[libvirt] When bridge doesn't exist
by Anton Protopopov
Assume that we want to add a bridge to LAN to a guest.
We saying to libvirt:
...
<interface type="bridge">
<source bridge="BRIDGE">
</interface>
...
What is the right behaviour of libvirt in case bridge BRIDGE
doesn't exist---return an error or try to create that bridge?
If it is the former, then who must create that bridge?
16 years, 1 month
[libvirt] Routed Networking - Ubuntu Hardy KVM and LibVirt
by Barry Robinson
Gday,
I have been searching for information on how to configure KVM guest OS' to do simple routing from their associated vnetX address to the host machine's ethernet network subnet (lets say eth0/192.168.0.0/24). I understand that by default the clients are NAT'ed to the Host's adapter. This is a handy feature, but it does not suit the setup I am trying to apply.
Basically, I am trying to do simple routing from the host subnet (192.168.0.0/24) to the client's subnet (192.168.17.0/24), and back again. So I can talk to 192.168.0.0/24 addresses and they can talk to 192.168.17.0/24 (routing rule has been added so this is possible). There should be no NAT involved.
The following is about as close as I have come to getting this solution. However, I still need to add in the iptables -A FORWARD -i vnetX -o eth0 -j ACCEPT rule in after the machine is booted. Is it possible to do this as part of the script process, or is there a post-ifup script that can be run?
/etc/libvirt/qemu/network/routed-net.xml:
<network>
<name>routed-net</name>
<uuid></uuid>
<bridge name="virbr%d" />
<ip address="192.168.32.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.32.33" end="192.168.32.63" />
</dhcp>
</ip>
</network>
I have tried using the <forward='routed' /> option (under the bridge name option). This does add the forward rules, but for some reason still applies the MASQUERADE rule to the 192.168.17.0/24 network. (eg. 0 0 MASQUERADE all -- * * 192.168.32.0/24 0.0.0.0/0 )
libvirtd seems to hide it's firewall rulesets pretty well, cause I can't even find them to manually add/remove rules. Not in any place obvious (that I can find), like /etc.
Any help would be appreciated. Apologies if this topic has been covered... can't find it anywhere using Google.
Cheers,
Barry
Linseed Technologies
Open Source IT Solutions
Phone: 0415131452
Email: brobinson(a)linseed.com.au
Website: http://www.linseed.com.au
16 years, 1 month
[libvirt] PATCH: 0 of 5: Remove all linked lists
by Daniel P. Berrange
I've been doing some proof of concept work to make the libvirtd daemon
multi-threaded, and this in turns mean that the QEMU / LXC / OpenVZ
drivers need to have some degree of locking on their internal data
structures.
Unforatunately the internal domain/network/storage APIs make extensive
use of linked lists for tracking objects. This makes it incredibly hard
to do fine grained locking of individual objects - eg, deleting one
object requires locking the object it points to, and one the pointing to
it in the linked list, as well as the list itself. This would be so
complex we'd inevitably introduce locking bugs.
So the series of patches which follow replace all linked lists with
explicitly sized arrays. This means I only need 2 levels of locks,
one on the driver object, and one of the domain/network/storage object
being manipulated. The semantics for this are nice & easy to define.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
16 years, 1 month
[libvirt] [PATCH] Centralize use of DEBUG macros
by Cole Robinson
Currently the DEBUG and DEBUG0 macros are duplicated in
every file that uses them. This patch moves the macros
to internal.h, removes the needless duplication, and
now every file gets them for free. Seems to work as
expected in my testing.
Thanks,
Cole
16 years, 1 month
[libvirt] [PATCH] Slim xmllint test output
by Cole Robinson
This patch simply slims down the output from the
xmllint tests to not overrun a single line, only
printing the relevant information about the xml file
(parent directory and name, not fully qualified
path). Purely cosmetic, but more useful IMO.
Thanks,
Cole
16 years, 1 month
