3 # Copyright (C) 2009 Red Hat Inc.
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 2 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program; if not, write to the Free Software
17 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 use Locale::TextDomain 'virt-tools';
31 virt-ps, virt-ping, virt-uname, virt-uptime - virtual machine information and statistics
35 virt-ifconfig [--options] [domname]
37 virt-ps [--options] [domname]
39 virt-ping [--options] [domname]
41 virt-uname [--options] [domname]
43 virt-uptime [--options] [domname]
47 All the tools take either a single C<domname> parameter, which is the
48 name of the virtual machine as known to libvirt (C<virsh list>), or no
49 parameter in which case they operate on all currently running guests.
51 I<Note:> You must install the C<virt-tools-guest> package in each
52 Linux guest, otherwise these programs will not work.
54 There are some common options which can be supplied to any tool:
72 Display version number and exit.
78 =item B<--connect URI> | B<-c URI>
80 If using libvirt, connect to the given I<URI>. If omitted, then we
81 connect to the default libvirt hypervisor.
89 Write out the results in CSV format (comma-separated values). This
90 format can be imported easily into databases and spreadsheets, but
91 read L</NOTE ABOUT CSV FORMAT> below.
97 =item B<--verbose> | B<-v>
99 Enable verbose messages, useful for debugging.
105 GetOptions ("help|?" => \$help,
106 "version" => \$version,
107 "connect|c=s" => \$uri,
109 "verbose|v" => \$verbose,
111 pod2usage (1) if $help;
113 print "@PACKAGE_STRING@\n";
118 "virt-ps" => [ \&do_ps, \&title_ps ],
119 "virt-ping" => [ \&do_ping, \&title_ping ],
120 "virt-uname" => [ \&do_uname, \&title_uname ],
121 "virt-uptime" => [ \&do_uptime, \&title_uptime ],
125 my ($do_it, $title_it);
126 foreach (keys %subcommands) {
128 print STDERR "subcommand = $_\n" if $verbose;
129 $do_it = $subcommands{$_}->[0];
130 $title_it = $subcommands{$_}->[1];
134 die "$0: cannot determine which sub-command to run\n" unless $do_it;
136 # If we are being run from a local directory, add that directory to
137 # the path, so we can be run from the source directory without being
139 if (substr ($0, 0, 1) ne "/") {
142 $ENV{PATH} = "$_:$ENV{PATH}"; # XXX Windows?
143 print STDERR "PATH set to $ENV{PATH}\n" if $verbose;
148 # Do we have named guests?
153 $conn = Sys::Virt->new (readonly => 1, address => $uri);
155 $conn = Sys::Virt->new (readonly => 1);
158 # Ignore inactive domains.
159 my @doms = $conn->list_domains ();
161 my @domnames = map { $_->get_name () } @doms;
165 foreach (@domnames) {
178 # Turn any errors into warnings.
180 my ($key, $transport);
182 $transport = get_transport ($_);
183 &$do_it ($_, $key, $transport);
191 print STDERR "errors = $errors\n" if $verbose;
193 exit ($errors == 0 ? 0 : 1);
195 # virt-ifconfig is implemented as a separate program.
199 C<virt-ifconfig> displays the IP address of the guest.
203 C<virt-ps> displays the process list of the guest.
209 print_row (__"Guest");
216 my $transport = shift;
224 C<virt-ping> pings the guest by making an empty virt-tools request,
225 and checking that it replies. This can be used as a simple test that
226 virt-tools is available and working inside the guest.
232 print_row (__"Guest");
239 my $transport = shift;
247 C<virt-uname> displays the system information (kernel version etc) of
254 print_row (__"Guest", __"System name");
261 my $transport = shift;
263 my $session = get_snmp_session ($key, $transport);
264 my $sysDescr = "1.3.6.1.2.1.1.1.0";
265 my $r = $session->get_request (-varbindlist => [$sysDescr])
266 or die __x("SNMP error: {e}", $session->error);
267 print_row ($domname, $r->{$sysDescr});
273 C<virt-uptime> displays the uptime of the guest
279 print_row (__"Guest", __"Uptime");
286 my $transport = shift;
288 my $session = get_snmp_session ($key, $transport);
289 my $sysUpTime = "1.3.6.1.2.1.1.3.0";
290 my $r = $session->get_request (-varbindlist => [$sysUpTime])
291 or die __x("SNMP error: {e}", $session->error);
292 print_row ($domname, $r->{$sysUpTime});
310 # XXX Use Text::CSV here.
314 } elsif ($_ =~ /,/ || $_ =~ /\n/) {
326 Virt-tools are a set of tools that you can install in your virtual
327 machines (host and guests) to get enhanced information about the
330 Unlike VMWare Tools, virt-tools is hypervisor agnostic. Also
331 virt-tools is just about collecting statistics and does not include
332 any performance or functionality enhancements for guests (see virtio
335 There are two parts to any virt-tools installation: some client
336 programs like C<virt-uname> and C<virt-ps> that you run on the host,
337 to query guest information. On the guest, you have to install and run
338 a virt-tools service. Between the host and guest is a transport which
341 The L</GUEST ARCHITECTURE> section describes how virt-tools appears
344 The L</HOST ARCHITECTURE> section describes the architecture of
345 virt-tools on the host side.
347 =head1 GUEST ARCHITECTURE
349 In most cases, you can just install the C<virt-tools-guest> package in
350 your Linux guests, or the Windows virt-tools guest package in your
351 Windows guests, and everything should just work. In this section we
352 describe more about how it works (or is supposed to work) from the
355 =head2 COMMUNICATIONS DIRECTORY
357 The guest writes various static, mostly unchanging, information into
358 its own directory. On Linux the directory is
359 C<@localstatedir@/lib/virt-tools/> and under Windows it is
360 C<%systemroot%\virttool\>. In the discussion below, this
361 communications directory is referred to as C<$GUESTCOMMSDIR>.
363 The host is able to read files out of this directory using
364 L<libguestfs(3)> (without any cooperation needed by the guest).
368 The host can't easily see the guest's IP address. The host provides
369 the guest with a network interface connected to a bridge, but the
370 guest can use any IP address it likes (although well-behaved guests
371 will usually have some static IPs or are allocated one by DHCP).
373 So when the guest starts up, or its IP address changes (usually these
374 are rare events) the guest writes a file
375 C<$GUESTCOMMSDIR/ip-E<lt>ifaceE<gt>> which contains details of the IP
376 address of the interface E<lt>ifaceE<gt> (eg. the file might be called
377 C<ip-eth0> under Linux).
379 C<virt-ifconfig> reads this file directly using L<libguestfs(3)>.
383 When the guest is first installed (or more precisely, when the
384 virt-tools-guest package is first installed in the guest), a random
385 secret key is generated. This is used to encrypt communications with
386 the guest, and it is described in more detail below.
388 The key is written to C<$GUESTCOMMSDIR/key>.
392 For process listings, and just about every other piece of data except
393 for IP address, guests run a completely standard SNMP (Simple Network
394 Management Protocol) server. The host client tools access this server
395 in order to query information about the guest. They query this using
398 The protocol used is SNMPv3 (RFC 2571) which addresses security
399 concerns in earlier versions of the protocol. In order to ensure that
400 only the host can access the SNMP server and see the results, all
401 communications are encrypted and authenticated using the guest's key.
405 There is not necessarily a network connection between the host and the
406 guest. There are many configurations of virtualization in which the
407 host has no network access to the guest: for example, if the host
408 firewalls itself off from the guest (or vice versa), or if the guest
409 has a physically separate network card from the host.
411 Therefore the guest to host SNMP transport is not necessarily over an
412 IP network. Other transports are possible, including "vmchannel"
413 (where "vmchannel" is the generic name for a collection of specialized
414 host-guest communication channels implemented in different ways by
415 different hypervisors).
417 The transport is written to C<$GUESTCOMMSDIR/transport>.
419 =head1 HOST ARCHITECTURE
421 On the host side, the host uses L<libguestfs(3)> to read the guest's
422 IP address and key, and uses some heuristics to determine the
425 Once the key and the transport to the guest are worked out, programs
426 like C<virt-ps>, C<virt-uname> and so on are just making
427 straightforward SNMP calls:
429 +-----------------+ +-----------------+
431 | virt-ps --- request ---> snmpd |
432 | <---- reply ----- |
433 +-----------------+ +-----------------+
435 The difficulty is in determining the key and the transport to use,
436 which is what this section covers. You can also use this knowledge to
437 diagnose problems or to create non-standard configurations.
441 All the host tools use an external helper program called
442 C<virt-tools-get-key> to get the key of the guest. (See
443 L<virt-tools-get-key(8)> for the precise usage of this program).
445 The key is generated by the guest once -- when the virt-tools-guest
446 package is installed in the guest. The key is written to a file
447 C<$GUESTCOMMSDIR/key> (in the guest) which is readable only by root.
449 Using L<libguestfs(3)> the host can read any file in the guest, so it
450 can read this key out directly. This is what the
451 C<virt-tools-get-key> program does, and you can run it by hand to
452 verify its operation:
454 # virt-tools-get-key -v domname
459 C<virt-tools-get-key> caches the keys of guests that it has seen
460 before so it doesn't have to read them each time. The cache is in
461 C<@localstatedir@/lib/virt-tools/keys/> (in the host).
463 You can just delete the files in this directory at any time, I<or> you
464 can drop a file in here which contains the key of a guest.
466 To do this, create a file
467 C<@localstatedir@/lib/virt-tools/keys/E<lt>UUIDE<gt>> where
468 E<lt>UUIDE<gt> is the guest's UUID as displayed by this command:
472 The contents of the file should be the key.
474 You can test this works by running C<virt-tools-get-key> by hand.
476 This cache never expires, unless you remove the files by hand.
484 my $cmd = "virt-tools-get-key";
485 $cmd .= " -v" if $verbose;
487 $cmd .= " -c '$uri'" if $uri;
488 $cmd .= " '$domname'";
490 print STDERR "$cmd\n" if $verbose;
492 open PIPE, "$cmd |" or die "$cmd: $!";
494 die __"no response from virt-tools-get-key\n" unless $line;
501 =head2 DETERMINE TRANSPORT
503 All the host tools use a second helper program called
504 C<virt-tools-get-transport> to get the transport and address to use
505 for a guest. (See L<virt-tools-get-transport(8)> for the precise
506 usage of this program).
508 This program tries a series of methods to determine how to access a
509 guest, be it through a direct network connection or over some
510 hypervisor-specific vmchannel.
512 # virt-tools-get-transport -v domname
515 You can diagnose problems with the transport by trying to run this
518 =head3 TRANSPORT CACHE
520 C<virt-tools-get-transport> caches the transports of guests that it
521 has seen before so it doesn't have to determine them each time. The
522 cache is in C<@localstatedir@/lib/virt-tools/transports/> (in the
525 As for the L</KEY CACHE>, this directory is just some files that are
526 named after the UUID of the guest, containing the transport.
528 Unlike the key cache, C<virt-tools-get-transport> will check that a
529 transport is still valid, and will expire (ie. delete) the
530 corresponding entry in the transport cache if it is not valid.
538 my $cmd = "virt-tools-get-transport";
539 $cmd .= " -v" if $verbose;
541 $cmd .= " -c '$uri'" if $uri;
542 $cmd .= " '$domname'";
544 print STDERR "$cmd\n" if $verbose;
546 open PIPE, "$cmd |" or die "$cmd: $!";
548 die __"no response from virt-tools-get-transport\n" unless $line;
557 Standard SNMP queries are used between the host and guest.
559 SNMP already supports many of the features we are trying to query
560 (eg. the UCD SNMP MIB provides a way to query the process list of a
561 machine in a form which is a de facto standard).
563 To determine what precise queries are sent, run the tools in verbose
564 mode or examine the source.
571 my $transport = shift;
573 my ($hostname, $port, $domain);
574 if ($transport =~ /^udp:(.*):(.*)/) {
578 } elsif ($transport =~ /^tcp:(.*):(.*)/) {
583 die __x("unknown transport type: {t}", t => $transport);
587 print STDERR "creating Net::SNMP session to $domain:$hostname:$port with key $key\n"
590 my ($session, $error) = Net::SNMP->session (
592 -username => "virttools",
593 -authpassword => $key,
594 -authprotocol => "sha",
595 -privpassword => $key,
596 -privprotocol => "aes",
597 -hostname => $hostname,
601 die __x("SNMP failure: {e}", e => $error) unless $session;
606 =head2 RUNNING YOUR OWN SNMP SERVER IN A GUEST
610 =head1 NOTE ABOUT CSV FORMAT
612 Comma-separated values (CSV) is a deceptive format. It I<seems> like
613 it should be easy to parse, but it is definitely not easy to parse.
615 Myth: Just split fields at commas. Reality: This does I<not> work
616 reliably. This example has two columns:
620 Myth: Read the file one line at a time. Reality: This does I<not>
621 work reliably. This example has one row:
626 For shell scripts, use C<csvtool> (L<http://merjis.com/developers/csv>
627 also packaged in major Linux distributions).
629 For other languages, use a CSV processing library (eg. C<Text::CSV>
630 for Perl or Python's built-in csv library).
632 Most spreadsheets and databases can import CSV directly.
640 L<Sys::Guestfs::Lib(3)>,
642 L<http://libguestfs.org/>.
650 Richard W.M. Jones (C<rjones at redhat dot com>)
654 Matthew Booth (C<mbooth at redhat dot com>)
660 Copyright (C) 2009 Red Hat Inc.
662 This program is free software; you can redistribute it and/or modify
663 it under the terms of the GNU General Public License as published by
664 the Free Software Foundation; either version 2 of the License, or
665 (at your option) any later version.
667 This program is distributed in the hope that it will be useful,
668 but WITHOUT ANY WARRANTY; without even the implied warranty of
669 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
670 GNU General Public License for more details.
672 You should have received a copy of the GNU General Public License
673 along with this program; if not, write to the Free Software
674 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.