[libvirt-users] Specifying the KVM binary to use with libvirt
by Alexander Lyakas
Greetings everybody,
I am running stock ubuntu-natty with kernel 2.6.38-8, KVM 0.14.0 and
libvirt 0.8.8. I am spawning virtual machines with libvirt.
I would like to test a new KVM version built aside without installing
it over existing KVM. Is there a way to tell libvirt which KVM binary
to pick up?
I've been searching and saw that QEMU driver looks in /usr/bin for KVM
executable. Is there a way to adjust that?
Thanks,
Alex.
13 years
[libvirt-users] Constantly changing USB product ID
by Jaap Winius
Hi folks,
Recently I learned how to configure libvirt with USB pass-though
functionality. In my case I configured my guest domain with this block
of code:
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x0c93'/>
<product id='0x1772'/>
<address bus='1' device='4'/>
</source>
</hostdev>
At first this worked fine, but then later the guest domain refused to
start because the USB device was absent. When I checked, I found that
its product ID had mysteriously changed to 1771. Later it was back at
1772. Now it appears that the USB device I am dealing with has a
product ID that changes back and forth between 1771 and 1772 at random.
Apparently, the Windows program running on the guest domain is
designed to deal with this nonsense, but the question is, Can the
guest domain be configured to deal with it? Something like <product
id='0x177?'/> would be useful, but that doesn't work, nor does
omitting the product tag.
Any ideas would be much appreciated.
Thanks,
Jaap
13 years
[libvirt-users] Problems with nwfilters/iptables
by Nicolai Stange
Hi all,
I've got a problem with nwfilters/iptables. For one of my guest's
interfaces, I have established the following filter:
--8<---------------cut here---------------start------------->8---
<filter name='p-mgmt' chain='root'>
<uuid>94fdd15b-b380-ba8c-6685-91206829adc7</uuid>
<filterref filter='clean-traffic'/>
<rule action='accept' direction='in' priority='500'>
<tcp dstportstart='22'/>
</rule>
<rule action='drop' direction='inout' priority='1000'>
<all/>
</rule>
</filter>
</filter>--8<---------------cut here---------------end--------------->8---
The intent is to allow incoming ssh only.
However, ssh from my host to my guest does not work. This is the
relevant iptables excerpt with the filter given as above:
--8<---------------cut here---------------start------------->8---
root:~# iptables -L HI-vnet5
Chain HI-vnet5 (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED ctdir ORIGINAL
DROP all -- anywhere anywhere
root:~#
--8<---------------cut here---------------end--------------->8---
The chain relations are: INPUT -> libvirt-host-in -> HI-vnet5.
The interesting thing is: If I insert the same rule again, but with
ctdir reversed, everything works just fine:
--8<---------------cut here---------------start------------->8---
root:~# iptables -I HI-vnet5 1 -p tcp --sport 22 -m state --state ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
root:~# iptables -L HI-vnet5
Chain HI-vnet5 (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED ctdir REPLY
RETURN tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED ctdir ORIGINAL
DROP all -- anywhere anywhere
root:~#
--8<---------------cut here---------------end--------------->8---
I am not an iptables expert, but if my guest's ssh daemon replies to my
host's requests (and thus the packets are traversing my host's INPUT
chain), I would guess that the direction is "REPLY" rather than
"ORIGINAL".
I'm really stuck with this and it would be really great if someone could
clarify things to me!
I'm running Ubuntu 12.04 (kernel 3.2.0-20-generic) coming with libvirt
0.9.8-2ubuntu1.
Best,
Nicolai
13 years
[libvirt-users] Problem using virt-manager to create a VM remotely
by Dale Amon
Well, not that remote. I'm trying to get it working
from my laptop to an ancient workstation behind me
I use for testing.
I appear to get the connection okay.
virt-manager --connect qemu+ssh://root@<host_ip>/system
I can click on the entry on the panel that comes up and
see facts about the remote machine.
I then tried the "Create a new virtual machine" item on the
tool bar. Fine so far. I get a nice looking panel for New VM and
since this is just an experiment, I call it "test". The
correct Connection is showing, ie the host ip (QEMU).
I accept the default "Local install media (ISO or CDROM)"
and go to the next panel. I take the "Use ISO Image" and
then give it the full directory path and name of the iso
on the remote machine <host_ip>. I have tried leaving
OS Type and version Generic; I have also tried setting them
to match the iso (an 11.10 i386 server). When I attempt to
go forward, it gives me an error panel, "Error Setting install
media location. Checking installer location failed:
Could not find media '/KdevArchive1/ubuntu-11.10-server-i386.iso'
On the off chance that it was trying to mount the iso from
my laptop instead of the test machine, I have also tried pointing
to the path of the same iso there as well with no joy.
I am finding very little documentation on the GUI mode and
none of it seems to give me any indication of what is going
wrong.
Ideas?
13 years
[libvirt-users] ARP entry intermittently is incorrect for guest - lose connectivity
by Trey Dockendorf
I've run into a problem on my KVM host where a single guest will be
unreachable to other guests on the same host. This host has 2 bridged
devices and guests assigned to each have the same issue. I've noticed
that when I can't reach the problematic guest, the ARP entry for that
system is incorrect. This issue seems to only be a problem about 75%
of the time when making connections between the guests.
I've checked the logs and haven't seen anything indicating a problem.
Here's relavant information, if more is needed please let me know
CentOS 6.2 x86_64
libvirt-0.9.4-23.el6_2.4
kernel-2.6.32-220.4.1.el6
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001b21a1cf76 no eth3
vnet0 # Problematic host
vnet1
vnet3
vnet4
vnet5
br1 8000.001b21a1ce4d no eth2
vnet6
virbr0 8000.525400a050ba yes virbr0-nic
vnet2
# ARP entry when it's the correct MAC
<omitted>.tamu.edu ether 52:54:00:e0:1e:6f C eth0
# ARP entry when it's wrong and ping or other connections time out
<omitted>.tamu.edu ether 00:1e:c9:bb:cd:d4 C eth0
The MAC ending in cd:d4 does not exist on any system on this network.
I've confirmed this with my campus IT who manages the switches and
routers.
# cat ifcfg-eth3
DEVICE="eth3"
HWADDR="00:1B:21:A1:CF:76"
NM_CONTROLLED="no"
ONBOOT="yes"
BRIDGE="br0"
# cat ifcfg-br0
DEVICE="br0"
ONBOOT="yes"
TYPE=Bridge
IPADDR="<omitted>"
NETMASK="255.255.255.192"
GATEWAY="<omitted>"
DOMAIN="tamu.edu"
# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
13 ACCEPT tcp -- <omitted> 0.0.0.0/0
multiport dports 10050 /* 001 zabbix agent port */
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
16 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16509
19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16514
20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpts:8002:8012
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3493
22 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
23 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
24 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:22
26 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24
state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
6 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
PHYSDEV match --physdev-is-bridged
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:68 CHECKSUM fill
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24
masq ports: 1024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24
masq ports: 1024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Thanks
- Trey
13 years
[libvirt-users] VM Migration error: got unknown HTTP error code
by vipul borikar
Hi,
I am trying to migrate Fedora12 VM from one RHEL 5.5 host to another
RHEL 5.5 Host running Xen Hypervisor
I am getting the error :
error: got unknown HTTP error code -599690112
I have enabled the (xend-relocation-server yes) on the destination machine.
I am able to telnet the 8002 default port from source machine but the
connection drops down immediately.
I have stopped the firewall on both the machines.
I am attaching the Debug log of for libvirt command :
virsh -c xen:/// migrate Fedora12 xen://megha/
Any Ideas???
--
Thanks
Vipul Borikar
"Our task must be to free ourselves...by widening our circle of compassion
to embrace all living creatures and the whole of nature and its beauty."
13 years
[libvirt-users] qemu-monitor-command
by Shawn Davis
Hello Everyone,
I am working on a grad school project for virtual introspection. I have a
vm running (with 512mb of memory) and want to access the pmemsave function
through virsh with the qemu-monitor-command. I am typing the following:
virsh qemu-monitor-command --hmp Shawn 'pmemsave 0 536870912 image.dump'
Shawn is the name of my vm and image.dump is the name of my output file. No
matter what I do, I keep getting: Could not open 'image.dump'
I have tried the above with sudo and with the absolute path of where the
newly created dump file should go and I still get that error. Any help is
appreciated as to how I should enter this command.
If I type in virsh qemu-monitor-command --hmp Shawn 'info mem' or any other
command without an output path, it works fine and brings up information
about my running vm.
Regards,
Shawn
13 years
[libvirt-users] Cant Update libvirt on fedora 15 i686
by siddharth jain
I am running Fedora15 on a i386 machine, and using libvirt 0.8.7. I cant
update libvirt to 0.9.10 as they have not released 0.9.10 for i386 or i686
machines.
need help .
--
Siddharth Jain
Final year,B.Tech
Computer Engineering
M.N.I.T Jaipur
13 years
[libvirt-users] simulate "network cable unplugged"
by David Mansfield
Hi All,
Using the virt-manager/libvirtd/qemu-kvm stack (centos 6), is it
possible to leave a NIC "installed" but cause it to simulate that the
network cable is unplugged? Preferably this could be "hot"
plugged/unplugged but otherwise doing it cold.
Guest os is also centos 6, in case it matters (shouldn't).
Any pointers?
Thanks,
David Mansfield
Cobite, INC.
13 years
Re: [libvirt-users] [libvirt] Problem with Open vSwitch and dnsmasq
by Daniele Milani
Date: Thu, 22 Mar 2012 11:43:03 -0700
Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq
From: aatteka(a)nicira.com
To: dano1988(a)hotmail.it
CC: libvir-list(a)redhat.com; roberto.sassu(a)polito.it; paolo.smiraglia(a)polito.it; dev(a)openvswitch.org
On Thu, Mar 22, 2012 at 11:11 AM, Daniele Milani <dano1988(a)hotmail.it> wrote:
I think I could try the first solution. Can you explain me how do I create the port used by dnsmasq?
For example, is it correct to execute
# ovs-vsctl add-port virbr1 port2 tag=2
to create a port for the vLan whose tag is 2 named "port2"?
Try something like this:
ovs-vsctl add-port virbr1 port2 tag=2
ovs-vsctl set Interface port2 type=internal
ifconfig port2 10.0.0.1
ifconfig port2 up
/usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo --listen-address 10.0.0.1 --dhcp-range 10.0.0.10,10.0.0.20 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=253 --dhcp-no-override
Though I have not tested it...
I tried the configuration you suggest; and the request is now received by dnsmasq.
I executed:
ifconfig port2 192.168.100.128 netmask 255.255.255.0
ifconfig port2 up
/usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo
--listen-address 192.168.100.128 --dhcp-range 192.168.100.129,192.168.100.139 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=11 --dhcp-no-override --log-queries --log-facilities=/path_to_my_file/my_file
tailf /path_to_my_file/my_file
obtaining the following output:
dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e
dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e
...
dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e
dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e
...
Now I have a different problem: none DHCP Offer is sent by port2.
Do someone know why does it happen and what to do about it?
Thanks,
Daniele Milani
Daniele Milani
Date: Thu, 22 Mar 2012 10:54:21 -0700
Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq
From: aatteka(a)nicira.com
To: dano1988(a)hotmail.it
CC: libvir-list(a)redhat.com; roberto.sassu(a)polito.it
On Thu, Mar 22, 2012 at 6:10 AM, Daniele Milani <dano1988(a)hotmail.it> wrote:
Dear all,
I have the following situation:
-I replaced the standard bridge driver with the Open VSwitch one;
-I started a NAT-network on Libvirt (bridge name virbr1);
-I started a Virtual Machine (VM1) on Libvirt, and I tagged his interface (vnet0) with tag=2;
-if I run "# ovs-vsctl show" I obtain:
Bridge "virbr1"
Port "vnet0"
tag: 2
Interface "vnet0"
Port "virbr1-nic"
Interface "virb1-nic"
Port "virbr1"
Interface "virbr1"
type: internal
-the problem is that it is impossible to assign to VM1 an IP, because the dnsmasq daemon does not accept the tagged DHCP Discover frame.
Does someone know if there is a way for dnsmasq to accept tagged frames through "virbr1", and send a tagged DHCP Offer packet back to VM1?
I believe you would need to run dedicated dnsmasq process instance per each VLAN that you have. By
default I guess dnsmasq runs on virbr1, hence it does not see the tagged traffic that comes from vnet0.
You could try to:
add another port to that bridge with the same VLAN as VM has. And run a separate instance of dnsmasq there; or
change the tag of virb1 port, but this might lead to other issues (e.g. then non-tagged VMs will not get DHCP leases).
Perhaps someone else can suggest something easier...
Greetings,
Daniele Milani
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
13 years
