Example to run a virtual machine with Qemu

bbbb4 · Yesterday 10:29:17

# Enable IOMMU in BIOS/UEFI on computer (Intel VT-d, AMD-Vi, IOMMU)
# Checking support for KVM on the host
lscpu | grep Virtualization
lsmod | grep kvm

sudo pacman -S qemu-base qemu-desktop edk2-ovmf dnsmasq swtpm virt-viewer --noconfirm
echo 'allow virbr0' | sudo tee -a /etc/qemu/bridge.conf
grep -Ev '^$|^#' /etc/libvirt/libvirtd.conf
systemctl enable --now libvirtd
sudo virsh net-start --network default
sudo virsh net-autostart --network default
sudo virsh net-list --all
sudo virsh net-info --network default
ip addr show virbr0

# Disk manipulations -----------------------
qemu-img create -f qcow2 VirtualDisk.img 10G
qemu-img info VirtualDisk.img
qemu-img check VirtualDisk.img
qemu-img resize VirtualDisk.img +1G
qemu-img convert -p VirtualDisk.img -O qcow2 VirtualDisk_NEW.img

# Snapshots --------------------------------
# https://people.redhat.com/pbonzini/qemu … mages.html
qemu-img snapshot -l VirtualDisk.img # List snapshots
qemu-img snapshot -c snapshot VirtualDisk.img # Creates a snapshot
qemu-img snapshot -a snapshot VirtualDisk.img # Applies a snapshot
qemu-img snapshot -d snapshot VirtualDisk.img # Deletes a snapshot

virt-host-validate # Check if virtual host pass

qemu-system-x86_64 -machine q35,help
qemu-system-x86_64 -device virtio-vga-gl,help
qemu-system-x86_64 -accel help # Accelerators supported in QEMU binary

# Network sharing settings
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.default.forwarding=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1

# Firewall -----------------------
sudo iptables -N LIBVIRT_FWI
sudo iptables -N LIBVIRT_FWO
sudo iptables -N LIBVIRT_FWX
sudo iptables -N LIBVIRT_INP
sudo iptables -N LIBVIRT_OUT
sudo iptables -A INPUT -j LIBVIRT_INP -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWX -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWI -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWO -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -i wlp2s0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A OUTPUT -j LIBVIRT_OUT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p udp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p tcp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p udp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p tcp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables-save -f /etc/iptables/iptables.rules

# For Linux systems ---------------
cp -v /usr/share/edk2/x64/OVMF_VARS.4m.fd Linux_VARS.4m.fd
# On Linux guest
sudo pacman -S spice-vdagent qemu-guest-agent vulkan-virtio --noconfirm
sudo sed -i 's/^MODULES=([^)]*/& virtio virtio_blk virtio_pci virtio_net virtio_ring/' /etc/mkinitcpio.conf ; sudo mkinitcpio -P
sudo dmesg | grep drm
inxi -G

# For Windows11 systems -------------
cp -v /usr/share/edk2/x64/OVMF_VARS.4m.fd Windows11_VARS.4m.fd
# On Windows guest
# Spice driver -> https://www.spice-space.org/download/wi … latest.exe
# Virtio Driver -> https://fedorapeople.org/groups/virt/vi … io-win.iso

# Below is example script to run Windows11 into a virtual machine
# Uncomment desire option from the file
---------------------------------------------------------------
#!/bin/bash

# chmod a+x Qemu_Windows11_SPICE_client.sh
# To start app use ./Qemu_Windows11_SPICE_client.sh
Name=Windows11
mkdir -p /tmp/${Name}_tpm
swtpm socket --tpmstate dir=/tmp/${Name}_tpm --ctrl type=unixio,path=/tmp/${Name}_tpm/tpm --tpm2 &
echo -e " Trusted Platform Module terminal\n Close after shutdown virtual $Name !!!\n"
options=(
-name $Name -nodefaults\
# Set Machine
-machine type=q35,vmport=off,hmat=on\
# Processor -> lscpu | grep -E "CPU\(s):|Thread|Core\(s|Socket"
-cpu host,topoext=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time\
-smp $(nproc),sockets=1,cores=4,threads=2,maxcpus=$(nproc)\
# Acceleration and RAM memory --------------
-accel kvm -m 4100M\
# QEMU monitor -> https://wiki.archlinux.org/title/QEMU#QEMU_monitor
# Connecting -> socat - UNIX-CONNECT:/tmp/${Name}.sock
# Connecting -> ncat -U /tmp/${Name}.sock
-monitor unix:/tmp/${Name}.sock,server,nowait\
# Bios firmware
-drive if=pflash,format=raw,read-only=on,file=/usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd\
-drive if=pflash,format=raw,file=${Name}_VARS.4m.fd\
# Cdrom ---------------
-drive file=,if=ide,media=cdrom\
# -drive file=Win11_24H2_English_x64.iso,media=cdrom,format=raw\
# -drive file=virtio-win-0.1.266.iso,media=cdrom,format=raw\
# Hard drive -> https://wiki.gentoo.org/wiki/QEMU/Options#Hard_drive ---------------
# AHCI driver
# -drive id=Ahc,file=${Name}.img,media=disk,if=none,format=qcow2,aio=native,cache.direct=on\
# -device ahci,id=ahci -device ide-hd,drive=Ahc,bus=ahci.0\
# NVME driver
# -drive id=Nvm,file=${Name}.img,media=disk,if=none,format=qcow2,aio=native,cache.direct=on\
# -device nvme,serial=myvirtdev,drive=Nvm\
# Virtio driver
-drive file=${Name}.img,media=disk,if=virtio,format=qcow2,aio=native,cache.direct=on\
# Video ---------------
# -vga none -device qxl-vga,vgamem_mb=64\
# -vga none -device virtio-vga-gl\
# Prerequisites -> QEMU >= 9.2.0, Linux kernel >= 6.13 and mesa >= 24.2.0
-vga none -device virtio-vga-gl,hostmem=512M,blob=true,venus=true\
# Network -> https://wiki.qemu.org/Documentation/Networking -------------
# User network
# -nic user,ipv6=off,model=e1000,mac=52:54:00:00:00:02\
# Bridge network
-nic bridge,br=virbr0,model=virtio-net-pci,mac=52:54:00:00:00:02\
# Intel HD Audio ---------------
-audiodev pa,id=snd0 -device ich9-intel-hda -device hda-duplex,audiodev=snd0\
# Trusted Platform Module emulation ---------------
-chardev socket,id=chrtpm,path=/tmp/${Name}_tpm/tpm\
-tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0,id=tpm0\
# Pass-through host USB 3 device -> https://wiki.archlinux.org/title/QEMU#P … USB_device
# lsusb
# sudo chown -v $USER:$USER /dev/bus/usb/002/006
# -device qemu-xhci,id=xhci -device usb-host,hostdevice=/dev/bus/usb/002/006\
# -device qemu-xhci,id=xhci -device usb-host,bus=xhci.0,vendorid=0x125f,productid=0xc13a\
# -device qemu-xhci,id=xhci -device usb-host,bus=xhci.0,hostbus=2,hostaddr=6\
# Enabling SPICE support (Copy & Paste) -> https://www.spice-space.org/spice-user-manual.html
-chardev spicevmc,id=ch1,name=vdagent\
-device virtio-serial-pci\
-display none\
-spice unix=on,addr=/tmp/${Name}_spice,gl=on,disable-ticketing=on\
# For qxl-vga -> -spice unix=on,addr=/tmp/${Name}_spice,disable-ticketing=on\
# For qxl-vga -> -spice port=5924,disable-ticketing=on\
-device virtserialport,chardev=ch1,id=ch1,name=com.redhat.spice.0\
# USB 3 redirection with SPICE -> https://www.spice-space.org/usbredir.html
-device nec-usb-xhci,id=usb\
-chardev spicevmc,name=usbredir,id=usbredirchardev1 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1\
-chardev spicevmc,name=usbredir,id=usbredirchardev2 -device usb-redir,chardev=usbredirchardev2,id=usbredirdev2\
# Mouse grab ---------------------
-usbdevice tablet
)
qemu-system-x86_64 ${options[@]} &
remote-viewer spice+unix:///tmp/${Name}_spice --title=$Name
# For qxl-vga -> spicy --uri="spice+unix:///tmp/${Name}_spice" --title=$Name
# For qxl-vga -> remote-viewer spice://127.0.0.1:5924 --title=$Name
# For qxl-vga -> spicy -h 127.0.0.1 -p 5924 --title=$Name
wait $!
rm -r /tmp/${Name}_tpm
rm /tmp/${Name}_spice
exit 0

ReDress · Yesterday 13:44:23

bbbb4 wrote:

sudo pacman -S qemu-base qemu-desktop edk2-ovmf dnsmasq swtpm virt-viewer --noconfirm
echo 'allow virbr0' | sudo tee -a /etc/qemu/bridge.conf
grep -Ev '^$|^#' /etc/libvirt/libvirtd.conf
systemctl enable --now libvirtd
sudo virsh net-start --network default
sudo virsh net-autostart --network default
sudo virsh net-list --all
sudo virsh net-info --network default
ip addr show virbr0

# Firewall -----------------------
sudo iptables -N LIBVIRT_FWI
sudo iptables -N LIBVIRT_FWO
sudo iptables -N LIBVIRT_FWX
sudo iptables -N LIBVIRT_INP
sudo iptables -N LIBVIRT_OUT
sudo iptables -A INPUT -j LIBVIRT_INP -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWX -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWI -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWO -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -i wlp2s0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A OUTPUT -j LIBVIRT_OUT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p udp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p tcp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p udp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p tcp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables-save -f /etc/iptables/iptables.rules

Sad. Installing libvirt to use it only for the network configuration. You're missing out on so much libvirt - heh

Last edited by ReDress (Yesterday 13:44:48)

cryptearth · Yesterday 14:56:40

@OP
first: please use code tags
second: is there anything related to this uncommentd dump of stuff like questions, issues, advices? if you look for a dumbing host please see github

Arch Linux

#1 Yesterday 10:29:17

Example to run a virtual machine with Qemu

#2 Yesterday 13:44:23

Re: Example to run a virtual machine with Qemu

#3 Yesterday 14:56:40

Re: Example to run a virtual machine with Qemu

Board footer