Long-Term Supported Versions

    Managing VMs

    VM Life Cycle



    To leverage hardware resources and reduce costs, users need to properly manage VMs. This section describes basic operations during the VM lifecycle, such as creating, using, and deleting VMs.

    VM Status

    A VM can be in one of the following status:

    • undefined: The VM is not defined or created. That is, libvirt considers that the VM does not exist.
    • shut off: The VM has been defined but is not running, or the VM is terminated.
    • running: The VM is running.
    • paused: The VM is suspended and its running status is temporarily stored in the memory. The VM can be restored to the running status.
    • saved: Similar to the paused status, the running state is stored in a persistent storage medium and can be restored to the running status.
    • crashed: The VM crashes due to an internal error and cannot be restored to the running status.

    Status Transition

    VMs in different status can be converted, but certain rules must be met. Figure 1 describes the common rules for transiting the VM status.

    Figure 1 Status transition diagram

    VM ID

    In libvirt, a created VM instance is called a domain, which describes the configuration information of resources such as the CPU, memory, network device, and storage device of the VM. On a host, each domain has a unique ID, which is represented by the VM Name, UUID, and Id. For details, see Table 1. During the VM lifecycle, an operation can be performed on a specific VM by using a VM ID.

    Table 1 Domain ID description




    VM name


    Universally unique identifier


    VM running ID


    The ID is not displayed for a powered off VM.

    Run the virsh command to query the VM ID and UUID. For details, see Querying VM Information.

    Management Commands


    You can use the virsh command tool to manage the VM lifecycle. This section describes the commands related to the lifecycle.


    • Before performing operations on a VM, you need to query the VM status to ensure that the operations can be performed. For details about the conversion between status, see Status Transition.
    • You have administrator rights.
    • The VM XML configuration files are prepared.

    Command Usage

    You can run the virsh command to manage the VM lifecycle. The command format is as follows:

    virsh <operate> <obj> <options>

    The parameters are described as follows:

    • operate: manages VM lifecycle operations, such as creating, deleting, and starting VMs.
    • obj: specifies the operation object, for example, the VM to be operated.
    • options: command option. This parameter is optional.

    Table 2 describes the commands used for VM lifecycle management. VMInstance indicates the VM name, VM ID, or VM UUID, XMLFile indicates the XML configuration file of the VM, and DumpFile indicates the dump file. Change them based on the site requirements.

    Table 2 VM Lifecycle Management Commands



    virsh define <XMLFile>

    Define a persistent VM. After the definition is complete, the VM is shut down and is considered as a domain instance.

    virsh create <XMLFile>

    Create a temporary VM. After the VM is created, it is in the running status.

    virsh start <VMInstance>

    Start the VM.

    virsh shutdown <VMInstance>

    Shut down the VM. Start the VM shutdown process. If the VM fails to be shut down, forcibly stop it.

    virsh destroy <VMInstance>

    Forcibly stop the VM.

    virsh reboot <VMInstance>

    Reboot the VM.

    virsh save <VMInstance> <DumpFile>

    Dump the VM running status to a file.

    virsh restore <DumpFile>

    Restore the VM from the VM status dump file.

    virsh suspend <VMInstance>

    Suspend the VM to make the VM in the paused status.

    virsh resume <VMInstance>

    Resume the VM and restore the VM in the paused status to the running status.

    virsh undefine <VMInstance>

    After a persistent VM is destroyed, the VM lifecycle ends and no more operations can be performed on the VM.


    This section provides examples of commands related to VM life cycle management.

    • Create a VM.

      The VM XML configuration file is openEulerVM.xml. The command and output are as follows:

      $ virsh define openEulerVM.xml
      Domain openEulerVM defined from openEulerVM.xml
    • Start a VM.

      Run the following command to start the openEulerVM:

      $ virsh start openEulerVM
      Domain openEulerVM started
    • Reboot a VM.

      Run the following command to reboot the openEulerVM:

      $ virsh reboot openEulerVM
      Domain openEulerVM is being rebooted
    • Shut down a VM.

      Run the following command to shut down the openEulerVM:

      $ virsh shutdown openEulerVM
      Domain openEulerVM is being shutdown
    • Destroy a VM.

      • If the nvram file is not used during the VM startup, run the following command to destroy the VM:

        virsh undefine <VMInstance>
      • If the nvram file is used during the VM startup, run the following command to specify the nvram processing policy when destroying the VM:

        virsh undefine <VMInstance> <strategy>

        strategy indicates the policy for destroying a VM. The values can be:

        --nvram: delete the corresponding nvram file when destroying a VM.

        --keep-nvram: destroy a VM but retain the corresponding nvram file.

        For example, to delete the openEulerVM and its nvram file, run the following command:

        $ virsh undefine openEulerVM --nvram
        Domain openEulerVM has been undefined

    Modifying VM Configurations Online


    After a VM is created, users can modify VM configurations. This process is called online modification of VM configuration. After the configuration is modified online, the new VM configuration file is persistent and takes effect after the VM is shut down and restarted.

    The format of the command for modifying VM configuration is as follows:

    virsh edit <VMInstance>

    The virsh edit command is used to edit the XML configuration file corresponding to domain to update VM configuration. virsh edit uses the vi program as the default editor. You can specify the editor type by modifying the environment variable EDITOR or VISUAL. By default, virsh edit preferentially uses the text editor specified by the environment variable VISUAL.


    1. (Optional) Set the editor of the virsh edit command to vim.

      export VISUAL=vim
    2. Run the virsh edit command to open the XML configuration file of the openEulerVM.

      virsh edit openEulerVM
    3. Modify the VM configuration file.

    4. Save the VM configuration file and exit.

    5. Start the VM for the modification to take effect.

      virsh reboot openEulerVM

    Querying VM Information


    The libvirt provides a set of command line tools to query VM information. This section describes how to use commands to obtain VM information.


    To query VM information, the following requirements must be met:

    • The libvirtd service is running.

    • Only the administrator has the permission to execute command line.

    Querying VM Information on a Host

    • Query the list of running and paused VMs on a host.

      virsh list

      For example, the following command output indicates that three VMs exist on the host. openEulerVM01 and openEulerVM02 are running, and openEulerVM03 is paused.

       Id    Name                           State
       39    openEulerVM01                   running
       40    openEulerVM02                   running
       69    openEulerVM03                   paused
    • Query the list of VM information defined on a host.

      virsh list --all

      For example, the following command output indicates that four VMs are defined on the current host. openEulerVM01 is running, openEulerVM02 is paused, and openEulerVM03 and openEulerVM04 are shut down.

       Id    Name                           State
       39    openEulerVM01                  running
       69    openEulerVM02                  paused
       -     openEulerVM03                  shut off
       -     openEulerVM04                  shut off

    Querying Basic VM Information

    Libvirt component provides a group of commands for querying the VM status, including the VM running status, device information, and scheduling attributes. For details, see Table 3.

    Table 3 Querying basic VM information

    Information to be queried

    Command line


    Basic information

    virsh dominfo <VMInstance>

    The information includes the VM ID, UUID, and VM specifications.

    Current status

    virsh domstate <VMInstance>

    You can use the --reason option to query the reason why the VM changes to the current status.

    Scheduling information

    virsh schedinfo <VMInstance>

    The information includes the vCPU share.

    Number of vCPUs

    virsh vcpucount <VMInstance>

    Number of vCPUs of the VM.

    Virtual block device status

    virsh domblkstat <VMInstance>

    To query the name of a block device, run the virsh domblklist command.

    vNIC status

    virsh domifstat <VMInstance> <interface>

    To query the NIC name, run the virsh domiflist command.

    I/O thread

    virsh iothreadinfo <VMInstance>

    VM I/O thread and CPU affinity.


    • Run the virsh dominfo command to query the basic information about a created VM. The query result shows that the VM ID is 5, UUID is ab472210-db8c-4018-9b3e-fc5319a769f7, memory size is 8 GiB, and the number of vCPUs is 4.

      $ virsh dominfo openEulerVM
      Id:             5
      Name:           openEulerVM
      UUID:           ab472210-db8c-4018-9b3e-fc5319a769f7
      OS Type:        hvm
      State:          running
      CPU(s):         4
      CPU time:       6.8s
      Max memory:     8388608 KiB
      Used memory:    8388608 KiB
      Persistent:     no
      Autostart:      disable
      Managed save:   no
      Security model: none
      Security DOI:   0
    • Run the virsh domstate command to query the VM status. The query result shows that VM openEulerVM is running.

      $ virsh domstate openEulerVM
    • Run virsh schedinfo to query the VM scheduling information. The query result shows that the CPU reservation share of the VM is 1024.

      $ virsh schedinfo openEulerVM
      Scheduler      : posix
      cpu_shares     : 1024
      vcpu_period    : 100000
      vcpu_quota     : -1
      emulator_period: 100000
      emulator_quota : -1
      global_period  : 100000
      global_quota   : -1
      iothread_period: 100000
      iothread_quota : -1
    • Run the virsh vcpucount command to query the number of vCPUs. The query result shows that the VM has four CPUs.

      $ virsh vcpucount openEulerVM
      maximum      live           4
      current      live           4
    • Run the virsh domblklist command to query the VM disk information. The query result shows that the VM has two disks. sda is a virtual disk in qcow2 format, and sdb is a cdrom device.

       $ virsh domblklist openEulerVM
       Target   Source
       sda      /home/openeuler/vm/openEuler_aarch64.qcow2
       sdb      /home/openeuler/vm/openEuler-2.03-LTS-aarch64-dvd.iso
    • Run the virsh domiflist command to query the VM NIC information. The query result shows that the VM has one NIC, the backend is vnet0, which is on the br0 bridge of the host. The MAC address is 00:05:fe:d4:f1:cc.

      $ virsh domiflist openEulerVM
      Interface  Type       Source     Model       MAC
      vnet0      bridge     br0        virtio      00:05:fe:d4:f1:cc
    • Run the virsh iothreadinfo command to query the VM I/O thread information. The query result shows that the VM has five I/O threads, which are scheduled on physical CPUs 7-10.

      $ virsh iothreadinfo openEulerVM
       IOThread ID     CPU Affinity
       3               7-10
       4               7-10
       5               7-10
       1               7-10
       2               7-10

    Logging In to a VM

    This section describes how to log in to a VM using VNC.

    Logging In Using VNC Passwords


    After the OS is installed on a VM, you can remotely log in to the VM using VNC to manage the VM.


    Before logging in to a VM using a client, such as RealVNC or TightVNC, ensure that:

    • You have obtained the IP address of the host where the VM resides.

    • The environment where the client resides can access the network of the host.

    • You have obtained the VNC listening port of the VM. This port is automatically allocated when the client is started. Generally, the port number is 5900 + x (x is a positive integer and increases in ascending order based on the VM startup sequence. 5900 is invisible to users.)

    • If a password has been set for the VNC, you also need to obtain the VNC password of the VM.

      To set a password for the VM VNC, edit the XML configuration file of the VM. That is, add the passwd attribute to the graphics element and set the attribute value to the password to be configured. For example, to set the VNC password of the VM to n8VfjbFK, configure the XML file as follows:

         <graphics type='vnc' port='5900' autoport='yes' listen='' keymap='en-us' passwd='n8VfjbFK'>  
           <listen type='address' address=''/>  



    1. Query the VNC port number used by the VM. For example, if the VM name is openEulerVM, run the following command:

      $ virsh vncdisplay openEulerVM

      To log in to the VNC, you need to configure firewall rules to allow the connection of the VNC port. The reference command is as follows, where X is 5900 + Port number, for example, 5903.

      firewall-cmd --zone=public --add-port=X/tcp  
    2. Start the VncViewer software and enter the IP address and port number of the host. The format is host IP address:port number, for example,

    3. Click OK and enter the VNC password (optional) to log in to the VM VNC.

    Configuring VNC TLS Login


    By default, the VNC server and client transmit data in plaintext. Therefore, the communication content may be intercepted by a third party. To improve security, openEuler allows the VNC server to configure the Transport Layer Security (TLS) mode for encryption and authentication. TLS implements encrypted communication between the VNC server and client to prevent communication content from being intercepted by third parties.


    • To use the TLS encryption authentication mode, the VNC client must support the TLS mode (for example, TigerVNC). Otherwise, the VNC client cannot be connected.
    • The TLS encryption authentication mode is configured at the host level. After this feature is enabled, the TLS encryption authentication mode is enabled for the VNC clients of all VMs running on the host.


    To enable the TLS encryption authentication mode for the VNC, perform the following steps:

    1. Log in to the host where the VNC server resides, and edit the corresponding configuration items in the /etc/libvirt/qemu.conf configuration file of the server. The configuration is as follows:

      vnc_listen = "x.x.x.x"                    # "x.x.x.x" indicates the listening IP address of the VNC. Set this parameter based on the site requirements. The VNC server allows only the connection requests from clients whose IP addresses are in this range.
      vnc_tls = 1                        # If this parameter is set to 1, VNC TLS is enabled.
      vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"                           # Specify /etc/pki/libvirt-vnc as the path for storing the certificate.
      vnc_tls_x509_verify = 1                              #If this parameter is set to 1, the X509 certificate is used for TLS authentication.
    2. Create a certificate and a private key file for the VNC. The following uses GNU TLS as an example.

      To use GNU TLS, install the gnu-utils software package in advance.

      1. Create a certificate file issued by the Certificate Authority (CA).

        certtool --generate-privkey > ca-key.pem
      2. Create a self-signed public and private key for the CA certificate. Your organization name indicates the organization name, which is specified by the user.

        $ cat > ca.info<<EOF
        cn = Your organization name 
        certtool --generate-self-signed \
                 --load-privkey ca-key.pem \
                 --template ca.info \
                 --outfile ca-cert.pem

        In the preceding generated file, ca-cert.pem is the generated CA public key, andca-key.pem is the generated CA private key. The CA must keep them properly to prevent disclosure.

      3. Issue a certificate to the VNC server. Client Organization Name indicates the actual service name, for example, client.foo.com. Set this parameter based on the site requirements.

        $ cat > server.info<<EOF
        cn = Server Organization Name
        certtool --generate-privkey > server-key.pem
        certtool --generate-certificate \
                   --load-ca-certificate ca-cert.pem \
                   --load-ca-privkey ca-key.pem \
                   --load-privkey server-key.pem \
                   --template server.info \
                   --outfile server-cert.pem

        In the preceding generated file, server-key.pem is the private key of the VNC server, and server-cert.pem is the public key of the VNC server.

      4. Issue a certificate to the VNC client.

        $ cat > client.info<<EOF
        cn = Client Organization Name
        certtool --generate-privkey > client-key.pem
        certtool --generate-certificate \
                   --load-ca-certificate ca-cert.pem \
                   --load-ca-privkey ca-key.pem \
                   --load-privkey client-key.pem \
                   --template client.info \
                   --outfile client-cert.pem

        In the preceding generated file, client-key.pem is the private key of the VNC client, and client-cert.pem is the public key of the VNC client. The generated public and private key pairs need to be copied to the VNC client.

    3. Shut down the VM to be logged in to and restart the libvirtd service on the host where the VNC server resides.

      systemctl restart libvirtd
    4. Save the generated server certificate to the specified directory on the VNC server and grant the read and write permissions on the certificate only to the current user.

      sudo mkdir -m 750 /etc/pki/libvirt-vnc
      cp ca-cert.pem /etc/pki/libvirt-vnc/ca-cert.pem
      cp server-cert.pem /etc/pki/libvirt-vnc/server-cert.pem
      cp server-key.pem /etc/pki/libvirt-vnc/server-key.pem
      chmod 0600 /etc/pki/libvirt-vnc/*
    5. Copy the generated client certificates ca-cert.pem, client-cert.pem, and client-key.pem to the VNC client. After the TLS certificate of the VNC client is configured, you can use VNC TLS to log in to the VM.


      • For details about how to configure the VNC client certificate, see the usage description of each client.
      • For details about how to log in to the VM, see Logging In Using VNC Passwords.

    Bug Catching

    Buggy Content

    Bug Description

    Submit As Issue

    It's a little complicated....

    I'd like to ask someone.


    Just a small problem.

    I can fix it online!

    Bug Type
    Specifications and Common Mistakes

    ● Misspellings or punctuation mistakes;

    ● Incorrect links, empty cells, or wrong formats;

    ● Chinese characters in English context;

    ● Minor inconsistencies between the UI and descriptions;

    ● Low writing fluency that does not affect understanding;

    ● Incorrect version numbers, including software package names and version numbers on the UI.


    ● Incorrect or missing key steps;

    ● Missing prerequisites or precautions;

    ● Ambiguous figures, tables, or texts;

    ● Unclear logic, such as missing classifications, items, and steps.


    ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

    ● Incorrect schematic or architecture diagrams;

    ● Incorrect commands or command parameters;

    ● Incorrect code;

    ● Commands inconsistent with the functions;

    ● Wrong screenshots.

    Risk Warnings

    ● Lack of risk warnings for operations that may damage the system or important data.

    Content Compliance

    ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

    ● Copyright infringement.

    How satisfied are you with this document

    Not satisfied at all
    Very satisfied
    Click to create an issue. An issue template will be automatically generated based on your feedback.
    Bug Catching
    编组 3备份