters, which allow efficient copy-on-read for sparse images. 75 76 .. option:: backing_file 77 78 File name of a base image (see ``create`` subcommand) 79 80 .. option:: backing_fmt 81 82 Image format of the base image 83 84 .. option:: encryption 85 86 This option is deprecated and equivalent to ``encrypt.format=aes`` 87 88 .. option:: encrypt.format 89 90 If this is set to ``luks``, it requests that the qcow2 payload (not 91 qcow2 header) be encrypted using the LUKS format. The passphrase to 92 use to unlock the LUKS key slot is given by the ``encrypt.key-secret`` 93 parameter. LUKS encryption parameters can be tuned with the other 94 ``encrypt.*`` parameters. 95 96 If this is set to ``aes``, the image is encrypted with 128-bit AES-CBC. 97 The encryption key is given by the ``encrypt.key-secret`` parameter. 98 This encryption format is considered to be flawed by modern cryptography 99 standards, suffering from a number of design problems: 100 101 - The AES-CBC cipher is used with predictable initialization vectors based 102 on the sector number. This makes it vulnerable to chosen plaintext attacks 103 which can reveal the existence of encrypted data. 104 - The user passphrase is directly used as the encryption key. A poorly 105 chosen or short passphrase will compromise the security of the encryption. 106 - In the event of the passphrase being compromised there is no way to 107 change the passphrase to protect data in any qcow images. The files must 108 be cloned, using a different encryption passphrase in the new file. The 109 original file must then be securely erased using a program like shred, 110 though even this is ineffective with many modern storage technologies. 111 112 The use of this is no longer supported in system emulators. Support only 113 remains in the command line utilities, for the purposes of data liberation 114 and interoperability with old versions of QEMU. The ``luks`` format 115 should be used instead. 116 117 .. option:: encrypt.key-secret 118 119 Provides the ID of a ``secret`` object that contains the passphrase 120 (``encrypt.format=luks``) or encryption key (``encrypt.format=aes``). 121 122 .. option:: encrypt.cipher-alg 123 124 Name of the cipher algorithm and key length. Currently defaults 125 to ``aes-256``. Only used when ``encrypt.format=luks``. 126 127 .. option:: encrypt.cipher-mode 128 129 Name of the encryption mode to use. Currently defaults to ``xts``. 130 Only used when ``encrypt.format=luks``. 131 132 .. option:: encrypt.ivgen-alg 133 134 Name of the initialization vector generator algorithm. Currently defaults 135 to ``plain64``. Only used when ``encrypt.format=luks``. 136 137 .. option:: encrypt.ivgen-hash-alg 138 139 Name of the hash algorithm to use with the initialization vector generator 140 (if required). Defaults to ``sha256``. Only used when ``encrypt.format=luks``. 141 142 .. option:: encrypt.hash-alg 143 144 Name of the hash algorithm to use for PBKDF algorithm 145 Defaults to ``sha256``. Only used when ``encrypt.format=luks``. 146 147 .. option:: encrypt.iter-time 148 149 Amount of time, in milliseconds, to use for PBKDF algorithm per key slot. 150 Defaults to ``2000``. Only used when ``encrypt.format=luks``. 151 152 .. option:: cluster_size 153 154 Changes the qcow2 cluster size (must be between 512 and 2M). Smaller cluster 155 sizes can improve the image file size whereas larger cluster sizes generally 156 provide better performance. 157 158 .. option:: preallocation 159 160 Preallocation mode (allowed values: ``off``, ``metadata``, ``falloc``, 161 ``full``). An image with preallocated metadata is initially larger but can 162 improve performance when the image needs to grow. ``falloc`` and ``full`` 163 preallocations are like the same options of ``raw`` format, but sets up 164 metadata also. 165 166 .. option:: lazy_refcounts 167 168 If this option is set to ``on``, reference count updates are postponed with 169 the goal of avoiding metadata I/O and improving performance. This is 170 particularly interesting with :option:`cache=writethrough` which doesn't batch 171 metadata updates. The tradeoff is that after a host crash, the reference count 172 tables must be rebuilt, i.e. on the next open an (automatic) ``qemu-img 173 check -r all`` is required, which may take some time. 174 175 This option can only be enabled if ``compat=1.1`` is specified. 176 177 .. option:: nocow 178 179 If this option is set to ``on``, it will turn off COW of the file. It's only 180 valid on btrfs, no effect on other file systems. 181 182 Btrfs has low performance when hosting a VM image file, even more 183 when the guest on the VM also using btrfs as file system. Turning off 184 COW is a way to mitigate this bad performance. Generally there are two 185 ways to turn off COW on btrfs: 186 187 - Disable it by mounting with nodatacow, then all newly created files 188 will be NOCOW. 189 - For an empty file, add the NOCOW file attribute. That's what this 190 option does. 191 192 Note: this option is only valid to new or empty files. If there is 193 an existing file which is COW and has data blocks already, it couldn't 194 be changed to NOCOW by setting ``nocow=on``. One can issue ``lsattr 195 filename`` to check if the NOCOW flag is set or not (Capital 'C' is 196 NOCOW flag). 197 198.. program:: image-formats 199.. option:: qed 200 201 Old QEMU image format with support for backing files and compact image files 202 (when your filesystem or transport medium does not support holes). 203 204 When converting QED images to qcow2, you might want to consider using the 205 ``lazy_refcounts=on`` option to get a more QED-like behaviour. 206 207 Supported options: 208 209 .. program:: qed 210 .. option:: backing_file 211 212 File name of a base image (see ``create`` subcommand). 213 214 .. option:: backing_fmt 215 216 Image file format of backing file (optional). Useful if the format cannot be 217 autodetected because it has no header, like some vhd/vpc files. 218 219 .. option:: cluster_size 220 221 Changes the cluster size (must be power-of-2 between 4K and 64K). Smaller 222 cluster sizes can improve the image file size whereas larger cluster sizes 223 generally provide better performance. 224 225 .. option:: table_size 226 227 Changes the number of clusters per L1/L2 table (must be 228 power-of-2 between 1 and 16). There is normally no need to 229 change this value but this option can between used for 230 performance benchmarking. 231 232.. program:: image-formats 233.. option:: qcow 234 235 Old QEMU image format with support for backing files, compact image files, 236 encryption and compression. 237 238 Supported options: 239 240 .. program:: qcow 241 .. option:: backing_file 242 243 File name of a base image (see ``create`` subcommand) 244 245 .. option:: encryption 246 247 This option is deprecated and equivalent to ``encrypt.format=aes`` 248 249 .. option:: encrypt.format 250 251 If this is set to ``aes``, the image is encrypted with 128-bit AES-CBC. 252 The encryption key is given by the ``encrypt.key-secret`` parameter. 253 This encryption format is considered to be flawed by modern cryptography 254 standards, suffering from a number of design problems enumerated previously 255 against the ``qcow2`` image format. 256 257 The use of this is no longer supported in system emulators. Support only 258 remains in the command line utilities, for the purposes of data liberation 259 and interoperability with old versions of QEMU. 260 261 Users requiring native encryption should use the ``qcow2`` format 262 instead with ``encrypt.format=luks``. 263 264 .. option:: encrypt.key-secret 265 266 Provides the ID of a ``secret`` object that contains the encryption 267 key (``encrypt.format=aes``). 268 269.. program:: image-formats 270.. option:: luks 271 272 LUKS v1 encryption format, compatible with Linux dm-crypt/cryptsetup 273 274 Supported options: 275 276 .. program:: luks 277 .. option:: key-secret 278 279 Provides the ID of a ``secret`` object that contains the passphrase. 280 281 .. option:: cipher-alg 282 283 Name of the cipher algorithm and key length. Currently defaults 284 to ``aes-256``. 285 286 .. option:: cipher-mode 287 288 Name of the encryption mode to use. Currently defaults to ``xts``. 289 290 .. option:: ivgen-alg 291 292 Name of the initialization vector generator algorithm. Currently defaults 293 to ``plain64``. 294 295 .. option:: ivgen-hash-alg 296 297 Name of the hash algorithm to use with the initialization vector generator 298 (if required). Defaults to ``sha256``. 299 300 .. option:: hash-alg 301 302 Name of the hash algorithm to use for PBKDF algorithm 303 Defaults to ``sha256``. 304 305 .. option:: iter-time 306 307 Amount of time, in milliseconds, to use for PBKDF algorithm per key slot. 308 Defaults to ``2000``. 309 310.. program:: image-formats 311.. option:: vdi 312 313 VirtualBox 1.1 compatible image format. 314 315 Supported options: 316 317 .. program:: vdi 318 .. option:: static 319 320 If this option is set to ``on``, the image is created with metadata 321 preallocation. 322 323.. program:: image-formats 324.. option:: vmdk 325 326 VMware 3 and 4 compatible image format. 327 328 Supported options: 329 330 .. program: vmdk 331 .. option:: backing_file 332 333 File name of a base image (see ``create`` subcommand). 334 335 .. option:: compat6 336 337 Create a VMDK version 6 image (instead of version 4) 338 339 .. option:: hwversion 340 341 Specify vmdk virtual hardware version. Compat6 flag cannot be enabled 342 if hwversion is specified. 343 344 .. option:: subformat 345 346 Specifies which VMDK subformat to use. Valid options are 347 ``monolithicSparse`` (default), 348 ``monolithicFlat``, 349 ``twoGbMaxExtentSparse``, 350 ``twoGbMaxExtentFlat`` and 351 ``streamOptimized``. 352 353.. program:: image-formats 354.. option:: vpc 355 356 VirtualPC compatible image format (VHD). 357 358 Supported options: 359 360 .. program:: vpc 361 .. option:: subformat 362 363 Specifies which VHD subformat to use. Valid options are 364 ``dynamic`` (default) and ``fixed``. 365 366.. program:: image-formats 367.. option:: VHDX 368 369 Hyper-V compatible image format (VHDX). 370 371 Supported options: 372 373 .. program:: VHDX 374 .. option:: subformat 375 376 Specifies which VHDX subformat to use. Valid options are 377 ``dynamic`` (default) and ``fixed``. 378 379 .. option:: block_state_zero 380 381 Force use of payload blocks of type 'ZERO'. Can be set to ``on`` (default) 382 or ``off``. When set to ``off``, new blocks will be created as 383 ``PAYLOAD_BLOCK_NOT_PRESENT``, which means parsers are free to return 384 arbitrary data for those blocks. Do not set to ``off`` when using 385 ``qemu-img convert`` with ``subformat=dynamic``. 386 387 .. option:: block_size 388 389 Block size; min 1 MB, max 256 MB. 0 means auto-calculate based on 390 image size. 391 392 .. option:: log_size 393 394 Log size; min 1 MB. 395 396Read-only formats 397----------------- 398 399More disk image file formats are supported in a read-only mode. 400 401.. program:: image-formats 402.. option:: bochs 403 404 Bochs images of ``growing`` type. 405 406.. program:: image-formats 407.. option:: cloop 408 409 Linux Compressed Loop image, useful only to reuse directly compressed 410 CD-ROM images present for example in the Knoppix CD-ROMs. 411 412.. program:: image-formats 413.. option:: dmg 414 415 Apple disk image. 416 417.. program:: image-formats 418.. option:: parallels 419 420 Parallels disk image format. 421 422Using host drives 423----------------- 424 425In addition to disk image files, QEMU can directly access host 426devices. We describe here the usage for QEMU version >= 0.8.3. 427 428Linux 429''''' 430 431On Linux, you can directly use the host device filename instead of a 432disk image filename provided you have enough privileges to access 433it. For example, use ``/dev/cdrom`` to access to the CDROM. 434 435CD 436 You can specify a CDROM device even if no CDROM is loaded. QEMU has 437 specific code to detect CDROM insertion or removal. CDROM ejection by 438 the guest OS is supported. Currently only data CDs are supported. 439 440Floppy 441 You can specify a floppy device even if no floppy is loaded. Floppy 442 removal is currently not detected accurately (if you change floppy 443 without doing floppy access while the floppy is not loaded, the guest 444 OS will think that the same floppy is loaded). 445 Use of the host's floppy device is deprecated, and support for it will 446 be removed in a future release. 447 448Hard disks 449 Hard disks can be used. Normally you must specify the whole disk 450 (``/dev/hdb`` instead of ``/dev/hdb1``) so that the guest OS can 451 see it as a partitioned disk. WARNING: unless you know what you do, it 452 is better to only make READ-ONLY accesses to the hard disk otherwise 453 you may corrupt your host data (use the ``-snapshot`` command 454 line option or modify the device permissions accordingly). 455 456Windows 457''''''' 458 459CD 460 The preferred syntax is the drive letter (e.g. ``d:``). The 461 alternate syntax ``\\.\d:`` is supported. ``/dev/cdrom`` is 462 supported as an alias to the first CDROM drive. 463 464 Currently there is no specific code to handle removable media, so it 465 is better to use the ``change`` or ``eject`` monitor commands to 466 change or eject media. 467 468Hard disks 469 Hard disks can be used with the syntax: ``\\.\PhysicalDriveN`` 470 where *N* is the drive number (0 is the first hard disk). 471 472 WARNING: unless you know what you do, it is better to only make 473 READ-ONLY accesses to the hard disk otherwise you may corrupt your 474 host data (use the ``-snapshot`` command line so that the 475 modifications are written in a temporary file). 476 477Mac OS X 478'''''''' 479 480``/dev/cdrom`` is an alias to the first CDROM. 481 482Currently there is no specific code to handle removable media, so it 483is better to use the ``change`` or ``eject`` monitor commands to 484change or eject media. 485 486Virtual FAT disk images 487----------------------- 488 489QEMU can automatically create a virtual FAT disk image from a 490directory tree. In order to use it, just type: 491 492.. parsed-literal:: 493 494 |qemu_system| linux.img -hdb fat:/my_directory 495 496Then you access access to all the files in the ``/my_directory`` 497directory without having to copy them in a disk image or to export 498them via SAMBA or NFS. The default access is *read-only*. 499 500Floppies can be emulated with the ``:floppy:`` option: 501 502.. parsed-literal:: 503 504 |qemu_system| linux.img -fda fat:floppy:/my_directory 505 506A read/write support is available for testing (beta stage) with the 507``:rw:`` option: 508 509.. parsed-literal:: 510 511 |qemu_system| linux.img -fda fat:floppy:rw:/my_directory 512 513What you should *never* do: 514 515- use non-ASCII filenames 516- use "-snapshot" together with ":rw:" 517- expect it to work when loadvm'ing 518- write to the FAT directory on the host system while accessing it with the guest system 519 520NBD access 521---------- 522 523QEMU can access directly to block device exported using the Network Block Device 524protocol. 525 526.. parsed-literal:: 527 528 |qemu_system| linux.img -hdb nbd://my_nbd_server.mydomain.org:1024/ 529 530If the NBD server is located on the same host, you can use an unix socket instead 531of an inet socket: 532 533.. parsed-literal:: 534 535 |qemu_system| linux.img -hdb nbd+unix://?socket=/tmp/my_socket 536 537In this case, the block device must be exported using qemu-nbd: 538 539.. parsed-literal:: 540 541 qemu-nbd --socket=/tmp/my_socket my_disk.qcow2 542 543The use of qemu-nbd allows sharing of a disk between several guests: 544 545.. parsed-literal:: 546 547 qemu-nbd --socket=/tmp/my_socket --share=2 my_disk.qcow2 548 549and then you can use it with two guests: 550 551.. parsed-literal:: 552 553 |qemu_system| linux1.img -hdb nbd+unix://?socket=/tmp/my_socket 554 |qemu_system| linux2.img -hdb nbd+unix://?socket=/tmp/my_socket 555 556If the nbd-server uses named exports (supported since NBD 2.9.18, or with QEMU's 557own embedded NBD server), you must specify an export name in the URI: 558 559.. parsed-literal:: 560 561 |qemu_system| -cdrom nbd://localhost/debian-500-ppc-netinst 562 |qemu_system| -cdrom nbd://localhost/openSUSE-11.1-ppc-netinst 563 564The URI syntax for NBD is supported since QEMU 1.3. An alternative syntax is 565also available. Here are some example of the older syntax: 566 567.. parsed-literal:: 568 569 |qemu_system| linux.img -hdb nbd:my_nbd_server.mydomain.org:1024 570 |qemu_system| linux2.img -hdb nbd:unix:/tmp/my_socket 571 |qemu_system| -cdrom nbd:localhost:10809:exportname=debian-500-ppc-netinst 572 573 574 575Sheepdog disk images 576-------------------- 577 578Sheepdog is a distributed storage system for QEMU. It provides highly 579available block level storage volumes that can be attached to 580QEMU-based virtual machines. 581 582You can create a Sheepdog disk image with the command: 583 584.. parsed-literal:: 585 586 qemu-img create sheepdog:///IMAGE SIZE 587 588where *IMAGE* is the Sheepdog image name and *SIZE* is its 589size. 590 591To import the existing *FILENAME* to Sheepdog, you can use a 592convert command. 593 594.. parsed-literal:: 595 596 qemu-img convert FILENAME sheepdog:///IMAGE 597 598You can boot from the Sheepdog disk image with the command: 599 600.. parsed-literal:: 601 602 |qemu_system| sheepdog:///IMAGE 603 604You can also create a snapshot of the Sheepdog image like qcow2. 605 606.. parsed-literal:: 607 608 qemu-img snapshot -c TAG sheepdog:///IMAGE 609 610where *TAG* is a tag name of the newly created snapshot. 611 612To boot from the Sheepdog snapshot, specify the tag name of the 613snapshot. 614 615.. parsed-literal:: 616 617 |qemu_system| sheepdog:///IMAGE#TAG 618 619You can create a cloned image from the existing snapshot. 620 621.. parsed-literal:: 622 623 qemu-img create -b sheepdog:///BASE#TAG sheepdog:///IMAGE 624 625where *BASE* is an image name of the source snapshot and *TAG* 626is its tag name. 627 628You can use an unix socket instead of an inet socket: 629 630.. parsed-literal:: 631 632 |qemu_system| sheepdog+unix:///IMAGE?socket=PATH 633 634If the Sheepdog daemon doesn't run on the local host, you need to 635specify one of the Sheepdog servers to connect to. 636 637.. parsed-literal:: 638 639 qemu-img create sheepdog://HOSTNAME:PORT/IMAGE SIZE 640 |qemu_system| sheepdog://HOSTNAME:PORT/IMAGE 641 642iSCSI LUNs 643---------- 644 645iSCSI is a popular protocol used to access SCSI devices across a computer 646network. 647 648There are two different ways iSCSI devices can be used by QEMU. 649 650The first method is to mount the iSCSI LUN on the host, and make it appear as 651any other ordinary SCSI device on the host and then to access this device as a 652/dev/sd device from QEMU. How to do this differs between host OSes. 653 654The second method involves using the iSCSI initiator that is built into 655QEMU. This provides a mechanism that works the same way regardless of which 656host OS you are running QEMU on. This section will describe this second method 657of using iSCSI together with QEMU. 658 659In QEMU, iSCSI devices are described using special iSCSI URLs. URL syntax: 660 661:: 662 663 iscsi://[<username>[%<password>]@]<host>[:<port>]/<target-iqn-name>/<lun> 664 665Username and password are optional and only used if your target is set up 666using CHAP authentication for access control. 667Alternatively the username and password can also be set via environment 668variables to have these not show up in the process list: 669 670:: 671 672 export LIBISCSI_CHAP_USERNAME=<username> 673 export LIBISCSI_CHAP_PASSWORD=<password> 674 iscsi://<host>/<target-iqn-name>/<lun> 675 676Various session related parameters can be set via special options, either 677in a configuration file provided via '-readconfig' or directly on the 678command line. 679 680If the initiator-name is not specified qemu will use a default name 681of 'iqn.2008-11.org.linux-kvm[:<uuid>'] where <uuid> is the UUID of the 682virtual machine. If the UUID is not specified qemu will use 683'iqn.2008-11.org.linux-kvm[:<name>'] where <name> is the name of the 684virtual machine. 685 686Setting a specific initiator name to use when logging in to the target: 687 688:: 689 690 -iscsi initiator-name=iqn.qemu.test:my-initiator 691 692Controlling which type of header digest to negotiate with the target: 693 694:: 695 696 -iscsi header-digest=CRC32C|CRC32C-NONE|NONE-CRC32C|NONE 697 698These can also be set via a configuration file: 699 700:: 701 702 [iscsi] 703 user = "CHAP username" 704 password = "CHAP password" 705 initiator-name = "iqn.qemu.test:my-initiator" 706 # header digest is one of CRC32C|CRC32C-NONE|NONE-CRC32C|NONE 707 header-digest = "CRC32C" 708 709Setting the target name allows different options for different targets: 710 711:: 712 713 [iscsi "iqn.target.name"] 714 user = "CHAP username" 715 password = "CHAP password" 716 initiator-name = "iqn.qemu.test:my-initiator" 717 # header digest is one of CRC32C|CRC32C-NONE|NONE-CRC32C|NONE 718 header-digest = "CRC32C" 719 720How to use a configuration file to set iSCSI configuration options: 721 722.. parsed-literal:: 723 724 cat >iscsi.conf <<EOF 725 [iscsi] 726 user = "me" 727 password = "my password" 728 initiator-name = "iqn.qemu.test:my-initiator" 729 header-digest = "CRC32C" 730 EOF 731 732 |qemu_system| -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \\ 733 -readconfig iscsi.conf 734 735How to set up a simple iSCSI target on loopback and access it via QEMU: 736this example shows how to set up an iSCSI target with one CDROM and one DISK 737using the Linux STGT software target. This target is available on Red Hat based 738systems as the package 'scsi-target-utils'. 739 740.. parsed-literal:: 741 742 tgtd --iscsi portal=127.0.0.1:3260 743 tgtadm --lld iscsi --op new --mode target --tid 1 -T iqn.qemu.test 744 tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 1 \\ 745 -b /IMAGES/disk.img --device-type=disk 746 tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 2 \\ 747 -b /IMAGES/cd.iso --device-type=cd 748 tgtadm --lld iscsi --op bind --mode target --tid 1 -I ALL 749 750 |qemu_system| -iscsi initiator-name=iqn.qemu.test:my-initiator \\ 751 -boot d -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \\ 752 -cdrom iscsi://127.0.0.1/iqn.qemu.test/2 753 754GlusterFS disk images 755--------------------- 756 757GlusterFS is a user space distributed file system. 758 759You can boot from the GlusterFS disk image with the command: 760 761URI: 762 763.. parsed-literal:: 764 765 |qemu_system| -drive file=gluster[+TYPE]://[HOST}[:PORT]]/VOLUME/PATH 766 [?socket=...][,file.debug=9][,file.logfile=...] 767 768JSON: 769 770.. parsed-literal:: 771 772 |qemu_system| 'json:{"driver":"qcow2", 773 "file":{"driver":"gluster", 774 "volume":"testvol","path":"a.img","debug":9,"logfile":"...", 775 "server":[{"type":"tcp","host":"...","port":"..."}, 776 {"type":"unix","socket":"..."}]}}' 777 778*gluster* is the protocol. 779 780*TYPE* specifies the transport type used to connect to gluster 781management daemon (glusterd). Valid transport types are 782tcp and unix. In the URI form, if a transport type isn't specified, 783then tcp type is assumed. 784 785*HOST* specifies the server where the volume file specification for 786the given volume resides. This can be either a hostname or an ipv4 address. 787If transport type is unix, then *HOST* field should not be specified. 788Instead *socket* field needs to be populated with the path to unix domain 789socket. 790 791*PORT* is the port number on which glusterd is listening. This is optional 792and if not specified, it defaults to port 24007. If the transport type is unix, 793then *PORT* should not be specified. 794 795*VOLUME* is the name of the gluster volume which contains the disk image. 796 797*PATH* is the path to the actual disk image that resides on gluster volume. 798 799*debug* is the logging level of the gluster protocol driver. Debug levels 800are 0-9, with 9 being the most verbose, and 0 representing no debugging output. 801The default level is 4. The current logging levels defined in the gluster source 802are 0 - None, 1 - Emergency, 2 - Alert, 3 - Critical, 4 - Error, 5 - Warning, 8036 - Notice, 7 - Info, 8 - Debug, 9 - Trace 804 805*logfile* is a commandline option to mention log file path which helps in 806logging to the specified file and also help in persisting the gfapi logs. The 807default is stderr. 808 809You can create a GlusterFS disk image with the command: 810 811.. parsed-literal:: 812 813 qemu-img create gluster://HOST/VOLUME/PATH SIZE 814 815Examples 816 817.. parsed-literal:: 818 819 |qemu_system| -drive file=gluster://1.2.3.4/testvol/a.img 820 |qemu_system| -drive file=gluster+tcp://1.2.3.4/testvol/a.img 821 |qemu_system| -drive file=gluster+tcp://1.2.3.4:24007/testvol/dir/a.img 822 |qemu_system| -drive file=gluster+tcp://[1:2:3:4:5:6:7:8]/testvol/dir/a.img 823 |qemu_system| -drive file=gluster+tcp://[1:2:3:4:5:6:7:8]:24007/testvol/dir/a.img 824 |qemu_system| -drive file=gluster+tcp://server.domain.com:24007/testvol/dir/a.img 825 |qemu_system| -drive file=gluster+unix:///testvol/dir/a.img?socket=/tmp/glusterd.socket 826 |qemu_system| -drive file=gluster+rdma://1.2.3.4:24007/testvol/a.img 827 |qemu_system| -drive file=gluster://1.2.3.4/testvol/a.img,file.debug=9,file.logfile=/var/log/qemu-gluster.log 828 |qemu_system| 'json:{"driver":"qcow2", 829 "file":{"driver":"gluster", 830 "volume":"testvol","path":"a.img", 831 "debug":9,"logfile":"/var/log/qemu-gluster.log", 832 "server":[{"type":"tcp","host":"1.2.3.4","port":24007}, 833 {"type":"unix","socket":"/var/run/glusterd.socket"}]}}' 834 |qemu_system| -drive driver=qcow2,file.driver=gluster,file.volume=testvol,file.path=/path/a.img, 835 file.debug=9,file.logfile=/var/log/qemu-gluster.log, 836 file.server.0.type=tcp,file.server.0.host=1.2.3.4,file.server.0.port=24007, 837 file.server.1.type=unix,file.server.1.socket=/var/run/glusterd.socket 838 839Secure Shell (ssh) disk images 840------------------------------ 841 842You can access disk images located on a remote ssh server 843by using the ssh protocol: 844 845.. parsed-literal:: 846 847 |qemu_system| -drive file=ssh://[USER@]SERVER[:PORT]/PATH[?host_key_check=HOST_KEY_CHECK] 848 849Alternative syntax using properties: 850 851.. parsed-literal:: 852 853 |qemu_system| -drive file.driver=ssh[,file.user=USER],file.host=SERVER[,file.port=PORT],file.path=PATH[,file.host_key_check=HOST_KEY_CHECK] 854 855*ssh* is the protocol. 856 857*USER* is the remote user. If not specified, then the local 858username is tried. 859 860*SERVER* specifies the remote ssh server. Any ssh server can be 861used, but it must implement the sftp-server protocol. Most Unix/Linux 862systems should work without requiring any extra configuration. 863 864*PORT* is the port number on which sshd is listening. By default 865the standard ssh port (22) is used. 866 867*PATH* is the path to the disk image. 868 869The optional *HOST_KEY_CHECK* parameter controls how the remote 870host's key is checked. The default is ``yes`` which means to use 871the local ``.ssh/known_hosts`` file. Setting this to ``no`` 872turns off known-hosts checking. Or you can check that the host key 873matches a specific fingerprint: 874``host_key_check=md5:78:45:8e:14:57:4f:d5:45:83:0a:0e:f3:49:82:c9:c8`` 875(``sha1:`` can also be used as a prefix, but note that OpenSSH 876tools only use MD5 to print fingerprints). 877 878Currently authentication must be done using ssh-agent. Other 879authentication methods may be supported in future. 880 881Note: Many ssh servers do not support an ``fsync``-style operation. 882The ssh driver cannot guarantee that disk flush requests are 883obeyed, and this causes a risk of disk corruption if the remote 884server or network goes down during writes. The driver will 885print a warning when ``fsync`` is not supported: 886 887:: 888 889 warning: ssh server ssh.example.com:22 does not support fsync 890 891With sufficiently new versions of libssh and OpenSSH, ``fsync`` is 892supported. 893 894NVMe disk images 895---------------- 896 897NVM Express (NVMe) storage controllers can be accessed directly by a userspace 898driver in QEMU. This bypasses the host kernel file system and block layers 899while retaining QEMU block layer functionalities, such as block jobs, I/O 900throttling, image formats, etc. Disk I/O performance is typically higher than 901with ``-drive file=/dev/sda`` using either thread pool or linux-aio. 902 903The controller will be exclusively used by the QEMU process once started. To be 904able to share storage between multiple VMs and other applications on the host, 905please use the file based protocols. 906 907Before starting QEMU, bind the host NVMe controller to the host vfio-pci 908driver. For example: 909 910.. parsed-literal:: 911 912 # modprobe vfio-pci 913 # lspci -n -s 0000:06:0d.0 914 06:0d.0 0401: 1102:0002 (rev 08) 915 # echo 0000:06:0d.0 > /sys/bus/pci/devices/0000:06:0d.0/driver/unbind 916 # echo 1102 0002 > /sys/bus/pci/drivers/vfio-pci/new_id 917 918 # |qemu_system| -drive file=nvme://HOST:BUS:SLOT.FUNC/NAMESPACE 919 920Alternative syntax using properties: 921 922.. parsed-literal:: 923 924 |qemu_system| -drive file.driver=nvme,file.device=HOST:BUS:SLOT.FUNC,file.namespace=NAMESPACE 925 926*HOST*:*BUS*:*SLOT*.\ *FUNC* is the NVMe controller's PCI device 927address on the host. 928 929*NAMESPACE* is the NVMe namespace number, starting from 1. 930 931Disk image file locking 932----------------------- 933 934By default, QEMU tries to protect image files from unexpected concurrent 935access, as long as it's supported by the block protocol driver and host 936operating system. If multiple QEMU processes (including QEMU emulators and 937utilities) try to open the same image with conflicting accessing modes, all but 938the first one will get an error. 939 940This feature is currently supported by the file protocol on Linux with the Open 941File Descriptor (OFD) locking API, and can be configured to fall back to POSIX 942locking if the POSIX host doesn't support Linux OFD locking. 943 944To explicitly enable image locking, specify "locking=on" in the file protocol 945driver options. If OFD locking is not possible, a warning will be printed and 946the POSIX locking API will be used. In this case there is a risk that the lock 947will get silently lost when doing hot plugging and block jobs, due to the 948shortcomings of the POSIX locking API. 949 950QEMU transparently handles lock handover during shared storage migration. For 951shared virtual disk images between multiple VMs, the "share-rw" device option 952should be used. 953 954By default, the guest has exclusive write access to its disk image. If the 955guest can safely share the disk image with other writers the 956``-device ...,share-rw=on`` parameter can be used. This is only safe if 957the guest is running software, such as a cluster file system, that 958coordinates disk accesses to avoid corruption. 959 960Note that share-rw=on only declares the guest's ability to share the disk. 961Some QEMU features, such as image file formats, require exclusive write access 962to the disk image and this is unaffected by the share-rw=on option. 963 964Alternatively, locking can be fully disabled by "locking=off" block device 965option. In the command line, the option is usually in the form of 966"file.locking=off" as the protocol driver is normally placed as a "file" child 967under a format driver. For example: 968 969:: 970 971 -blockdev driver=qcow2,file.filename=/path/to/image,file.locking=off,file.driver=file 972 973To check if image locking is active, check the output of the "lslocks" command 974on host and see if there are locks held by the QEMU process on the image file. 975More than one byte could be locked by the QEMU instance, each byte of which 976reflects a particular permission that is acquired or protected by the running 977block driver. 978 979.. only:: man 980 981 See also 982 -------- 983 984 The HTML documentation of QEMU for more precise information and Linux 985 user mode emulator invocation. 986