A.19. Common libvirt errors and troubleshooting Red Hat Enterprise Linux 7 | Red Hat Customer Portal (2023)

red hat training

A Red Hat training course is available forRed Hat Enterprise Linux

This appendix documentslibrary- related problems and errors, along with instructions for dealing with them.

Locate the error in the following table and follow the corresponding link atSolutionfor detailed troubleshooting information.

Table A.1. Commonlibrarymistakes

Mistakeproblem descriptionSolution
libraryfailed to start LoslibraryDaemon failed to start. However, there is no information about this error in the/var/log/messages. Section A.19.1, “libvirtd failed to start”
Unable to read CA certificate This is one of several errors that occur when the URI fails to connect to the hypervisor. Section A.19.2, “URI could not connect to hypervisor”
Other connectivity errorsThese are other errors that occur when the URI fails to connect to the hypervisor. Section A.19.2, “URI could not connect to hypervisor”
PXE (or DHCP) boot failure on guestA guest virtual machine boots successfully, but fails to acquire an IP address from DHCP, boot using the PXE protocol, or both. This is usually the result of a long lead time delay set for the jumper or when theiptablesthe package and kernel do not support checksum manipulation rules. Section A.19.3, “PXE (or DHCP) Boot Failure in Guest”
Guest can communicate with external network but cannot communicate with host when using macvtap interface

A guest can communicate with other guests, but cannot connect to the host machine after being configured to use a macvtap (ortype = 'direct') network interface.

This is actually not a bug, it's macvtap's defined behavior.

Section A.19.4, “Guest can communicate with external network but cannot communicate with host when using macvtap interface”
Unable to add a rule to repair DHCP response checksums on the network'failure' This warning message is mostly harmless, but it is often mistakenly seen as evidence of a problem. Section A.19.5, “Could not add rule to correct DHCP response checksums on 'default' network”
Unable to add bridge br0 port vnet0: no such device exists This error message or similarUnable to add touch interface to bridge'br0': there is such a devicereveal the specified bridge device in the guest (or domain)<interface>definition does not exist. Section A.19.6, “Cannot add br0 bridge to vnet0 port: no such device exists”
address cannot be resolvedhost nameservice '49155': unknown name or service QEMUGuest migration fails and I get this error message with unknown hostname. Section A.19.7, “Migration fails with error: address could not be resolved”
Unable to allow access to disk path /var/lib/libvirt/images/qemu.img: No such file or directory Unable to migrate a guest virtual machine becauselibrarycannot access disk images. Section A.19.8, “Migration fails because the disk path cannot be accessed: No such file or directory”
No guest virtual machine present whenlibraryit startedLoslibraryThe daemon started successfully, but there doesn't seem to be any guest VMs when it runslist virsh --all. Section A.19.9, “No guest virtual machines present when libvirtd starts”
Common XML Mistakes libraryuses XML documents to store structured data. Several common errors occur with XML documents when they are passed tolibrarythrough the API. This entry provides instructions for editing guest XML definitions and details common errors in XML syntax and configuration. Section A.19.10, “Common XML Errors”

A.19.1.libraryfailed to start


Loslibrarydaemon does not start automatically. starting thelibrarydaemon also fails manually:

#systemctl start libvirtd.service* Caching service dependencies... [ ok ]* Starting libvirtd .../usr/sbin/libvirtd: error: Could not initialize network sockets. See /var/log/messages or run without --daemon for more information.* start-stop-daemon: failed to start `/usr/sbin/libvirtd' [ !! ]* ERROR: libvirtd failed to start

there is also no'More information'about this error in/var/log/messages.


Changeby libvirtlogging in/etc/libvirt/libvirtd.confactivating the line below. To activate line configuration, open the/etc/libvirt/libvirtd.conffile in a text editor, remove the hash (or#) from the beginning of the following line and save the change:


To use

This line is commented out by default to avoidlibraryfrom producing excessive log messages. After diagnosing the problem, it is recommended to comment this line again in the/etc/libvirt/libvirtd.confoffice hour.

Restartlibraryto determine whether this resolved the issue.

Elibrarystill does not boot successfully, an error similar to the following will be printed:

#systemctl restart libvirtdThe task for libvirtd.service failed because the takeover process ended with an error code. See "systemctl status libvirtd.service" and "journalctl -xe" for more information. Sep 19 16:06:02 jsrh libvirtd[30708]: 2017-09-19 14:06:02.097+0000: 30708: info: libvirt version: 3.7.0, package: 1.el7 (Unknown, 2017-09 -06 -09:01:55, jsSep 19 16:06:02 jsrh libvirtd[30708]: 2017-09-19 14:06:02.097+0000:30708: info: hostname: jsrhSep 19 16:06:02 jsrh libvirtd[30708 ]: 2017-09-19 14:06:02.097+0000:30708: error: daemonSetupNetworking:502: unsupported configuration: no server certifSep 19 16:06:02 jsrh systemd[1]: libvirtd.service: main process terminated, code=exited, status=6/NOTCONFIGUREDSep 19 16:06:02 jsrh systemd[1]: Failed to start virtualization daemon-- Subject: Unit libvirtd service failed-- Defined by: systemd -- Support: http:// lists.freedesktop.org/mailman/listinfo/systemd-devel---- Unit libvirtd.service failed.---- The result is an error.

LoslibraryThe man page shows it's missingcacert.pemThe file is used as the TLS authority whenlibraryit runs onListen for TCP/IP connectionsmode. This means that-- listenthe parameter is passed.


configure thelibrarydaemon configuration with one of the following methods:

  • Install a CA certificate.

    To use

    For more information about CA certificates and configuring system authentication, see the Managing Certificates and Certification Authorities chapter inRed Hat Enterprise Linux7 Identity, Authentication, and Domain Policy Guide.

  • Do not use TLS; use pure TCP instead. Inside/etc/libvirt/libvirtd.confto establishlisten_tls = 0ylisten_tcp = 1🇧🇷 The standards arelisten_tls = 1ylisten_tcp = 0.

  • don't pass the-- listenparameter. Inside/etc/sysconfig/libvirtd.confchange theLIBVIRTD_ARGSvariable.

A.19.2.URI could not connect to hypervisor

Several different errors can occur when connecting to the server (for example, when runningvirsh).

A.19.2.1. Unable to read CA certificate


When executing a command, the following (or similar) error appears:

PSvirsh -c qemu://$host name/system_listerror: unable to connect to hypervisor error: unable to read CA certificate '/etc/pki/CA/cacert.pem': no ​​such file or directory

The error message is misleading about the real cause. This error can be caused by many factors, such as an incorrectly specified URI or a connection that is not set up.

URI specified incorrectly

When specifyingqemu://sistemaoqemu://sessionas connection URI,virshtry to connect to hostnames'systemosessionrespectively. This is becausevirshrecognizes the text after the second slash as the host.

Use three slashes to connect to localhost. For example, specifyingqemu:///sistemato teachvirshconnect tosysteminstead oflibraryno host local.

When a hostname is specified, theQEMUstandard shipping toTLS🇧🇷 This results in certificates.

Connection is not configured

Is the URI correct (for example,qemu[+tls]://server/system), but the certificates are not configured correctly on your machine. For information on configuring TLS, see theUpstreamlibrarysite web.

A.19.2.2.unable to connect to server at 'host:16509': connection refused


Tempolibraryshould listen on TCP ports for connections, connections fail:

#virsh -c qemu+tcp://host/sistemaerror: failed to connect to hypervisor error: failed to connect to server at 'host:16509': connection refused

Loslibrarydaemon is not listening on TCP ports even after changing configuration in/etc/libvirt/libvirtd.conf:

#grep listen_ /etc/libvirt/libvirtd.conflisten_tls = 1listen_tcp = 1listen_addr = ""

However, the TCP ports forlibraryThey are still not open after changing the settings:

#netstat-lntp | grab libvirtd#

LoslibraryDaemon starts without it-- listenoption. Check this by running this command:

#PS to | grep virtual libraryraiz 10749 0,1 0,2 558276 18280 ? SSL 23:21 0:00 /usr/sbin/libvirtd

The output does not contain the-- listenoption.


Start the daemon with the-- listenoption.

To do this, modify the/etc/sysconfig/libvirtdfile and uncomment the following line:

# LIBVIRTD_ARGS="--listen"

Then restart thelibraryservice with this command:

#/bin/systemctl reiniciar libvirtd.service

A.19.2.3. authentication failure


When executing a command, the following (or similar) error appears:

(Video) Red Hat Enterprise Linux Tutorial (Full Course)

PSvirsh -c qemu://$host name/system_listerror: failed to connect to hypervisor error: authentication failed: authentication failed

If authentication fails even when using the correct credentials, SASL authentication might not be configured.

  1. edit the/etc/libvirt/libvirtd.conffile and set the value oftcp_authenticationparameter aSasl🇧🇷 To verify:

    #cat /etc/libvirt/libvirtd.conf | grep tcp_authenticationauthentication_tcp = "sasl"
  2. edit the/etc/sasl2/libvirt.conffile and add the following lines to the file:

    mech_list: digest-md5sasldb_path: /etc/libvirt/passwd.db
  3. Ensurecyrus-sasl-md5the package is installed:

    #yum install cyrus-sasl-md5
  4. restart thelibraryService:

    #systemctl restart libvirtd
  5. Set a username and password for libvirt SASL:

    #saslpasswd2 -a libvirt 1

A.19.2.4. Permission denied


When running avirshcommand as a non-root user, I get the following (or similar) error:

PSvirsh -c qemu://$host name/system_listerror: unable to connect socket to '/var/run/libvirt/libvirt-sock': permission denied error: unable to connect to hypervisor
  1. edit the/etc/libvirt/libvirt.conffile and add the following lines to the file:

    #unix_sock_group = "libvirt"#unix_sock_ro_perms = "0777"#unix_sock_rw_perms = "0770"
  2. restart thelibraryService:

    #systemctl restart libvirtd

A guest virtual machine boots successfully but fails to acquire an IP address from DHCP, or boots using the PXE protocol, or both. There are two common causes of this error: having a long forward delay time set for the bridge and when theiptablesthe package and kernel do not support checksum manipulation rules.

Long advance delay time on bridge

This is the most common cause of this error. If the guest network interface is connecting to a bridge device that has Spanning Tree Protocol (STP) enabled, as well as a long forward delay set, the bridge will not forward network packets from the guest virtual machine to the bridge until at least least that many seconds of forward delay have passed since the guest connected to the bridge. This delay gives the bridge time to observe the interface traffic and determine the MAC addresses behind it, and it also prevents forwarding loops in the network topology.

If the forward delay is longer than the guest's PXE client or DHCP timeout, the client operation will fail and the guest will not boot (in the case of PXE) or fail to acquire an IP address (in the case of PXE ). from DHCP).


If this is the case, change the forward delay on the bridge to 0, disable STP on the bridge, or both.

To use

This solution applies only if the bridge is not used to connect multiple networks, but only to connect multiple endpoints to a single network (the most common use case for bridges used bylibrary).

If the guest has interfaces that connect to alibrarymanaged virtual network, edit the network definition and restart it. For example, edit the default network with the following command:

#default net-edit virsh

Add the following attributes to<puente>element:

<bridge_name='virbr0'delay='0' stp='on'/>

To use

delay = '0'ystp='um'These are the default settings for virtual networks, so this step is only necessary if the default settings have been changed.

If the guest interface is connected to a host bridge that has been configured outside oflibrary, change the delay setting.

Add or edit the following lines in/etc/sysconfig/network-scripts/ifcfg-bridge_namefile to enable STP with a delay of 0 seconds:


After changing the configuration file, restart the bridge device:


To use

Ebridge_nameis not the root bridge on the network, the delay for that bridge will eventually be reset to the configured delay time for the root bridge. To prevent this from happening, disable STP in thebridge_name.

Losiptablespackage and kernel do not support checksum manipulation rules

This message is a problem only if all four of the following conditions are true:

  • The guest is usingvirtuenetwork devices.

    In that case, the configuration file will containtemplate type = 'virtio'

  • The host hasvhost-netmodule loaded.

    This is true ifls /dev/vhost-netdoes not return an empty result.

  • The guest is trying to obtain an IP address from a DHCP server running directly on the host.

  • LosiptablesThe host version is older than 1.4.10.

    iptables1.4.10 was the first version to add thelibxt_CHECKSUMextension. This is the case if the following message appears on thelibraryrecords:

    Warning: Unable to add rule to correct DHCP response checksums on networkfailureWarning: It may be necessary to update the iptables package and the kernel to support the CHECKSUM rule.


    Unless the other three conditions in this list are also true, the warning message above can be ignored and is not an indicator of any other issues.

When these conditions occur, UDP packets sent from host to guest have uncomputed checksums. This makes UDP packets from the host appear invalid to the guest network stack.


To resolve this issue, replace any of the previous four points. The best solution is to update the host.iptablese núcleo aiptables-1.4.10or newer whenever possible. Otherwise, the most specific solution is to disable thevhost-netdriver for this particular guest. To do so, edit the guest's configuration with this command:

edit virshguest name

Change or add one<conductor>line for the<interface>section:

<interface type='network'> <model type='virtio'/> <driver name='qemu'/> ...</interface>

Save the changes, shut down the guest, and restart the guest.

If this issue is still not resolved, it may be caused by a conflict betweenfirewalland the patternlibraryThe net.

To fix this, stopfirewallwith himstop firewalld servicecommand and then rebootlibrarywith himrestart the libvirtd servicedomain.

To use

Furthermore, if the/etc/sysconfig/network-scripts/ifcfg-network nameis configured correctly, you can ensure that the guest acquires an IP address using thedhclientecommand as root in the guest.

(Video) trouble shooting RHEL Server

A.19.4.Guest can communicate with external network but cannot communicate with host when using macvtap interface


A guest virtual machine can communicate with other guests, but cannot connect to the host machine once configured to use a macvtap (also known astype = 'direct') network interface.


Even when not connected to a Virtual Ethernet Port Aggregator (VEPA) or VN-Link capable switch, macvtap interfaces can be useful. Set the mode of this interface toponteallows the guest to connect directly to the physical network very simply without the hassle of configuration (orNetwork Managerincompatibility) that can accompany the use of a traditional host bridge device.

However, when a guest virtual machine is configured to use atype = 'direct'network interface like macvtap, despite having the ability to communicate with other guests and other external hosts on the network, the guest cannot communicate with its own host.

This situation is not really a bug, it is the defined behavior of macvtap. Due to the way the host's physical ethernet is connected to the macvtap bridge, traffic to that bridge from the guests that is forwarded to the physical interface cannot bounce back to the host's IP stack. Also, traffic from the host's IP stack that is sent to the physical interface cannot be returned to the macvtap bridge for forwarding to guests.


To uselibraryto create an isolated network and create a second interface for each guest virtual machine connected to this network. The host and guests can communicate directly over this isolated network, while maintaining compatibility withNetwork Manager.

ProcedureA.8.Creation of an isolated network withlibrary

  1. Add and save the following XML in/tmp/aislado.xmlprocess. If the network is already in use elsewhere on your network, you can choose a different network.

    ...<network> <name>isolar</name> <ip address='' netmask=''> <dhcp> <range start='' end='' /> </dhcp> </ip></network>...

    Figure A.3. Isolated Network XML

  2. Create the network with this command:virsh net-define /tmp/aislado.xml

  3. Set the network to start automatically with thevirsh net autostart isolateddomain.

  4. Start the network withisolated virsh network bootdomain.

  5. Usingedit virshguest name, edit each guest's configuration using macvtap for your network connection and add a new one<interface>no<devices>section similar to the following (note the<model type='virtio'/>line is optional to include):

    ...<interface type='network' trustGuestRxFilters='yes'> <source network='isolated'/> <model type='virtio'/></interface>

    Figure A.4. XML interface device

  6. Power off and restart each of these guests.

Guests can now communicate with the host at address, and the host will be able to communicate with guests at the IP address acquired from DHCP (alternatively, you can manually configure IP addresses for guests). Since this new network is isolated to just the host and guests, all other guest communication will use the macvtap interface. For more information, seeSection 23.17.8, “Network Interfaces”.

A.19.5. Unable to add a rule to correct DHCP response checksums on the network'failure'


This message appears:

Unable to add a rule to repair DHCP response checksums on the network'failure'

Although this message appears to be evidence of an error, it is almost always harmless.


Unless the issue you are experiencing is that guest virtual machines cannot acquire IP addresses through DHCP, this message can be ignored.

If this is the case, seeSection A.19.3, “PXE (or DHCP) Boot Failure in Guest”for more details on this situation.

A.19.6. Unable to add bridge br0 port vnet0: no such device exists


The following error message appears:

Unable to add bridgebridge_namevnet0 port: no such device exists

For example, if the bridge name isbr0, the error message appears as:

Unable to add bridge br0 port vnet0: no such device exists

Insidelibraryversions 0.9.6 and earlier I get the same error as:

Unable to add touch interface to bridgebridge_name: there is such a device

Or, for example, if the bridge is calledbr0:

Unable to add touch interface to bridge'br0': there is such a device

Both error messages reveal that the bridge device specified in the guest (or domain) account<interface>definition does not exist.

To verify that the bridge device listed in the error message does not exist, use the shell commandshow ip addressbr0.

A message similar to this confirms that the host does not have a bridge with that name:

br0: error getting interface info: device not found

If that's the case, continue with the solution.

However, if the resulting message looks like the following, the problem exists elsewhere:

br0Link encap:Ethernet HWaddr 00:00:5A:11:70:48 inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packages:249841 errors:0 dropped :0 overflows:0 frame:0 TX packets:281948 errors:0 discarded:0 overflows:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:106327234 (101.4 MiB) TX bytes:21182634 (20.2 MiB)
Edit the existing bridge or create a new bridge withvirsh

To usevirshto edit the configuration of an existing bridge or network, or to add the bridge device to the host system configuration.

Edit existing bridge settings usingvirsh

To useedit virshguest nameto change the<interface>setting to use a bridge or network that already exists.

For example, changetype = 'bridge'onetype = 'network', you<bridge source='br0'/>one<source network='default'/>.

Create a host bridge usingvirsh

Forlibraryversion 0.9.8 and later, you can create a bridge device with thevirsh iface-puentedomain. This creates a bridging device.br0swindlereth0, the physical network interface established as part of a bridge, attached:

virsh iface-puente eth0br0

Optional: If necessary, remove this jumper and restore the originaleth0configuration with this command:

virsh iface-unbridgebr0
Create a host bridge manually

For older versions oflibrary, you can manually create a bridge device on the host. For instructions, seeSection 6.4.3, “Bridged networks with libvirt”.

A.19.7. Migration fails witherror: address cannot be resolved


QEMUguest migration fails and I get this error message:

#virsh migrar qemu qemu+tcp:// Unable to resolve addresshost nameservice '49155': unknown name or service

For example, if the target hostname isNew York, the error message appears as:

#virsh migrar qemu qemu+tcp:// Unable to resolve address'New York'service '49155': unknown name or service

However, this error looks strange since we don't useNew Yorkhostname anywhere.


During migration,librarywhich runs on the destination host creates a URI of an address and port where it expects to receive migration data and sends it backlibraryrunning on the source host.

In this case, the destination host ( has its name defined as'New York'🇧🇷 For some reason,libraryrunning on that host cannot resolve the name to an IP address that can be returned and still be useful. So he returned the'New York'hostname awaiting originlibraryyou would have more success with name resolution. This can happen if DNS is not configured correctly or/etc/hostshas the hostname associated with the local loopback address (

Note that the address used for migrating data cannot be automatically determined from the address used to connect to the destinationlibrary(for example, fromqemu+tcp://🇧🇷 This is because, in order to communicate with the destinationlibrary, the sourcelibraryYou may need to use a different network infrastructure than the type youvirsh(possibly running on a separate machine) requires.

(Video) RHEL-based Home Labs | Red Hat Enterprise Linux Presents 34


The best solution is to configure DNS correctly so that all hosts involved in the migration can resolve all hostnames.

If DNS cannot be configured to do this, a list of each host used for migration can be manually added to the/etc/hostsfile on each of the hosts. However, it is difficult to maintain the consistency of such lists in a dynamic environment.

If the hostnames cannot be resolved in any way,virsh migrarsupport migration host specification:

#virsh migrar qemu qemu+tcp:// tcp://

Destinylibrarywill take thetcp:// and add an automatically generated port number. If this is not desirable (due to firewall settings, for example), the port number can be specified in this command:

#virsh migre qemu qemu+tcp:// tcp://

Another option is to use tunnel migration. Tunneling does not create a separate connection for the migration data, but instead pipes the data through the connection used to communicate with the target.library(for example,qemu+tcp://

#virsh migre qemu qemu+tcp:// --p2p --tunelizado

A.19.8. Migration fails withUnable to allow access to disk path: no such file or directory


A guest virtual machine (or domain) cannot be migrated becauselibrarycannot access disk image(s):

#virsh migrar qemu qemu+tcp://host name/systemerror: Unable to allow access to disk path /var/lib/libvirt/images/qemu.img: No such file or directory

For example, if the target hostname isNew York, the error message appears as:

#virsh migrar qemu qemu+tcp://New York/systemerror: Unable to allow access to disk path /var/lib/libvirt/images/qemu.img: No such file or directory

By default, migration transfers only the in-memory state of a running guest (such as memory or CPU state). Although disk images are not transferred during migration, both hosts must remain accessible on the same path.


Configure and mount shared storage in the same location on both hosts. The easiest way to do this is to use NFS:

ProcedureA.9.Shared storage configuration

  1. Configure an NFS server on a host to serve as shared storage. The NFS server can be one of the hosts involved in the migration, as long as all hosts involved access the shared storage via NFS.

    #mkdir -p /exports/images#cat >>/etc/exports <<EOF/exports/images,no_root_squash)EOF
  2. Mount the exported directory in a common location on all running hostslibrary🇧🇷 For example, if the IP address of the NFS server is, mount the directory with the following commands:

    #gato >>/etc/fstab <<EOF192.168.122.1:/exportaciones/imágenes/var/lib/libvirt/images nfs auto 0 0EOF#mount /var/lib/libvirt/images

To use

It is not possible to export a local directory from one host using NFS and mount it to the same path on another host: the directory used to store disk images must be mounted from shared storage on both hosts. If this is not configured correctly, the guest virtual machine may lose access to its disk images during the migration because the source hostlibrarydaemon can change ownership, permissions, and SELinux labels on disk images after successfully migrating the guest to its destination.

Elibrarydetects that disk images are mounted from a shared storage location, it will not make these changes.

A.19.9. No guest virtual machine present whenlibraryit started


LoslibraryThe daemon started successfully, but there don't seem to be any guest virtual machines.

#list virsh --allId Name State----------------------------------------------- -----

There are several possible causes for this problem. Performing these tests will help determine the cause of this situation:

Check KVM kernel modules

Check if the KVM kernel modules are inserted into the kernel:

#lsmod | agarrar m2kvm_intel 121346 0kvm 328927 1 kvm_intel

If you are using an AMD machine, check thekvm_amdKernel modules are inserted into the kernel, using the similar commandlsmod | grep kvm_amdin the root bark.

If modules are not present, insert them using theModprobe<module name>domain.

To use

Although rare, KVM virtualization support can be built into the kernel. In this case, no module is needed.

Check virtualization extensions

Check that virtualization extensions are supported and enabled on the host:

#egrep "(vmx|svm)" /proc/cpuinfobanderas: fpu vme de pse tsc ... svm ... skinit wdt npt lbrv svm_lock nrip_saveflags: fpu vme de pse tsc ... svm ... skinit wdt npt lbrv svm_lock nrip_save

Enable virtualization extensions in hardware firmware settings in BIOS setup. Consult your hardware documentation for more details on this.

Check client URI configuration

Verify that the client URI is configured as expected:

#virsh urivbox:///system

For example, this message shows that the URI is connected tovirtual boxhypervisor, noQEMUand reveals a configuration error for a URI that is configured to connect to aQEMUhypervisor If the URI was successfully connected toQEMU, the same message would be displayed as:

#virsh uriqemu:///sistema

This situation occurs when there are other hypervisors present, whichlibrarycan speak by default.


After running these tests, use the following command to view a list of guest virtual machines:

#list virsh --all

A.19.10. Common XML Mistakes

LoslibraryThe tool uses XML documents to store structured data. Several common errors occur with XML documents when they are passed tolibrarythrough the API. Below are several common XML errors, including incorrect XML tags, inappropriate values, and missing elements.

A.19.10.1. Editing the Domain Definition

Although not recommended, it is sometimes necessary to manually edit the XML file of a guest virtual machine (or domain). To access the guest XML for editing, use the following command:

#edit virshhost_name.xml

This command opens the file in a text editor with the current definition of the guest virtual machine. After finishing edits and saving changes, the XML is reloaded and parsed bylibrary🇧🇷 If the XML is correct, the following message will be displayed:

#edit virshhost_name.xmlDomainhost_name.xmlEdited XML configuration.


Using theTo editcommand invirshTo edit an XML document, save all changes before exiting the editor.

After saving the XML file, use thexmlintcommand to validate that the XML is well-formed or thevirt-xml-validateCommand to check usage problems:

#xmllint --noout config.xml
#virt-xml-validar config.xml

If no errors are returned, the XML description is well-formed and matches thelibraryscheme. While the schema does not capture all restrictions, fixing the reported bugs will help with troubleshooting.

XML documents stored bylibrary

These documents contain state definitions and settings for guests. These documents are automatically generated and do not need to be manually edited. The errors in these documents contain the file name of the corrupted document. The filename is only valid on the host machine defined by the URI, which can be seen from the machine on which the command was run.

Errors in files created bylibraryThey are rare. However, a possible source of these errors is a downgrade oflibrary- while the latest versions oflibrarycan always read XML generated by older versions, older versions oflibrarycan be confused with XML elements added in a newer version.

A.19.10.2. XML syntax errors

The XML parser detects syntax errors. The error message contains information to identify the problem.

(Video) Red Hat Enterprise Linux Presents (E19): In-Place Upgrades with Leapp

This sample XML parser error message consists of three lines: the first line states the error message, and the next two lines contain the context and location of the XML containing the error. The third line contains a flag that shows approximately where the error is on the top line:

mistake: (host_name.xml):6: Start tag: invalid element name<vcpu>2</vcpu><------------------^
Information contained in this message:

This is the filename of the document that contains the error. Filenames in parentheses are symbolic names to describe XML documents parsed from memory and do not directly correspond to files on disk. File names that are not enclosed in parentheses are local files residing on the connection target.


This is the line number in the XML file that contains the error.

StartTag: invalid element name

This is the error messagelibxml2parser, which describes the specific XML error.

A.<not document

The following error occurs:

mistake: (host_name.xml):6: Start tag: invalid element name<vcpu>2</vcpu><------------------^

This error message shows that the parser expects a new element name after the<symbol on line 6 of a guest's XML file.

Make sure line number display is enabled in your text editor. Open the XML file and find the text on line 6:

<domain type='kvm'> <name>guest name</name><memory>524288</memory><vcpu>2</vcpu><

This excerpt from a guest XML file contains an extra<no document:


remove the extra<or finish the new item.

A. indeterminate attribute

The following error occurs:

mistake: (host_name.xml):2: '<' unescaped not allowed in <name> attribute valuesguest name</name>--^

This excerpt from a guest XML file contains an unfinished element attribute value:

<domain type='kvm><name>guest name</name>

In this case,'kvm'a second citation is missing. Attribute values ​​must be opened and closed with quotes or apostrophes, similar to start and end tags in XML.


Open and close correctly all attribute value strings.

A. Mismatch in opening and ending tags

The following error occurs:

mistake: (host_name.xml):61: Opening and ending tags mismatch: clock line 16 and domain</domain>--------^

The above error message contains three clues to identify the offending tag:

The message that follows the last two points,clock line 16 and domain, reveals that<clock>contains an incompatible tag on line 16 of the document. The last clue is the pointer in the context part of the message, which identifies the second offending tag.

Unpaired tags must be closed with/>🇧🇷 The following snippet does not follow this rule and produced the error message shown above:

<domaintype='kvm'> ... <clock offset='utc'>

This error is caused by mismatched XML tags in the file. Each XML tag must have a corresponding start and end tag.

Other examples of incompatible XML tags

The following examples produce similar error messages and show variations of mismatched XML tags.

This snippet contains an incompatibility error for<characteristics>because there is no end tag (</name>):

<domain type='kvm'> ... <characteristics> <acpi/> <pae/> ... </domain>

This snippet contains an end tag (</name>) without a matching start tag:

<domain type='kvm'> </name> ...</domain>

Make sure all XML tags start and end correctly.

A. Typographical errors on labels

The following error message appears:

error: (name_of_guest.xml):1: Specify command value for attribute ty<domain ty pe='kvm'>-----------^

XML errors are easily caused by a simple typo. This error message highlights the XML error; in this case an extra white space inside the wordhe writes— with a pointer.

<domain type='kvm'>

These XML examples will not parse correctly due to typographical errors such as a missing special character or an extra character:

<domain type 'kvm'>
<dom#ain type='kvm'>

To identify the offending tag, read the error message for the file context and locate the error with the pointer. Correct the XML and save the changes.

A.19.10.3. Logic and configuration errors

A well-formatted XML document may contain correct syntax errors, butlibrarycannot parse. Many of these errors exist, with two of the most common cases described below.

A. disappearing parts

Parts of the change you made do not appear and have no effect after you edit or set the domain. ThedefineoTo editThe command works, but when dumping the XML one more time, the change disappears.


This error is most likely due to a broken construct or syntax that libvirt doesn't parse. ThelibraryThe tool will generally only look for the constructs it knows about, ignoring everything else, causing some of the XML changes to disappear later on.libraryparse the input.


Validate the XML input before passing it to theTo editodefinecommand olibrarydevelopers maintain a set of XML schemas packaged withlibrarythat define most allowable constructs in XML documents used bylibrary.

ValidatelibraryXML files using the following command:

#virt-xml-validate libvirt.xml

If this command passes,libraryit will likely understand all the constructs in your XML, except that the schemas cannot detect options valid only for a given hypervisor. For example, any XML generated bylibraryas a result of avirsh clearancethe command should validate without error.

A. Wrong drive type

The source image definition for the virtual CD-ROM drive is not present, although it has been added:

#domain virsh dumpxml<domain type='kvm'> ... <disk type='block' device='cdrom'> <driver name='qemu' type='raw'/> <target dev='hdc' bus='ide' /> <solo lectura/> </disco> ...</dominio>

Fix the XML by adding what's missing<source>parameter as follows:

<disk type='block' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/path/to/image.iso'/> <target dev='hdc' bus='ide'/> <solo lectura/></disco>

ONEtype = 'block'disk device expects the source to be a physical device. To use the disk with an image file, usetype = 'file'instead of.

(Video) RHCSA & RHCE Exam | KVM Installation on RHEL 9 | Practice Lab, Part - 1


How to check libvirt status in Linux? ›

Use the following commands to start and stop libvirtd or check its status: tux > sudo systemctl start libvirtd tux > sudo systemctl status libvirtd libvirtd. service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.

What is libvirt in Linux? ›

libvirt is an open-source API, daemon and management tool for managing platform virtualization. It can be used to manage KVM, Xen, VMware ESXi, QEMU and other virtualization technologies. These APIs are widely used in the orchestration layer of hypervisors in the development of a cloud-based solution.

What is the purpose of libvirt? ›

libvirt focuses on managing single hosts and provides APIs to enumerate, monitor and use the resources available on the managed node, including CPUs, memory, storage, networking and Non-Uniform Memory Access (NUMA) partitions.

How do I reinstall libvirt? ›

Installing steps
  1. Execute the following command to install libvirt on the host device, if not already installed. $ sudo dnf install libvirt -y.
  2. Execute the following command to install virt-install on the host device, if not already installed. $ sudo dnf install virt-install -y.

How do I debug libvirt? ›

  1. To enable libvirt debug logging to file you need to do echo -e "log_level = 1\nlog_outputs="1:file:/var/log/libvirt/libvirtd.log"" >> /etc/libvirt/libvirtd.conf && service libvirtd restart.
  2. Always review and sanitize your logs before submitting them.
Mar 14, 2013

What port does libvirt use? ›

The standard port is 16514. unix. Unix domain socket. Since this is only accessible on the local machine, it is not encrypted, and uses Unix permissions or SELinux for authentication.

Where are the libvirt logs? ›

/var/log/libvirt/libvirtd. log or whatever path you set for the daemon logs. If the problem is related to a domain named $dom attach: /var/log/libvirt/qemu/$dom.

Where are libvirt config files? ›

libvirt stores it's configuration as xml in '/etc/libvirt/qemu'. The xml is easy to understand, and is similar to VMware *.
The concept is simple:
  • export (aka 'dump') the xml of the virtual machine you want to edit.
  • edit the xml.
  • import (aka 'define') the xml.
Apr 26, 2017

Where are libvirt XML files stored? ›

In pure KVM, VM XML file is stored under /etc/libvirt/qemu/.

What is storage pool in libvirt? ›

A storage pool is a quantity of storage set aside for use by guest virtual machines. Storage pools are divided into storage volumes. Each storage volume is assigned to a guest virtual machine as a block device on a guest bus. Storage pools and volumes are managed using libvirt.

Is libvirt a KVM management tool? ›

The virt-manager application is a desktop user interface for managing virtual machines through libvirt. It primarily targets KVM VMs, but also manages Xen and LXC (linux containers). It presents a summary view of running domains, their live performance & resource utilization statistics.

How do I add users to libvirt? ›

Add Users to Groups

You need to ensure that your username is added to the group libvirtd: $ sudo adduser `id -un` libvirtd Adding user '<username>' to group 'libvirtd' ... After this, you need to relogin so that your user becomes an effective member of the libvirtd group.

Does restarting libvirtd restart VMs? ›

Restarting libvirtd does not impact running instances. They continue to operate and will be picked up automatically if their XML configuration has been defined. Any instances whose XML configuration has not been defined will be lost from the configuration.

Can I remove libvirt? ›

Unless you need to start up virtual machines using libvirt directly, you can safely disable libvirt's network. Deactivating the network will remove the virbr0 bridge, terminate the dnsmasq process, and remove the iptables rules.

What is a domain in libvirt? ›

a domain is an instance of an operating system (or subsystem in the case of container virtualization) running on a virtualized machine provided by the hypervisor.

What are Virsh commands? ›

The virsh command allows you to manage VMs interactively or in batch. It's also helpful for controlling VMs from the Linux shell and integrates with scripts or automation tools.

Which command is used for debugging? ›

To run the program under the debugger program, use the gdb r(un) command.

What does Virsh Reset do? ›

The virsh reset domain resets the guest virtual machine immediately without any guest shutdown. A reset emulates the reset button on a machine, where all guest hardware sees the RST line and re-initializes the internal state. Note that without any guest virtual machine OS shutdown, there are risks for data loss.

How do you compile libvirt? ›

Compiling upstream libvirt and qemu from scratch
  1. Clone the upstream libvirt and qemu code.
  2. Configure, build, and install upstream qemu code.
  3. Configure, build, and install upstream libvirt code.
  4. Run the libvirt/qemu instance.
Jul 30, 2020

How do I disable libvirtd? ›

You can disable the daemon (if you want) by executing sudo systemctl disable libvirtd.

How do you edit on libvirt? ›

1 Answer
  1. Edit the file: sudo vim /etc/libvirt/libvirt. conf .
  2. Navigate to the desired text using your arrow keys.
  3. Press i to go into insert mode, and edit the configuration.
  4. When done editing, press ESC and save the file by entering :wq.
Mar 30, 2019

How do you use libvirt? ›

Walk-through using QEMU/KVM with libvirt on Ubuntu
  1. Download libvirt. First, you'll need the libvirt tools: apt-get install libvirt-bin libvirt-doc.
  2. Networking. ...
  3. Create The Domain. ...
  4. Domain Control: Start, Stop, Etc. ...
  5. Connect to Guest display. ...
  6. Connect to a VNC Console. ...
  7. Start The Domain At Boot. ...
  8. Elegant Guest Shutdown.
Mar 7, 2016

How can I remove Virsh? ›

To Delete a KVM Guest Using Virsh:
  1. First, list all running KVM guests using “ virsh list ” command.
  2. Next, you need to shut down a guest virtual machine using the “ virsh shutdown VM ” command.
  3. Finally, delete a VM Guest with “ virsh undefine VM ” command.
May 12, 2020

Where are virt-manager images stored? ›

The default location for most uses of virt-manager is /var/lib/libvirt/images , which is created by libvirt and has the expected selinux labelling and permission to run QEMU/KVM VMs. Behind the scenes, virt-manager is using a libvirt storage pool for creating disk images.

Do I need libvirt? ›

Only use it if you specifically need the legacy Xtables implementation. Because of its daemon/client architecture, libvirt needs only be installed on the machine which will host the virtualized system. Note that the server and client can be the same physical machine.

Where is virt-manager config? ›

Oddly enough, under /etc/libvirt . virt-manager doesn't run as root, but it communicates with libvirtd that does. For anyone who came here searching for where it stores the operating system images, it's in /var/lib/libvirt/images/ . You can find out the location in the options to clone the virtual machine.

Where is the Virsh file located? ›

The default is into /var/lib/libvirt/qemu/save which doesn't seem to be defined in the /etc/libvirt/qemu. conf which defines only auto_dump_path .

What are the disk types in libvirt? ›

libvirt knows two different types of storage: volumes and pools. A storage volume is a storage device that can be assigned to a guest—a virtual disk or a CD/DVD/floppy image. Physically (on the VM Host Server) it can be a block device (a partition, a logical volume, etc.) or a file. A directory for hosting image files.

What is libvirt zone? ›

The zone named “libvirt” is installed into the firewalld configuration by libvirt (not by firewalld), and allows forwarded traffic through the bridge as well as DHCP, DNS, TFTP, and SSH traffic to the host - depending on firewalld's backend this will be implemented via either iptables or nftables rules.

How do I find my Virsh IP address? ›

If you are using virbr0 (default bridge) use the virsh command.
Steps to find the ip address of Linux KVM guest virtual machine
  1. Open the terminal app or login using ssh to host server.
  2. Get the network list: virsh net-list.
  3. Type the command: virsh net-dhcp-leases networkNameHere.
Jul 19, 2022

Can I delete a storage pool? ›

Click on Storage. Under the “More storage settings” section, click the Manage Storage Spaces option. Settings manage storage spaces option. Select the storage pool to delete.

What are the differences between storage pool and storage spaces? ›

Creating a Pool and a Storage Space

A pool is simply a logical grouping of physical disks, whereas a storage space is a virtualized disk that can be used like a physical disk.

What is Lun and pool? ›

A storage pool is somehow analogous to a RAID group. In few words it's a physical collection of disks on which logical units (LUNs) are created. Pools are dedicated for use by pool (thin or thick) LUNs. Where RAID group can only contain up to 16 disks, pool can contain hundreds of disks.

What is libvirt guest? ›

libvirt-guests is a service that can be used to coordinate guest and host lifecycle actions. By default, libvirt-guests will suspend running guests when the host shuts down, and restore them to their pre-shutdown state when the host reboots. libvirt-guests is typically under control of systemd.

How to create a virtual machine using Virsh? ›

15 Configuring Virtual Machines with virsh
  1. 15.1 Editing the VM Configuration. ...
  2. 15.2 Managing Guest Memory Allocation (Xen only) ...
  3. 15.3 Changing the Machine Type. ...
  4. 15.4 Configuring CPU Allocation. ...
  5. 15.5 Changing Boot Options. ...
  6. 15.6 Configuring Memory Allocation. ...
  7. 15.7 Adding a PCI Device. ...
  8. 15.8 Adding a USB Device.

What is libvirt daemon system? ›

Libvirt daemon configuration files

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox.

How do you check whether KVM is installed or not? ›

You can check whether KVM support is enabled in the Linux kernel from Ubuntu using kvm-ok command which is a part of the cpu-checker package. It is not installed by default. But it is available in the official package repository of Ubuntu.

How to enable virtualization in BIOS? ›

Turn on the computer, and then immediately press f10 to open BIOS Setup. Use the arrow keys to select the Configuration tab, and then select Virtualization Technology. Select Enable. Press f10 to save the settings and exit BIOS Setup.

Does gnome boxes use libvirt? ›

GNOME Boxes is an application of the GNOME Desktop Environment, used to access virtual systems. Boxes uses the QEMU, KVM, and libvirt virtualization technologies.

How do I reboot a VM remote? ›

Procedure. Use the Restart Desktop command. Select Options > Restart Desktop from the menu bar. Right-click the remote desktop icon and select Restart Desktop.

How do I force a VM to restart? ›

To reboot a virtual machine:
  1. Click Compute → Virtual Machines and select a running virtual machine.
  2. Click Reboot or right-click the virtual machine and select Reboot from the pop-up menu.
  3. Click OK in the Reboot Virtual Machine(s) confirmation window.

Is resetting a VM the same as reboot? ›

Power cycle is a combination of a power off followed by a power on. Reset is equivalent to holding the power button pressed forcing the host to reboot.

What are the 4 types of domain? ›

Types of Domain
  • Generic Top-Level Domains (gTLD)
  • Country Code Top-Level Domains (ccTLD)
  • Internationalized Country Code Top-Level Domains (IDN ccTLD)
  • Subdomain.
Jul 19, 2022

How do I know if my KVM is running? ›

You can check whether KVM support is enabled in the Linux kernel from Ubuntu using kvm-ok command which is a part of the cpu-checker package. It is not installed by default. But it is available in the official package repository of Ubuntu.

How to check VMs running in KVM? ›

KVM turn Linux operating system into a hypervisor.
Just list domains / KVM VM guest
  1. running – The domain is currently running on a CPU.
  2. idle – The domain is idle, and not running or runnable. ...
  3. paused – The domain has been paused, usually occurring through the administrator running virsh suspend.
Sep 27, 2022

Where is libvirt located? ›

By default, all the virtual machines created with libvirt are stored under /var/lib/libvirt/images/ location. This is the default storage pool for Libvirt VM images.

Where is libvirt config? ›

libvirt stores it's configuration as xml in '/etc/libvirt/qemu'. The xml is easy to understand, and is similar to VMware *.

Is a KVM switch input or output? ›

A Matrix KVM is a device that allows multiple inputs (two or more) to be routed specifically to multiple outputs (two or more). This is a simple switcher that selects from multiple input ports and connects to a single output port or a single input port to multiple output ports.

Is KVM input output or both? ›

KVM stands for Keyboard, Video, and Mouse. And this allows you to use a single keyboard, mouse, and video output to be able to connect to multiple computers.

How do I know if my VM is ballooning? ›

You can also check for memory ballooning within the vSphere client. If you select an ESXi host, then open the Monitor page you will be able to open Performance > Advanced charts. Once they have loaded, change the View to memory.

How do I check my VM health? ›

Monitor the health of your Azure virtual machine by using Azure Metrics Explorer and metric alerts. Evaluate monitoring options for an Azure virtual machine (VM). Enable diagnostics to get data about your VM. View VM metrics in Azure Metrics Explorer.

How do I check my cpu usage virtual machine? ›

On the Monitor page, click the CPU & Memory tab. From the date range drop-down menu, select the time period for which you want to generate a CPU utilization trending graph and a memory utilization trending graph. Point to the graphs to see the CPU and memory use for a particular date and time.

What are the different modes of libvirt? ›

Libvirt offers many virtual network modes, such as NAT mode (Network address translation), routed mode and isolated mode. Using a virtual network is particularly indicated if the host has dynamic networking (e.g. NetworkManager), or using wireless. macvtap — connect directly to a host physical interface.


1. 13. Red Hat Linux RHCSA V8 EX200 - SELinux, Firewall & Tuning System Performance
(Anand K)
2. The Homelab Show Episode 31:File Systems Layouts
(Lawrence Systems)
3. How to Find Logs and Troubleshoot Common Problems on a Linux Server
4. What's Up with Web Console | Red Hat Enterprise Linux Presents 30
(Red Hat Enterprise Linux)
5. Linux Certification Summit - Red Hat Linux 7.0 RHCSA & RHCE Training by Asghar Ghori from LCVS
(Mr Code)
6. 2014 Red Hat Summit: Red Hat Enterprise Linux roadmap -- Part 1
(Red Hat Summit)
Top Articles
Latest Posts
Article information

Author: Jonah Leffler

Last Updated: 03/24/2023

Views: 5275

Rating: 4.4 / 5 (65 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Jonah Leffler

Birthday: 1997-10-27

Address: 8987 Kieth Ports, Luettgenland, CT 54657-9808

Phone: +2611128251586

Job: Mining Supervisor

Hobby: Worldbuilding, Electronics, Amateur radio, Skiing, Cycling, Jogging, Taxidermy

Introduction: My name is Jonah Leffler, I am a determined, faithful, outstanding, inexpensive, cheerful, determined, smiling person who loves writing and wants to share my knowledge and understanding with you.