简介

QEMU is a generic and open source machine & userspace emulator and virtualizer.

QEMU is capable of emulating a complete machine in software without any need for hardware virtualization support. By using dynamic translation, it achieves very good performance. QEMU can also integrate with the Xen and KVM hypervisors to provide emulated hardware while allowing the hypervisor to manage the CPU. With hypervisor support, QEMU can achieve near native performance for CPUs. When QEMU emulates CPUs directly it is capable of running operating systems made for one machine (e.g. an ARMv7 board) on a different machine (e.g. an x86_64 PC board).

QEMU is also capable of providing userspace API virtualization for Linux and BSD kernel interfaces. This allows binaries compiled against one architecture ABI (e.g. the Linux PPC64 ABI) to be run on a host using a different architecture ABI (e.g. the Linux x86_64 ABI). This does not involve any hardware emulation, simply CPU and syscall emulation.

QEMU aims to fit into a variety of use cases. It can be invoked directly by users wishing to have full control over its behaviour and settings. It also aims to facilitate integration into higher level management layers, by providing a stable command line interface and monitor API. It is commonly invoked indirectly via the libvirt library when using open source applications such as oVirt, OpenStack and virt-manager.

QEMU as a whole is released under the GNU General Public License, version 2. For full licensing details, consult the LICENSE file.

安装依赖

1. 安装ninja

1
2
3
4
git clone git://github.com/ninja-build/ninja.git && cd ninja
 ./configure.py --bootstrap
cp ninja /usr/bin/
ninja --version

2. 安装其他依赖

1
dnf install -y glib2 glib2-devel gtk2-devel

编译Qemu

基于官方源码包编译

官网下载地址:Download QEMU - QEMU

1
2
3
4
5
6
7
8
9
10
11
12
13
# 下载源码
wget https://download.qemu.org/qemu-7.2.0-rc2.tar.xz
tar xvJf qemu-7.2.0-rc2.tar.xz
cd qemu-7.2.0-rc2 && mkdir build && cd build

# 配置
../configure

# 编译
make -j$(nproc --ignore=1)

# 安装
make install

基于GitHub编译

GitHub:https://github.com/qemu/qemu/tree/master

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 下载源码
git clone https://github.com/qemu/qemu.git
cd qemu
git submodule init
git submodule update --recursive
mkdir build && cd build

# 配置
../configure

# 编译
make -j$(nproc --ignore=1)

# 安装
make install

configure 配置

常用配置

1
2
3
../configure --target-list=x86_64-softmmu \
    --enable-kvm --enable-spice --enable-vnc --enable-guest-agent \
    --enable-rbd --enable-seccomp --enable-numa --enable-virglrenderer

可选配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
[root@k104 qemu-2.12.0]# ./configure --help

Usage: configure [options]
Options: [defaults in brackets after descriptions]

Standard options:
  --help                   print this message
  --prefix=PREFIX          install in PREFIX [/usr/local]
  --interp-prefix=PREFIX   where to find shared libraries, etc.
                           use %M for cpu name [/usr/gnemul/qemu-%M]
  --target-list=LIST       set target list (default: build everything)
                           Available targets: aarch64-softmmu alpha-softmmu
                           arm-softmmu cris-softmmu hppa-softmmu i386-softmmu
                           lm32-softmmu m68k-softmmu microblazeel-softmmu
                           microblaze-softmmu mips64el-softmmu mips64-softmmu
                           mipsel-softmmu mips-softmmu moxie-softmmu
                           nios2-softmmu or1k-softmmu ppc64-softmmu
                           ppcemb-softmmu ppc-softmmu riscv32-softmmu
                           riscv64-softmmu s390x-softmmu sh4eb-softmmu
                           sh4-softmmu sparc64-softmmu sparc-softmmu
                           tricore-softmmu unicore32-softmmu x86_64-softmmu
                           xtensaeb-softmmu xtensa-softmmu
                           aarch64_be-linux-user aarch64-linux-user
                           alpha-linux-user armeb-linux-user arm-linux-user
                           cris-linux-user hppa-linux-user i386-linux-user
                           m68k-linux-user microblazeel-linux-user
                           microblaze-linux-user mips64el-linux-user
                           mips64-linux-user mipsel-linux-user mips-linux-user
                           mipsn32el-linux-user mipsn32-linux-user
                           nios2-linux-user or1k-linux-user
                           ppc64abi32-linux-user ppc64le-linux-user
                           ppc64-linux-user ppc-linux-user riscv32-linux-user
                           riscv64-linux-user s390x-linux-user sh4eb-linux-user
                           sh4-linux-user sparc32plus-linux-user
                           sparc64-linux-user sparc-linux-user
                           tilegx-linux-user x86_64-linux-user
                           xtensaeb-linux-user xtensa-linux-user

Advanced options (experts only):
  --source-path=PATH       path of source code [/root/renyb/qemu/qemu-2.12.0]
  --cross-prefix=PREFIX    use PREFIX for compile tools []
  --cc=CC                  use C compiler CC [cc]
  --iasl=IASL              use ACPI compiler IASL [iasl]
  --host-cc=CC             use C compiler CC [cc] for code run at
                           build time
  --cxx=CXX                use C++ compiler CXX [c++]
  --objcc=OBJCC            use Objective-C compiler OBJCC [cc]
  --extra-cflags=CFLAGS    append extra C compiler flags QEMU_CFLAGS
  --extra-cxxflags=CXXFLAGS append extra C++ compiler flags QEMU_CXXFLAGS
  --extra-ldflags=LDFLAGS  append extra linker flags LDFLAGS
  --make=MAKE              use specified make [make]
  --install=INSTALL        use specified install [install]
  --python=PYTHON          use specified python [python]
  --smbd=SMBD              use specified smbd [/usr/sbin/smbd]
  --with-git=GIT           use specified git [git]
  --static                 enable static build [no]
  --mandir=PATH            install man pages in PATH
  --datadir=PATH           install firmware in PATH/qemu
  --docdir=PATH            install documentation in PATH/qemu
  --bindir=PATH            install binaries in PATH
  --libdir=PATH            install libraries in PATH
  --libexecdir=PATH        install helper binaries in PATH
  --sysconfdir=PATH        install config in PATH/qemu
  --localstatedir=PATH     install local state in PATH (set at runtime on win32)
  --firmwarepath=PATH      search PATH for firmware files
  --with-confsuffix=SUFFIX suffix for QEMU data inside datadir/libdir/sysconfdir [/qemu]
  --with-pkgversion=VERS   use specified string as sub-version of the package
  --enable-debug           enable common debug build options
  --enable-sanitizers      enable default sanitizers
  --disable-strip          disable stripping binaries
  --disable-werror         disable compilation abort on warning
  --disable-stack-protector disable compiler-provided stack protection
  --audio-drv-list=LIST    set audio drivers list:
                           Available drivers: oss alsa sdl pa
  --block-drv-whitelist=L  Same as --block-drv-rw-whitelist=L
  --block-drv-rw-whitelist=L
                           set block driver read-write whitelist
                           (affects only QEMU, not qemu-img)
  --block-drv-ro-whitelist=L
                           set block driver read-only whitelist
                           (affects only QEMU, not qemu-img)
  --enable-trace-backends=B Set trace backend
                           Available backends: dtrace ftrace log simple syslog ust
  --with-trace-file=NAME   Full PATH,NAME of file to store traces
                           Default:trace-<pid>
  --disable-slirp          disable SLIRP userspace network connectivity
  --enable-tcg-interpreter enable TCG with bytecode interpreter (TCI)
  --enable-malloc-trim     enable libc malloc_trim() for memory optimization
  --oss-lib                path to OSS library
  --cpu=CPU                Build for host CPU [x86_64]
  --with-coroutine=BACKEND coroutine backend. Supported options:
                           ucontext, sigaltstack, windows
  --enable-gcov            enable test coverage analysis with gcov
  --gcov=GCOV              use specified gcov [gcov]
  --disable-blobs          disable installing provided firmware blobs
  --with-vss-sdk=SDK-path  enable Windows VSS support in QEMU Guest Agent
  --with-win-sdk=SDK-path  path to Windows Platform SDK (to build VSS .tlb)
  --tls-priority           default TLS protocol/cipher priority string
  --enable-gprof           QEMU profiling with gprof
  --enable-profiler        profiler support
  --enable-xen-pv-domain-build
                           xen pv domain builder
  --enable-debug-stack-usage
                           track the maximum stack usage of stacks created by qemu_alloc_stack

Optional features, enabled with --enable-FEATURE and
disabled with --disable-FEATURE, default is enabled if available:

  system          all system emulation targets
  user            supported user emulation targets
  linux-user      all linux usermode emulation targets
  bsd-user        all BSD usermode emulation targets
  docs            build documentation
  guest-agent     build the QEMU Guest Agent
  guest-agent-msi build guest agent Windows MSI installation package
  pie             Position Independent Executables
  modules         modules support
  debug-tcg       TCG debugging (default is disabled)
  debug-info      debugging information
  sparse          sparse checker

  gnutls          GNUTLS cryptography support
  nettle          nettle cryptography support
  gcrypt          libgcrypt cryptography support
  sdl             SDL UI
  --with-sdlabi     select preferred SDL ABI 1.2 or 2.0
  gtk             gtk UI
  --with-gtkabi     select preferred GTK ABI 2.0 or 3.0
  vte             vte support for the gtk UI
  curses          curses UI
  vnc             VNC UI support
  vnc-sasl        SASL encryption for VNC server
  vnc-jpeg        JPEG lossy compression for VNC server
  vnc-png         PNG compression for VNC server
  cocoa           Cocoa UI (Mac OS X only)
  virtfs          VirtFS
  mpath           Multipath persistent reservation passthrough
  xen             xen backend driver support
  xen-pci-passthrough
  brlapi          BrlAPI (Braile)
  curl            curl connectivity
  membarrier      membarrier system call (for Linux 4.14+ or Windows)
  fdt             fdt device tree
  bluez           bluez stack connectivity
  kvm             KVM acceleration support
  hax             HAX acceleration support
  hvf             Hypervisor.framework acceleration support
  whpx            Windows Hypervisor Platform acceleration support
  rdma            Enable RDMA-based migration and PVRDMA support
  vde             support for vde network
  netmap          support for netmap network
  linux-aio       Linux AIO support
  cap-ng          libcap-ng support
  attr            attr and xattr support
  vhost-net       vhost-net acceleration support
  vhost-crypto    vhost-crypto acceleration support
  spice           spice
  rbd             rados block device (rbd)
  libiscsi        iscsi support
  libnfs          nfs support
  smartcard       smartcard support (libcacard)
  libusb          libusb (for usb passthrough)
  live-block-migration   Block migration in the main migration stream
  usb-redir       usb network redirection support
  lzo             support of lzo compression library
  snappy          support of snappy compression library
  bzip2           support of bzip2 compression library
                  (for reading bzip2-compressed dmg images)
  seccomp         seccomp support
  coroutine-pool  coroutine freelist (better performance)
  glusterfs       GlusterFS backend
  tpm             TPM support
  libssh2         ssh block device support
  numa            libnuma support
  libxml2         for Parallels image format
  tcmalloc        tcmalloc support
  jemalloc        jemalloc support
  replication     replication support
  vhost-vsock     virtio sockets device support
  opengl          opengl support
  virglrenderer   virgl rendering support
  xfsctl          xfsctl support
  qom-cast-debug  cast debugging support
  tools           build qemu-io, qemu-nbd and qemu-image tools
  vxhs            Veritas HyperScale vDisk backend support
  crypto-afalg    Linux AF_ALG crypto backend driver
  vhost-user      vhost-user support
  capstone        capstone disassembler support

NOTE: The object files are built at the place where configure is launched

功能验证

1
2
3
4
5
6
7
[root@k104 ~]# qemu-system-aarch64 --version
QEMU emulator version 2.12.0
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
[root@k104 ~]#
[root@k104 ~]# qemu-aarch64 --version
qemu-aarch64 version 2.12.0
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

qemu-aarch64 是用户模式的模拟器(更精确的表述应该是系统调用模拟器)

qemu-system-aarch64 是系统模拟器,可以模拟出整个机器并运行操作系统

qemu-aarch64 仅可用来运行二进制文件,因此你可以交叉编译完例如hello world之类的程序然后交给 qemu-aarch64 来运行,简单而高效。

而 qemu-system-aarch64 则需要把hello world程序下载到客户机操作系统能访问到的硬盘里才能运行。

卸载Qemu

源码安装的Qemu,无法通过系统工具进行卸载,也没有办法通过make uninstall方法卸载,只能通过删除文件的方式进行卸载,需要到这四个目录中找出相关的文件然后删除掉:

  • 可执行文件默认放在:/usr/local/bin

  • 库文件默认放在:/usr/local/libexec

  • 配置文件默认放在:/usr/local/etc

  • 共享文件默认放在:/usr/local/share

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 编译默认存储位置,执行configure后输出
Install prefix    /usr/local
BIOS directory    /usr/local/share/qemu
firmware path     /usr/local/share/qemu-firmware
binary directory  /usr/local/bin
library directory /usr/local/lib
module directory  /usr/local/lib/qemu
libexec directory /usr/local/libexec
include directory /usr/local/include
config directory  /usr/local/etc
local state directory   /usr/local/var
Manual directory  /usr/local/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path       /root/renyb/qemu-2.12.0
...

常见问题

编译报错:error: ‘SIOCGSTAMPNS’undeclared here (not in a function)

解决方案:qemu-2.12.0/linux-user/ioctls.h增加头文件引用,内容如下:

1
2
#include <linux/sockios.h>
...

VM启动失败:unsupported machine type

报错信息: qemu-system-x86_64: -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off,dump-guest-core=off: unsupported machine type

解决方案: 通过命令qemu-system-x86_64 -machine help查看支持的machine信息。若上层为OpenStack,则修改nova compute配置文件,libvirt - hw_machine_type = x86_64=pc-q35-2.12(x86_64=后面的值参考命令行输出)。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[root@k104 ~]# qemu-system-x86_64 -machine help
Supported machines are:
pc-i440fx-2.9        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.8        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.7        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.6        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.5        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.4        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.3        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.2        Standard PC (i440FX + PIIX, 1996)
pc                   Standard PC (i440FX + PIIX, 1996) (alias of pc-i440fx-2.12)
pc-i440fx-2.12       Standard PC (i440FX + PIIX, 1996) (default)
pc-i440fx-2.11       Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.10       Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.1        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.0        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.7        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.6        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.5        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.4        Standard PC (i440FX + PIIX, 1996)
pc-1.3               Standard PC (i440FX + PIIX, 1996)
pc-1.2               Standard PC (i440FX + PIIX, 1996)
pc-1.1               Standard PC (i440FX + PIIX, 1996)
pc-1.0               Standard PC (i440FX + PIIX, 1996)
pc-0.15              Standard PC (i440FX + PIIX, 1996)
pc-0.14              Standard PC (i440FX + PIIX, 1996)
pc-0.13              Standard PC (i440FX + PIIX, 1996)
pc-0.12              Standard PC (i440FX + PIIX, 1996)
pc-0.11              Standard PC (i440FX + PIIX, 1996)
pc-0.10              Standard PC (i440FX + PIIX, 1996)
pc-q35-2.9           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.8           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.7           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.6           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.5           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.4           Standard PC (Q35 + ICH9, 2009)
q35                  Standard PC (Q35 + ICH9, 2009) (alias of pc-q35-2.12)
pc-q35-2.12          Standard PC (Q35 + ICH9, 2009)
pc-q35-2.11          Standard PC (Q35 + ICH9, 2009)
pc-q35-2.10          Standard PC (Q35 + ICH9, 2009)
isapc                ISA-only PC
none                 empty machine

VM启动失败:seccomp support is disabled

报错信息: qemu-system-x86_64: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny: seccomp support is disabled

参考链接:虚拟化安全sandbox技术分析 - 腾讯云开发者社区-腾讯云

解决方案: 有两种方法可解决该问题:

方法1 - 编译时,需启用seccomp

1
2
3
4
# 1. 安装依赖
yum -y install libseccomp libseccomp-devel

# 2. ../configure 编译时,增加--enable-seccomp参数

方法2 - /etc/libvirt/qemu.conf配置文件中,关闭seccomp_sandbox

1
2
3
4
5
6
7
8
9
# Use seccomp syscall sandbox in QEMU.
# 1 == seccomp enabled, 0 == seccomp disabled
#
# If it is unset (or -1), then seccomp will be enabled
# only if QEMU >= 2.11.0 is detected, otherwise it is
# left disabled. This ensures the default config gets
# protection for new QEMU using the blacklist approach.
#
seccomp_sandbox = 0

VM启动失败:NUMA node binding are not supported by this QEMU

报错信息: qemu-system-x86_64: -object memory-backend-file,id=ram-node0,prealloc=yes,mem-path=/dev/hugepages/libvirt/qemu/1-instance-0000006f,share=yes,size=4294967296,host-nodes=0,policy=bind: NUMA node binding are not supported by this QEMU

解决方案: 编译时,需启用numa

1
2
3
4
# 1. 安装依赖
yum -y install numactl-libs

# 2. ../configure 编译时,增加--enable-numa参数

VM启动失败:Unknown protocol ‘rbd’

报错信息: qemu-system-x86_64: -drive file=rbd:cinder-volumes/c1a319f3-9185-4f94-9986-1fb7f6a0c18d:id=cinder:auth_supported=cephx;none:mon_host=111.111.9.104:6789,file.password-secret=virtio-disk0-secret0,format=raw,if=none,id=drive-virtio-disk0,serial=c1a319f3-9185-4f94-9986-1fb7f6a0c18d,cache=writeback,discard=unmap: Unknown protocol ‘rbd’

解决方案: 编译时,需启用rbd

1
2
3
4
# 1. 安装依赖
yum -y install librbd-devel

# 2. ../configure 编译时,增加--enable-rbd参数

检测是否支持rbd:

1
2
()[root@k207 /]# qemu-img -h | grep rbd
Supported formats: blkdebug blkreplay blkverify bochs cloop copy-on-read dmg file ftp ftps gluster host_cdrom host_device http https iscsi iser luks nbd null-aio null-co nvme parallels qcow qcow2 qed quorum raw rbd sheepdog ssh throttle vdi vhdx vmdk vpc vvfat

VM启动失败:no secret with matching uuid ‘xxx’

报错信息: libvirtError: Secret not found: no secret with matching uuid ‘457eb676-33da-42ec-9a8c-9293d545c337’

解决方案: 更换libvirt后,ceph对接的secret本机不存在,导致创建ceph卷报错,需手动导入该secret。libvirt对接ceph可参考官方文档:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 创建virsh secret xml
cat > secret.xml <<EOF
<secret ephemeral='no' private='no'>
    <uuid>457eb676-33da-42ec-9a8c-9293d545c337</uuid>
    <usage type='ceph'>
        <name>client.libvirt secret</name>
    </usage>
</secret>
EOF

# 创建virsh secret
virsh secret-define --file secret.xml

# 查看ceph secret key
[root@k104 ceph]# cat ceph.client.cinder.keyring
[client.cinder]
        key = AQCK1O1jjokSKxAAClJwrXT/POuFyRX5LCS2dQ==
        caps mon = "profile rbd"
        caps osd = "profile rbd"

# 设置virsh secret
virsh secret-set-value --secret 457eb676-33da-42ec-9a8c-9293d545c337 --base64 AQCK1O1jjokSKxAAClJwrXT/POuFyRX5LCS2dQ==

VM启动失败: Could not access KVM kernel module: Permission denied

报错信息: libvirtError: internal error: process exited while connecting to monitor: Could not access KVM kernel module: Permission denied

解决方案: /dev/kvm设备权限不对,需授予普通用户读写权限。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@k104 ~]# ll /dev/kvm
crw------- 1 root root 10, 232 Feb 22 13:47 /dev/kvm
[root@k104 ~]#
[root@k104 ~]# rmmod kvm_intel
[root@k104 ~]# rmmod kvm
[root@k104 ~]# modprobe kvm
[root@k104 ~]# modprobe kvm_intel
[root@k104 ~]#
[root@k104 ~]# ll /dev/kvm
crw------- 1 root root 10, 232 Feb 22 13:48 /dev/kvm
[root@k104 ~]#
[root@k104 ~]# chmod 666 /dev/kvm
[root@k104 ~]#
[root@k104 ~]# ll /dev/kvm
crw-rw-rw- 1 root root 10, 232 Feb 22 13:48 /dev/kvm

参考文档