qemu kvm command line - BYUHPC/7lbd GitHub Wiki

QEMU Command Reference for Windows VMs

This document breaks down each component of the QEMU command used to launch Windows virtual machines in our environment.

# Launch QEMU
/usr/libexec/qemu-kvm \
    -name guest=${USER}_${job_uuid}_win11 \
    -machine pc-q35-rhel9.4.0 \
    -smbios file=${script_path}/smbios_data.bin \
    -drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/ovmf/OVMF_CODE.fd \
    -device ich9-ahci,id=sata_controller \
    -drive file=${JOB_TMP_DIR}/overlay_image.qcow2,format=qcow2,if=none,id=drive0 \
    -device ide-hd,drive=drive0,bus=sata_controller.0 \
    -m 8G \
    -cpu max \
    -smp 5 \
    -device virtio-net-pci,netdev=net0 \
    -netdev user,id=net0,net=169.254.100.0/24,dhcpstart=169.254.100.15,host=169.254.100.2,hostfwd=tcp::3389-:3389 \
    -boot c \
    -vga none \
    -device virtio-gpu-pci \
    -vnc unix:${JOB_TMP_DIR}/vnc.socket,lossy=on,non-adaptive=on \
    -rtc base=localtime \
    -usb -device usb-tablet

Base Command

/usr/libexec/qemu-kvm

The base executable for QEMU/KVM virtualization on RHEL-based systems. This binary includes KVM acceleration support.

VM Identification

-name guest=${USER}_${job_uuid}_win11
  • Sets a unique name for the VM instance using:
    • Current username (${USER})
    • Job UUID (${job_uuid})
    • OS identifier (win11)
  • This name allows others to quickly identify the VM in a process list

Machine Configuration

-machine pc-q35-rhel9.4.0

Specifies the machine type:

  • pc-q35: Modern PCIe-based chipset architecture
  • rhel9.4.0: RHEL 9.4 specific implementation of the Q35 chipset
  • The machine type must be new enough for the OS on the guest

System BIOS Configuration

-smbios file=${script_path}/smbios_data.bin

Loads SMBIOS (System Management BIOS) data from a binary file, passing the random, job selected password to the guest OS.

UEFI Firmware

-drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/ovmf/OVMF_CODE.fd
  • Loads UEFI firmware for secure boot support
  • pflash: Persistent flash memory interface
  • readonly=on: Prevents modifications to the UEFI firmware
  • Uses standard OVMF (Open Virtual Machine Firmware) code
  • Windows 11 typically requires UEFI firmware. Using standard bios is possible but requires a great deal of non-Microsoft trickery.
  • The VM will not boot without the appropriate UEFI firmware. Your path may vary.

Storage Controller

-device ich9-ahci,id=sata_controller

Creates a virtual SATA controller:

  • ich9-ahci: Intel ICH9 AHCI compatible controller
  • id=sata_controller: Unique identifier for referencing in drive attachments
  • This is the controller used to mount the virtual overlay file

Virtual Disk Configuration

-drive file=${JOB_TMP_DIR}/win11_overlay_image.qcow2,format=qcow2,if=none,id=drive0
-device ide-hd,drive=drive0,bus=sata_controller.0

Configures the virtual hard drive:

  • Specifies the overlay image location and format
  • Attaches the drive to the SATA controller
  • qcow2: QEMU Copy-On-Write v2 format
  • if=none: No default interface, allowing custom attachment

Memory Allocation

-m 8G

Allocates 8 gigabytes of RAM to the virtual machine. Note that you will most likely need to allocate more memory to the job than to the VM to allow for guacd, smbd, etc.

CPU Configuration

-cpu max
-smp 5
  • cpu max: Uses the highest available CPU feature set
  • smp: Sets the number of CPU cores. Less cores than 5 seems to affect login times and usability. YMMV. Note that you will need to allocate more cores to the job than you do for the VM for guacd, smbd, etc.

Network Configuration

-device virtio-net-pci,netdev=net0
-netdev user,id=net0,net=169.254.100.0/24,dhcpstart=169.254.100.15,host=169.254.100.2,hostfwd=tcp::3389-:3389

Sets up networking:

  • Uses VirtIO network device for better performance
  • Configures user-mode networking with:
    • Network range: 169.254.100.0/24
    • DHCP start address: 169.254.100.15
    • Host address: 169.254.100.2
    • Port forwarding: RDP port 3389 Qemu runs a DHCP server, and the guest OS picks up the first address at 169.254.100.15. The guest sees the host machine at address 169.254.100.2, which will be the address of the samba server. Port forwarding must be turned on for guest RDP port 3389 both for testing and when run in a network namespace. For testing, the port forwarding allows attaching to the guest RDP via Remmina or similar. When run in a network namespace, it allows the guacd container to contact the guest via RDP.

Boot Configuration

-boot c

Sets boot order to boot from the first hard drive (c).

Graphics for VNC

-vga none 
-device virtio-gpu-pci

These lines are not necessary if the size and color depth of the VNC interface is not important.

VNC Server Configuration

-vnc unix:${ROOT_DIR}/vnc.socket,lossy=on,non-adaptive=on

Configures VNC remote access:

  • Uses Unix socket for VNC connection. Use file permissions to make the Unix socket more secure than opening up VNC on a TCP port.
  • lossy=on: Enables lossy compression for better performance
  • non-adaptive=on: Disables adaptive encoding

Time Synchronization

-rtc base=localtime

Synchronizes guest clock with host's local time.

Input Device Configuration

-usb -device usb-tablet
  • Enables USB support
  • Adds USB tablet device for improved cursor handling
  • This is for VNC console use

Last updated: [current_date]