2.15. Performing Virtual Machine-Specific Operations

This section focuses on operations specific to virtual machines.

2.15.1. Pausing Virtual Machines

Pausing a running virtual machine releases the resources, such as RAM and CPU, currently used by this virtual machine. The released resources can then be used by the hardware node or other running virtual machines and containers.

To pause a virtual machine, you can use the prlctl pause command. For example, the following command pauses the virtual machine MyVM:

# prlctl pause MyVM

You can check that the virtual machine has been successfully paused by using the prlctl list -a command:

# prlctl list -a
STATUS  IP_ADDR         NAME
running 10.10.10.101    MyCT
paused  10.10.10.201    MyVM

The command output shows that the virtual machine MyVM is paused at the moment. To continue running this virtual machine, execute this command:

# prlctl start MyVM

2.15.2. Managing Virtual Machine Devices

Virtuozzo allows you to manage the following virtual machine devices:

  • hard disk drives
  • CD/DVD-ROM drives
  • floppy disk drives
  • network adapters
  • serial ports
  • USB controllers

When managing devices, keep in mind the following limits for VM devices:

IDE Devices 4 IDE devices (virtual disks or CD/DVD-ROM drives)
SCSI Devices 15 SCSI devices (virtual disks or CD/DVD-ROM drives)
VirtIO Devices 15 VirtIO virtual disks
Floppy disk drive 1 floppy disk drive
Network Interfaces 15 virtual NICs
Serial (COM) Ports 4 serial (COM) ports
USB controller 1 USB controller

The main operations you can perform on VM devices are:

  • adding a new device to the virtual machine
  • configuring the device properties
  • removing a device from the virtual machine

2.15.2.1. Adding New Devices

This section provides information on adding new devices to your virtual machines. You can add new virtual devices to your virtual machine using the prlctl set command. The options responsible for adding particular devices are listed in the following table:

Option Description
hdd

Adds a new hard disk drive to a virtual machine. You can either connect an existing image to the virtual machine or create a new one.

SCSI and VirtIO hard disks can be added to both running and stopped VMs; IDE disks can only be added to stopped VMs.

cdrom Adds a new CD/DVD-ROM drive to the virtual machine that must be stopped first.
net Adds a new network adapter to a stopped virtual machine.
fdd Adds a new floppy disk drive to a stopped virtual machine.
serial Adds a new serial port to a stopped virtual machine.
usb Adds a new USB controller to a stopped virtual machine.

For example, you can execute the following command to add a new virtual disk to the virtual machine MyVM:

# prlctl set MyVM --device-add hdd
Creating hdd1 () scsi:1 image='/vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/ \
harddisk1.hdd' type='expanded' 65536Mb subtype=virtio-scsi
...

This command creates a new virtual disk with the following default parameters:

  • name: hdd1
  • disk type: SCSI
  • disk subtype: VirtIO SCSI
  • image file name and location: /vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/harddisk1.hdd
  • disk format: expanded
  • disk capacity: 65536 MB

You can change some of these parameters with prlctl. For example, to create an 84 GB IDE virtual disk, run

# prlctl set MyVM --device-add hdd --size 84000 --iface ide
Creating hdd2 () ide:0 image='/vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/ \
harddisk2.hdd' type='expanded' 84000Mb
...

The virtual disk has been added to your virtual machine. However, before you can use it, you need to initialize it as described in the next subsection.

2.15.2.1.1. Adding Hyper-V SCSI Devices to Windows Virtual Machines

Virtuozzo supports Hyper-V paravirtualized device emulation of SCSI hard disks and CD/DVD-ROM drives. The emulation allows to use these devices with native Windows drivers. It is recommended for all the supported Windows guests (see Supported Guest Operating Systems).

To add, for example, a SCSI CD/DVD-ROM and HDD emulated via Hyper-V to a VM, run the following commands:

# prlctl set vm1 --device-add cdrom --image <path_to_image> --iface scsi --subtype hyperv
# prlctl set vm1 --device-add hdd --iface scsi --subtype hyperv

2.15.2.2. Initializing Newly Added Disks

After you added a new blank virtual hard disk to the virtual machine configuration, it will be invisible to the operating system installed inside the virtual machine until the moment you initialize it.

2.15.2.2.1. Initializing the New Virtual Hard Disk in Windows

To initialize a new virtual hard disk in a Windows guest OS, you will need the Disk Management utility available. For example, in Windows Server 2012 you can access this utility by clicking Start > Control Panel > System and Security > Administrative Tools > Computer Management > Storage > Disk Management.

When you open the Disk Management utility, it automatically detects that a new hard disk was added to the configuration and launches the Initialize Disk wizard:

  1. In the Select disks section, select the newly added disk.
  2. Choose the partition style for the selected disk: MBR (Master Boot Record) or GPD (GUID Partition Table).
  3. Click OK.

The added disk will appear as a new disk in the Disk Management utility window, but its memory space will be unallocated. To allocate the disk memory, right-click this disk name in the Disk Management utility window and select New Volume. The New Volume Wizard window will appear. Follow the steps of the wizard and create a new volume in the newly added disk.

After that your disk will become visible in My Computer and you will be able to use it as a data disk inside your virtual machine.

2.15.2.2.2. Initializing the New Virtual Hard Disk in Linux

Initializing a new virtual hard disk in a Linux guest OS comprises two steps: (1) allocating the virtual hard disk space and (2) mounting this disk in the guest OS.

To allocate the space, you need to create a new partition on this virtual hard disk using the fdisk utility:

Note

You need the root privileges to use fdisk.

  1. Launch a terminal window.

  2. To list the IDE disk devices present in your virtual machine configuration, enter:

    fdisk /dev/hd*
    

    Note

    If you added a SCSI disk to the virtual machine configuration, use the fdisk /dev/sd* command instead.

  3. By default, the second virtual hard disk appears as /dev/hdc in your Linux virtual machine. To work with this device, enter:

    fdisk /dev/hdc
    

    Note

    If this is a SCSI disk, use the fdisk /dev/sdc command instead.

  4. To get detailed information about the disk, enter:

    p
    
  5. To create a new partition, enter:

    n
    
  6. To create the primary partition, enter:

    p
    
  7. Specify the partition number. By default, it is 1.

  8. Specify the first cylinder. If you want to create a single partition on this hard disk, use the default value.

  9. Specify the last cylinder. If you want to create a single partition on this hard disk, use the default value.

  10. To create a partition with the specified settings, enter:

    w
    

When you allocated the space on the newly added virtual hard disk, you should format it by entering the following command in the terminal:

# mkfs -t <FileSystem> /dev/hdc1

Note

<FileSystem> stands for the filesystem you want to use on this disk. It is recommended to use ext4.

When the added virtual hard disk is formatted, you can mount it in the guest OS.

  1. To create a mount point for the new virtual hard disk, enter:

    # mkdir /mnt/hdc1
    

    Note

    You can specify a different mount point.

  2. To mount the new virtual hard disk to the specified mount point, enter:

    mount /dev/hdc1 /mnt/hdc1
    

When you mounted the virtual hard disk, you can use its space in your virtual machine.

2.15.2.3. Configuring Virtual Devices

You can configure the parameters of an existing virtual device in your virtual machine using the --device-set option of the prlctl set command.

To change the virtual device parameters, do the following:

  1. List the VM information to find out the name of the device you wish to configure. For example, to obtain the list of virtual devices in the virtual machine MyVM, run:

    # prlctl list -i MyVM
    ...
    Hardware:
      cpu cpus=2 VT-x accl=high mode=32 ioprio=4 iolimit='0'
      memory 1024Mb
      video 32Mb 3d acceleration=off vertical sync=yes
      hdd0 (+) scsi:0 image='/vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/ \
    harddisk.hdd' type='expanded' subtype=virtio-scsi
      hdd1 (+) scsi:1 image='/vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/ \
    harddisk1.hdd' type='expanded' subtype=virtio-scsi
      cdrom0 (+) scsi:1 image='' subtype=virtio-scsi
      usb (+)
      net0 (+) dev='vme426f6594' network='Bridged' mac=001C426F6594 card=virtio
    ...
    

    All virtual devices currently available to the virtual machine are listed under Hardware. In our case the virtual machine MyVM has the following devices: 2 CPUs, main memory, video memory, a floppy disk drive, 2 hard disk drives, a CD/DVD-ROM drive, a USB controller, and a network card.

  2. Configure the properties of the virtual device. For example, to configure the current type of the virtual disk hdd1 in the virtual machine MyVM from SCSI to IDE, execute:

# prlctl set MyVM --device-set hdd1 --iface ide

To check that the virtual disk type has been successfully changed, use the prlctl list -i command:

# prlctl list -i MyVM | grep hdd1
hdd1 (+) ide:0 image='/vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/ \
harddisk1.hdd' type='expanded'

2.15.2.3.1. Connecting and Disconnecting Virtual Devices

In Virtuozzo, you can connect or disconnect certain devices when a virtual machine is running. These devices include:

  • CD/DVD-ROM drives
  • floppy disk drives
  • network adapters
  • printer ports
  • serial ports

Usually, all virtual devices are automatically connected to a virtual machine when you create them. To disconnect a device from the virtual machine, you can use the prlctl set command. For example, the following command disconnects the CD/DVD-ROM drive cdrom0 from the virtual machine MyVM:

# prlctl set MyVM --device-disconnect cdrom0

To connect the CD/DVD-ROM drive back, you can run the following command:

# prlctl set MyVM --device-connect cdrom0

2.15.2.4. Deleting Devices

You can delete a virtual device that you do not need any more in your virtual machine using the --device-del option of the prlctl set command. The options responsible for removing particular devices are listed in the following table:

Option Description
hdd Deletes the specified hard disk drive from a stopped virtual machine.
cdrom Deletes the specified CD/DVD-ROM drive from a running or stopped virtual machine.
net Deletes the specified network adapter from a stopped virtual machine.
fdd Deletes the floppy disk drive from a running or stopped virtual machine.
serial Deletes the specified serial port from a stopped virtual machine.
usb Deletes the USB controller from a running or stopped virtual machine.

To remove a virtual device, do the following:

  1. List the VM information to find out the name of the device you wish to delete. For example, to obtain the list of virtual devices in the virtual machine MyVM, run:

    # prlctl list --info MyVM
    ...
    Hardware:
      cpu cpus=2 VT-x accl=high mode=32 ioprio=4 iolimit='0'
      memory 1024Mb
      video 32Mb 3d acceleration=off vertical sync=yes
      hdd0 (+) scsi:0 image='/vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/ \
    harddisk.hdd' type='expanded' subtype=virtio-scsi
      hdd1 (+) scsi:1 image='/vz/vmprivate/d35d28e5-11f7-4b3f-9065-8fef6178bc5b/ \
    harddisk1.hdd' type='expanded' subtype=virtio-scsi
      cdrom0 (+) scsi:1 image='' subtype=virtio-scsi
      usb (+)
      net0 (+) dev='vme426f6594' network='Bridged' mac=001C426F6594 card=virtio
    ...
    
  2. Remove the virtual device from your virtual machine. For example, to remove the virtual disk hdd1 from the virtual machine MyVM, execute:

    # prlctl set MyVM --device-del hdd1
    

If you do not want to permanently delete a virtual device, you can temporarily disconnect it from the virtual machine using the --disable option.

2.15.3. Making Screenshots

When a virtual machine stops responding to requests, you can check its state by capturing an image (or screenshot) of its screen with the prlctl capture command. A screenshot is saved in PNG format.

Note

You can take screenshots of running virtual machines only.

To take a screenshot of the MyVM virtual machine screen and save it to the /usr/screenshots/image1.png file:

  1. Make sure that the virtual machine is running:

    # prlctl list
    UUID                                    STATUS    IP_ADDR        T   NAME
    {b2de86d9-6539-4ccc-9120-928b33ed31b9}  running   10.10.100.1    VM  MyVM
    
  2. Take the virtual machine screenshot:

    # prlctl capture MyVM --file /usr/screenshots/image1.png
    

    If the --file option is not specified, a screenshot is dumped to the command output.

  3. Check that the image1.png file has been successfully created:

    # ls /usr/screenshots/
    image1.png
    

2.15.4. Assigning Host Devices to Virtual Machines

Starting from Virtuozzo 7 Update 11, you can assign a host device to a virtual machine so that the device is automatically connected to the VM when you connect the device to the hardware node or start the VM. This method, also known as passthrough, allows host devices to appear and behave as if they were physically attached to the guest operating system. Virtuozzo supports assigning USB, PCI devices (physical NICs), and SR-IOV devices (virtual NICs). Ways to do this are described in the following sections.

When assigning host devices to VMs, keep in mind that:

  • After a VM is migrated to another server, all its assignments are lost.
  • All assignments are preserved if you restore a VM to its original location. Otherwise they are lost.

2.15.4.1. Assigning USB Devices to Virtual Machines

Warning

This feature is experimental and tested only with some USB devices.

To assign a USB device to a VM, specify two parameters:

  1. The USB device ID that you can get by running the prlsrvctl usb list command. For example:

    # prlsrvctl usb list
    Sony - Storage Media     '3-2|054c|05ba|high|--|CB070B7B49A7C06786|3'
    
  2. The virtual machine UUID that you can obtain by running the prlctl list -a command. For example:

    # prlctl list -a
    UUID                                    STATUS       IP_ADDR         T  NAME
    {d8d516c9-dba3-dc4b-9941-d6fad3767035}  stopped      10.10.100.1     VM MyVM
    

Once you know the necessary parameters, do the following:

  1. Make sure the VM is stopped. For example:

    # prlctl list -i MyVM | grep State
    State: stopped
    
  2. Assign the USB device to the VM using the prlsrvctl usb set command. For example:

    # prlsrvctl usb set '3-2|054c|05ba|high|--|CB070B7B49A7C06786|3' \
    {d8d516c9-dba3-dc4b-9941-d6fad3767035}
    

    This command assigns the USB device Sony - Storage Media with ID '3-2|054c|05ba|high|--|CB070B7B49A7C06786|3' to the virtual machine MyVM with UUID {d8d516c9-dba3-dc4b-9941-d6fad3767035. When running the command, remember to put the USB device ID in single quotes and the VM UUID in curly brackets.

To check that the USB device has been successfully assigned to the VM, use the prlsrvctl usb list command. For example:

# prlsrvctl usb list
Sony - Storage Media     '3-2|054c|05ba|high|--|CB070B7B49A7C06786|3' \
{d8d516c9-dba3-dc4b-9941-d6fad3767035}

The command output shows that the USB device Sony - Storage Media will be automatically connected to the VM with UUID {d8d516c9-dba3-dc4b-9941-d6fad3767035} every time you start this VM and connect the device to the hardware node.

To remove the assignment, use the prlsrvctl usb del command. For example:

# prlsrvctl usb del '3-2|054c|05ba|high|--|CB070B7B49A7C06786|3'

2.15.4.2. Assigning PCI Devices to Virtual Machines

Assigning PCI devices to VMs is available only on server platforms that support Intel Virtualization Technology for Directed I/O (VT-d) or AMD I/O Virtualization Technology (IOMMU). This feature must be supported by both the motherboard chipset and CPU. For a list of IOMMU-supporting hardware, see this Wikipedia article.

Before assigning PCI devices, prepare your system as follows:

  1. Enable the CPU virtualization extensions (VT-d or AMD IOMMU) in the host BIOS.

  2. Enable the IOMMU support in the kernel:

    1. In the /etc/default/grub file, locate the GRUB_CMDLINE_LINUX line and add within the quotes either intel_iommu=on iommu=pt or amd_iommu=pt, depending on the platform. For example, on an Intel-based system, the line will be:

      GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=virtuozzo/root quiet \
      intel_iommu=on iommu=pt"
      
    2. Regenerate the grub config file:

      • On a BIOS-based system, run:

        # grub2-mkconfig -o /etc/grub2.cfg
        
      • On a UEFI-based system, run:

        # grub2-mkconfig -o /etc/grub2-efi.cfg
        
  3. Reboot the system to apply the changes.

To check that IOMMU is enabled, run one of the following commands:

  • On an Intel-based system:

    # dmesg | grep "Virtualization Technology for Directed I/O"
    [ 0.902214] DMAR: Intel(R) Virtualization Technology for Directed I/O
    
  • On an AMD-based system:

    # dmesg | grep AMD-Vi
    AMD-Vi: Enabling IOMMU at 0000:00:00.2 cap 0x40
    AMD-Vi: Lazy IO/TLB flushing enabled
    AMD-Vi: Initialized for Passthrough Mode
    

Now you can proceed to assign the PCI device to a VM. Do the following:

  1. Find the ID of the desired device in the output of the prlsrvctl info | grep pci command. For example:

    # prlsrvctl info | grep pci
    pci X540 Ethernet Controller '8:0:1:8086.1521' assignment=host
    <...>
    
  2. Make sure the VM that you will assign the PCI device to is stopped. For example:

    # prlctl list -i MyVM | grep State
    State: stopped
    
  3. Assign the PCI device to the VM. For example, to assign the network adapter X540 Ethernet Controller with the ID '8:0:1:8086.1521' to the virtual machine MyVM, run:

    # prlctl set MyVM --device-add pci --device '8:0:1:8086.1521'
    

To check that the PCI device has been successfully assigned to the VM, run the following command:

# prlctl list -i MyVM | grep pci
pci0 (+) 'Intel Corporation Ethernet Controller 10-Gigabit X540-AT2' '8:0:1'

Now the PCI device X540 Ethernet Controller will automatically connect to the MyVM virtual machine every time this VM is started and the device is connected to the hardware node.

To remove the assignment, use the prlctl set --device-del command:

# prlctl set --device-del pci0

2.15.4.3. Using PCI I/O Virtualization

Single Root I/O Virtualization (SR-IOV) is a specification that allows a single physical PCI device to appear as multiple virtual devices and thus be shared by multiple virtual machines. Virtuozzo supports assigning Virtual Functions of SR-IOV-capable PCI devices, namely network adapters, to virtual machines.

Before creating virtual PCI devices, make sure the following requirements are met:

  1. The system is prepared to support IOMMU as described in Assigning PCI Devices to Virtual Machines.
  2. SR-IOV is enabled in the system BIOS.

To create virtual network adapters, or Virtual Functions of a network adapter, you need to specify their number in the /sys/class/net/<device_name>/device/sriov_numvfs file. For example, to create two Virtual Functions of the Ethernet adapter enp2s0, run:

# echo 2 > /sys/class/net/enp2s0/device/sriov_numvfs

To ensure that the intended number of Virtual Functions is persistent across server reboots, create a udev rule similar to the following:

# vi /etc/udev/rules.d/enp2s0.rules
ACTION=="add", SUBSYSTEM=="net", ENV{ID_NET_DRIVER}=="ixgbe",
ATTR{device/sriov_numvfs}="2"

where enp2s0 is the name of the network adapter, ixgbe is the name of the network driver in use, and 2 is the number of Virtual Functions to be created at boot time.

The maximum number of Virtual Functions supported by a network device can be queried by reading the /sys/class/net/<device_name>/device/sriov_totalvfs file. For example, for the Ethernet adapter enp2s0, run:

# cat /sys/class/net/enp2s0/device/sriov_totalvfs
63

To check that Virtual Functions have been successfully created, execute:

# prlsrvctl info | grep Ethernet
pci  X540 Ethernet Controller '8:0:1:8086.1521' assignment=host
pci  X540 Ethernet Controller Virtual Function '9:10:4:8086.1520' assignment=host
pci  X540 Ethernet Controller Virtual Function '9:10:0:8086.1520' assignment=host

After creating virtual network adapters, you can assign them to VMs as described in Assigning PCI Devices to Virtual Machines. For them to work properly, install appropriate network drivers inside the VMs.

2.15.5. Configuring IP Address Ranges for Host-Only Networks

All virtual machines connected to networks of the host-only type receive their IP addresses from the DHCP server. This DHCP server is set up during the Virtuozzo installation and includes by default IP addresses from 10.37.130.1 to 10.37.130.254. You can redefine the default IP address range for host-only networks and make virtual machines get their IP addresses from different IP address ranges. For example, you can run the following command to set the start and end IP addresses for the Host-Only network (this network is automatically created during the Virtuozzo installation) to 10.10.11.1 and 10.10.11.254, respectively:

# prlsrvctl net set Host-Only --ip-scope-start 10.10.11.1 --ip-scope-end 10.10.11.254

You can also specify a custom IP address range directly when creating a new network of the host-only type. Assuming that you want to create a network with the Host-Only2 name and define for this network the IP addresses range from 10.10.10.1 to 10.10.10.254, you can execute the following command:

# prlsrvctl net add Host-Only2 -t host-only --ip-scope-start 10.10.10.1 --ip-scope-\
end 10.10.10.254

When working with IP address ranges, pay attention to the following:

  • The start and end IP addresses of an IP address range must belong to the same subnetwork.
  • IP address ranges can be defined for each network of the host-only type separately. For example, you can set the IP address range from 10.10.11.1 to 10.10.11.254 for the Host-Only network and from 10.10.10.1 to 10.10.10.254 for the Host-Only2 network.

2.15.6. Configuring Virtual Machine Crash Mode

In Virtuozzo 7, you can configure a virtual machine behavior after the guest OS crash: restart or pause. By default, when a virtual machine fails, a crash dump is created and sent in the problem report to the Virtuozzo technical support team, and the virtual machine is restarted with the same configuration.

To address the problem yourself, you can switch the virtual machine crash mode to pause using the prlctl set command. For example:

# prlctl set MyVM --on-crash pause

The virtual machine resources will be preserved to allow analysis and its crash dump will be sent in the problem report.

As crash dumps can take up significant disk space and lead to the whole server malfunction, the crash mode is automatically switched to pause, if a virtual machine fails more than three times within twenty-four hours since the last crash.

If you want to skip creating the crash dump and sending the problem report, add :no-report to the command. For example:

# prlctl set MyVM --on-crash restart:no-report

2.15.7. Enabling Secure Boot for Virtual Machines

Secure Boot is a UEFI feature that provides security in the pre-boot environment. It works by ensuring that only trusted software components signed by the Original Equipment Manufacturer (OEM) are loaded during the boot process. Secure boot can only be used if the system boots using UEFI, instead of BIOS.

Secure Boot is supported in Virtuozzo 7 virtual machines running the following operating systems: Windows Server 2012 and newer, CentOS 7, Ubuntu 14.04 LTS and newer.

If you want to enable Secure Boot in your virtual machine, make sure it boots with the EFI firmware before installing a guest OS inside it. To configure the EFI boot, use the prlctl set --efi-boot command. For example:

# prlctl set MyVM --efi-boot on

To enable Secure Boot inside a guest OS, do the following:

  1. While the VM is booting up, press F2 in the VNC console to open the EFI setup.

  2. On the EFI setup screen, select Device Manager > Secure Boot Configuration.

  3. Locate the Attempt Secure Boot option and press Spacebar to toggle the checkbox.

    ../_images/image034.png
  4. Press F10 to save the changes and reset the platform.

You can check that Secure Boot is successfully enabled as follows:

  • In Windows VMs, check the Secure Boot State field in the System Information window:

    ../_images/image035.png
  • In Linux VMs, use mokutil:

    # mokutil --sb-state
    SecureBoot enabled