----- "Nix" <nix@esperi.org.uk> wrote:
From: "Nix" <nix@esperi.org.uk> To: "Daniel P. Berrange" <berrange@redhat.com> Cc: libvir-list@redhat.com Sent: Saturday, November 28, 2009 4:10:28 PM GMT -05:00 US/Canada Eastern Subject: Re: [libvirt] how do I stop libvirt futzing with my network configuration?
On 26 Nov 2009, Daniel P. Berrange spake thusly:
On Thu, Nov 26, 2009 at 06:25:07PM +0000, Nix wrote:
However, there appears to be no way to say 'this is what the network is already like'. That network is considered 'inactive' and can't be used by any guests, and if I try to make it active, I get this:
virsh # net-start default error: Failed to start network default error: cannot create bridge 'vm-net': File exists
Of course it bloody can't create that bridge: it's already there, has an IP address on the host, and has the host routing packets to it. There appears to be no option to allow libvirt to assign IPs on the host...
... should I fix that, 'net-start' tries to update iptables rules! How should I put this: I do not *not not* want libvirt pissing with the firewall in any way at all. If I want firewall rules, I'll create them. But there's no way to tell it 'hands off! This network is already active, don't try to *make* it active!'
If you don't want libvirt to create the bridge + setup IPtables rules then don't use the net-XXX commands / XML. That functionality is not there for pointing libvirt to existing bridge devices.
If you already have a bridge configured, then just point the guest directly at that bridge by name.
OK, I still can't make this work: it worked briefly but then stopped. As far as I can tell tools like virt-manager are unwilling to *let* you connect to a network considered 'inactive', and networks are only considered active if they have a configuration file under /var/run/libvirt/network. These files are only created if libvirt has created the bridge itself as well. If no networks are considerd active, virt-manager won't let you create a guest at all: it insists on trying to start the sodding network, and when that fails doesn't let you get any further.
I've been running with this configuration for many months on dozens of hosts. - Created a bridge (the old fashion way) in /etc/sysconfig/network-scripts Bridge called br0 with one device eth1. - Created a VM in virt manager (or edit existing) Picked "Shared Physical Device" Device "eth1 (Bridge br0)" in the GUI. Or just add it to the VMs XML <interface type='bridge'> <mac address='52:54:00:4f:0a:76'/> <source bridge='br0'/> </interface> Works like a charm and there's certainly no configuration in libvirt for this interface, ie. nothing in /var/run/libvirt/network, and *nothing* set up in Virt Manager under "Host Details->Virtual networks You do need to make sure that you disable netfilter on the bridge or setup the appropriate iptables rules ( see http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_...)
So as far as I can tell, if you don't want libvirt creating all your bridges for you, you may as well give up hope of using virt-manager, or start hacking all this stuff out of the source.
I hoped I could use libvirt in conjunction with raw qemu. So much for that, it seems :( it *really* wants to take over the world...
(aside: ideally I should not have to spend half an hour crawling around the source to figure this out. The only other program I've ever seen that was this hard to set up was Oracle! Whole *Linux distros* take less work than this. I have half a dozen patches I'll send your way, but I wasn't going to send any of them until I'd actually managed to get a VM working. I got one up last night, somehow -- I no longer have any idea how, obviously one network had somehow got marked active -- whereupon KVM fell over. *sigh*)
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list