Feature Spotlight: Libvirt

by Jonatan Schlag, September 18, 2016

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Since 2011, we ship qemu as a package which makes it possible to virtualise another system on IPFire. This was very hard to use because there was no really nice way to create a new machine and to administrate them. Until now! After a lot of work and testing, I am happy to announce that libvirt is now available as a package for IPFire.

What is libvirt?

Libvirt is a library, which makes it very easy to administrate and control virtual machines, which are virtualised with qemu. It takes care of everything which is needed to control your VM: storage images, the network, the start and stop of the VMs, everything!

So what is the difference for IPFire users?

  • It is possible to install anything in a virtual machine: Existing add-ons like owncloud, any other web app, even a Microsoft Windows VM, you name it. But not everything is recommendable. See the security recommendations later in this post.
  • There is an easy way to control and administrate your VMs, via a tool called virt-manager. This program unfortunately only runs on Linux. So if you have Windows on your computer, there is at the moment no easy way, but we hope that we can provide a solution for this problem later.
  • There is a solution for the network of a VM, which is described in our wiki. Basically, the VMs are attached to a network zone (ORANGE/BLUE/GREEN) and are then treated by IPFire like a normal computer or server in the zone.

But there is also one huge issue with virtualization on IPFire:

Security

With every VM and every service inside a VM, the number of possibilities to attack and compromise your server grows. It is not impossible that somebody breaks out of the VM and damages your network, so be careful what you do. This should not make you scared, but you should know the risk.

We did our best to make the use of qemu and libvirt as safe as possible, but nothing can substitute a careful user. Of course this is an add-on as usual. So everyone can make the decision whether to use it or not on their own based on their risk evaluation which depends on the environment the IPFire system is running in. Of course a VM is cheaper to run than a second physical machine and sometimes you need an extra machine for testing and development; so there are good arguments on both sides.

How to get started?

If you now want to try out libvirt and qemu there are some things you should pay attention to:

  • Read the wiki article carefully, because there is the real possibility that you render your IPFire box unusable if you do not know what you have to do.
  • Update qemu to the latest version, there were some changes done for libvirt.
  • It is recommended to use a 64bit version of IPFire because on 32bit are some limitations which concern qemu. On all ARM architektures the packages are not available, because of hardware limitations.
  • If you find any bugs, file them in our bugtracker and we will fix them.
  • If you have any feedback, open a thread in the development section of the forum and we are happy to talk to you.

And now, have fun with this great new feature!

Greetings Jonatan.