DOKK / manpages / debian 11 / qemu-guest-agent / qemu-ga-ref.7.en
QEMU-GA-REF(7) QEMU QEMU-GA-REF(7)

qemu-ga-ref - QEMU Guest Agent Protocol Reference

"unsupported" is a higher-level error than the errors that individual commands might document. The caller should always be prepared to receive QERR_UNSUPPORTED, even if the given command doesn't specify it, or doesn't document any failure mode at all.

guest-sync-delimited (Command)

Echo back a unique integer value, and prepend to response a leading sentinel byte (0xFF) the client can check scan for.

This is used by clients talking to the guest agent over the wire to ensure the stream is in sync and doesn't contain stale data from previous client. It must be issued upon initial connection, and after any client-side timeouts (including timeouts on receiving a response to this command).

After issuing this request, all guest agent responses should be ignored until the response containing the unique integer value the client passed in is returned. Receival of the 0xFF sentinel byte must be handled as an indication that the client's lexer/tokenizer/parser state should be flushed/reset in preparation for reliably receiving the subsequent response. As an optimization, clients may opt to ignore all data until a sentinel value is receiving to avoid unnecessary processing of stale data.

Similarly, clients should also precede this request with a 0xFF byte to make sure the guest agent flushes any partially read JSON data from a previous client connection.

randomly generated 64-bit integer

The unique integer id passed in by the client

1.1

guest-sync (Command)

Echo back a unique integer value

This is used by clients talking to the guest agent over the wire to ensure the stream is in sync and doesn't contain stale data from previous client. All guest agent responses should be ignored until the provided unique integer value is returned, and it is up to the client to handle stale whole or partially-delivered JSON text in such a way that this response can be obtained.

In cases where a partial stale response was previously received by the client, this cannot always be done reliably. One particular scenario being if qemu-ga responses are fed character-by-character into a JSON parser. In these situations, using guest-sync-delimited may be optimal.

For clients that fetch responses line by line and convert them to JSON objects, guest-sync should be sufficient, but note that in cases where the channel is dirty some attempts at parsing the response may result in a parser error.

Such clients should also precede this command with a 0xFF byte to make sure the guest agent flushes any partially read JSON data from a previous session.

randomly generated 64-bit integer

The unique integer id passed in by the client

0.15.0

guest-ping (Command)

Ping the guest agent, a non-error return implies success

0.15.0

guest-get-time (Command)

Get the information about guest's System Time relative to the Epoch of 1970-01-01 in UTC.

Time in nanoseconds.

1.5

guest-set-time (Command)

Set guest time.

When a guest is paused or migrated to a file then loaded from that file, the guest OS has no idea that there was a big gap in the time. Depending on how long the gap was, NTP might not be able to resynchronize the guest.

This command tries to set guest's System Time to the given value, then sets the Hardware Clock (RTC) to the current System Time. This will make it easier for a guest to resynchronize without waiting for NTP. If no time is specified, then the time to set is read from RTC. However, this may not be supported on all platforms (i.e. Windows). If that's the case users are advised to always pass a value.

time of nanoseconds, relative to the Epoch of 1970-01-01 in UTC.

Nothing on success.

1.5

GuestAgentCommandInfo (Object)

Information about guest agent commands.

name of the command
whether command is currently enabled by guest admin
whether command returns a response on success (since 1.7)

1.1.0

GuestAgentInfo (Object)

Information about guest agent.

guest agent version
Information about guest agent commands

0.15.0

guest-info (Command)

Get some information about the guest agent.

GuestAgentInfo

0.15.0

guest-shutdown (Command)

Initiate guest-activated shutdown. Note: this is an asynchronous shutdown request, with no guarantee of successful shutdown.

"halt", "powerdown" (default), or "reboot"

This command does NOT return a response on success. Success condition is indicated by the VM exiting with a zero exit status or, when running with --no-shutdown, by issuing the query-status QMP command to confirm the VM status is "shutdown".

0.15.0

guest-file-open (Command)

Open a file in the guest and retrieve a file handle for it

Full path to the file in the guest to open.
open mode, as per fopen(), "r" is the default.

Guest file handle on success.

0.15.0

guest-file-close (Command)

Close an open file in the guest

filehandle returned by guest-file-open

Nothing on success.

0.15.0

GuestFileRead (Object)

Result of guest agent file-read operation

number of bytes read (note: count is before base64-encoding is applied)
base64-encoded bytes read
whether EOF was encountered during read operation.

0.15.0

guest-file-read (Command)

Read from an open file in the guest. Data will be base64-encoded. As this command is just for limited, ad-hoc debugging, such as log file access, the number of bytes to read is limited to 48 MB.

filehandle returned by guest-file-open
maximum number of bytes to read (default is 4KB, maximum is 48MB)

GuestFileRead on success.

0.15.0

GuestFileWrite (Object)

Result of guest agent file-write operation

number of bytes written (note: count is actual bytes written, after base64-decoding of provided buffer)
whether EOF was encountered during write operation.

0.15.0

guest-file-write (Command)

Write to an open file in the guest.

filehandle returned by guest-file-open
base64-encoded string representing data to be written
bytes to write (actual bytes, after base64-decode), default is all content in buf-b64 buffer after base64 decoding

GuestFileWrite on success.

0.15.0

GuestFileSeek (Object)

Result of guest agent file-seek operation

current file position
whether EOF was encountered during file seek

0.15.0

QGASeek (Enum)

Symbolic names for use in guest-file-seek

Set to the specified offset (same effect as 'whence':0)
Add offset to the current location (same effect as 'whence':1)
Add offset to the end of the file (same effect as 'whence':2)

2.6

GuestFileWhence (Alternate)

Controls the meaning of offset to guest-file-seek.

Integral value (0 for set, 1 for cur, 2 for end), available for historical reasons, and might differ from the host's or guest's SEEK_* values (since: 0.15)
Symbolic name, and preferred interface

2.6

guest-file-seek (Command)

Seek to a position in the file, as with fseek(), and return the current file position afterward. Also encapsulates ftell()'s functionality, with offset=0 and whence=1.

filehandle returned by guest-file-open
bytes to skip over in the file stream
Symbolic or numeric code for interpreting offset

GuestFileSeek on success.

0.15.0

guest-file-flush (Command)

Write file changes bufferred in userspace to disk/kernel buffers

filehandle returned by guest-file-open

Nothing on success.

0.15.0

GuestFsfreezeStatus (Enum)

An enumeration of filesystem freeze states

filesystems thawed/unfrozen
all non-network guest filesystems frozen

0.15.0

guest-fsfreeze-status (Command)

Get guest fsfreeze state. error state indicates

GuestFsfreezeStatus ("thawed", "frozen", etc., as defined below)

This may fail to properly report the current state as a result of some other guest processes having issued an fs freeze/thaw.

0.15.0

guest-fsfreeze-freeze (Command)

Sync and freeze all freezable, local guest filesystems. If this command succeeded, you may call guest-fsfreeze-thaw later to unfreeze.

On Windows, the command is implemented with the help of a Volume Shadow-copy Service DLL helper. The frozen state is limited for up to 10 seconds by VSS.

Number of file systems currently frozen. On error, all filesystems will be thawed. If no filesystems are frozen as a result of this call, then guest-fsfreeze-status will remain "thawed" and calling guest-fsfreeze-thaw is not necessary.

0.15.0

guest-fsfreeze-freeze-list (Command)

Sync and freeze specified guest filesystems. See also guest-fsfreeze-freeze.

an array of mountpoints of filesystems to be frozen. If omitted, every mounted filesystem is frozen. Invalid mount points are ignored.

Number of file systems currently frozen. On error, all filesystems will be thawed.

2.2

guest-fsfreeze-thaw (Command)

Unfreeze all frozen guest filesystems

Number of file systems thawed by this call

if return value does not match the previous call to guest-fsfreeze-freeze, this likely means some freezable filesystems were unfrozen before this call, and that the filesystem state may have changed before issuing this command.

0.15.0

GuestFilesystemTrimResult (Object)

path that was trimmed
an error message when trim failed
bytes trimmed for this path
reported effective minimum for this path

2.4

GuestFilesystemTrimResponse (Object)

list of GuestFilesystemTrimResult per path that was trimmed

2.4

guest-fstrim (Command)

Discard (or "trim") blocks which are not in use by the filesystem.

Minimum contiguous free range to discard, in bytes. Free ranges smaller than this may be ignored (this is a hint and the guest may not respect it). By increasing this value, the fstrim operation will complete more quickly for filesystems with badly fragmented free space, although not all blocks will be discarded. The default value is zero, meaning "discard every free block".

A GuestFilesystemTrimResponse which contains the status of all trimmed paths. (since 2.4)

1.2

guest-suspend-disk (Command)

Suspend guest to disk.

This command attempts to suspend the guest using three strategies, in this order:

  • systemd hibernate
  • pm-utils (via pm-hibernate)
  • manual write into sysfs

This command does NOT return a response on success. There is a high chance the command succeeded if the VM exits with a zero exit status or, when running with --no-shutdown, by issuing the query-status QMP command to to confirm the VM status is "shutdown". However, the VM could also exit (or set its status to "shutdown") due to other reasons.

The following errors may be returned:

If suspend to disk is not supported, Unsupported

It's strongly recommended to issue the guest-sync command before sending commands when the guest resumes

1.1

guest-suspend-ram (Command)

Suspend guest to ram.

This command attempts to suspend the guest using three strategies, in this order:

  • systemd suspend
  • pm-utils (via pm-suspend)
  • manual write into sysfs

IMPORTANT: guest-suspend-ram requires working wakeup support in QEMU. You should check QMP command query-current-machine returns wakeup-suspend-support: true before issuing this command. Failure in doing so can result in a suspended guest that QEMU will not be able to awaken, forcing the user to power cycle the guest to bring it back.

This command does NOT return a response on success. There are two options to check for success:

1.
Wait for the SUSPEND QMP event from QEMU
2.
Issue the query-status QMP command to confirm the VM status is "suspended"

The following errors may be returned:

If suspend to ram is not supported, Unsupported

It's strongly recommended to issue the guest-sync command before sending commands when the guest resumes

1.1

guest-suspend-hybrid (Command)

Save guest state to disk and suspend to ram.

This command attempts to suspend the guest by executing, in this order:

  • systemd hybrid-sleep
  • pm-utils (via pm-suspend-hybrid)

IMPORTANT: guest-suspend-hybrid requires working wakeup support in QEMU. You should check QMP command query-current-machine returns wakeup-suspend-support: true before issuing this command. Failure in doing so can result in a suspended guest that QEMU will not be able to awaken, forcing the user to power cycle the guest to bring it back.

This command does NOT return a response on success. There are two options to check for success:

1.
Wait for the SUSPEND QMP event from QEMU
2.
Issue the query-status QMP command to confirm the VM status is "suspended"

The following errors may be returned:

If hybrid suspend is not supported, Unsupported

It's strongly recommended to issue the guest-sync command before sending commands when the guest resumes

1.1

GuestIpAddressType (Enum)

An enumeration of supported IP address types

IP version 4
IP version 6

1.1

GuestIpAddress (Object)

IP address
Type of ip-address (e.g. ipv4, ipv6)
Network prefix length of ip-address

1.1

GuestNetworkInterfaceStat (Object)

total bytes received
total packets received
bad packets received
receiver dropped packets
total bytes transmitted
total packets transmitted
packet transmit problems
dropped packets transmitted

2.11

GuestNetworkInterface (Object)

The name of interface for which info are being delivered
Hardware address of name
List of addresses assigned to name
various statistic counters related to name (since 2.11)

1.1

guest-network-get-interfaces (Command)

Get list of guest IP addresses, MAC addresses and netmasks.

List of GuestNetworkInfo on success.

1.1

GuestLogicalProcessor (Object)

Arbitrary guest-specific unique identifier of the VCPU.
Whether the VCPU is enabled.
Whether offlining the VCPU is possible. This member is always filled in by the guest agent when the structure is returned, and always ignored on input (hence it can be omitted then).

1.5

guest-get-vcpus (Command)

Retrieve the list of the guest's logical processors.

This is a read-only operation.

The list of all VCPUs the guest knows about. Each VCPU is put on the list exactly once, but their order is unspecified.

1.5

guest-set-vcpus (Command)

Attempt to reconfigure (currently: enable/disable) logical processors inside the guest.

The input list is processed node by node in order. In each node logical-id is used to look up the guest VCPU, for which online specifies the requested state. The set of distinct logical-id's is only required to be a subset of the guest-supported identifiers. There's no restriction on list length or on repeating the same logical-id (with possibly different online field). Preferably the input list should describe a modified subset of guest-get-vcpus' return value.


The length of the initial sublist that has been successfully processed. The guest agent maximizes this value. Possible cases:

  • 0: if the vcpus list was empty on input. Guest state has not been changed. Otherwise,
  • Error: processing the first node of vcpus failed for the reason returned. Guest state has not been changed. Otherwise,
  • < length(vcpus): more than zero initial nodes have been processed, but not the entire vcpus list. Guest state has changed accordingly. To retrieve the error (assuming it persists), repeat the call with the successfully processed initial sublist removed. Otherwise,
  • length(vcpus): call successful.

1.5

GuestDiskBusType (Enum)

An enumeration of bus type of disks

IDE disks
floppy disks
SCSI disks
virtio disks
Xen disks
USB disks
UML disks
SATA disks
SD cards
Unknown bus type
Win IEEE 1394 bus type
Win SSA bus type
Win fiber channel bus type
Win RAID bus type
Win iScsi bus type
Win serial-attaches SCSI bus type
Win multimedia card (MMC) bus type
Win virtual bus type
Win file-backed bus type

2.2; 'Unknown' and all entries below since 2.4

GuestPCIAddress (Object)

domain id
bus id
slot id
function id

2.2

GuestDiskAddress (Object)

controller's PCI address (fields are set to -1 if invalid)
bus type
bus id
target id
unit id
serial number (since: 3.1)
device node (POSIX) or device UNC (Windows) (since: 3.1)

2.2

GuestDiskInfo (Object)

device node (Linux) or device UNC (Windows)
whether this is a partition or disk
list of device dependencies; e.g. for LVs of the LVM this will hold the list of PVs, for LUKS encrypted volume this will contain the disk where the volume is placed. (Linux)
disk address information (only for non-virtual devices)
optional alias assigned to the disk, on Linux this is a name assigned by device mapper

Since 5.2

guest-get-disks (Command)

The list of disks in the guest. For Windows these are only the physical disks. On Linux these are all root block devices of non-zero size including e.g. removable devices, loop devices, NBD, etc.

5.2

GuestFilesystemInfo (Object)

disk name
mount point path
file system type string
file system used bytes (since 3.0)
non-root file system total bytes (since 3.0)
an array of disk hardware information that the volume lies on, which may be empty if the disk type is not supported

2.2

guest-get-fsinfo (Command)

The list of filesystems information mounted in the guest. The returned mountpoints may be specified to guest-fsfreeze-freeze-list. Network filesystems (such as CIFS and NFS) are not listed.

2.2

guest-set-user-password (Command)

the user account whose password to change
the new password entry string, base64 encoded
true if password is already crypt()d, false if raw

If the crypted flag is true, it is the caller's responsibility to ensure the correct crypt() encryption scheme is used. This command does not attempt to interpret or report on the encryption scheme. Refer to the documentation of the guest operating system in question to determine what is supported.

Not all guest operating systems will support use of the crypted flag, as they may require the clear-text password

The password parameter must always be base64 encoded before transmission, even if already crypt()d, to ensure it is 8-bit safe when passed as JSON.

Nothing on success.

2.3

GuestMemoryBlock (Object)

Arbitrary guest-specific unique identifier of the MEMORY BLOCK.
Whether the MEMORY BLOCK is enabled in guest.
Whether offlining the MEMORY BLOCK is possible. This member is always filled in by the guest agent when the structure is returned, and always ignored on input (hence it can be omitted then).

2.3

guest-get-memory-blocks (Command)

Retrieve the list of the guest's memory blocks.

This is a read-only operation.

The list of all memory blocks the guest knows about. Each memory block is put on the list exactly once, but their order is unspecified.

2.3

GuestMemoryBlockResponseType (Enum)

An enumeration of memory block operation result.

the operation of online/offline memory block is successful.
can't find the corresponding memoryXXX directory in sysfs.
for some old kernels, it does not support online or offline memory block.
the operation of online/offline memory block fails, because of some errors happen.

2.3

GuestMemoryBlockResponse (Object)

same with the 'phys-index' member of GuestMemoryBlock.
the result of memory block operation.
the error number. When memory block operation fails, we assign the value of 'errno' to this member, it indicates what goes wrong. When the operation succeeds, it will be omitted.

2.3

guest-set-memory-blocks (Command)

Attempt to reconfigure (currently: enable/disable) state of memory blocks inside the guest.

The input list is processed node by node in order. In each node phys-index is used to look up the guest MEMORY BLOCK, for which online specifies the requested state. The set of distinct phys-index's is only required to be a subset of the guest-supported identifiers. There's no restriction on list length or on repeating the same phys-index (with possibly different online field). Preferably the input list should describe a modified subset of guest-get-memory-blocks' return value.


The operation results, it is a list of GuestMemoryBlockResponse, which is corresponding to the input list.

Note: it will return NULL if the mem-blks list was empty on input, or there is an error, and in this case, guest state will not be changed.

2.3

GuestMemoryBlockInfo (Object)

the size (in bytes) of the guest memory blocks, which are the minimal units of memory block online/offline operations (also called Logical Memory Hotplug).

2.3

guest-get-memory-block-info (Command)

Get information relating to guest memory blocks.

GuestMemoryBlockInfo

2.3

GuestExecStatus (Object)

true if process has already terminated.
process exit code if it was normally terminated.
signal number (linux) or unhandled exception code (windows) if the process was abnormally terminated.
base64-encoded stdout of the process
base64-encoded stderr of the process Note: out-data and err-data are present only if 'capture-output' was specified for 'guest-exec'
true if stdout was not fully captured due to size limitation.
true if stderr was not fully captured due to size limitation.

2.5

guest-exec-status (Command)

Check status of process associated with PID retrieved via guest-exec. Reap the process and associated metadata if it has exited.

pid returned from guest-exec

GuestExecStatus on success.

2.5

GuestExec (Object)

pid of child process in guest OS

2.5

guest-exec (Command)

Execute a command in the guest

path or executable name to execute
argument list to pass to executable
environment variables to pass to executable
data to be passed to process stdin (base64 encoded)
bool flag to enable capture of stdout/stderr of running process. defaults to false.

PID on success.

2.5

GuestHostName (Object)

Fully qualified domain name of the guest OS

2.10

guest-get-host-name (Command)

Return a name for the machine.

The returned name is not necessarily a fully-qualified domain name, or even present in DNS or some other name service at all. It need not even be unique on your local network or site, but usually it is.

the host name of the machine on success

2.10

GuestUser (Object)

Username
Logon domain (windows only)
Time of login of this user on the computer. If multiple instances of the user are logged in, the earliest login time is reported. The value is in fractional seconds since epoch time.

2.10

guest-get-users (Command)

Retrieves a list of currently active users on the VM.

A unique list of users.

2.10

GuestTimezone (Object)

Timezone name. These values may differ depending on guest/OS and should only be used for informational purposes.
Offset to UTC in seconds, negative numbers for time zones west of GMT, positive numbers for east

2.10

guest-get-timezone (Command)

Retrieves the timezone information from the guest.

A GuestTimezone dictionary.

2.10

GuestOSInfo (Object)

  • POSIX: release field returned by uname(2)
  • Windows: build number of the OS

  • POSIX: version field returned by uname(2)
  • Windows: version number of the OS

  • POSIX: machine field returned by uname(2)
  • Windows: one of x86, x86_64, arm, ia64

  • POSIX: as defined by os-release(5)
  • Windows: contains string "mswindows"

  • POSIX: as defined by os-release(5)
  • Windows: contains string "Microsoft Windows"

  • POSIX: as defined by os-release(5)
  • Windows: product name, e.g. "Microsoft Windows 10 Enterprise"

  • POSIX: as defined by os-release(5)
  • Windows: long version string, e.g. "Microsoft Windows Server 2008"

  • POSIX: as defined by os-release(5)
  • Windows: short version identifier, e.g. "7" or "20012r2"

  • POSIX: as defined by os-release(5)
  • Windows: contains string "server" or "client"

  • POSIX: as defined by os-release(5)
  • Windows: contains string "server" or "client"


On POSIX systems the fields id, name, pretty-name, version, version-id, variant and variant-id follow the definition specified in os-release(5). Refer to the manual page for exact description of the fields. Their values are taken from the os-release file. If the file is not present in the system, or the values are not present in the file, the fields are not included.

On Windows the values are filled from information gathered from the system.

2.10

guest-get-osinfo (Command)

Retrieve guest operating system information

GuestOSInfo

2.10

GuestDeviceType (Enum)

Not documented

GuestDeviceIdPCI (Object)

vendor ID
device ID

5.2

GuestDeviceId (Object)

Id of the device - pci: PCI ID, since: 5.2


5.2

GuestDeviceInfo (Object)

name of the associated driver
driver release date, in nanoseconds since the epoch
driver version
device ID

5.2

guest-get-devices (Command)

Retrieve information about device drivers in Windows guest

GuestDeviceInfo

5.2

GuestAuthorizedKeys (Object)

public keys (in OpenSSH/sshd(8) authorized_keys format)

5.2

defined(CONFIG_POSIX).SS guest-ssh-get-authorized-keys (Command)

the user account to add the authorized keys

Return the public keys from user .ssh/authorized_keys on Unix systems (not implemented for other systems).

GuestAuthorizedKeys

5.2

defined(CONFIG_POSIX).SS guest-ssh-add-authorized-keys (Command)

the user account to add the authorized keys
the public keys to add (in OpenSSH/sshd(8) authorized_keys format)
ignore the existing content, set it with the given keys only

Append public keys to user .ssh/authorized_keys on Unix systems (not implemented for other systems).

Nothing on success.

5.2

defined(CONFIG_POSIX).SS guest-ssh-remove-authorized-keys (Command)

the user account to remove the authorized keys
the public keys to remove (in OpenSSH/sshd(8) authorized_keys format)

Remove public keys from the user .ssh/authorized_keys on Unix systems (not implemented for other systems). It's not an error if the key is already missing.

Nothing on success.

5.2

defined(CONFIG_POSIX).SH COPYRIGHT 2023, The QEMU Project Developers

September 4, 2023 5.2.0