July 2013 - Users - Libvirt List Archives

[libvirt-users] some problem with snapshot by libvirt

by xingxing gao

Hi,all,i am using libvirt to manage my vm,in these days i am testing the libvirt snapshot ,but meet some problem: the snapshot was created from this command: snapshot-create-as win7 --disk-only --diskspec vda,snapshot=external --diskspec hda,snapshot=no but when i tried to revert from the snapshot which created from the above command ,i got error below: virsh # snapshot-revert win7 1338041515 --force error: unsupported configuration: revert to external disk snapshot not supported yet version: virsh # version Compiled against library: libvir 0.9.4 Using library: libvir 0.9.4 Using API: QEMU 0.9.4 Running hypervisor: QEMU 1.0.93

10 years

4
8
0 / 0

[libvirt-users] How to insert vcpupin in guest xml file

by Peeyush Gupta

Hi all, I am trying to add vcpupin in the guest xml file. I am working with openstack and the code I have is python bound. I investigated through the code and found that the elemets in xml file are set in get_guest_config function. Now the thing is I am not able to set vcpupin element. I mean I tried guest.cputune_vcpupin but it's not working. Help me out, please! Thanks. ~Peeyush Gupta

11 years, 2 months

3
2
0 / 0

[libvirt-users] Modify Iptables Rules (virbr0 & virbr1)

by Jorge Fábregas

Hi, I have some guests running in the "default" network (virbr0) and I've also created a similar (NAT) network (virbr1). Therefore, the FORWARD chain for the CentOS 6.4 host looks like this: http://fpaste.org/29229/75281379/ ...where line 3-7 are related to virbr0 and 8-12 to virbr1. My 2 questions: 1) I've noticed that I can ping from a guest within virbr0 to any guest on the virbr1 network. However, I can't do the same from virbr1 (ping guests on virbr0). This is because of "line 6" on the pastebin, where the traffic is REJECTED. I originally thought that If I create multiple NAT networks (just like the default virbr0) they would be able to talk to each other (the host doing the actual forwarding) but as you can see, based on the iptables rules that libvirt injects, this only happens for the first network. That is, the first network can reach all other networks (just because it happens to be the first one defined). Is this the intention (only default can talk to the others but not the other way around)? 2) I would like both networks to talk to each other. If I remove line #6 I can make virbr1 guests talk to virbr0 guests. What is the correct way to handle this? I obviously don't want to perform "iptables -D FORWARD line-number..." every time I start libvirt. (I really like to leave the networks as they are, NAT, dhcp running etc). Thanks! Jorge

11 years, 3 months

2
5
0 / 0

[libvirt-users] Getting nwfilter to work on Debian Wheezy

by Sven Schwedas

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge in virsh: > <network> > <name>foo</name> > <forward dev='eth0' mode='route'> > <interface dev='eth0'/> > </forward> > <bridge name='foo-br0' stp='off' delay='0' /> > <ip address='192.168.128.161' netmask='255.255.255.240'> > </ip> > </network> The domU is configured to use this bridge (static IP configured in DomU): > <interface type='network'> > <source network='foo'/> > <target dev='vnet0'/> > <model type='virtio'/> > <filterref filter='test-eth0'> > <parameter name='CTRL_IP_LEARNING' value='none'/> > <parameter name='IP' value='192.168.128.162'/> > </filterref> > <alias name='net0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> > </interface> With an empty filter, connectivity is working fine. Now, if I add the example ruleset suggested in the documentation ( http://libvirt.org/formatnwfilter.html#nwfwriteexample ), *incoming* ICMP works (but not outgoing), and inbound SSH traffic is blocked, together with outbound DNS. The linked rules produce the following iptables chains: > Chain INPUT (policy ACCEPT) > target prot opt source destination > libvirt-host-in all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 > libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 > libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 192.168.128.160/28 > ACCEPT all -- 192.168.128.160/28 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable > REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain FI-vnet0 (1 references) > target prot opt source destination > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED ctdir ORIGINAL > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED ctdir ORIGINAL > RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY > RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED ctdir REPLY > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > Chain FO-vnet0 (1 references) > target prot opt source destination > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED ctdir REPLY > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED ctdir REPLY > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED ctdir ORIGINAL > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > Chain HI-vnet0 (1 references) > target prot opt source destination > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED ctdir ORIGINAL > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED ctdir ORIGINAL > RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY > RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED ctdir REPLY > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > Chain libvirt-host-in (1 references) > target prot opt source destination > HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 > > Chain libvirt-in (1 references) > target prot opt source destination > FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 > > Chain libvirt-in-post (1 references) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 > > Chain libvirt-out (1 references) > target prot opt source destination > FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 I've tried fidgeting with the configuration (direction inout instead of in/out, etc.), but I didn't find a setup that works as intended. What am I missing? -- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas(a)tao.at | +43 (0)680 301 7167 http://software.tao.at

11 years, 3 months

5
8
0 / 0

[libvirt-users] Installing libvirt

by Peeyush Gupta

Hi, I am trying to install new libvirt version on Ubuntu 12.04 LTS. Now I downloaded libvirt 1.0.5 from libvirt.org/sources then I issued three commands: ./autogen.sh make make install This installs the libvirt on my system. But there are some issues, I have to run libvirtd explicitly everytime I reboot my system. And whenever I try to run virt-manager from terminal, it says "No D-Bus daemon running". But when I do "sudo virt-manager", it runs fine. Any idea what am I doing wrong? Thanks. ~Peeyush Gupta

11 years, 3 months

4
6
0 / 0

[libvirt-users] start lxc container on fedora 19

by Aarti Sawant

hello, i am new to lxc, i have created a lxc container on fedora 19 i created a container rootfs of fedora 19 by using yum --installroot=/containers/test1 --releasever=19 install openssh test1.xml file for container test1 <domain type="lxc"> <name>test1</name> <vcpu placement="static">1</vcpu> <cputune> <shares>1024</shares> <period>1000000</period> </cputune> <memtune> <hard_limit unit="M">1024</hard_limit> <soft_limit unit="M">128</soft_limit> <min_guarantee unit="M">64</min_guarantee> </memtune> <blkiotune> <weight>800</weight> </blkiotune> <memory unit="KiB">102400</memory> <os> <type>exe</type> <init>/bin/bash</init> </os> <clock offset="utc"/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/"/> <target dir="/"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/var"/> <target dir="/var"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/dev"/> <target dir="/dev"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/root"/> <target dir="/root"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/home"/> <target dir="/home"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/opt"/> <target dir="/opt"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/media"/> <target dir="/media"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/bin"/> <target dir="/bin"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/lib64"/> <target dir="/lib64"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/etc"/> <target dir="/etc"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/lib"/> <target dir="/lib"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/run"/> <target dir="/run"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/srv"/> <target dir="/srv"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/sys"/> <target dir="/sys"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/tmp"/> <target dir="/tmp"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/boot"/> <target dir="/boot"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/usr"/> <target dir="/usr"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/mnt"/> <target dir="/mnt"/> </filesystem> <filesystem accessmode="passthrough" type="mount"> <source dir="/containers/test1/sbin"/> <target dir="/sbin"/> </filesystem> <interface type="bridge"> <source bridge="br0"/> </interface> <console port="0" type="pty"/> </devices> </domain> the host network files: /etc/sysconfig/network-script/ifcfg-br0 DEVICE="br0" TYPE="Bridge" USERCTL="no" BOOTPROTO="dhcp" ONBOOT="yes" NM_CONTROLLED="no" /etc/sysconfig/network-script/ifcfg-p2p1 DEVICE="p2p1" BOOTPROTO="dhcp" BRIDGE="br0" NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" the fstab of host # # /etc/fstab # Created by anaconda on Fri Jul 26 05:26:08 2013 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # UUID=b49ce5dc-afb7-4c8e-9487-c1ed101d9166 / ext4 defaults 1 1 UUID=3dfa07fd-a06b-4a1a-a3fd-4e2f5e0d0e6a /boot ext4 defaults 1 2 UUID=3d1cb255-721a-48d2-b2e9-86f52b5fbec6 swap swap defaults 0 0 none /sys/fs/cgroup cgroup defaults 0 0 when i try to start the container using virsh i get error virsh --connect lxc:// virsh # define /containers/test1/test1.xml Domain test1 defined from /containers/test1/test1.xml virsh # start test1 error: Failed to start domain test1 error: internal error guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=05a7239d-f610-4ae9-ad47-4bf47f2f9b54 LIBVIRT_LXC_UUID=05a7239d-f610-4ae9-ad47-4bf47f2f9b54 LIBVIRT_LXC_NAME=test1 /bin/lxc_defaultinit.sh Unable to send container continue message: Broken pipe has anyone face the same problem with fedora 19. can anyone guide me.. Thanks, Aarti Sawant

11 years, 3 months

2
2
0 / 0

[libvirt-users] Quick questions on virtio-serial transport

by Hari Pyla

Hi, I am using the virtio-serial transport for communication between the host and the guest. I've created the channel using virt-install: virt-install --name=centos --import --disk /var/lib/libvirt/images/centos.img,size=15 \ --ram 2048 \ --vcpus=2 \ --arch=x86_64 --os-type linux --network=bridge:br1 --graphics vnc \ --noautoconsole \ --channel pty,target_type=virtio,name=guest1 This correctly creates a file "/dev/virtio-ports/guest1" in the guest for the guest to communicate with the host. So the guest side of things are good. Now on the host side, I see a two files being created in /dev/pts directory. $ ls -alt /dev/pts crw--w---- 1 qemu tty 136, 1 Jul 31 15:49 1 crw--w---- 1 qemu tty 136, 2 Jul 31 15:49 2 So here are my questions: i) I was wondering if there is anyway of knowing which of these files correspond to the other end of the channel without having to manually echoing data to each of these files and see which of the data shows up on the guest side. ii) I was also wondering if there is anyway of identifying the host side endpoint i.e., /dev/pts/FILE of the channel programatically iii) Better yet can the /dev/pts/FILE be explicitly passed as an argument while creating a channel in the guest so the host knows that it is supposed to use the /dev/pts/FILE if it wants to talk to the guest. I read a prior post on this mailing list: https://www.redhat.com/archives/libvir-list/2012-May/msg00964.html It mentions that from the host side one could dump the xml of the guest and identify the "source path" of the channel, something in the lines of <channel type='pty'> <source path='/dev/pts/12'/> <target type='virtio' name='arbitrary.virtio.serial.port.name'/> <alias name='channel0'/> <address type='virtio-serial' controller='0' bus='0' port='2'/> </channel> but I do not find the source path in the XML description of the guest I've created. This is what I see in the XML file. <channel type='pty'> <target type='virtio' name='guest1'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> I was wondering if I am missing something. Any help is greatly appreciated. Thanks, --Hari

11 years, 3 months

1
0
0 / 0

[libvirt-users] filesystem accessmode='passthrough'

by Yury Goltsov

Hello. I am trying to 'passthrough' the part of host filesystem to kvm guest. libvirt xml: <filesystem type='mount' accessmode='passthrough'> <source dir='/var/guests/mail-var'/> <target dir='mail-var'/> </filesystem> kvm is started from root. After mounting in guest mount -t 9p mail-var /mnt -o trans=virtio,version=9p2000.L or mount -t 9p www-var /mnt -o trans=virtio if I try to make file or directory in guest, I have problem with permissions: ruser@www:~# ls -ld /mnt/ruser/ drwxr-xr-x 2 ruser www-data 4096 May 28 13:13 /mnt/ruser/ ruser@www:~# ls -ld /mnt/tmp/ drwxrwxrwx 2 root root 4096 Jul 26 09:01 /mnt/tmp/ root@www:~# touch /mnt/tmp/file1 OK: root@www:~# touch /mnt/ruser/file2 touch: cannot touch `/mnt/ruser/file2': Permission denied root@www:~# su ruser ruser@www:~$ touch /mnt/ruser/file3 touch: cannot touch `/mnt/ruser/file3': Permission denied ruser@www:~$ touch /mnt/tmp/file4 touch: setting times of `/mnt/tmp/file4': No such file or directory I have read in documentation, that in "passthrough" security model, files are stored using the same credentials as they are created on the guest (like NFS3). Suggest me, please, what is it: I do something wrong, or I must update qemu-kvm or/and libvirt to recent version, or I need to find other solution for sharing host filesystem? Thanks. Yury in host: root@host:~# libvirtd --version libvirtd (libvirt) 0.9.12 root@host:~# kvm --version QEMU emulator version 1.1.2 (qemu-kvm-1.1.2+dfsg-6, Debian), Copyright (c) 2003-2008 Fabrice Bellard root@host:~# uname -a Linux host 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux root@host:~$ cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 7 (wheezy)"

11 years, 3 months

2
5
0 / 0

[libvirt-users] Fail to destroy lxc container: internal error Some container PIDs refused to die

by hzguanqiang

Hey guys, When I destroy a lxc container, It reported an error with details as following: root@debian:~$ vir destroy 901eef81-06b2-4252-aeef-53b87c402585 error: Failed to destroy domain 901eef81-06b2-4252-aeef-53b87c402585 error: internal error Some container PIDs refused to die root@debian:~$ vir version Compiled against library: libvirt 1.1.0 Using library: libvirt 1.1.0 Using API: LXC 1.1.0 Running hypervisor: LXC 3.2.46 What's the problem? How could I destroy the lxc just like this? Thanks. -------------- Best regards! GuanQiang 2013-07-31

11 years, 3 months

2
1
0 / 0

Re: [libvirt-users] Installing libvirt

by Peeyush Gupta

Hi, I am not sure what exactly "libvirt-related packages" mean. But I didn't have anything else on my system. I mean, I launch a VM (with Ubuntu 12.04) and the first thing I installed is libvirt only. Thanks. ~Peeyush Gupta

11 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Users July 2013