BACKGROUND IMAGE: stock.adobe.com
Overseeing an environment with multiple hypervisors and management tools can be overwhelming, but you can use libvirtd as a standard interface.
You'll find libvirt on any Linux-based hypervisor. Administrators can use a guest program to communicate with the libvirt-managed hypervisor, which allows administrators to start, stop and migrate VMs. This is done for locally running VMs, but using the libvirtd daemon also allows administrators to communicate with hypervisors running on other hardware platforms.
By default, libvirtd listens on a local Unix domain socket, thus enabling local communication only. It can be configured to listen on TCP/IP sockets, as well, which makes it accessible for clients over the network. Libvirtd runs as an independent layer, which means VMs don't need it to continue offering functionality.
As a result, you can bring it down or restart it to perform any management operation on the software that you'd like. As long as the VM configuration is defined in an XML file that's known to libvirtd, manipulating the daemon won't affect the state of the VM.
Understanding libvirtd configuration
Libvirtd uses one or more configuration files to specify how it should do its work. On CentOS 7.4, you'll find these configuration files in the directory /etc/libvirt.d. The main configuration file is libvirtd.conf, and there's a libvirt-admin.conf, as well. This file is used to define the Uniform Resource Identifier where libvirtd can be accessed, which is set to libvirtd:///system by default.
If you want to set up an environment where multiple hypervisors can be managed from one virtualization client, you'll need to enable libvirtd to listen on a TCP/IP socket. This is done through the /etc/libvirt.d/libvirtd.conf configuration file; just ensure the parameter listen_tcp = 1 is enabled. This will enable libvirtd to listen to incoming connections on TCP port 16509.
While using network-based management, it's a good idea to also enable Transport Layer Security, which allows for secure communication with libvirtd. This is accomplished by setting the listen_tls = 0 parameter. If TLS-secured communication is desired, you'll also need to set up a certificate authority and issue server certificates that can be handed out to the client. The default TLS port is TCP 16514.
In multihomed hypervisor hosts, you might also want to set the listen_addr parameter to specify the IP address that libvirtd is listening on for incoming connections. By default, it binds to any IP address, but by using this parameter, you can limit it to listen on specific ports only.
Managing Unix socket parameters
While network-enabling libvirtd is useful, the Unix socket configuration offers some important options, as well. By default, to manage VMs through libvirtd, you'll need to use root access. If, however, you enable the parameter unix_sock_group = "libvirt," any user who is a member of the Linux group libvirt will be allowed to manage VMs through libvirtd, which is a great benefit for operating a secure environment. By default, this will enable local users to access libvirtd using Unix sockets; if you want to open it for remote authentication, as well, you'll also need to set up an authentication protocol, such as Simple Authentication Security Layer.
After setting up libvirtd with all of the appropriate parameters, you can connect to it using any client that's using libvirt libraries. That includes default Linux clients such as virsh, virt-manager and the oVirt web client, but it allows you to develop custom clients, as well. By offering this functionality, libvirt is an essential part of the configuration involved in setting up Linux as a virtualization platform.
Get to know the virt-manager tool
Use these virsh commands for VM management
Understand how PowerShell for Linux works