I recently came to enjoy and use QEMU instead of Virtualbox. The Whonix documentation states “QEMU support has been deprecated in favor of KVM. The slow performance of pure emulation makes it impractical for the majority of Linux users.”.
Not yet being very experienced with QEMU/KVM, this has me confused: Isn’t QEMU using KVM anyway when invoking qemu with -enable-kvm? Is there still a speed difference in that case?
My second question: Is translating the provided libvirt xml files into raw QEMU commands all I have to do to use QEMU instead? Could someone maybe point me in the right direction on where I can read about how to do that correctly?
No. QEMU Is a pure machinehardware emulator by itself. Everything is emulated in software in userspace if not used with KVM which is what makes it slow, but it allows you to run software for another hardware platform like ARM on x86. KVM is the kernel extension and heavily accelerates CPUs by passing the instructions directly to the real CPU if it supports virtualization. In context of KVM, QEMU Is used to emulate everything else (I/O devices) safely by trapping the instructions and not passing them to the real disk, network card and so on.
qemu-kvm and qemu could both be used from commandline if you choose to do so. You will be missing out on things like Apparmor isolation of VMs since you are bypassing libvirt however. Also libvirt acts as an abstraction layer for VM settings which means you can theoretically switch to a different hypervisor with minimal xml editing.
No. QEMU Is a pure machinehardware emulator by itself. Everything is emulated in software in userspace if not used with KVM which is what makes it slow
But isn’t that only the case when -enable-kvm is not used, while using it activates that too, as you described? In the QEMU documentation the -enable-kvm option is described like this:
-enable-kvm
Enable KVM full virtualization support.
This being the option which enables QEMU to use KVM to use hardware accelerated virtualization.
qemu-kvm and qemu could both be used from commandline if you choose to do so. You will be missing out on things like Apparmor isolation of VMs since you are bypassing libvirt however. Also libvirt acts as an abstraction layer for VM settings which means you can theoretically switch to a different hypervisor with minimal xml editing.
I see, that of course sounds like an important feature to retain.
Can libvirt in general be seen as an expansion/layer on top of KVM and QEMU?
I think I understand, thank you very much for the explanation
So the main benefit of not using QEMU directly (with KVM enabled) is to make full use of the all the advantages libvirt provides.
I also think that it would be very cool if QEMU startup script templates would be provided at Whonix site. I don’t like virt-manager because it’s complex. I use QEMU and KVM with Tails etc and it works like charm. Virtualbox quality also does not impress me.
Cool, thank you. However does this require that you first create the libvirt VMs or do those commands work straight away with the xml files that come with the Whonix KVM package?
Also virsh wants root privileges, maybe it’s OK but it sounds little weird to me. :o
The fact that libvirt tools require root privileges for tasks that could be done without root is one of the reasons why I dislike it so much. I’ll try the plain Qemu commands, thanks.
