3. Virtualization

Para Virtualization on Hardware Virtualized Machines (PV on HVM)
Red Hat Enterprise Linux 6 guests under Red Hat Enterprise Linux 5 Xen hosts can now utilize the PV on HVM drivers to improve the performance of I/O on virtualized network devices (xen-vnif) and virtualized block storage devices.
To enable Xen PV on HVM support in a Red Hat Enterprise Linux 6 HVM guest, add the following to the kernel boot command line:
   xen_pv_hvm=enable
Note, however, that due to conflicts with network configuration scripts, it is recommended that the xen guest vif specification set 'type=netfront' if the emulated rtl8139 device is not desired as the primary network interconnect.
virtio network device packet transmission algorithms
The virtio network device has two available algorithms for transmitting packets. The default is to use an asynchronous bottom half transmitter which typically shows good performance for all workloads. The alternate implementation uses a timer to delay transmit in an attempt to batch multiple packets together. The timer approach typically results higher latency, but may improve overall efficiency. To change from the default algorithm to the timer based approach, use the following procedure to create a wrapper script around qemu-kvm and specify it as the emulator for guests that require it.
  1. create the wrapper script
    $ cat > /usr/libexec/qemu-kvm.txtimer << EOF
    #!/bin/sh
    exec /usr/libexec/qemu-kvm \`echo "\$@" | sed
    's|virtio-net-pci|virtio-net-pci,tx=timer|g'\`
    EOF
    
  2. Make script executable
    $ chmod 755 /usr/libexec/qemu-kvm.txtimer
    
  3. Set selinux permissions
    $ restorecon /usr/libexec/qemu-kvm.txtimer
    
  4. Create selinux module
    $ cat > qemutxtimer.te << EOF
    policy_module(qemutxtimer, 1.0)
    
    gen_require(\`
     attribute virt_domain;
     type qemu_exec_t;
    ')
    
    can_exec(virt_domain, qemu_exec_t)
    EOF
    
  5. Build selinux module
    $ make -f /usr/share/selinux/devel/Makefile
    
  6. Install selinux module
    $ semodule -i qemutxtimer.pp # May later be uninstalled with -r
    
  7. Update guest XML to use qemu-kvm wrapper
    $ virsh edit $GUEST
    
    Replace:
        <emulator>/usr/libexec/qemu-kvm</emulator>
    
    With:
        <emulator>/usr/libexec/qemu-kvm.txtimer</emulator>
    

3.1. Known Issues

  • Under some circumstances, installation of a Red Hat Enterprise Linux 6 virtual guest stalls after the optional testing of media. Note that this issue has only been observed with Red Hat Enterprise Linux 6 guests that utilize multiple virtualized CPUs. To work around this issue, use a media source that is known to be verified, and skip the media test, or use a single virtualized CPU during installation.
  • Cancelling the disk physical cache for block devices and use of barriers for filesystems may slow down qcow2 dramatically. Use the following command to reduce the frequency of sync requests by pre-allocating new images and setting the cluster size to 2M
    ./qemu-img create  -opreallocation=metadata -ocluster_size=2M -f qcow2 $DISK $SIZE
    
  • In earlier versions of Red Hat Enterprise Linux, libvirt permitted PCI devices to be insecurely assigned to guests. In Red Hat Enterprise Linux 6, assignment of insecure devices is disabled by default by libvirt. However, this may cause assignment of previously working devices to start failing. To enable the old, insecure setting, edit /etc/libvirt/qemu.conf, set "relaxed_acs_check = 1", and restart libvirtd. Note that this action will re-open possible security issues.
  • Users upgrading from pre-release versions of Red Hat Enterprise Linux 6 (i.e. the virt-v2v versions less than virt-v2v-0.6.2-2.el6) may be required to update the default virt-v2v configuration file. Specifically, the 'viostor' app for Windows guests is replaced by the 'virtio' app, which now points to the directory containing the complete driver. Refer to the updated default configuration file for further details.
  • I/O Advanced Programmable Interrupt Controller (I/O APIC) timer interrupts are not emulated as non-maskable interrupts (NMIs) to virtualized guests. Consequently, if a virtualized guest uses the kernel parameter nmi_watchdog=1, the guest kernel will panic on boot.
  • The balloon service on Windows 7 guests can only be started by the "Administrator" user.
  • Direct Asynchronous IO (AIO) that is not issued on filesystem block boundaries, and falls into a hole in a sparse file on ext4 or xfs filesystems, may corrupt file data if multiple I/O operations modify the same filesystem block. Specifically, if qemu-kvm is used with the aio=native IO mode over a sparse device image hosted on the ext4 or xfs filesystem, guest filesystem corruption will occur if partitions are not aligned with the host filesystem block size. Generally, do not use aio=native option along with cache=none for QEMU. This issue can be avoided by using one of the following techniques:
    1. Align AIOs on filesystem block boundaries, or do not write to sparse files using AIO on xfs or ext4 filesystems.
    2. KVM: Use a non-sparse system image file or allocate the space by zeroing out the entire file.
    3. KVM: Create the image using an ext3 host filesystem instead of ext4.
    4. KVM: Invoke qemu-kvm with aio=threads (this is the default).
    5. KVM: Align all partitions within the guest image to the host's filesystem block boundary (default 4k).
  • On Red Hat Enterprise Linux 6 KVM virtual guests, unmounting a filesystem on an mdraid volume does not immediately free the underlying device for the mdadm --stop operation. Consequently, during installation on a system with pre-existing mdraid volumes the following error can appear while anaconda is looking for storage devices:
    MDRaidError: mddeactivate failed for /dev/md1: 08:26:59,485 ERROR   : Perhaps a
    running process, mounted filesystem or active volume group?
    
    To work around this issue, erase all data on the volume before installation by clearing the first several sectors of the volume with zeros.
  • Libvirt uses transient iptables rules for managing NAT or bridging to virtual machine guests. Any external command that reloads iptables state ( such as running system-config-firewall) will overwrite the entries needed by libvirt. Consequently, after running any command or tool that changes the state of iptables, guests may lose access the network. To work around this issue, use the command 'service libvirt reload' to restore libvirt's additional iptables rules.
  • Adding an rtl8139 NIC to an active Windows 2008 guest may result in the qemu-kvm process exiting. To work around this issue, shutdown the guest before adding additional rtl8139 NICs. Alternatively, install the virtio-net drivers and add a virtio NIC.
  • KVM users with a mix of virtio and ata disks should verify the boot device that anaconda chooses during installation. To verify the boot device, locate the "Install Target Devices" list in the disk selection screen that follows the partitioning type screen. Verify the boot device selection, which is indicated by a selector in the left-most column of the "Install Target Devices" list.
  • When installing Red Hat Enterprise Linux 6 as a new KVM guest, installer may incorrectly report amount of free memory available. Consequently, installation may terminate or switch to the text user interface. To work around this issue, increase amount of RAM allocated for the guest to 128 MB more than specified for the architecture and installation method.
  • A Windows virtual machine must be restarted after the installation of the kernel windows driver framework. If the virtual machine is not restarted it may crash when a memory balloon operation is performed.
  • Under some circumstances, if an 82576 Network driver (igb) is reloaded with the max_vfs=8 parameter and an uncorrectable PCIe AER error is seen on its port, the operation will hang or crash the host system. This error has been encountered with two 82576 devices connected via an IDT PES12N3A PCI Express Switch (rev 0c) plugged into a Westmere-EP's 5520/5500/X58 I/O Hub PCI Express Root Port 3. Note that other 82576 devices and IDT switches have worked in other Westmere-based systems
    If the error occurs, two workarounds have been found to enable the use of all eight virtual functions (VFs) for guest virtual machines(VMs):
    1. Reload the 82576 driver with max_vfs=1, then unload, then reload with max_vfs=8. For example:
      rmmod igb
      modprobe igb max_vfs=1
      rmmmod igbvf
      rmmod igb
      modprobe igb max_vfs=8
      
    2. If PCI AER functionality is not needed in the host, boot the kernel with the parameter setting: pci=noaer
  • A dual function, 82576 interface (codename: Kawela, PCI Vendor/Device ID: 8086:10c9) cannot have both physical functions (PF's) device-assigned to a Windows 2008 guest. Either physical function can be device assigned to a Windows 2008 guest (PCI function 0 or function 1), but not both.
  • virt-v2v is able to convert guests running on ESX server. A current limitation in virt-v2v means that if an ESX guest has a disk with a snapshot, the snapshot must be on the same datastore as the underlying disk storage. If the snapshot and underlying storage are on different datastores, virt-v2v will report a 404 error while trying to retrieve the storage.
  • Under some circumstances, the virtio queue will fill if an application on a guest repeatedly writes to a virtio-serial character device while the host is not processing the queue. Consequently, the guest will enter an infinite loop and appear to be hung. Once the host side of the character device is read from, the guest will return to normal functionality.
  • The qemu-kvm options to enable VMware device emulation are not functional or supported in Red Hat Enterprise Linux 6.
  • Avoid running guestfish (without the --ro option), virt-edit, virt-tar (in upload mode), virt-win-reg (in merge mode) or guestmount (without the --ro option) on live virtual machine disks. If any of these tools are used on live virtual machines, disk corruption might occur.