Arch Linux

bbbb4

Member

Registered: 2025-03-03

Posts: 5

Example to run a virtual machine with Qemu

Enable IOMMU in BIOS/UEFI on computer (Intel VT-d, AMD-Vi, IOMMU)
Checking support for KVM on the host

lscpu | grep Virtualization
lsmod | grep kvm

Installing needed components

sudo pacman -S qemu-base qemu-desktop edk2-ovmf dnsmasq swtpm virt-viewer --noconfirm

Disk manipulations -----------------------

qemu-img create -f raw VirtualDisk.img 10G
qemu-img info VirtualDisk.img
qemu-img check VirtualDisk.img
qemu-img resize VirtualDisk.img +1G
qemu-img convert -p VirtualDisk.vdi -O raw VirtualDisk.img
qemu-img convert -p VirtualDisk.img -O vdi VirtualDisk.vdi
qemu-img convert -p VirtualDisk.img -O qcow2 VirtualDisk_NEW.img
qemu-img resize -f raw --shrink VirtualDisk.img -500M

Boot from live disk for repair after shrinking

lsblk
sudo gdisk /dev/sda
r -> w -> y

Snapshots --------------------------------
https://people.redhat.com/pbonzini/qemu … mages.html

qemu-img snapshot -l VirtualDisk.img          # List snapshots
qemu-img snapshot -c snapshot VirtualDisk.img # Creates a snapshot
qemu-img snapshot -a snapshot VirtualDisk.img # Applies a snapshot
qemu-img snapshot -d snapshot VirtualDisk.img # Deletes a snapshot

Check if virtual host pass

virt-host-validate 

   
Useful commands

qemu-system-x86_64 -machine q35,help
qemu-system-x86_64 -device virtio-vga-gl,help
qemu-system-x86_64 -accel help

Setting the network
EXAMPLE BELOW WORKS BUT IT NEEDS TO BE IMPROVED

echo 'allow virbr0' | sudo tee -a /etc/qemu/bridge.conf
systemctl enable --now libvirtd
sudo virsh net-define /etc/libvirt/qemu/networks/default.xml
sudo virsh net-start --network default
sudo virsh net-autostart --network default
sudo virsh net-list --all
sudo virsh net-info --network default
ip addr show virbr0

Settings for network sharing

sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.default.forwarding=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1

Firewall Settings if iptables is enable -----------------------

sudo iptables -N LIBVIRT_FWI
sudo iptables -N LIBVIRT_FWO
sudo iptables -N LIBVIRT_FWX
sudo iptables -N LIBVIRT_INP
sudo iptables -N LIBVIRT_OUT
sudo iptables -A INPUT -j LIBVIRT_INP -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWX -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWI -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWO -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -i wlp2s0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A OUTPUT -j LIBVIRT_OUT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p udp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p tcp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p udp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p tcp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables-save -f /etc/iptables/iptables.rules

For Linux systems ---------------

cp -v /usr/share/edk2/x64/OVMF_VARS.4m.fd Linux_VARS.4m.fd

On Linux guest

sudo pacman -S spice-vdagent qemu-guest-agent vulkan-virtio --noconfirm
sudo sed -i 's/^MODULES=([^)]*/& virtio virtio_blk virtio_pci virtio_net virtio_ring/' /etc/mkinitcpio.conf ; sudo mkinitcpio -P
sudo dmesg | grep drm
inxi -G

For Windows11 systems -------------

cp -v /usr/share/edk2/x64/OVMF_VARS.4m.fd Windows11_VARS.4m.fd

On Windows guest
Spice driver -> https://www.spice-space.org/download/wi … latest.exe
Virtio Driver -> https://fedorapeople.org/groups/virt/vi … io-win.iso
---------------------------------------------------------------
Below is example script to run Windows11 into a virtual machine
Uncomment desire option from the file
Documentation for options -> https://www.qemu.org/docs/master/system … npage.html

#!/bin/bash

# chmod a+x Qemu_Windows11_SPICE_client.sh
# To start app use ./Qemu_Windows11_SPICE_client.sh
Name=Windows11
mkdir -p /tmp/${Name}_tpm
swtpm socket --tpmstate dir=/tmp/${Name}_tpm --ctrl type=unixio,path=/tmp/${Name}_tpm/tpm --tpm2 &
echo -e " Trusted Platform Module terminal\n Close after shutdown virtual $Name !!!\n"
options=(
 -name $Name -nodefaults\
 # Set Machine
 -machine type=q35,vmport=off,hmat=on\
 # Processor -> lscpu | grep -E "CPU\(s):|Thread|Core\(s|Socket"
 -cpu host,topoext=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time\
 -smp $(nproc),sockets=1,cores=4,threads=2,maxcpus=$(nproc)\
 # Acceleration and RAM memory --------------
 -accel kvm -m 4100M\
 # QEMU monitor -> [url]https://wiki.archlinux.org/title/QEMU#QEMU_monitor[/url]
 # Connecting -> socat - UNIX-CONNECT:/tmp/${Name}.sock
 # Connecting -> ncat -U /tmp/${Name}.sock
 -monitor unix:/tmp/${Name}.sock,server,nowait\
 # Bios firmware
 -drive if=pflash,format=raw,read-only=on,file=/usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd\
 -drive if=pflash,format=raw,file=${Name}_VARS.4m.fd\
 # Cdrom ---------------
 -drive file=,if=ide,media=cdrom\
 # -drive file=Win11_24H2_English_x64.iso,media=cdrom,format=raw\
 # -drive file=virtio-win-0.1.266.iso,media=cdrom,format=raw\
 # Hard drive -> [url]https://wiki.gentoo.org/wiki/QEMU/Options#Hard_drive[/url] ---------------
 # AHCI driver
 # -drive id=Ahc,file=${Name}.img,media=disk,if=none,format=raw,aio=native,cache.direct=on\
 # -device ahci,id=ahci -device ide-hd,drive=Ahc,bus=ahci.0\
 # NVME driver
 # -drive id=Nvm,file=${Name}.img,media=disk,if=none,format=raw,aio=native,cache.direct=on\
 # -device nvme,serial=myvirtdev,drive=Nvm\
 # Virtio driver
 -drive file=${Name}.img,media=disk,if=virtio,format=raw,aio=native,cache.direct=on\
 # Video ---------------
 # -vga none -device qxl-vga,vgamem_mb=64\
 # -vga none -device virtio-vga-gl\
 # Prerequisites -> QEMU >= 9.2.0, Linux kernel >= 6.13 and mesa >= 24.2.0
 -vga none -device virtio-vga-gl,hostmem=512M,blob=true,venus=true\
 # Network -> [url]https://wiki.qemu.org/Documentation/Networking[/url] -------------
 # User network
 # -nic user,ipv6=off,model=e1000,mac=52:54:00:00:00:02\
 # Bridge network
 -nic bridge,br=virbr0,model=virtio-net-pci,mac=52:54:00:00:00:02\
 # Intel HD Audio ---------------
 -audiodev pa,id=snd0 -device ich9-intel-hda -device hda-duplex,audiodev=snd0\
 # Trusted Platform Module emulation ---------------
 -chardev socket,id=chrtpm,path=/tmp/${Name}_tpm/tpm\
 -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0,id=tpm0\
 # Pass-through host USB 3 device -> [url]https://wiki.archlinux.org/title/QEMU#Pass-through_host_USB_device[/url]
 # lsusb
 # sudo chown -v $USER:$USER /dev/bus/usb/002/006
 # -device qemu-xhci,id=xhci -device usb-host,hostdevice=/dev/bus/usb/002/006\
 # -device qemu-xhci,id=xhci -device usb-host,bus=xhci.0,vendorid=0x125f,productid=0xc13a\
 # -device qemu-xhci,id=xhci -device usb-host,bus=xhci.0,hostbus=2,hostaddr=6\
 # Enabling SPICE support (Copy & Paste) -> [url]https://www.spice-space.org/spice-user-manual.html[/url]
 -chardev spicevmc,id=ch1,name=vdagent\
 -device virtio-serial-pci\
 -display none\
 -spice unix=on,addr=/tmp/${Name}_spice,gl=on,disable-ticketing=on\
 # For qxl-vga -> -spice unix=on,addr=/tmp/${Name}_spice,disable-ticketing=on\
 # For qxl-vga -> -spice port=5924,disable-ticketing=on\
 -device virtserialport,chardev=ch1,id=ch1,name=com.redhat.spice.0\
 # USB 3 redirection with SPICE -> [url]https://www.spice-space.org/usbredir.html[/url]
 -device nec-usb-xhci,id=usb\
 -chardev spicevmc,name=usbredir,id=usbredirchardev1 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1\
 -chardev spicevmc,name=usbredir,id=usbredirchardev2 -device usb-redir,chardev=usbredirchardev2,id=usbredirdev2\
 # Mouse grab ---------------------
 -usbdevice tablet
 )
qemu-system-x86_64 ${options[@]} &
remote-viewer spice+unix:///tmp/${Name}_spice --title=$Name
# For qxl-vga -> spicy --uri="spice+unix:///tmp/${Name}_spice" --title=$Name
# For qxl-vga -> remote-viewer spice://127.0.0.1:5924 --title=$Name
# For qxl-vga -> spicy -h 127.0.0.1 -p 5924 --title=$Name
wait $!
rm -r /tmp/${Name}_tpm
rm /tmp/${Name}_spice
exit 0

Last edited by bbbb4 (2025-03-12 18:22:21)

ReDress

Member

From: Nairobi

Registered: 2024-11-30

Posts: 122

Re: Example to run a virtual machine with Qemu

sudo pacman -S qemu-base qemu-desktop edk2-ovmf dnsmasq swtpm virt-viewer --noconfirm
echo 'allow virbr0' | sudo tee -a /etc/qemu/bridge.conf
grep -Ev '^$|^#' /etc/libvirt/libvirtd.conf
systemctl enable --now libvirtd
sudo virsh net-start --network default
sudo virsh net-autostart --network default
sudo virsh net-list --all
sudo virsh net-info --network default
ip addr show virbr0

# Firewall -----------------------
sudo iptables -N LIBVIRT_FWI
sudo iptables -N LIBVIRT_FWO
sudo iptables -N LIBVIRT_FWX
sudo iptables -N LIBVIRT_INP
sudo iptables -N LIBVIRT_OUT
sudo iptables -A INPUT -j LIBVIRT_INP -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWX -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWI -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -j LIBVIRT_FWO -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A FORWARD -i wlp2s0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A OUTPUT -j LIBVIRT_OUT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p udp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_INP -i virbr0 -p tcp -m multiport --dports 53,67 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p udp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables -A LIBVIRT_OUT -o virbr0 -p tcp -m multiport --dports 53,68 -j ACCEPT -m comment --comment "Vitrual machine setting"
sudo iptables-save -f /etc/iptables/iptables.rules

Sad. Installing libvirt to use it only for the network configuration. You're missing out on so much libvirt - heh

Last edited by ReDress (2025-03-03 13:44:48)

cryptearth

Member

Registered: 2024-02-03

Posts: 1,355

Re: Example to run a virtual machine with Qemu

@OP
first: please use code tags
second: is there anything related to this uncommentd dump of stuff like questions, issues, advices? if you look for a dumbing host please see github

bbbb4

Member

Registered: 2025-03-03

Posts: 5

Re: Example to run a virtual machine with Qemu

Guys you are right, and this is my first post in the forum and still get used to work with this forum i will try to improve my posts. thank you for advices and have a nice day.

Head_on_a_Stick

Member

From: The Wirral

Registered: 2014-02-20

Posts: 8,831

Website

Re: Example to run a virtual machine with Qemu

Don't use QXL, it's old & crusty. All the cool kids use virtio for the GPU stuff.

---

Jin, Jîyan, Azadî

bbbb4

Member

Registered: 2025-03-03

Posts: 5

Re: Example to run a virtual machine with Qemu

In some case, only Qxl video can be used to use the virtual machine so I have added it as an option that can be activated if is needed.

bbbb4

Member

Registered: 2025-03-03

Posts: 5

Re: Example to run a virtual machine with Qemu

Example script to run Arch linux into a virtual machine

#!/bin/bash

# chmod a+x Qemu_Archlinux.sh
# To start app use ./Qemu_Archlinux.sh
Name=Archlinux
mkdir -p /tmp/${Name}_tpm
swtpm socket --tpmstate dir=/tmp/${Name}_tpm --ctrl type=unixio,path=/tmp/${Name}_tpm/tpm --tpm2 &
echo -e " Trusted Platform Module terminal\n Close after shutdown virtual $Name !!!\n"
options=(
 -name $Name -nodefaults\
 # Set Machine
 -machine type=q35,vmport=off,hmat=on\
 # Processor -> lscpu | grep -E "CPU\(s):|Thread|Core\(s|Socket"
 -cpu host,topoext=on -smp $(nproc),sockets=1,cores=4,threads=2,maxcpus=$(nproc)\
 # Acceleration and RAM memory --------------
 -accel kvm -m 4300M\
 # QEMU monitor -> https://wiki.archlinux.org/title/QEMU#QEMU_monitor
 # Connecting -> socat - UNIX-CONNECT:/tmp/${Name}.sock
 # Connecting -> ncat -U /tmp/${Name}.sock
 -monitor unix:/tmp/${Name}.sock,server,nowait\
 # Bios firmware
 -drive if=pflash,format=raw,read-only=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd\
 -drive if=pflash,format=raw,file=${Name}_VARS.4m.fd\
 # Cdrom ---------------
 -drive file=,if=ide,media=cdrom\
 # -drive file=manjaro-kde-24.2.1-241216-linux612.iso,media=cdrom,format=raw\
 # -drive file=archlinux-2025.01.01-x86_64.iso,media=cdrom,format=raw\
 # Hard drive -> https://wiki.gentoo.org/wiki/QEMU/Options#Hard_drive ---------------
 # AHCI driver
 # -drive id=Ahc,file=${Name}.img,media=disk,if=none,format=raw,aio=native,cache.direct=on\
 # -device ahci,id=ahci -device ide-hd,drive=Ahc,bus=ahci.0\
 # NVME driver
 # -drive id=Nvm,file=${Name}.img,media=disk,if=none,format=raw,aio=native,cache.direct=on\
 # -device nvme,serial=myvirtdev,drive=Nvm\
 # Virtio driver
 -drive file=${Name}.img,media=disk,if=virtio,format=raw,aio=native,cache.direct=on\
 # Video ---------------
 # -vga none -device qxl-vga,vgamem_mb=64\
 # -vga none -device virtio-vga-gl\
 # Prerequisites -> QEMU >= 9.2.0, Linux kernel >= 6.13 and mesa >= 24.2.0
 -vga none -device virtio-vga-gl,hostmem=512M,blob=true,venus=true\
 # Graphical user interface for QEMU
 -display gtk,gl=on,grab-on-hover=on,show-tabs=off,window-close=on,show-menubar=on,zoom-to-fit=off\
 # Network -> https://wiki.qemu.org/Documentation/Networking -------------
 # User network
 # -nic user,ipv6=off,model=e1000,mac=52:54:00:00:00:01\
 # Bridge network
 -nic bridge,br=virbr0,model=virtio-net-pci,mac=52:54:00:00:00:01\
 # Intel HD Audio ---------------
 -audiodev pa,id=snd0 -device ich9-intel-hda -device hda-duplex,audiodev=snd0\
 # Trusted Platform Module emulation ---------------
 -chardev socket,id=chrtpm,path=/tmp/${Name}_tpm/tpm\
 -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0,id=tpm0\
 # Pass-through host USB 3 device -> https://wiki.archlinux.org/title/QEMU#Pass-through_host_USB_device
 # lsusb
 # sudo chown -v $USER:$USER /dev/bus/usb/002/006
 # -device qemu-xhci,id=xhci -device usb-host,hostdevice=/dev/bus/usb/002/006\
 # -device qemu-xhci,id=xhci -device usb-host,bus=xhci.0,vendorid=0x125f,productid=0xc13a\
 # -device qemu-xhci,id=xhci -device usb-host,bus=xhci.0,hostbus=2,hostaddr=6\
 # Sharing Host folder with the Guest -> https://wiki.qemu.org/Documentation/9psetup ------------------
 # -device virtio-9p-pci,fsdev=p9fs,mount_tag=9pshare\
 # -fsdev local,id=p9fs,path=/HOST_shared,security_model=mapped,multidevs=remap\
 # mkdir ~/share    # On the guest machine
 # sudo sed -i '$a 9pshare /homme/USER/share 9p trans=virtio,version=9p2000.L,rw 0 0' /etc/fstab
 # sudo mount -t 9p -o trans=virtio 9pshare ~/share -oversion=9p2000.L
 # Mouse grab ---------------------
 -usbdevice tablet
 )
qemu-system-x86_64 ${options[@]}
rm -r /tmp/${Name}_tpm
exit 0

ReDress

Member

From: Nairobi

Registered: 2024-11-30

Posts: 122

Re: Example to run a virtual machine with Qemu

Example script to run Arch linux into a virtual machine

Below is example script to run Windows11 into a virtual machine

It seems like the primary difference is the display and maybe

-cpu host,topoext=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time

Edit: Yes, even on libvirt, Linuxes default to spice while Windows default to qxl ;-)

Last edited by ReDress (2025-03-13 17:46:41)

bbbb4

Member

Registered: 2025-03-03

Posts: 5

Re: Example to run a virtual machine with Qemu

To disable 3D support you can use next option

-vga none -device virtio-vga

And for integrated display which do not support copy & past and usb redirecting

-display gtk,grab-on-hover=on,show-tabs=off,window-close=on,show-menubar=on,zoom-to-fit=off

And for remote viewer who support copy & past and usb redirecting

-spice unix=on,addr=/tmp/${Name}_spice,disable-ticketing=on

remote-viewer spice+unix:///tmp/${Name}_spice --title=$Name
spicy --uri="spice+unix:///tmp/${Name}_spice" --title=$Name

And with port connection

-spice port=5924,disable-ticketing=on

remote-viewer spice://127.0.0.1:5924 --title=$Name
spicy -h 127.0.0.1 -p 5924 --title=$Name

Last edited by bbbb4 (2025-03-16 20:23:12)