Re: [libvirt] how do I stop libvirt futzing with my network configuration?
On 28 Nov 2009, Ian Woodstock verbalised:
On Sat, Nov 28, 2009 at 5:06 PM, Nix <nix(a)esperi.org.uk>
wrote:
> (hm, the state UNKNOWN is sort of bizarre. It's up...)
It's unknown because you're using the dummy device (which will just
send all bits to a deep dark hole) and we can't do things like check
the status of the interface/link etc.
I just tried that by removing everything from the bridge. Still state
UNKNOWN.
I suspect that's why libvirt won't let you connect to it,
since
libvirt is looking for a "shared physical device" and there's not a
device in the bridge.
Gah. So libvirt won't let me connect a bunch of devices to a bridge
without that bridge being bridged to something already? So you
can't have a pile of bridges with VMs on them *routed* to the rest of
the net?
> It appears in the GUI, all right: as 'host device linux-net
(not bridged)',
> greyed out and unselectable. Calling a bridge 'not bridged' is more than
> slightly bizarre.
Actually I think this is correct. It's not bridged to a physical
device, it's plumbed to nothing.
I don't want it bridged to a physical device. Why should libvirt require
any such thing? It's not necessary to get packets out of it: all you
need for *that* is a routing table entry. (The bridge has an IP address
on the host and everything.)
> There's no iptables at all on this particular box (at least
not yet,
> although it may turn up later on when I put Windows guests on here: I'm
> not having *them* running around free).
>
So it sounds like the root of your issue now is that you're using
dummy network device.
Is that being done temporarily now because you don't have a network
plumbed in or is there some other use case?
It was an emergency hack when I found virt-manager not noticing bridges
that had nothing on them (it said 'not bridged'). I stuck the dummy
device on it and it started working. However, this appears to have
been transient.
... In the code, the only place where it checks if a bridge exists
is in src/network/bridge_driver.c:networkFindActiveConfigs(), and
it only bothers to check *that* if there's a config file in the
NETWORK_STATE_DIR (/var/lib/libvirt/network):
,----
| for (i = 0 ; i < driver->networks.count ; i++) {
| virNetworkObjPtr obj = driver->networks.objs[i];
| virNetworkDefPtr tmp;
| char *config;
|
| virNetworkObjLock(obj);
|
| if ((config = virNetworkConfigFile(NULL,
| NETWORK_STATE_DIR,
| obj->def->name)) == NULL) {
| virNetworkObjUnlock(obj);
| continue;
| }
|
| if (access(config, R_OK) < 0) {
| VIR_FREE(config);
| virNetworkObjUnlock(obj);
| continue;
| }
|
| /* Try and load the live config */
| tmp = virNetworkDefParseFile(NULL, config);
| VIR_FREE(config);
| if (tmp) {
| obj->newDef = obj->def;
| obj->def = tmp;
| }
|
| /* If bridge exists, then mark it active */
| if (obj->def->bridge &&
| brHasBridge(driver->brctl, obj->def->bridge) == 0) {
| obj->active = 1;
`----
So, no, I don't see how this can possibly work without a config file,
and you only get a config file by creating the bridge through libvirt.
I wonder if any of the Dans can tell us what's going on? (It's not
surprising I can't figure it out. My first name is wrong. ;) )