libvirt offers two ways of using the qemu/kvm hypervisor:
Connects to the system libvirtd instance which is running as root
Connects to (or starts) a libvirtd instance which is running as the current user
A detailed explanation can be found at: http://blog.wikichoon.com/2016/01/qemusystem-vs-qemusession.html
and on the official libvirt website: http://wiki.libvirt.org/page/FAQ#What_is_the_difference_between_qemu:.2F.2F.2Fsystem_and_qemu:.2F.2F.2Fsession.3F_Which_one_should_I_use.3F
To sum it up: qemu:///session
avoids permission issues because it runs as the current user whereas qemu:///system
allows the use of more advanced networking options which require root.
didn't allow to connect to a bridge, instead it used qemu's usermode networking which is a standalone implementation of the tcp/ip stack. There are a couple of downsides to this:
- The guest is completely isolated and can't participate in the network directly
- To connect to the guest it is necessary to configure port forwarding from the host
- Network performance is slow
Luckily there is now a way to use existing bridges with qemu:///session
. The tool qemu-bridge-helper
can configure a tap device which connects the guest to a bridge. Unfortunately it doesn't seem to be configured correctly out-of-the-box in Ubuntu.
Building libvirt from source
I couldn't get this to work with the version of libvirt that ships with Ubuntu (I tested 14.04 and 15.10). So this is how I built the latest libvirt from source:
1. Install dependencies:
sudo apt-get install libyajl-dev libxml2-dev libdevmapper-dev libpciaccess-dev libnl-3-dev libnl-route-3-dev
2. Configure & Compile
./configure && make
3. Install it (see https://help.ubuntu.com/community/CheckInstall
4. Update shared libraries
5. Kill existing libvirtd instances (they will be started automatically in the following steps)
Here are the steps that allowed me to get it working on Ubuntu 14.04 and 15.10:
1. Install libvirt, kvm and other dependencies:
sudo apt-get install libvirt0 libvirt-bin virtinst qemu-kvm
2. Add the user to the group 'libvirtd'. Don't forget to logout/login after this step.
sudo usermod -a -G libvirtd [user]
2. Double-check that the default libvirt network and a bridge exists:
virsh net-list # Should list the network 'default'
virsh net-start default # Start the network if it is inactive
virsh net-info default # Should show 'Bridge: virbr0'
brctl show # Should list the bridge 'virbr0'
3. Allow qemu-bridge-helper
to use the bridge by putting the following into /etc/qemu/bridge.conf
needs root permissions to create the tap device. To allow a normal user to do this we need to set the suid bit:
sudo chmod u+s /usr/lib/qemu-bridge-helper
5. Start a new VM similar to this:
virt-install --connect qemu:///session --network bridge=virbr0 --name test --ram 128 --disk path=VirtualMachines/cirros-0.3.4-i386-disk.img --boot hd
The new VM should automatically get an ip address from the libvirt dhcp server and it should be possible to ping/ssh from the host to the guest.