3 # Copyright (C) 2009 Red Hat Inc.
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 2 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program; if not, write to the Free Software
17 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 use Locale::TextDomain 'virt-tools';
31 virt-ps, virt-ping, virt-uname, virt-uptime - virtual machine information and statistics
35 virt-ifconfig [--options] [domname]
37 virt-ps [--options] [domname]
39 virt-ping [--options] [domname]
41 virt-uname [--options] [domname]
43 virt-uptime [--options] [domname]
47 All the tools take either a single C<domname> parameter, which is the
48 name of the virtual machine as known to libvirt (C<virsh list>), or no
49 parameter in which case they operate on all currently running guests.
51 I<Note:> You must install the C<virt-tools-guest> package in each
52 Linux guest, otherwise these programs will not work.
54 There are some common options which can be supplied to any tool:
72 Display version number and exit.
78 =item B<--connect URI> | B<-c URI>
80 If using libvirt, connect to the given I<URI>. If omitted, then we
81 connect to the default libvirt hypervisor.
89 Write out the results in CSV format (comma-separated values). This
90 format can be imported easily into databases and spreadsheets, but
91 read L</NOTE ABOUT CSV FORMAT> below.
97 =item B<--verbose> | B<-v>
99 Enable verbose messages, useful for debugging.
105 GetOptions ("help|?" => \$help,
106 "version" => \$version,
107 "connect|c=s" => \$uri,
109 "verbose|v" => \$verbose,
111 pod2usage (1) if $help;
113 print "@PACKAGE_STRING@\n";
118 "virt-ps" => [ \&do_ps, \&title_ps ],
119 "virt-ping" => [ \&do_ping, \&title_ping ],
120 "virt-uname" => [ \&do_uname, \&title_uname ],
121 "virt-uptime" => [ \&do_uptime, \&title_uptime ],
125 my ($do_it, $title_it);
126 foreach (keys %subcommands) {
128 print STDERR "subcommand = $_\n" if $verbose;
129 $do_it = $subcommands{$_}->[0];
130 $title_it = $subcommands{$_}->[1];
134 die "$0: cannot determine which sub-command to run\n" unless $do_it;
136 # If we are being run from a local directory, add that directory to
137 # the path, so we can be run from the source directory without being
139 if (substr ($0, 0, 1) ne "/") {
142 $ENV{PATH} = "$_:$ENV{PATH}"; # XXX Windows?
143 print STDERR "PATH set to $ENV{PATH}\n" if $verbose;
148 # Do we have named guests?
153 $conn = Sys::Virt->new (readonly => 1, address => $uri);
155 $conn = Sys::Virt->new (readonly => 1);
158 # Ignore inactive domains.
159 my @doms = $conn->list_domains ();
161 my @domnames = map { $_->get_name () } @doms;
165 foreach (@domnames) {
178 # Turn any errors into warnings.
180 my ($key, $transport);
182 $transport = get_transport ($_);
183 &$do_it ($_, $key, $transport);
191 print STDERR "errors = $errors\n" if $verbose;
193 exit ($errors == 0 ? 0 : 1);
195 # virt-ifconfig is implemented as a separate program.
199 C<virt-ifconfig> displays the IP address of the guest.
203 C<virt-ps> displays the process list of the guest.
209 print_row (__"Guest");
216 my $transport = shift;
224 C<virt-ping> pings the guest by making an empty virt-tools request,
225 and checking that it replies. This can be used as a simple test that
226 virt-tools is available and working inside the guest.
232 print_row (__"Guest", __"Status");
239 my $transport = shift;
241 my $session = get_snmp_session ($key, $transport);
242 my $sysUpTime = "1.3.6.1.2.1.1.3.0";
243 my $r = $session->get_request (-varbindlist => [$sysUpTime])
244 or die __x("SNMP error: {e}", $session->error);
245 print STDERR "ping: sysUpTime = $r->{$sysUpTime}\n" if $verbose;
246 print_row ($domname, "ok");
252 C<virt-uname> displays the system information (kernel version etc) of
259 print_row (__"Guest", __"System name");
266 my $transport = shift;
268 my $session = get_snmp_session ($key, $transport);
269 my $sysDescr = "1.3.6.1.2.1.1.1.0";
270 my $r = $session->get_request (-varbindlist => [$sysDescr])
271 or die __x("SNMP error: {e}", $session->error);
272 print_row ($domname, $r->{$sysDescr});
278 C<virt-uptime> displays the uptime of the guest
284 print_row (__"Guest", __"Uptime");
291 my $transport = shift;
293 my $session = get_snmp_session ($key, $transport);
294 my $sysUpTime = "1.3.6.1.2.1.1.3.0";
295 my $r = $session->get_request (-varbindlist => [$sysUpTime])
296 or die __x("SNMP error: {e}", $session->error);
297 print_row ($domname, $r->{$sysUpTime});
315 # XXX Use Text::CSV here.
319 } elsif ($_ =~ /,/ || $_ =~ /\n/) {
331 Virt-tools are a set of tools that you can install in your virtual
332 machines (host and guests) to get enhanced information about the
335 Unlike VMWare Tools, virt-tools is hypervisor agnostic. Also
336 virt-tools is just about collecting statistics and does not include
337 any performance or functionality enhancements for guests (see virtio
340 There are two parts to any virt-tools installation: some client
341 programs like C<virt-uname> and C<virt-ps> that you run on the host,
342 to query guest information. On the guest, you have to install and run
343 a virt-tools service. Between the host and guest is a transport which
346 The L</GUEST ARCHITECTURE> section describes how virt-tools appears
349 The L</HOST ARCHITECTURE> section describes the architecture of
350 virt-tools on the host side.
352 =head1 GUEST ARCHITECTURE
354 In most cases, you can just install the C<virt-tools-guest> package in
355 your Linux guests, or the Windows virt-tools guest package in your
356 Windows guests, and everything should just work. In this section we
357 describe more about how it works (or is supposed to work) from the
360 =head2 COMMUNICATIONS DIRECTORY
362 The guest writes various static, mostly unchanging, information into
363 its own directory. On Linux the directory is
364 C<@localstatedir@/lib/virt-tools/> and under Windows it is
365 C<%systemroot%\virttool\>. In the discussion below, this
366 communications directory is referred to as C<$GUESTCOMMSDIR>.
368 The host is able to read files out of this directory using
369 L<libguestfs(3)> (without any cooperation needed by the guest).
373 The host can't easily see the guest's IP address. The host provides
374 the guest with a network interface connected to a bridge, but the
375 guest can use any IP address it likes (although well-behaved guests
376 will usually have some static IPs or are allocated one by DHCP).
378 So when the guest starts up, or its IP address changes (usually these
379 are rare events) the guest writes a file
380 C<$GUESTCOMMSDIR/ip-E<lt>ifaceE<gt>> which contains details of the IP
381 address of the interface E<lt>ifaceE<gt> (eg. the file might be called
382 C<ip-eth0> under Linux).
384 C<virt-ifconfig> reads this file directly using L<libguestfs(3)>.
388 When the guest is first installed (or more precisely, when the
389 virt-tools-guest package is first installed in the guest), a random
390 secret key is generated. This is used to encrypt communications with
391 the guest, and it is described in more detail below.
393 The key is written to C<$GUESTCOMMSDIR/key>.
397 For process listings, and just about every other piece of data except
398 for IP address, guests run a completely standard SNMP (Simple Network
399 Management Protocol) server. The host client tools access this server
400 in order to query information about the guest. They query this using
403 The protocol used is SNMPv3 (RFC 2571) which addresses security
404 concerns in earlier versions of the protocol. In order to ensure that
405 only the host can access the SNMP server and see the results, all
406 communications are encrypted and authenticated using the guest's key.
410 There is not necessarily a network connection between the host and the
411 guest. There are many configurations of virtualization in which the
412 host has no network access to the guest: for example, if the host
413 firewalls itself off from the guest (or vice versa), or if the guest
414 has a physically separate network card from the host.
416 Therefore the guest to host SNMP transport is not necessarily over an
417 IP network. Other transports are possible, including "vmchannel"
418 (where "vmchannel" is the generic name for a collection of specialized
419 host-guest communication channels implemented in different ways by
420 different hypervisors).
422 The transport is written to C<$GUESTCOMMSDIR/transport>.
424 =head1 HOST ARCHITECTURE
426 On the host side, the host uses L<libguestfs(3)> to read the guest's
427 IP address and key, and uses some heuristics to determine the
430 Once the key and the transport to the guest are worked out, programs
431 like C<virt-ps>, C<virt-uname> and so on are just making
432 straightforward SNMP calls:
434 +-----------------+ +-----------------+
436 | virt-ps --- request ---> snmpd |
437 | <---- reply ----- |
438 +-----------------+ +-----------------+
440 The difficulty is in determining the key and the transport to use,
441 which is what this section covers. You can also use this knowledge to
442 diagnose problems or to create non-standard configurations.
446 All the host tools use an external helper program called
447 C<virt-tools-get-key> to get the key of the guest. (See
448 L<virt-tools-get-key(8)> for the precise usage of this program).
450 The key is generated by the guest once -- when the virt-tools-guest
451 package is installed in the guest. The key is written to a file
452 C<$GUESTCOMMSDIR/key> (in the guest) which is readable only by root.
454 Using L<libguestfs(3)> the host can read any file in the guest, so it
455 can read this key out directly. This is what the
456 C<virt-tools-get-key> program does, and you can run it by hand to
457 verify its operation:
459 # virt-tools-get-key -v domname
464 C<virt-tools-get-key> caches the keys of guests that it has seen
465 before so it doesn't have to read them each time. The cache is in
466 C<@localstatedir@/lib/virt-tools/keys/> (in the host).
468 You can just delete the files in this directory at any time, I<or> you
469 can drop a file in here which contains the key of a guest.
471 To do this, create a file
472 C<@localstatedir@/lib/virt-tools/keys/E<lt>UUIDE<gt>> where
473 E<lt>UUIDE<gt> is the guest's UUID as displayed by this command:
477 The contents of the file should be the key.
479 You can test this works by running C<virt-tools-get-key> by hand.
481 This cache never expires, unless you remove the files by hand.
489 my $cmd = "virt-tools-get-key";
490 $cmd .= " -v" if $verbose;
492 $cmd .= " -c '$uri'" if $uri;
493 $cmd .= " '$domname'";
495 print STDERR "$cmd\n" if $verbose;
497 open PIPE, "$cmd |" or die "$cmd: $!";
499 die __"no response from virt-tools-get-key\n" unless $line;
506 =head2 DETERMINE TRANSPORT
508 All the host tools use a second helper program called
509 C<virt-tools-get-transport> to get the transport and address to use
510 for a guest. (See L<virt-tools-get-transport(8)> for the precise
511 usage of this program).
513 This program tries a series of methods to determine how to access a
514 guest, be it through a direct network connection or over some
515 hypervisor-specific vmchannel.
517 # virt-tools-get-transport -v domname
520 You can diagnose problems with the transport by trying to run this
523 =head3 TRANSPORT CACHE
525 C<virt-tools-get-transport> caches the transports of guests that it
526 has seen before so it doesn't have to determine them each time. The
527 cache is in C<@localstatedir@/lib/virt-tools/transports/> (in the
530 As for the L</KEY CACHE>, this directory is just some files that are
531 named after the UUID of the guest, containing the transport.
533 Unlike the key cache, C<virt-tools-get-transport> will check that a
534 transport is still valid, and will expire (ie. delete) the
535 corresponding entry in the transport cache if it is not valid.
543 my $cmd = "virt-tools-get-transport";
544 $cmd .= " -v" if $verbose;
546 $cmd .= " -c '$uri'" if $uri;
547 $cmd .= " '$domname'";
549 print STDERR "$cmd\n" if $verbose;
551 open PIPE, "$cmd |" or die "$cmd: $!";
553 die __"no response from virt-tools-get-transport\n" unless $line;
562 Standard SNMP queries are used between the host and guest.
564 SNMP already supports many of the features we are trying to query
565 (eg. the UCD SNMP MIB provides a way to query the process list of a
566 machine in a form which is a de facto standard).
568 To determine what precise queries are sent, run the tools in verbose
569 mode or examine the source.
576 my $transport = shift;
578 my ($hostname, $port, $domain);
579 if ($transport =~ /^udp:(.*):(.*)/) {
583 } elsif ($transport =~ /^tcp:(.*):(.*)/) {
588 die __x("unknown transport type: {t}", t => $transport);
592 print STDERR "creating Net::SNMP session to $domain:$hostname:$port with key $key\n"
595 my ($session, $error) = Net::SNMP->session (
597 -username => "virttools",
598 -authpassword => $key,
599 -authprotocol => "sha",
600 -privpassword => $key,
601 -privprotocol => "aes",
602 -hostname => $hostname,
606 die __x("SNMP failure: {e}", e => $error) unless $session;
611 =head2 RUNNING YOUR OWN SNMP SERVER IN A GUEST
615 =head1 NOTE ABOUT CSV FORMAT
617 Comma-separated values (CSV) is a deceptive format. It I<seems> like
618 it should be easy to parse, but it is definitely not easy to parse.
620 Myth: Just split fields at commas. Reality: This does I<not> work
621 reliably. This example has two columns:
625 Myth: Read the file one line at a time. Reality: This does I<not>
626 work reliably. This example has one row:
631 For shell scripts, use C<csvtool> (L<http://merjis.com/developers/csv>
632 also packaged in major Linux distributions).
634 For other languages, use a CSV processing library (eg. C<Text::CSV>
635 for Perl or Python's built-in csv library).
637 Most spreadsheets and databases can import CSV directly.
645 L<Sys::Guestfs::Lib(3)>,
647 L<http://libguestfs.org/>.
655 Richard W.M. Jones (C<rjones at redhat dot com>)
659 Matthew Booth (C<mbooth at redhat dot com>)
665 Copyright (C) 2009 Red Hat Inc.
667 This program is free software; you can redistribute it and/or modify
668 it under the terms of the GNU General Public License as published by
669 the Free Software Foundation; either version 2 of the License, or
670 (at your option) any later version.
672 This program is distributed in the hope that it will be useful,
673 but WITHOUT ANY WARRANTY; without even the implied warranty of
674 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
675 GNU General Public License for more details.
677 You should have received a copy of the GNU General Public License
678 along with this program; if not, write to the Free Software
679 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.