Chapter 19. Virtualization

VT-d posted interrupts

Red Hat Enterprise Linux now supports the Intel Virtualization Technology for Directed I/O (VT-d) in CPU-side posted interrupts. With the VT-d posted interrupts feature enabled, external interrupts from direct-assigned devices can be delivered to guests without the need for assistance by the Virtual Machine Manager, even when the guests are running in non-root mode. (BZ#1172351)

Hyper-V storage driver (storvsc) updated

The Hyper-V storage driver (storvsc) was updated from upstream. This provides moderate performance improvement of I/O operations when using Hyper-V storvsc driver for certain workloads. (BZ#1287040)

Hyper-V clock source changed to use the TSC page

With this update, the Time Stamp Counter (TSC) page is used as the Hyper-V clock source. The TSC page provides a more efficient way of computing the per-guest reference counter value than the previously used model-specific register (MSR). As a result, kernel operations that involve reading time stamps are now faster. (BZ#1300325)

libguestfs rebased to version 1.32.7

The libguestfs packages have been upgraded to upstream version 1.32.6, which provides a number of bug fixes and enhancements over the previous version. Notable changes include the following:
  • The virt-get-kernel utility has been added, which can be used to extract the kernel and initial RAM file system (initramfs) from a disk image file. For details, see the virt-get-kernel(1) man page.
  • The virt-dib utility has been added. Its capabilities include building disk image files and ramdisks. For more information, see the virt-dib(1) man page.
  • Multiple options have been added for the virt-customize, virt-builder, and virt-systprep utilities. (BZ#1218766)

virt-v2v and virt-p2v add support for latest Windows releases

The virt-v2v utility now includes support for converting virtual machines that use Windows 8, 8.1 and 10, and Windows Server 2012 and 2012R2 from the VMWare hypervisor to run on KVM, Red Hat Enterprise Virtualization, and OpenStack. In addition, the virt-p2v utility now includes support for converting physical machines that use the mentioned Windows systems to virtual machines compatible with KVM, Red Hat Enterprise Virtualization, and OpenStack. (BZ#1190669)

libvirt administration API added

This update enables an administration interface for the libvirtd service. Unlike persistent libvirtd configuration, which can be adjusted using the libvirtd.conf file and requires daemon restart each time it is modified, the administration interface enables users to change the daemon settings at any time. In addition, the administration interface provides multiple means of monitoring current daemon settings.
Specifically, the operations that the API enables include the following:
  • Listing all daemon servers
  • Listing all client connections
  • Providing detailed information about a client connection
  • Closing individual client connections in a forceful manner
  • Reconfiguration of the limits to number of allowed clients and active worker threads on the host.
The administration interface can be controlled using the virt-admin utility, which is based on the existing virsh client. For more information, see the virt-admin(1) man page. (BZ#735385)

virt-p2v is fully supported

The virt-p2v tool, introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview, is now fully supported. It enables converting physical machines to virtual machines compatible with the KVM hypervisor, and was previously available as a Technology Preview.
virt-p2v is provided as an ISO image that contains a minimal Red Hat Enterprise Linux distribution and the tool itself. To convert a physical machine, burn the ISO image to a CD and use it to boot the physical machine. PXE booting and USB booting are also supported. Afterwards, follow the on-screen instructions to perform a manual conversion or activate the automated conversion.
For further information, install the virt-v2v package and see the virt-p2v(1) manual page, or refer to the following Knowledgebase article:

New package: libvirt-nss

Red Hat Enterprise Linux 7.3 adds the libvirt-nss package, which enables you to use the libvirt Network Security Services (NSS) module. This module makes it easier to connect to guests with TLS, SSL, SSH, as well as other remote login services. In addition, it benefits utilities that use host name translation, such as ping. For more information, see the Red Hat Enterprise Linux 7 Virtualization Deployment and Administration Guide. (BZ#1325996)

Intel Xeon v5 processors supported on KVM guests

Support for Intel Xeon v5 processors has now been added to the KVM hypervisor and kernel code, and to the libvirt API. This enables KVM guest virtual machines to use the following features: MPX, XSAVEC, XGETBV1. (BZ#1327599)

VirtIO 1.0 full support

VirtIO 1.0 devices, introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview, are now fully supported. (BZ#1227339)

libvirt iptables rules can be manually managed for a specified network

libvirt automatically generates and applies iptables rules appropriate for each type of network it creates. The rules are controlled by forward mode in the configuration of each network. Previously, there was no way for users to disable these automatically generated iptables rules and manually manage the iptables rules. In the current release, the open network forward mode was added. When specified for a network, libvirt does not generate any iptables rules for the network. As a result, iptables rules added outside the scope of libvirt are not disrupted and users can manually manage iptables rules. (BZ#846810)

open-vm-tools rebased to version 10.0.5

The open-vm-tools packages have been upgraded to upstream version 10.0.5, which provides a number of bug fixes and enhancements over the previous version. Notably, it introduces the guest OS customization (GOSC) and quiesce snapshot features. (BZ#1268537)

virt-who handles HTTP error 429 properly

When the Subscription Manager load is too big, it might return HTTP error code 429 to rate-limit communication with the client. Previously, virt-who did not handle this error code properly, resulting in sub-optimal behavior. With this update, virt-who now handles HTTP error code 429 properly and retries the communication with Subscription Manager later. (BZ#1286945)

Encrypted Hyper-V connections supported in virt-who

Previously, virt-who used unencrypted Hyper-V connections. All data was sent in plain text. This had security implications and needed special configuration on Hyper-V servers to be allowed. With this update, virt-who now uses Windows NT LAN Manager (NTLM) sealing and signing to protect communication with Hyper-V servers. (BZ#1278637)

New channel for registering hypervisors that are not based on Red Hat Enterprise Linux

Previously, virt-who consumed one Red Hat Enterprise Linux 6 subscription for each registered hypervisor, even when the registered hypervisor was not Red Hat Enterprise Linux-based. With this update, virt-who creates and uses a new channel named Hypervisor Base for hypervisor registration on Satellite 5. As a result, virt-who now uses the Hypervisor Base channel for newly registered hypervisors and does not consume unnecessary Red Hat Enterprise Linux 6 subscriptions. (BZ#1245035)

Full support for Diag0c on IBM z Systems

Red Hat Enterprise Linux 7.3 provides full support for the Diag0c feature on IBM z Systems. Diag0c support makes it possible to read the CPU performance metrics provided by the z/VM hypervisor, and allows obtaining the management time for each online CPU of a Linux guest where the diagnose task is executed. (BZ#1278795)

The libvirt API generates addresses for USB devices

With this update, libvirt generates addresses for USB devices. These devices, along with the libvirt-generated address children can be found in the domain XML file. This ensures that future start, restore, and migrate operations have a consistent address for the guests' USB devices. As a result, you can migrate virtual machines to which USB devices have been attached. (BZ#1215968)

WALinuxAgent rebased to version 2.2.0

The Windows Azure Linux Agent has been upgraded to upstream version 2.2.0, which provides a number of bug fixes and enhancements over the previous version. This agent supports the provisioning and running of Linux Virtual Machines in the Windows Azure cloud and should be installed on Linux images that are built to run in the Windows Azure environment. The WALinuxAgent package is provided in the Extras channel. (BZ#1387783)