configured requires to skip replication for this disk image.
If your storage supports _thin provisioning_ (see the storage chapter in the
-{pve} guide), and your VM has a *SCSI* controller you can activate the *Discard*
-option on the hard disks connected to that controller. With *Discard* enabled,
-when the filesystem of a VM marks blocks as unused after removing files, the
-emulated SCSI controller will relay this information to the storage, which will
-then shrink the disk image accordingly.
+{pve} guide), you can activate the *Discard* option on a drive. With *Discard*
+set and a _TRIM_-enabled guest OS footnote:[TRIM, UNMAP, and discard
+https://en.wikipedia.org/wiki/Trim_%28computing%29], when the VM's filesystem
+marks blocks as unused after deleting files, the controller will relay this
+information to the storage, which will then shrink the disk image accordingly.
+For the guest to be able to issue _TRIM_ commands, you must either use a
+*VirtIO SCSI* (or *VirtIO SCSI Single*) controller or set the *SSD emulation*
+option on the drive. Note that *Discard* is not supported on *VirtIO Block*
+drives.
+
+If you would like a drive to be presented to the guest as a solid-state drive
+rather than a rotational hard disk, you can set the *SSD emulation* option on
+that drive. There is no requirement that the underlying storage actually be
+backed by SSDs; this feature can be used with physical media of any type.
+Note that *SSD emulation* is not supported on *VirtIO Block* drives.
.IO Thread
The option *IO Thread* can only be used when using a disk with the
for f in /sys/devices/system/cpu/vulnerabilities/*; do echo "${f##*/} -" $(cat "$f"); done
----
-A community script is also avalaible to detect is the host is still vulnerable.
+A community script is also available to detect is the host is still vulnerable.
footnote:[spectre-meltdown-checker https://meltdown.ovh/]
Intel processors
* 'pcid'
+
-This reduce the performance impact of the Meltdown (CVE-2017-5754) mitigation
+This reduces the performance impact of the Meltdown (CVE-2017-5754) mitigation
called 'Kernel Page-Table Isolation (KPTI)', which effectively hides
the Kernel memory from the user space. Without PCID, KPTI is quite an expensive
mechanism footnote:[PCID is now a critical performance/security feature on x86
* 'spec-ctrl'
+
-Required to enable the Spectre v1 (CVE-2017-5753) and Spectre v2 (CVE-2017-5715) fix,
-in cases where retpolines are not sufficient.
-Included by default in Intel CPU models with -IBRS suffix.
-Must be explicitly turned on for Intel CPU models without -IBRS suffix.
-Requires the host CPU microcode (intel-microcode >= 20180425).
+Required to enable the Spectre v1 (CVE-2017-5753) and Spectre v2 (CVE-2017-5715) fix,
+in cases where retpolines are not sufficient.
+Included by default in Intel CPU models with -IBRS suffix.
+Must be explicitly turned on for Intel CPU models without -IBRS suffix.
+Requires an updated host CPU microcode (intel-microcode >= 20180425).
+
* 'ssbd'
+
-Required to enable the Spectre V4 (CVE-2018-3639) fix. Not included by default in any Intel CPU model.
-Must be explicitly turned on for all Intel CPU models.
-Requires the host CPU microcode(intel-microcode >= 20180703).
+Required to enable the Spectre V4 (CVE-2018-3639) fix. Not included by default in any Intel CPU model.
+Must be explicitly turned on for all Intel CPU models.
+Requires an updated host CPU microcode(intel-microcode >= 20180703).
AMD processors
* 'ibpb'
+
-Required to enable the Spectre v1 (CVE-2017-5753) and Spectre v2 (CVE-2017-5715) fix,
-in cases where retpolines are not sufficient.
-Included by default in AMD CPU models with -IBPB suffix.
-Must be explicitly turned on for AMD CPU models without -IBPB suffix.
+Required to enable the Spectre v1 (CVE-2017-5753) and Spectre v2 (CVE-2017-5715) fix,
+in cases where retpolines are not sufficient.
+Included by default in AMD CPU models with -IBPB suffix.
+Must be explicitly turned on for AMD CPU models without -IBPB suffix.
Requires the host CPU microcode to support this feature before it can be used for guest CPUs.
* 'virt-ssbd'
+
Required to enable the Spectre v4 (CVE-2018-3639) fix.
-Not included by default in any AMD CPU model.
-Must be explicitly turned on for all AMD CPU models.
-This should be provided to guests, even if amd-ssbd is also provided, for maximum guest compatibility.
-Note for some QEMU / libvirt versions, this must be force enabled when when using "Host model",
-because this is a virtual feature that doesn’t exist in the physical host CPUs.
+Not included by default in any AMD CPU model.
+Must be explicitly turned on for all AMD CPU models.
+This should be provided to guests, even if amd-ssbd is also provided, for maximum guest compatibility.
+Note that this must be explicitly enabled when when using the "host" cpu model,
+because this is a virtual feature which does not exist in the physical CPUs.
* 'amd-ssbd'
+
-Required to enable the Spectre v4 (CVE-2018-3639) fix.
-Not included by default in any AMD CPU model. Must be explicitly turned on for all AMD CPU models.
-This provides higher performance than virt-ssbd so should be exposed to guests whenever available in the host.
+Required to enable the Spectre v4 (CVE-2018-3639) fix.
+Not included by default in any AMD CPU model. Must be explicitly turned on for all AMD CPU models.
+This provides higher performance than virt-ssbd, therefore a host supporting this should always expose this to guests if possible.
virt-ssbd should none the less also be exposed for maximum guest compatibility as some kernels only know about virt-ssbd.
* 'amd-no-ssb'
+
Recommended to indicate the host is not vulnerable to Spectre V4 (CVE-2018-3639).
-Not included by default in any AMD CPU model.
-Future hardware generations of CPU will not be vulnerable to CVE-2018-3639,
-and thus the guest should be told not to enable its mitigations, by exposing amd-no-ssb.
+Not included by default in any AMD CPU model.
+Future hardware generations of CPU will not be vulnerable to CVE-2018-3639,
+and thus the guest should be told not to enable its mitigations, by exposing amd-no-ssb.
This is mutually exclusive with virt-ssbd and amd-ssbd.
This option is also required to hot-plug cores or RAM in a VM.
If the NUMA option is used, it is recommended to set the number of sockets to
-the number of sockets of the host system.
+the number of nodes of the host system.
vCPU hot-plug
^^^^^^^^^^^^^
.Fixed Memory Allocation
[thumbnail="screenshot/gui-create-vm-memory.png"]
-When setting memory and minimum memory to the same amount
+ghen setting memory and minimum memory to the same amount
{pve} will simply allocate what you specify to your VM.
Even when using a fixed memory size, the ballooning device gets added to the
process a great number of incoming connections, such as when the VM is running
as a router, reverse proxy or a busy HTTP server doing long polling.
+[[qm_display]]
+Display
+~~~~~~~
+
+QEMU can virtualize a few types of VGA hardware. Some examples are:
+
+* *std*, the default, emulates a card with Bochs VBE extensions.
+* *cirrus*, this was once the default, it emulates a very old hardware module
+with all its problems. This display type should only be used if really
+necessary footnote:[https://www.kraxel.org/blog/2014/10/qemu-using-cirrus-considered-harmful/
+qemu: using cirrus considered harmful], e.g., if using Windows XP or earlier
+* *vmware*, is a VMWare SVGA-II compatible adapter.
+* *qxl*, is the QXL paravirtualized graphics card. Selecting this also
+enables SPICE for the VM.
+
+You can edit the amount of memory given to the virtual GPU, by setting
+the 'memory' option. This can enable higher resolutions inside the VM,
+especially with SPICE/QXL.
+
+As the memory is reserved by display device, selecting Multi-Monitor mode
+for SPICE (e.g., `qxl2` for dual monitors) has some implications:
+
+* Windows needs a device for each monitor, so if your 'ostype' is some
+version of Windows, {pve} gives the VM an extra device per monitor.
+Each device gets the specified amount of memory.
+
+* Linux VMs, can always enable more virtual monitors, but selecting
+a Multi-Monitor mode multiplies the memory given to the device with
+the number of monitors.
+
+Selecting `serialX` as display 'type' disables the VGA output, and redirects
+the Web Console to the selected serial port. A configured display 'memory'
+setting will be ignored in that case.
[[qm_usb_passthrough]]
USB Passthrough
with a press of the ESC button during boot), or you have to choose
SPICE as the display type.
+[[qm_ivshmem]]
+Inter-VM shared memory
+~~~~~~~~~~~~~~~~~~~~~~
+
+You can add an Inter-VM shared memory device (`ivshmem`), which allows one to
+share memory between the host and a guest, or also between multiple guests.
+
+To add such a device, you can use `qm`:
+
+ qm set <vmid> -ivshmem size=32,name=foo
+
+Where the size is in MiB. The file will be located under
+`/dev/shm/pve-shm-$name` (the default name is the vmid).
+
+NOTE: Currently the device will get deleted as soon as any VM using it got
+shutdown or stopped. Open connections will still persist, but new connections
+to the exact same device cannot be made anymore.
+
+A use case for such a device is the Looking Glass
+footnote:[Looking Glass: https://looking-glass.hostfission.com/] project,
+which enables high performance, low-latency display mirroring between
+host and guest.
+
[[qm_startup_and_shutdown]]
Automatic Start and Shutdown of Virtual Machines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
disk image *Format* if the storage driver supports several formats.
+
-NOTE: A full clone need to read and copy all VM image data. This is
+NOTE: A full clone needs to read and copy all VM image data. This is
usually much slower than creating a linked clone.
+
Linked Clone::
-Modern storage drivers supports a way to generate fast linked
+Modern storage drivers support a way to generate fast linked
clones. Such a clone is a writable copy whose initial contents are the
same as the original data. Creating a linked clone is nearly
instantaneous, and initially consumes no additional space.
templates can later be used to create linked clones efficiently.
+
-NOTE: You cannot delete the original template while linked clones
-exists.
+NOTE: You cannot delete an original template while linked clones
+exist.
+
It is not possible to change the *Target storage* for linked clones,
different node. The only restriction is that the VM is on shared
storage, and that storage is also available on the target node.
-To avoid resource conflicts, all network interface MAC addresses gets
+To avoid resource conflicts, all network interface MAC addresses get
randomized, and we generate a new 'UUID' for the VM BIOS (smbios1)
setting.
VM Generation ID
----------------
-{pve} supports Virtual Machine Generation ID ('vmgedid') footnote:[Official
+{pve} supports Virtual Machine Generation ID ('vmgenid') footnote:[Official
'vmgenid' Specification
https://docs.microsoft.com/en-us/windows/desktop/hyperv_v2/virtual-machine-generation-identifier]
for virtual machines.
Microsoft provides
https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/[Virtual Machines downloads]
- to get started with Windows development.We are going to use one of these
+ to get started with Windows development.We are going to use one of these
to demonstrate the OVF import feature.
Download the Virtual Machine zip
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-After getting informed about the user agreement, choose the _Windows 10
+After getting informed about the user agreement, choose the _Windows 10
Enterprise (Evaluation - Build)_ for the VMware platform, and download the zip.
Extract the disk image from the zip
Adding an external disk image to a Virtual Machine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-You can also add an existing disk image to a VM, either coming from a
+You can also add an existing disk image to a VM, either coming from a
foreign hypervisor, or one that you created yourself.
Suppose you created a Debian/Ubuntu disk image with the 'vmdebootstrap' tool:
include::qm-cloud-init.adoc[]
endif::wiki[]
+ifndef::wiki[]
+include::qm-pci-passthrough.adoc[]
+endif::wiki[]
+
+Hookscripts
+~~~~~~~~~~~
+
+You can add a hook script to VMs with the config property `hookscript`.
+
+ qm set 100 -hookscript local:snippets/hookscript.pl
+It will be called during various phases of the guests lifetime.
+For an example and documentation see the example script under
+`/usr/share/pve-docs/examples/guest-example-hookscript.pl`.
Managing Virtual Machines with `qm`
------------------------------------