virsh

Sommaire

NAME

virsh - management user interface

SYNOPSIS

virsh <subcommand> [args]

DESCRIPTION

The virsh program is the main interface for managing virsh guest domains. The program can be used to create, pause, and shutdown domains. It can also be used to list current domains. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). It is free software available under the GNU Lesser General Public License. Virtualization of the Linux Operating System means the ability to run multiple instances of Operating Systems concurrently on a single hardware system where the basic resources are driven by a Linux instance. The library aims at providing a long term stable C API. It currently supports Xen, QEmu, KVM, LXC, OpenVZ, VirtualBox, OpenNebula, and VMware ESX.

The basic structure of most virsh usage is:

   virsh <command> <domain-id> [OPTIONS]

Where command is one of the commands listed below, domain-id is the numeric domain id, or the domain name (which will be internally translated to domain id), and OPTIONS are command specific options. There are a few exceptions to this rule in the cases where the command in question acts on all domains, the entire machine, or directly on the xen hypervisor. Those exceptions will be clear for each of those commands.

The virsh program can be used either to run one command at a time by giving the command as an argument on the command line, or as a shell if no command is given in the command line, it will then start a minimal interpreter waiting for your commands and the quit command will then exit the program.

NOTES

Most virsh operations rely upon the libvirt library being able to connect to an already running libvirtd service. This can usually be done using the command service libvirtd start.

Most virsh commands require root privileges to run due to the communications channels used to talk to the hypervisor. Running as non root will return an error.

Most virsh commands act synchronously, except maybe shutdown, setvcpus and setmem. In those cases the fact that the virsh program returned, may not mean the action is complete and you must poll periodically to detect that the guest completed the operation.

GENERIC COMMANDS

The following commands are generic i.e. not specific to a domain.
help optional command
This prints a small synopsis about all commands available for virsh help command will print out a detailed help message on that command.
quit, exit
quit this interactive terminal
version
Will print out the major version info about what this built from.

Example
virsh version
Compiled against library: libvir 0.0.6
Using library: libvir 0.0.6
Using API: Xen 3.0.0
Running hypervisor: Xen 3.0.0
cd optional directory
Will change current directory to directory. The default directory for the cd command is the home directory or, if there is no HOME variable in the environment, the root directory.

This command is only available in interactive mode.

pwd
Will print the current directory.
connect URI optional --readonly
(Re)-Connect to the hypervisor. When the shell is first started, this is automatically run with the URI parameter requested by the "-c" option on the command line. The URI parameter specifies how to connect to the hypervisor. The documentation page at <http://libvirt.org/uri.html> list the values supported, but the most common are:
xen:///
this is used to connect to the local Xen hypervisor, this is the default
qemu:///system
connect locally as root to the daemon supervising QEmu and KVM domains
qemu:///session
connect locally as a normal user to his own set of QEmu and KVM domains
lxc:///
connect to a local linux container

For remote access see the documentation page on how to make URIs. The --readonly option allows for read-only connection
uri
Prints the hypervisor canonical URI, can be useful in shell mode.
hostname
Print the hypervisor hostname.
nodeinfo
Returns basic information about the node, like number and type of CPU, and size of the physical memory.
capabilities
Print an XML document describing the capabilities of the hypervisor we are currently connected to. This includes a section on the host capabilities in terms of CPU and features, and a set of description for each kind of guest which can be virtualized. For a more complete description see:
  <http://libvirt.org/formatcaps.html> The XML also show the NUMA topology information if available.
list optional --inactive --all
Prints information about one or more domains. If no domains are specified it prints out information about running domains.

An example format for the list is as follows:

virsh list
 Id Name                 State

----------------------------------

   0 Domain-0             running
   2 fedora               paused

Name is the name of the domain. ID the domain numeric id. State is the run state (see below).

STATES

The State field lists 7 states for a domain, and which ones the current domain is in.

running
The domain is currently running on a CPU
idle
The domain is idle, and not running or runnable. This can be caused because the domain is waiting on IO (a traditional wait state) or has gone to sleep because there was nothing else for it to do.
paused
The domain has been paused, usually occurring through the administrator running virsh suspend. When in a paused state the domain will still consume allocated resources like memory, but will not be eligible for scheduling by the hypervisor.
shutdown
The domain is in the process of shutting down, i.e. the guest operating system has been notified and should be in the process of stopping its operations gracefully.
shut off
The domain is not running. Usually this indicates the domain has been shut down completely, or has not been started.
crashed
The domain has crashed, which is always a violent ending. Usually this state can only occur if the domain has been configured not to restart on crash.
dying
The domain is in process of dying, but hasn't completely shutdown or crashed.
freecell optional cellno
Prints the available amount of memory on the machine or within a NUMA cell if cellno is provided.
cpu-baseline FILE
Compute baseline CPU which will be supported by all host CPUs given in <file>. The list of host CPUs is built by extracting all <cpu> elements from the <file>. Thus, the <file> can contain either a set of <cpu> elements separated by new lines or even a set of complete <capabilities> elements printed by capabilities command.
cpu-compare FILE
Compare CPU definition from XML <file> with host CPU. The XML <file> may contain either host or guest CPU definition. The host CPU definition is the <cpu> element and its contents as printed by capabilities command. The guest CPU definition is the <cpu> element and its contents from domain XML definition. For more information on guest CPU definition see: <http://libvirt.org/formatdomain.html#elementsCPU>

DOMAIN COMMANDS

The following commands manipulate domains directly, as stated previously most commands take domain-id as the first parameter. The domain-id can be specified as an short integer, a name or a full UUID.
autostart optional --disable domain-id
Configure a domain to be automatically started at boot.

The option --disable disables autostarting.

console domain-id
Connect the virtual serial console for the guest.
create FILE optional --console --paused
Create a domain from an XML <file>. An easy way to create the XML <file> is to use the dumpxml command to obtain the definition of a pre-existing guest. The domain will be paused if the --paused option is used and supported by the driver; otherwise it will be running. If --console is requested, attach to the console after creation.

Example

  virsh dumpxml <domain-id> > domain.xml
  edit domain.xml
  virsh create < domain.xml
define FILE
Define a domain from an XML <file>. The domain definition is registered but not started.
destroy domain-id
Immediately terminate the domain domain-id. This doesn't give the domain OS any chance to react, and it's the equivalent of ripping the power cord out on a physical machine. In most cases you will want to use the shutdown command instead.
domblkstat domain block-device
Get device block stats for a running domain.
domifstat domain interface-device
Get network interface stats for a running domain.
dommemstat domain
Get memory stats for a running domain.
domblkinfo domain block-device
Get block device size info for a domain.
dominfo domain-id
Returns basic information about the domain.
domuuid domain-name-or-id
Convert a domain name or id to domain UUID
domid domain-name-or-uuid
Convert a domain name (or UUID) to a domain id
domjobabort domain-id-or-uuid
Abort the currently running domain job.
domjobinfo domain-id-or-uuid
Returns information about jobs running on a domain.
domname domain-id-or-uuid
Convert a domain Id (or UUID) to domain name
domstate domain-id
Returns state about a running domain.
domxml-from-native format config
Convert the file config in the native guest configuration format named by format to a domain XML format.
domxml-to-native format xml
Convert the file xml in domain XML format to the native guest configuration format named by format.
dump domain-id corefilepath
Dumps the core of a domain to a file for analysis.
dumpxml domain-id optional --inactive --security-info --update-cpu
Output the domain information as an XML dump to stdout, this format can be used by the create command. Additional options affecting the XML dump may be used. --inactive tells virsh to dump domain configuration that will be used on next start of the domain as opposed to the current domain configuration. Using --security-info security sensitive information will also be included in the XML dump. --update-cpu updates domain CPU requirements according to host CPU.
edit domain-id
Edit the XML configuration file for a domain.

This is equivalent to:

  virsh dumpxml domain > domain.xml
  edit domain.xml
  virsh define domain.xml

except that it does some error checking.

The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".

managedsave domain-id
Ask libvirt to save a running domain state in a place managed by libvirt. If libvirt is asked to restart the domain later on it will resume it from the saved domain state (and the state is discarded).
managedsave-remove domain-id
Remove the managed save file for a domain if it exists. The next time the domain is started it will not restore to its previous state but instead will do a full boot.
migrate optional --live --suspend domain-id desturi migrateuri
Migrate domain to another host. Add --live for live migration; --suspend leaves the domain paused on the destination host. The desturi is the connection URI of the destination host, and migrateuri is the migration URI, which usually can be omitted.
migrate-setmaxdowntime domain-id downtime
Set maximum tolerable downtime for a domain which is being live-migrated to another host. The downtime is a number of milliseconds the guest is allowed to be down at the end of live migration.
reboot domain-id
Reboot a domain. This acts just as if the domain had the reboot command run from the console. The command returns as soon as it has executed the reboot action, which may be significantly before the domain actually reboots.

The exact behavior of a domain when it reboots is set by the on_reboot parameter in the domain's XML definition.

restore state-file
Restores a domain from an virsh save state file. See save for more info.
save domain-id state-file
Saves a running domain to a state file so that it can be restored later. Once saved, the domain will no longer be running on the system, thus the memory allocated for the domain will be free for other domains to use. virsh restore restores from this state file.

This is roughly equivalent to doing a hibernate on a running computer, with all the same limitations. Open network connections may be severed upon restore, as TCP timeouts may have expired.

schedinfo optional --set parameter=value domain-id
schedinfo optional --weight number optional --cap number domain-id
Allows you to show (and set) the domain scheduler parameters. The parameters available for each hypervisor are:

LXC, QEMU/KVM (posix scheduler): cpu_shares

Xen (credit scheduler): weight, cap

ESX (allocation scheduler): reservation, limit, shares

Note: The cpu_shares parameter has a valid value range of 0-262144.

Note: The weight and cap parameters are defined only for the XEN_CREDIT scheduler and are now DEPRECATED.

setmem domain-id kilobytes
Change the current memory allocation in the guest domain. This should take effect immediately. The memory limit is specified in kilobytes.

For Xen, you can only adjust the memory of a running domain if the domain is paravirtualized or running the PV balloon driver.

setmaxmem domain-id kilobytes
Change the maximum memory allocation limit in the guest domain. This should not change the current memory use. The memory limit is specified in kilobytes.
setvcpus domain-id count
Change the number of virtual CPUs active in the guest domain. Note that count may be limited by host, hypervisor or limit coming from the original description of domain.

For Xen, you can only adjust the virtual CPUs of a running domain if the domain is paravirtualized.

shutdown domain-id
Gracefully shuts down a domain. This coordinates with the domain OS to perform graceful shutdown, so there is no guarantee that it will succeed, and may take a variable length of time depending on what services must be shutdown in the domain.

The exact behavior of a domain when it shuts down is set by the on_shutdown parameter in the domain's XML definition.

start domain-name optional --console --paused
Start a (previously defined) inactive domain. The domain will be paused if the --paused option is used and supported by the driver; otherwise it will be running. If --console is requested, attach to the console after creation.
suspend domain-id
Suspend a running domain. It is kept in memory but won't be scheduled anymore.
resume domain-id
Moves a domain out of the suspended state. This will allow a previously suspended domain to now be eligible for scheduling by the underlying hypervisor.
ttyconsole domain-id
Output the device used for the TTY console of the domain. If the information is not available the processes will provide an exit code of 1.
undefine domain-id
Undefine the configuration for an inactive domain. Since it's not running the domain name or UUID must be used as the domain-id.
vcpuinfo domain-id
Returns basic information about the domain virtual CPUs, like the number of vCPUs, the running time, the affinity to physical processors.
vcpupin domain-id vcpu cpulist
Pin domain VCPUs to host physical CPUs. The vcpu number must be provided and cpulist is a comma separated list of physical CPU numbers.
vncdisplay domain-id
Output the IP address and port number for the VNC display. If the information is not available the processes will provide an exit code of 1.

DEVICE COMMANDS

The following commands manipulate devices associated to domains. The domain-id can be specified as an short integer, a name or a full UUID. To better understand the values allowed as options for the command reading the documentation at <http://libvirt.org/formatdomain.html> on the format of the device sections to get the most accurate set of accepted values.
attach-device domain-id FILE
Attach a device to the domain, using a device definition in an XML file. See the documentation to learn about libvirt XML format for a device. For cdrom and floppy devices, this command only replaces the media within the single existing device; consider using update-device for this usage.
attach-disk domain-id source target optional --driver driver --subdriver subdriver --type type --mode mode
Attach a new disk device to the domain. source and target are paths for the files and devices. driver can be file, tap or phy depending on the kind of access. type can indicate cdrom or floppy as alternative to the disk default, although this use only replaces the media within the existing virtual cdrom or floppy device; consider using update-device for this usage instead. mode can specify the two specific mode readonly or shareable.
attach-interface domain-id type source optional --target target --mac mac --script script
Attach a new network interface to the domain. type can be either network to indicate a physical network device or bridge to indicate a bridge to a device. source indicates the source device. target allows to indicate the target device in the guest. mac allows to specify the MAC address of the network interface. script allows to specify a path to a script handling a bridge instead of the default one.
detach-device domain-id FILE
Detach a device from the domain, takes the same kind of XML descriptions as command attach-device.
detach-disk domain-id target
Detach a disk device from a domain. The target is the device as seen from the domain.
detach-interface domain-id type optional --mac mac
Detach a network interface from a domain. type can be either network to indicate a physical network device or bridge to indicate a bridge to a device. It is recommended to use the mac option to distinguish between the interfaces if more than one are present on the domain.
update-device domain-id file optional --persistent
Update the characteristics of a device associated with domain-id, based on the device definition in an XML file. If the --persistent option is used, the changes will affect the next boot of the domain. See the documentation to learn about libvirt XML format for a device.

VIRTUAL NETWORK COMMANDS

The following commands manipulate networks. Libvirt has the capability to define virtual networks which can then be used by domains and linked to actual network devices. For more detailed information about this feature see the documentation at <http://libvirt.org/formatnetwork.html> . A lot of the command for virtual networks are similar to the one used for domains, but the way to name a virtual network is either by its name or UUID.
net-autostart network optional --disable
Configure a virtual network to be automatically started at boot. The --disable option disable autostarting.
net-create file
Create a virtual network from an XML file, see the documentation to get a description of the XML network format used by libvirt.
net-define file
Define a virtual network from an XML file, the network is just defined but not instantiated.
net-destroy network
Destroy a given virtual network specified by its name or UUID. This takes effect immediately.
net-dumpxml network
Output the virtual network information as an XML dump to stdout.
net-edit network
Edit the XML configuration file for a network.

This is equivalent to:

  virsh net-dumpxml network > network.xml
  edit network.xml
  virsh net-define network.xml

except that it does some error checking.

The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".

net-list optional --inactive or --all
Returns the list of active networks, if --all is specified this will also include defined but inactive networks, if --inactive is specified only the inactive ones will be listed.
net-name network-UUID
Convert a network UUID to network name.
net-start network
Start a (previously defined) inactive network.
net-undefine network
Undefine the configuration for an inactive network.
net-uuid network-name
Convert a network name to network UUID.

STORAGE POOL COMMANDS

The following commands manipulate storage pools. Libvirt has the capability to manage various storage solutions, including files, raw partitions, and domain-specific formats, used to provide the storage volumes visible as devices within virtual machines. For more detailed information about this feature, see the documentation at <http://libvirt.org/formatstorage.html> . A lot of the commands for pools are similar to the ones used for domains.
find-storage-pool-sources type optional srcSpec
Returns XML describing all storage pools of a given type that could be found. If srcSpec is provided, it is a file that contains XML to further restrict the query for pools.
find-storage-pool-sources type optional host port
Returns XML describing all storage pools of a given type that could be found. If host and port are provided, they control where the query is performed.
pool-autostart pool-or-uuid optional --disable
Configure whether pool should automatically start at boot.
pool-build pool-or-uuid
Build a given pool.
pool-create file
Create and start a pool object from the XML file.
pool-create-as name --print-xml type optional source-host source-path source-dev source-name <target> --source-format format
Create and start a pool object name from the raw parameters. If --print-xml is specified, then print the XML of the pool object without creating the pool. Otherwise, the pool has the specified type.
pool-define file
Create, but do not start, a pool object from the XML file.
pool-define-as name --print-xml type optional source-host source-path source-dev source-name <target> --source-format format
Create, but do not start, a pool object name from the raw parameters. If --print-xml is specified, then print the XML of the pool object without defining the pool. Otherwise, the pool has the specified type.
pool-destroy pool-or-uuid
Destroy a given pool object. Libvirt will no longer manage the storage described by the pool object, but the raw data contained in the pool is not changed, and can be later recovered with pool-create.
pool-delete pool-or-uuid
Destroy the resources used by a given pool object. This operation is non-recoverable. The pool object will still exist after this command.
pool-dumpxml pool-or-uuid
Returns the XML information about the pool object.
pool-edit pool-or-uuid
Edit the XML configuration file for a storage pool.

This is equivalent to:

  virsh pool-dumpxml pool > pool.xml
  edit pool.xml
  virsh pool-define pool.xml

except that it does some error checking.

The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".

pool-info pool-or-uuid
Returns basic information about the pool object.
pool-list optional --inactive --all --details
List pool objects known to libvirt. By default, only pools in use by active domains are listed; --inactive lists just the inactive pools, and --all lists all pools. The --details option instructs virsh to additionally display pool persistence and capacity related information where available.
pool-name uuid
Convert the uuid to a pool name.
pool-refresh pool-or-uuid
Refresh the list of volumes contained in pool.
pool-start pool-or-uuid
Start the storage pool, which is previously defined but inactive.
pool-undefine pool-or-uuid
Undefine the configuration for an inactive pool.
pool-uuid pool
Returns the UUID of the named pool.

VOLUME COMMANDS

vol-create pool-or-uuid FILE
Create a volume from an XML <file>. pool-or-uuid is the name or UUID of the storage pool to create the volume in. FILE is the XML <file> with the volume definition. An easy way to create the XML <file> is to use the vol-dumpxml command to obtain the definition of a pre-existing volume.

Example

  virsh vol-dumpxml --pool storagepool1 appvolume1 > newvolume.xml
  edit newvolume.xml
  virsh vol-create differentstoragepool newvolume.xml
vol-create-from pool-or-uuid FILE [optional --inputpool pool-or-uuid] vol-name-or-key-or-path
Create a volume, using another volume as input. pool-or-uuid is the name or UUID of the storage pool to create the volume in. FILE is the XML <file> with the volume definition. --inputpool pool-or-uuid is the name or uuid of the storage pool the source volume is in. vol-name-or-key-or-path is the name or key or path of the source volume.
vol-create-as pool-or-uuid name capacity optional --allocation size --format string --backing-vol vol-name-or-key-or-path --backing-vol-format string
Create a volume from a set of arguments. pool-or-uuid is the name or UUID of the storage pool to create the volume in. name is the name of the new volume. capacity is the size of the volume to be created, with optional k, M, G, or T suffix. --allocation size is the initial size to be allocated in the volume, with optional k, M, G, or T suffix. --format string is used in file based storage pools to specify the volume file format to use; raw, bochs, qcow, qcow2, vmdk. --backing-vol vol-name-or-key-or-path is the source backing volume to be used if taking a snapshot of an existing volume. --backing-vol-format string is the format of the snapshot backing volume; raw, bochs, qcow, qcow2, vmdk, host_device.
vol-clone [optional --pool pool-or-uuid] vol-name-or-key-or-path name
Clone an existing volume. Less powerful, but easier to type, version of vol-create-from. --pool pool-or-uuid is the name or UUID of the storage pool to create the volume in. vol-name-or-key-or-path is the name or key or path of the source volume. name is the name of the new volume.
vol-delete [optional --pool pool-or-uuid] vol-name-or-key-or-path
Delete a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to delete.
vol-wipe [optional --pool pool-or-uuid] vol-name-or-key-or-path
Wipe a volume, ensure data previously on the volume is not accessible to future reads. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to wipe.
vol-dumpxml [optional --pool pool-or-uuid] vol-name-or-key-or-path
Output the volume information as an XML dump to stdout. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to output the XML of.
vol-info [optional --pool pool-or-uuid] vol-name-or-key-or-path
Returns basic information about the given storage volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key-or-path is the name or key or path of the volume to return information for.
vol-list [optional --pool] pool-or-uuid optional --details
Return the list of volumes in the given storage pool. --pool pool-or-uuid is the name or UUID of the storage pool. The --details option instructs virsh to additionally display volume type and capacity related information where available.
vol-pool [optional --uuid] vol-key-or-path
Return the pool name or UUID for a given volume. By default, the pool name is returned. If the --uuid option is given, the pool UUID is returned instead. vol-key-or-path is the key or path of the volume to return the pool information for.
vol-path [optional --pool pool-or-uuid] vol-name-or-key
Return the path for a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-key is the name or key of the volume to return the path for.
vol-name vol-key-or-path
Return the name for a given volume. vol-key-or-path is the key or path of the volume to return the name for.
vol-key [optional --pool pool-or-uuid] vol-name-or-path
Return the volume key for a given volume. --pool pool-or-uuid is the name or UUID of the storage pool the volume is in. vol-name-or-path is the name or path of the volume to return the volume key for.

SECRET COMMMANDS

The following commands manipulate ``secrets'' (e.g. passwords, passphrases and encryption keys). Libvirt can store secrets independently from their use, and other objects (e.g. volumes or domains) can refer to the secrets for encryption or possibly other uses. Secrets are identified using an UUID. See <http://libvirt.org/formatsecret.html> for documentation of the XML format used to represent properties of secrets.
secret-define file
Create a secret with the properties specified in file, with no associated secret value. If file does not specify a UUID, choose one automatically. If file specifies an UUID of an existing secret, replace its properties by properties defined in file, without affecting the secret value.
secret-dumpxml secret
Output properties of secret (specified by its UUID) as an XML dump to stdout.
secret-set-value secret base64
Set the value associated with secret (specified by its UUID) to the value Base64-encoded value base64.
secret-get-value secret
Output the value associated with secret (specified by its UUID) to stdout, encoded using Base64.
secret-undefine secret
Delete a secret (specified by its UUID), including the associated value, if any.
secret-list
Output a list of UUIDs of known secrets to stdout.

SNAPSHOT COMMMANDS

The following commands manipulate domain snapshots. Snapshots take the disk, memory, and device state of a domain at a point-of-time, and save it for future use. They have many uses, from saving a ``clean'' copy of an OS image to saving a domain's state before a potentially destructive operation. Snapshots are identified with a unique name. See <http://libvirt.org/formatsnapshot.html> for documentation of the XML format used to represent properties of snapshots.
snapshot-create domain xmlfile
Create a snapshot for domain domain with the properties specified in xmlfile. The only properties settable for a domain snapshot are the <name> and <description>; the rest of the fields are ignored, and automatically filled in by libvirt. If xmlfile is completely omitted, then libvirt will choose a value for all fields.
snapshot-current domain
Output the snapshot XML for the domain's current snapshot (if any).
snapshot-list domain
List all of the available snapshots for the given domain.
snapshot-dumpxml domain snapshot
Output the snapshot XML for the domain's snapshot named snapshot.
snapshot-revert domain snapshot
Revert the given domain to the snapshot specified by snapshot. Be aware that this is a destructive action; any changes in the domain since the snapshot was taken will be lost. Also note that the state of the domain after snapshot-revert is complete will be the state of the domain at the time the original snapshot was taken.
snapshot-delete domain snapshot --children
Delete the snapshot for the domain named snapshot. If this snapshot has child snapshots, changes from this snapshot will be merged into the children. If --children is passed, then delete this snapshot and any children of this snapshot.

NWFILTER COMMMANDS

The following commands manipulate network filters. Network filters allow filtering of the network traffic coming from and going to virtual machines. Individual network traffic filters are written in XML and may contain references to other network filters, describe traffic filtering rules, or contain both. Network filters are referenced by virtual machines from within their interface description. A network filter may be referenced by multiple virtual machines' interfaces.
nwfilter-define xmlfile
Make a new network filter known to libvirt. If a network filter with the same name already exists, it will be replaced with the new XML. Any running virtual machine referencing this network filter will have its network traffic rules adapted. If for any reason the network traffic filtering rules cannot be instantiated by any of the running virtual machines, then the new XML will be rejected.
nwfilter-undefine nwfilter-name
Delete a network filter. The deletion will fail if any running virtual machine is currently using this network filter.
nwfilter-list
List all of the available network filters.
nwfilter-dumpxml nwfilter-name
Output the network filter XML.
nwfilter-edit nwfilter-name
Edit the XML of a network filter.

This is equivalent to:

  virsh nwfilter-dumpxml myfilter > myfilter.xml
  edit myfilter.xml
  virsh nwfilter-define myfilter.xml

except that it does some error checking. The new network filter may be rejected due to the same reason as mentioned in nwfilter-define.

The editor used can be supplied by the $VISUAL or $EDITOR environment variables, and defaults to "vi".

ENVIRONMENT

The following environment variables can be set to alter the behaviour of "virsh"
VIRSH_DEFAULT_CONNECT_URI
The hypervisor to connect to by default. Set this to a URI, in the same format as accepted by the connect option.
VISUAL
The editor to use by the edit and related options.
EDITOR
The editor to use by the edit and related options, if "VISUAL" is not set.
LIBVIRT_DEBUG=LEVEL
Turn on verbose debugging of all libvirt API calls. Valid levels are
*
LIBVIRT_DEBUG=1

Messages at level DEBUG or above

*
LIBVIRT_DEBUG=2

Messages at level INFO or above

*
LIBVIRT_DEBUG=3

Messages at level WARNING or above

*
LIBVIRT_DEBUG=4

Messages at level ERROR or above


For further information about debugging options consult "http://libvirt.org/logging.html"

BUGS

Report any bugs discovered to the libvirt community via the mailing list "http://libvirt.org/contact.html" or bug tracker "http://libvirt.org/bugs.html". Alternatively report bugs to your software distributor / vendor.

AUTHORS

   Please refer to the AUTHORS file distributed with libvirt.
 
   Based on the xm man page by:
   Sean Dague <sean at dague dot net>
   Daniel Stekloff <dsteklof at us dot ibm dot com>
Copyright (C) 2005, 2007-2010 Red Hat, Inc., and the authors listed in the libvirt AUTHORS file.

LICENSE

virsh is distributed under the terms of the GNU LGPL v2+. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE

SEE ALSO

virt-install(1), virt-xml-validate(1), virt-top(1), virt-mem(1), virt-df(1), <http://www.libvirt.org/>