[libvirt-users] Doc: How to use NPIV in libvirt
by Osier Yang
Before posting it to WIKI or somewhere, I want to see if there is any
suggestions on it, or if I missed something.
============================================
How to use NPIV in libvirt
I planned to wrote a document about how to use NPIV in libvirt after
more features are supported, but it looks like I can't wait till then,
got lots lots of questions from both the bugs and mails. So here we go.
The document tries to summary up the things about NPIV that libvirt
supports till now, and the TODO list. Feedback or suggestion is welcomed.
1) How to find out which HBA(s) support vHBA
For libvirt newer than "1.0.4", you can find it out simply by:
# virsh nodedev-list --cap vports
"--cap vports" is to tell "nodedev-list" only outputs the devices
which support "vports" capability, i.e. support vHBA.
And also since version "1.0.4", you should be able to know the maximum
vports the HBA supports and the current vports number from the HBA's XML,
e.g.
# virsh nodedev-dumpxml scsi_host5
<device>
<name>scsi_host5</name>
<parent>pci_0000_04_00_1</parent>
<capability type='scsi_host'>
<host>5</host>
<capability type='fc_host'>
<wwnn>2001001b32a9da4e</wwnn>
<wwpn>2101001b32a9da4e</wwpn>
<fabric_wwn>2001000dec9877c1</fabric_wwn>
</capability>
<capability type='vport_ops'>
<max_vports>164</max_vports>
<vports>5</vports>
</capability>
</capability>
</device>
For libvirt older than "1.0.4", it's a bit complicated than above:
First you need to find out all the HBAs, e.g.
# virsh nodedev-list --cap scsi_host
scsi_host0
scsi_host1
scsi_host2
scsi_host3
scsi_host4
scsi_host5
And then, to see if the HBA supports vHBA, check if the dumped
XML contains "vport_ops" capability. E.g.
# virsh nodedev-dumpxml scsi_host3
<device>
<name>scsi_host3</name>
<parent>pci_0000_00_08_0</parent>
<capability type='scsi_host'>
<host>3</host>
</capability>
</device>
That says "scsi_host3" doesn't support vHBA
# virsh nodedev-dumpxml scsi_host5
<device>
<name>scsi_host5</name>
<parent>pci_0000_04_00_1</parent>
<capability type='scsi_host'>
<host>5</host>
<capability type='fc_host'>
<wwnn>2001001b32a9da4e</wwnn>
<wwpn>2101001b32a9da4e</wwpn>
<fabric_wwn>2001000dec9877c1</fabric_wwn>
</capability>
<capability type='vport_ops' />
</capability>
</device>
But "scsi_host5" supports it.
One might be confused with the node device naming style (e.g. scsi_host5)
in this document and RHEL6 Virtualization Guide [1]
(pci_10df_fe00_scsi_host_0). It's because of libvirt has two backends for
node device driver: udev and HAL. We prefer the udev backend more than HAL
backend in internal implementation, I think there is good enough reason to
do so (HAL is maintenance mode now). I believe udev backend is used more
than HAL backend, but if your destribution packager build libvirt without
udev backend, don't be surprised with the node device names like the ones
in [1].
2) How to create a vHBA
Pick up one HBA which supports vHBA, use it's "node device name" as the
"parent" of vHBA, and specify the "wwnn" and "wwpn" in the vHBA's XML. E.g.
<device>
<name>scsi_host6</name>
<parent>scsi_host5</parent>
<capability type='scsi_host'>
<capability type='fc_host'>
<wwnn>2001001b32a9da5e</wwnn>
<wwpn>2101001b32a9da5e</wwpn>
</capability>
</capability>
</device>
Then create the vHBA with virsh command "nodedev-create" (assuming above
XML file is named "vhba.xml"):
# virsh nodedev-create vhba.xml
Node device scsi_host6 created from vhba.xml
Since "0.9.10", libvirt will generate "wwnn" and "wwpn" automatically if
they are not specified. It means one can create the vHBA by a more simple
XML like:
<device>
<parent>scsi_host5</parent>
<capability type='scsi_host'>
<capability type='fc_host'>
</capability>
</capability>
</device>
3) How to destroy a vHBA
As usual, destroying something is always simpler than creating it:
# virsh nodedev-destroy scsi_host6
Destroyed node device 'scsi_host6'
You might already realize that the vHBA is removed permanently, don't be
surprised, it's the life, node device driver doesn't support persistent
config. I won't say it's nightmare for users who screams when realizing the
vHBA disappeared after a system rebooting, but it's relatively not good,
(assuming that you got the wwnn:wwpn pair from the storage admin, but didn't
record it). Fortunately, we support the persistent vHBA now, see next
section
for details.
4) How to create a persistent vHBA
Let's go back to the history a bit firstly.
Prior to libvirt "1.0.5", one can define a "scsi" type pool based on a
(v)HBA by it's scsi host name (e.g. "host5" in XML below). E.g.
<pool type='scsi'>
<name>poolhba0</name>
<uuid>e9392370-2917-565e-692b-d057f46512d6</uuid>
<capacity unit='bytes'>0</capacity>
<allocation unit='bytes'>0</allocation>
<available unit='bytes'>0</available>
<source>
<adapter name='host0'/>
</source>
<target>
<path>/dev/disk/by-path</path>
<permissions>
<mode>0700</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>
Quite nice? yeah, at least it looks so, but the problem is the scsi host
number is *unstable* (it can be changed after system rebooting, or kernel
module reloading, or a vHBA recreating etc), and thus the "scsi" type pool
based on a (v)HBA becomes unstable too. Obviously it doesn't help on the
"persistent vHBA" problem.
To solve the problems, since libvirt "1.0.5", we introduced new XML
schema
to indicate the (v)HBA. An example of the XML:
<pool type='scsi'>
<name>poolvhba0</name>
<uuid>e9392370-2917-565e-692b-d057f46512d6</uuid>
<source>
<adapter type='fc_host' parent='scsi_host5'
wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>
</source>
<target>
<path>/dev/disk/by-path</path>
<permissions>
<mode>0700</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>
It allows to define a "scsi" type pool based on either a HBA or a
vHBA. For
HBA, "parent" attribute can be omitted. For vHBA, if "parent" is not
specified,
libvirt will pick up the first HBA which supports vHBA, and doesn't
exceed the
maximum vports it supports, automatically.
For the pool based on a vHBA, When the pool is starting, libvirt will
check
if the specified vHBA (wwnn:wwpn) is existing on host or not, if it doesn't
exist yet, libvirt will create it automatically. When the pool is being
stopped,
the vHBA is destroyed. But since storage driver supports the persistent
config,
one can easily gets the vHBA with same "wwnn:wwpn" in next starting
(Don't scream
if your pool is transient).
It's not the end if you want to get the vHBA created automatically
after system
rebooting, you will need to set the pool as "autostart":
# virsh pool-autostart poolvhba0
One might be curious about why not to support persistent config for
node device
driver, and support to create persistent vHBA there. One of the reason
is that
it will be duplicate with what storage pool does. And another reason
(the important
one) is we want to assiciate the libvirt storage pool/volume with domain
(see
section "Use LUN for guest" below).
5) How to find out the LUN's path
If you have defined the "scsi" type pool based on the (v)HBA, it's
simple to
lookup what LUNs attached to the (v)HBA by virsh command "vol-list", e.g.
# virsh vol-list poolvhba0 --details
Name Path Type Capacity Allocation
--------------------------------------------------------------------------------------------------------
unit:0:2:0
/dev/disk/by-path/pci-0000:04:00.1-fc-0x203500a0b85ad1d7-lun-0 block
20.01 GiB 20.01 GiB
If you have not defined a "scsi" type pool based on the (v)HBA, you
can find it
out (v)HBA by either virsh command "nodedev-list --tree", or iterating
sysfs manually.
To find out the LUNs by virsh command "nodedev-list" (irrelevant
ouputs are
omitted):
# virsh nodedev-list --tree
+- pci_0000_00_0d_0
| |
| +- pci_0000_04_00_0
| | |
| | +- scsi_host4
| |
| +- pci_0000_04_00_1
| |
| +- scsi_host5
| |
| +- scsi_host7
| +- scsi_target5_0_0
| | |
| | +- scsi_5_0_0_0
| |
| +- scsi_target5_0_1
| | |
| | +- scsi_5_0_1_0
| |
| +- scsi_target5_0_2
| | |
| | +- scsi_5_0_2_0
| | |
| | +- block_sdb_3600a0b80005adb0b0000ab2d4cae9254
| |
| +- scsi_target5_0_3
| |
| +- scsi_5_0_3_0
"scsi_host5" is an HBA on my host, it has a LUN named
"block_sdb_3600a0b80005adb0b0000ab2d4cae9254", don't be confused with
the naming,
it's the naming style libvirt uses, meaningful only for libvirt. It
indicates
the LUN has a short device path "/dev/sdb", and a ID
"3600a0b80005adb0b0000ab2d4cae9254":
# ls /dev/disk/by-id/ | grep 3600a0b80005adb0b0000ab2d4cae9254
scsi-3600a0b80005adb0b0000ab2d4cae9254
To manually find the LUNs of a (v)HBA:
First, you need to iterate over all the directores begins with the SCSI
scsi host number of the v(HBA) under "/sys/bus/scsi/devices". E.g. I
will look
up the LUNs of the HBA with SCSI host number 5 on my host:
# ls /sys/bus/scsi/devices/5:* -d
/sys/bus/scsi/devices/5:0:0:0 /sys/bus/scsi/devices/5:0:1:0
/sys/bus/scsi/devices/5:0:2:0 /sys/bus/scsi/devices/5:0:3:0
# ls /sys/bus/scsi/devices/5\:0\:3\:0/block/sdc
It means scsi_host5 has a LUN attached with device name "sdc" on address
"5:0:3:0".
# ls /sys/bus/scsi/devices/5\:0\:1\:0/ | grep block
device_blocked
scsi_host5 doesn't have a LUN attached on address "5:0:2:0"
The device name like "sdc" is not stable, to find out the stable
path, find
out the symbol link which points to the device name. E.g.
# ls -l /dev/disk/by-path/
lrwxrwxrwx. 1 root root 9 Sep 10 22:28
pci-0000:00:07.0-scsi-0:0:0:0 -> ../../sda
lrwxrwxrwx. 1 root root 10 Sep 10 22:28
pci-0000:00:07.0-scsi-0:0:0:0-part1 -> ../../sda1
lrwxrwxrwx. 1 root root 9 Sep 10 22:28
pci-0000:04:00.1-fc-0x203400a0b85ad1d7-lun-0 -> ../../sdc
Then "/dev/disk/by-path/pci-0000:04:00.1-fc-0x203400a0b85ad1d7-lun-0"
is the
stable path of the LUN attached to address "5:0:3:0". Of course, you can use
the similiar method to get the "by-id | by-uuid | by-label" stable path.
6) Use the LUN to guest
Since libvirt "1.0.5", we supported to use the storage volume as disk
source by
two new attributes ("pool" and "volume") for disk "<source"> element. E.g.
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source pool='poolvhba0' volume='unit:0:2:0 '/>
<target dev='hda' bus='ide'/>
</disk>
There are lots of advantage to do so. Since the mainly purpose of the
document is about "how to use", I will only mention two here to persuade
you using the it. First, you don't need to look up the LUN's path youself.
Second, assuming that you want to migrate a domain which uses a LUN attached
to a vHBA, do you want to create the vHBA manually on target host? With the
pool, you can simply define/start a pool with same config on target host.
So, if your libvirt is newer than "1.0.5", we recommend you to define the
"scsi" type pool based on the (v)HBA, and use "pool/volume" names to use
the LUN as disk source.
You can either use the LUN as qemu emulated disk, or passthrough it to
guest.
To use it as qemu emulated disk, specifying the "device" attribute as
"device='disk|cdrom|floppy'". E.g.
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source pool='blk-pool0' volume='blk-pool0-vol0'/>
<target dev='hda' bus='ide'/>
</disk>
Or (using the LUN's path directly)
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source
dev='/dev/disk/by-path/pci-0000\:04\:00.1-fc-0x203400a0b85ad1d7-lun-0'/>
<target dev='sda' bus='scsi'/>
</disk>
To passthrough the LUN, specifying the "device" attribute as
"device='lun'", e.g.
<disk type='volume' device='lun'>
<driver name='qemu' type='raw'/>
<source
dev='/dev/disk/by-path/pci-0000\:04\:00.1-fc-0x203400a0b85ad1d7-lun-0'/>
<target dev='sda' bus='scsi'/>
</disk>
6) Future work
* NPIV based SCSI host passthrough
That's what the users ask: How to passthrough a (v)HBA to guest?
* Expose vendor information, LUN's path, state of (v)HBA in its XML
* May be a virsh command to simplify vHBA creation with options
[1]
http://www.linuxtopia.org/online_books/rhel6/rhel_6_virtualization/rhel_6...
Regards,
Osier
11 years, 2 months
Re: [libvirt-users] Questions on how to reset ID numbers for virt Guests.
by Paolo Bonzini
Il 11/09/2013 00:27, James Sparenberg ha scritto:
> I'm doing some experimenting in our Development lab and as a result
> I'm kickstarting over and over Virtual guests. This is of course
> causing the guest Id to increment by one with each test. I've
> googled around and tried searching the list but have not found out
> how (if at all) it would be possible to reset the ID number back to 1
> more than is in use. Also is there a limit where I run out of ID's?
> (for example does it only go up to 99?)
No, there is no limit.
I don't know the answer to your other question, so I'm adding the
libvirt-users mailing list.
Paolo
11 years, 2 months
[libvirt-users] libvirt-1.2.2-r1 (Gentoo) fails to start LXC containers
by Dennis Jenkins
I recently upgraded "libvirt" on Gentoo to 1.2.2-r1 (latest available). I
have not used LXC containers for a few weeks, so I don't recall what
version of libvirt I was using when my container last booted successfully.
Unfortunately, Gentoo's portage tree does not offer any previous versions
of libvirt that I could downgrade to.
TL;DR: My container is configured to use "br0" for its networking. "br0"
exists totally inside my linux server - it is NOT bound to any physical
NIC. "br0" is used for most of my QEMU and LXC VMs. libvirt is reporting
that it cannot find device "veth1". All of my Gentoo packages are
up-to-date.
Digging through my logs (/var/log/libvirt/libvirt.log), I see that I last
successfully booted this LXC container on 2013-07-22, with libvirt
reporting version "1.1.0".
Thoughts?
ostara lxc # equery l libvirt
* Searching for libvirt ...
[IP-] [ ] app-emulation/libvirt-1.1.2-r1:0
ostara lxc # uname -a
Linux ostara 3.10.7-gentoo #2 SMP PREEMPT Sat Aug 24 16:03:57 CDT 2013
x86_64 Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz GenuineIntel GNU/Linux
ostara ~ # emerge -pvuND world
These are the packages that would be merged, in order:
Calculating dependencies... done!
Total: 0 packages, Size of downloads: 0 kB
ostara lxc # virsh -c lxc:/// start dwj-hfax-dev
error: Failed to start domain dwj-hfax-dev
error: internal error: guest failed to start: PATH=/bin:/sbin TERM=linux
container=lxc-libvirt container_uuid=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_UUID=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_NAME=dwj-hfax-dev /sbin/init
error receiving signal from container: Input/output error
ostara ~ # tail /var/log/libvirt/lxc/dwj-hfax-dev.log
2013-09-10 13:56:22.767+0000: starting up
PATH=/bin:/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/x86_64-pc-linux-gnu/i686-pc-mingw32/gcc-bin/4.7.3
LIBVIRT_DEBUG=3 LIBVIRT_LOG_OUTPUTS=3:file:/var/log/libvirt/libvirtd.log
/usr/libexec/libvirt_lxc --name dwj-hfax-dev --console 20 --security=none
--handshake 23 --background --veth veth1
PATH=/bin:/sbin TERM=linux container=lxc-libvirt
container_uuid=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_UUID=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_NAME=dwj-hfax-dev /sbin/init
error receiving signal from container: Input/output error
ostara ~ # tail /var/log/libvirt/libvirtd.log
2013-09-10 13:56:22.998+0000: 12948: info : libvirt version: 1.1.2
2013-09-10 13:56:22.998+0000: 12948: error : virLXCControllerRun:2186 :
error receiving signal from container: Input/output error
2013-09-10 13:56:23.053+0000: 12948: error : virCommandWait:2348 : internal
error: Child process (ip link del veth1) unexpected exit status 1: Cannot
find device "veth1"
2013-09-10 13:56:23.097+0000: 10451: error : virNetSocketReadWire:1369 :
Cannot recv data: Connection reset by peer
2013-09-10 13:56:23.153+0000: 10453: error : virLXCProcessStart:1234 :
internal error: guest failed to start: PATH=/bin:/sbin TERM=linux
container=lxc-libvirt container_uuid=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_UUID=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_NAME=dwj-hfax-dev /sbin/init
error receiving signal from container: Input/output error
2013-09-10 13:56:23.343+0000: 10453: error : virCommandWait:2348 : internal
error: Child process (ip link del veth1) unexpected exit status 1: Cannot
find device "veth1"
(first occurrence of "veth1" in my libvirtd logs)
ostara ~ # grep -a veth1 /var/log/libvirt/libvirtd.log | head -1
2013-09-10 13:51:55.333+0000: 9742: error : virCommandWait:2348 : internal
error: Child process (ip link del veth1) unexpected exit status 1: Cannot
find device "veth1"
ostara ~ # which ip
/bin/ip
ostara ~ # equery b /bin/ip
* Searching for /bin/ip ...
sys-apps/iproute2-3.8.0 (/bin/ip)
ostara ~ # ls -l /bin/ip
-rwxr-xr-x 1 root root 282616 May 4 04:08 /bin/ip
ostara ~ # ifconfig -a | grep "^[a-z]"
br0: flags=4355<UP,BROADCAST,PROMISC,MULTICAST> mtu 1500
br1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
enp6s2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ostara ~ # virsh -c lxc:/// dumpxml dwj-hfax-dev
<domain type='lxc'>
<name>dwj-hfax-dev</name>
<uuid>681410de-7b56-41bd-b38d-3c66ce97e7b3</uuid>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>4</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/vm/lxc/dwj-hfax-dev'/>
<target dir='/'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/usr/portage'/>
<target dir='/usr/portage'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/usr/src'/>
<target dir='/usr/src'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/home'/>
<target dir='/home'/>
</filesystem>
<interface type='bridge'>
<mac address='82:00:00:00:01:01'/>
<source bridge='br0'/>
</interface>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
11 years, 2 months
[libvirt-users] Help needed in simulating libvirt
by Arun Viswanath
Hi All,
I'm need to simulate libvirt API's say to mock the libvirt API
responses. (Actually I need to simulate qemu API's response). Because of my
project needs I need to write this simulated libvirt server in Java. I
believe the simulated libvirt can be written as java RPC which should
capable to receive the client RPC request calls and by dispatcher we can
dispatch to the simulated java functions. I searched for .x file to be used
for generating server stubs but unfortunately .x files like
"remote_protocol.x", "virnetprotocol.x", "qemu_protocol.x" and
"lxc_monitor_protocol.x" are not containing any procedure for libvirt API's
that exposed. Please let me know which files will have these exposed
procedures and how can I use it in java,
Also I'm not sure how to implement the ssl layer support for the
libvirt server in java. I need to write a java server in such a way that
python client should capable to create a connection with uri
"qemu+tls://systemip:port?no_tty=1". Also with the created connection
object it should able to call the libvirt API's like getCapabilities, etc.
Any help and ideas on this will be really helpful.
Thanks in Advance,
Arun V
11 years, 2 months
Re: [libvirt-users] libvirt-1.1.2-r1 (Gentoo) fails to start LXC containers (subject line minor edit, was libvirt-1.2.2-r1)
by Dennis Jenkins
On Tue, Sep 10, 2013 at 1:34 PM, Doug Goldstein <cardoe(a)gentoo.org> wrote:
> On Tue, Sep 10, 2013 at 9:09 AM, Dennis Jenkins
> <dennis.jenkins.75(a)gmail.com> wrote:
>
> Yeah our security people got a bit over zealous. That's being rectified.
>
> :)
> >
> > TL;DR: My container is configured to use "br0" for its networking. "br0"
> > exists totally inside my linux server - it is NOT bound to any physical
> NIC.
> > "br0" is used for most of my QEMU and LXC VMs. libvirt is reporting
> that it
> > cannot find device "veth1". All of my Gentoo packages are up-to-date.
> >
> > Digging through my logs (/var/log/libvirt/libvirt.log), I see that I last
> > successfully booted this LXC container on 2013-07-22, with libvirt
> reporting
> > version "1.1.0".
> >
> > Thoughts?
>
> You really need to look at /var/log/libvirt/lxc/dwj-hfax-dev.log
>
>
I did. I thought that I posted the relevant bits. I'll check/repost.
It just lots of this (one set from each test that I did):
2013-09-10 13:56:22.767+0000: starting up
PATH=/bin:/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/x86_64-pc-linux-gnu/i686-pc-mingw32/gcc-bin/4.7.3
LIBVIRT_DEBUG=3 LIBVIRT_LOG_OUTPUTS=3:file:/var/log/libvirt/libvirtd.log
/usr/libexec/libvirt_lxc --name dwj-hfax-dev --console 20 --security=none
--handshake 23 --background --veth veth1
PATH=/bin:/sbin TERM=linux container=lxc-libvirt
container_uuid=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_UUID=681410de-7b56-41bd-b38d-3c66ce97e7b3
LIBVIRT_LXC_NAME=dwj-hfax-dev /sbin/init
error receiving signal from container: Input/output error
I see the "--veth veth1", which is the same of the NIC that cannot be
found. But that NIC is not listed in my domain config XML.
> A suggestion would be to make sure that you have all the necessary
> kernel options enabled. You can check with: ebuild
> /usr/portage/app-emulation/libvirt/libvirt-1.1.2-r1.ebuild setup clean
>
>
No errors.
ostara ~ # ebuild
/usr/portage/app-emulation/libvirt/libvirt-1.1.2-r1.ebuild setup clean
* libvirt-1.1.2.tar.gz SHA256 SHA512 WHIRLPOOL size ;-)
... [ ok ]
* libvirt-1.1.2-e89bdf01.tar.xz SHA256 SHA512 WHIRLPOOL size ;-)
... [ ok ]
* checking ebuild checksums ;-)
... [ ok ]
* checking auxfile checksums ;-)
... [ ok ]
* checking miscfile checksums ;-)
... [ ok ]
* Determining the location of the kernel source code
* Found kernel source directory:
* /usr/src/linux
* Found kernel object directory:
* /lib/modules/3.10.7-gentoo/build
* Found sources for kernel version:
* 3.10.7-gentoo
* Checking for suitable kernel configuration
options... [ ok ]
16 days ago, I updated from kernel 3.8.13 to 3.10.7. I could take a brief
outage and down-grade my kernel if you think that is a worthy test.
I just realized that when I composed my original email/bug report, that I
misquoted the version of libvirt that I am running. I am indeed running
"1.1.2-r1", but posted as "1.2.2-r1".
ostara ~ # virsh version --daemon
Compiled against library: libvirt 1.1.2
Using library: libvirt 1.1.2
Using API: QEMU 1.1.2
Running hypervisor: QEMU 1.5.2
Running against daemon: 1.1.2
11 years, 2 months
[libvirt-users] how to setup network filter
by Jiaan Zeng
Hi All,
I am new to libvirt and encounter a strange problem to set up network
filter in a NAT network.
I launched VMs in a single host using NAT, i.e. interface
type='network'. Now I want to control the outbound traffic from VM
instance - only allow the VM to asses a set of ip addresses. My
network filter xml is as follows. The problem is once I change the VM
xml, shutdown and start VM, VM cannot get ip address.
/var/log/libvirt/libvirt.log shows " error : virNetDevGetIndex:656 :
Unable to get index for interface vnet2: No such device" error.
But when I remove the drop rule in the filter xml, VM can get IP
address. I even tried the clean-traffic filter shipped with libvirt.
VM throws the same error above.
Any idea why this happens? How can I implement outbound traffic
control in libvirt? Thanks a lot.
<filter name='filter-test'>
<rule action='accept' direction='in' priority='500'>
<tcp dstportstart='22'/>
</rule>
<rule action='accept' direction='out' priority='500'>
<ip dstipaddr='IP1'/>
</rule>
<rule action='accept' direction='out' priority='500'>
<ip dstipaddr='IP2'/>
</rule>
<rule action='drop' direction='out' priority='500'>
<all/>
</rule>
</filter>
The VM network section XML looks like this
<interface type='network'>
<mac address='52:54:00:0d:f1:ce'/>
<source network='default'/>
<filterref filter='filter-test'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
--
Regards,
Jiaan
11 years, 2 months
[libvirt-users] Problems with user namespaces
by Jaka Hudoklin
Hello!
I'm testing user namespaces and I have quite some problem getting them to
work.
First of all, I have user namespaces support enabled in kernel:
offlinehacker:~/ $ uname -r
3.10.10
offlinehacker:~/ $ ls /proc/self/ns/
ipc@ mnt@ net@ pid@ user@ uts@
I created simple ubuntu rootfs and when I start container without idmap, so
without user namespace mappings, it works just fine:
Libivrt config:
<domain type='lxc'>
<name>helloworld</name>
<memory>102400</memory>
<os>
<type>exe</type>
<init>/bin/dash</init>
</os>
<!--<idmap>
<uid start='0' target='499' count='10'/>
<gid start='0' target='100' count='10'/>
</idmap>-->
<devices>
<console type='pty'/>
<filesystem type='mount'>
<source dir='/home/offlinehacker/rootfs'/>
<target dir='/'/>
</filesystem>
</devices>
</domain>
This is how my rootfs looks like:
offlinehacker:~/ $ ls -la rootfs
drwxr-xr-x 23 offlinehacker users 4096 sep 5 19:06 ./
drwxr-xr-x 59 offlinehacker users 4096 sep 5 19:06 ../
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 bin/
drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 boot/
drwxr-xr-x 4 offlinehacker users 4096 avg 27 14:11 dev/
drwxr-xr-x 86 offlinehacker users 4096 sep 5 18:20 etc/
drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 home/
lrwxrwxrwx 1 offlinehacker users 33 avg 27 14:10 initrd.img ->
/boot/initrd.img-3.2.0-52-virtual
drwxr-xr-x 18 offlinehacker users 4096 avg 27 14:10 lib/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:10 lib64/
drwx------ 2 offlinehacker users 4096 avg 27 14:11 lost+found/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 media/
drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 mnt/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 opt/
-rw-r--r-- 1 offlinehacker vboxusers 231671365 avg 27 14:12
precise-server-cloudimg-amd64-root.tar.gz
drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 proc/
drwx------ 2 offlinehacker users 4096 sep 3 23:47 root/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 run/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 sbin/
drwxr-xr-x 2 offlinehacker users 4096 mar 5 2012 selinux/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 srv/
drwxr-xr-x 2 offlinehacker users 4096 apr 14 2012 sys/
drwxrwxrwt 2 offlinehacker users 4096 sep 4 01:39 tmp/
drwxr-xr-x 10 offlinehacker users 4096 avg 27 14:09 usr/
drwxr-xr-x 12 offlinehacker users 4096 sep 5 18:10 var/
lrwxrwxrwx 1 offlinehacker users 29 avg 27 14:10 vmlinuz ->
boot/vmlinuz-3.2.0-52-virtual
And this is who I am:
offlinehacker:~/ $ id
uid=499(offlinehacker) gid=67(libvirtd)
groups=100(users),1(wheel),57(networkmanager),67(libvirtd)
When I create the container with idmap uncommented I get the following
error:
offlinehacker:~/ $ virsh -c lxc:/// create helloworld.xml
error: Failed to create domain from helloworld.xml
error: internal error: guest failed to start: 2013-09-05 19:08:57.781+0000:
19036: debug
And these are the logs:
sep 05 19:08:52 laptop libvirtd[1542]: server=0x7fc8a60ddd60
client=0x7fc8a60e68d0 msg=0x7fc8a60e9380 rerr=0x7fc89a32cd40
args=0x7fc88800b4a0 ret=0x7fc88800a1c0
sep 05 19:08:52 laptop libvirtd[1542]: priv=0x7fc8a60e91f0 conn=(nil)
sep 05 19:08:52 laptop libvirtd[1542]: name=lxc:///
sep 05 19:08:57 laptop libvirtd[1542]: Cannot recv data: Connection reset
by peer
sep 05 19:08:58 laptop libvirtd[1542]: internal error: guest failed to
start: 2013-09-05 19:08:57.781+0000: 19036: debug
Looks like .oldroot, dev, proc and sys gets created with mapped
permissions(499:100), but container fails to start.
Any help or direction how to get this working would be appriciated,
Thanks, Jaka Hudoklin!
11 years, 2 months
[libvirt-users] LVM Thin Volumes & Storage Pools
by Jorge Fábregas
Hi,
Is it possible to create a storage pool based on an LVM thin pool? I
read a recent bugzilla but the problem there was that the storage-pool
became unusable AFTER creating a thinpool which is a different case.
Thanks,
Jorge
11 years, 2 months
[libvirt-users] How to insert vcpupin in guest xml file
by Peeyush Gupta
Hi all,
I am trying to add vcpupin in the guest xml file. I am working with openstack and the code I have is python bound. I investigated through the code and found that the elemets in xml file are set in get_guest_config function. Now the thing is I am not able to set vcpupin element. I mean I tried guest.cputune_vcpupin but it's not working.
Help me out, please!
Thanks.
~Peeyush Gupta
11 years, 2 months
[libvirt-users] Cannot create a volume
by Daniele
Hi all, I'm trying to create a new volume in a netfs pool.
The pool works correctly and it is active. If I try to create the volume
from the virt-manager GUI nothing happens. While if I use virsh this is the
result.
*virsh # pool-list *
*Name State Autostart *
*-----------------------------------------*
*routers active yes *
*
*
*virsh # vol-create-as routers namevol 2G*
*error: Failed to create vol vr1*
*error: cannot create path '/var/lib/libvirt/images/routers/namevol':
Invalid argument*
What am I missing?
Thanks for your help!
Daniele
11 years, 2 months
