While tools such as virt-manager and virsh are useful, not all of the features of kvm are available with these front ends.
There are a rich number of options with KVM and I would encourage you to read
man qemu if you are interested in learning more. I may blog with a few that I use often, but will save that for another day.
If you run kvm from the command line the default networking is NAT, the same defaults as virt-manager.
When I use bridged networking, I found few “simple” scripts to automate the process of bringing a tap devices up/down. With this technique, my router to performs DNS for the guests.
There are 3 scripts, all run on the host to automate the process of bringing a tap interface up and down “automagically” when you start a guest.
/etc/qemu-ifup => Adds a tap to an existing bridge when the guest starts.
/etc/qeum-ifdown => Removes a tap when the guest exits.
kvm wrapper scriptThis third script is a wrapper script for kvm (you can not directly use a tap, see quem documentation for details).
Set up is fairly minimal, start by installing
- If you are using a wired network, set up your bridge as in my initial post here :
Virt Manager bridged networking
- If you are using wireless, I have had success with
parprouted(wireless will be my next blog entry).
Next, using any method, add a group “kvm” to your system and add your user to this group. Log off and back on to enable this change.
Now make a few changes to a few system settings. Basically we are changing permissions of /dev/kvm and /dev/net/tun so that you may access them as an member of the kvm group (and not root). I add these changes to /etc/rc.local.
/bin/chown root.kvm /dev/kvm
/bin/chown -R root.kvm /dev/net
/bin/chmod -R 660 /dev/net
Although I run kvm in user space (as a non-root user), a few commands need to be run as root. Perfect task for sudo (yes you can use sudo in Debian and Fedora, and this is a great example of using sudo).
You will need to edit /etc/sudoers, I strongly suggest you use visudo as it will check your syntax.
If you are not comfortable with vi, use nano:
export EDITOR=’/usr/bin/nano -w’
sudo -E visudo
I suggest using a command alias for kvm :
Cmnd_Alias KVM = /usr/sbin/tunctl, /sbin/ifconfig, /usr/sbin/brctl, /sbin/ip
And now allow users in the kvm group to run those commands as root without a password (add these lines lower in the file , under the group section).
%kvm ALL=(ALL) NOPASSWD: KVM
KVM Wrapper script
This wrapper script will run your kvm guest and call /etc/qemu-ifup and /etc/qemu-ifdown to configure a tap device. I personally save the script in ~/bin/kvm-bridge .
# tap interface automagic allocation
# for linux kernels >= 2.6.18
# modified by bodhi.zazen from :
# set up a tap interface for qemu/kvm
# USERID – uid qemu is being run under.
# generate a random mac address for use the virtual nic
# With thanks to pheldens @ qemu forum
ranmac=$(echo -n DE:AD:BE:EF ; for i in `seq 1 2` ; \
do echo -n `echo “:$RANDOM$RANDOM” | cut -n -c -3` ;done)
# specify which NIC to use – see man qemu
# The iface variable is automatically set to the next available tap
# Numbering starts with tap0
iface=`sudo tunctl -b -u $USERID`
# start kvm with our parameters
# $@ allows us to add additional command like parameters
# such as -hda $HOME/ubuntu.qcow2
echo “Bringing up interface $iface with mac address $ranmac”
# For Fedora 11 change “kvm” to “qemu-kvm”
kvm -net nic,vlan=0,macaddr=$ranmac,model=$model -net tap,vlan=0,ifname=$iface -usb -usbdevice tablet $@
/usr/bin/sudo /usr/sbin/tunctl -d $iface
User the wrapper script as you would use kvm, including any options you wish to specify on the command line. You do not need to specify networking options.
kvm-bridge -cdrom ~/ubuntu-9.04-desktop.iso -m 512 -hda ~/ubuntu-9.04.qcow2
So the guest does not crash if X crashes , I call the script with screen and specify a vnc output (connect to guest with a vnc viewer).
screen -d -m -S guest_name kvm-bridge -hda /home/user_name/ubuntu.qcow2 -vnc :0
Use these 2 scripts for /etc/qemu-ifup and /etc/qemu-ifdown . Although it may not be clear from the qemu / kvm documentation, these two scripts in these (default) locations are run automatically when you start qemu/kvm with the
-net tap flag. You may specify a different location for these scripts if you choose.
Note: I have had reports that some people using Ubuntu have had to move these scripts to
# Bring a tap interface up
if [ -n “$1” ];then
/usr/bin/sudo /usr/sbin/tunctl -u user -g kvm -t $1
/usr/bin/sudo /sbin/ip link set $1 up
/usr/bin/sudo /usr/sbin/brctl addif br0 $1
echo “Error: no interface specified”
Note: Change “user” in “/usr/bin/sudo /usr/sbin/tunctl -u user -g kvm -t $1” to your log in name.
Note: The option “-g kvm” in the command “/usr/bin/sudo /usr/sbin/tunctl -u user -g kvm -t $1” can cause permission problems if your primary group is not kvm, consider removing it or changing your primary group.
usermod -g kvm user
You will need to log off and back on after changing your primary group.
# Take the tap interface down.
/usr/bin/sudo /usr/sbin/brctl delif br0 $1
/usr/bin/sudo /sbin/ifconfig $1 down
/usr/bin/sudo /usr/sbin/tunctl -d $1
Set ownership and permissions :
sudo chown root.kvm /etc/qemu-if*
sudo chmod 550 /etc/qemu-if*