[libvirt-users] some problem with snapshot by libvirt
by xingxing gao
Hi,all,i am using libvirt to manage my vm,in these days i am testing
the libvirt snapshot ,but meet some problem:
the snapshot was created from this command:
snapshot-create-as win7 --disk-only --diskspec
vda,snapshot=external --diskspec hda,snapshot=no
but when i tried to revert from the snapshot which created from the
above command ,i got error below:
virsh # snapshot-revert win7 1338041515 --force
error: unsupported configuration: revert to external disk snapshot not
supported yet
version:
virsh # version
Compiled against library: libvir 0.9.4
Using library: libvir 0.9.4
Using API: QEMU 0.9.4
Running hypervisor: QEMU 1.0.93
10 years, 1 month
[libvirt-users] method for communication between containers
by WANG Cheng D
Dear all,
In my system, two containers need to exchange data as quick as possible and the two containers are hosted by the same physical machine, I wonder if socket is the only method for communication between containers?
Thank you.
Cheng Wang
10 years, 8 months
[libvirt-users] Adjust disk image migration (NBD)
by Joaquim Barrera
Hi all,
As I am doing some tests with qemu, I realized that the way it does
'migrate -i tcp:DEST:444' is not the same as 'libvirt migrate
--copy-storage-inc'. Basically qemu uses the same stream as RAM
migration and libvirt takes advantage of NBD transfer.
With virsh migrate-setspeed I observed that one can only control the
transfer throughput of RAM, but not disk synchronization. At least this
is what I can see in bmon when doing a migration with incremental copy.
The question is: Am I missing something or it is not implemented?
Thank you guys!
10 years, 9 months
[libvirt-users] [libvirt] LXC, user namespaces and systemd
by Dariusz Michaluk
Hi!
I with my colleagues from Samsung trying to run systemd in Linux
container. I saw that the others are experimenting in this topic,
so I would like to present the results of my work and tests, perhaps it
will be helpful to others.
As the prototype I used a manual written by Daniel:
https://www.berrange.com/posts/2013/08/12/running-a-full-fedora-os-inside...
After many attempts, I managed to run systemd. Let's move to specifics.
1. Host configuration, Fedora 20
- kernel 3.14 with NAMESPACES, UTS_NS, IPC_NS, USER_NS, PID_NS, NET_NS
enabled in kernel config
I used kernel-3.14.0-0.rc2.git0.1.fc21.i686.rpm downloaded from
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide
- libvirtd (libvirt) 1.2.2
I used libvirt build from git sources, it is important that the source
contained commit 6fb42d7cdc57da453691d043d6b9bf23e2bae15e
Patch from Richard Weinberger "Ensure systemd cgroup ownership is
delegated to container with userns"
2. Container configuration
- setup Fedora environment
# yum -y --releasever=20 --nogpg
--installroot=/var/lib/libvirt/filesystems/mycontainer --disablerepo='*'
--enablerepo=fedora install systemd passwd yum fedora-release
vim-minimal openssh-server procps-ng
# echo "pts/0" >> /var/lib/libvirt/filesystems/mycontainer/etc/securetty
# chroot /var/lib/libvirt/filesystems/mycontainer /bin/passwd root
- In the final solution I want to map root inside container to some
normal user in the host. So let's create some user (in host):
# useradd foo -u 666
#id foo
uid=666(foo) gid=1001(foo) grupy=1001(foo)
# chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer
- enabling user namespace (user mapping setup), look at my full libvirt
config file
# cat /etc/libvirt/lxc/container.xml
<domain type='lxc'>
<name>mycontainer</name>
<uuid>d750af59-6082-437c-b860-922e76b46410</uuid>
<memory unit='KiB'>819200</memory>
<currentMemory unit='KiB'>819200</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='i686'>exe</type>
<init>/sbin/init</init>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<idmap>
<uid start='0' target='666' count='1000'/>
<gid start='0' target='1001' count='1000'/>
</idmap>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/lib/libvirt/filesystems/mycontainer'/>
<target dir='/'/>
</filesystem>
<interface type='network'>
<mac address='00:16:3e:34:a2:dd'/>
<source network='default'/>
</interface>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
3. Start container
# virsh --connect lxc:/// define /etc/libvirt/lxc/container.xml
# virsh --connect lxc:/// start mycontainer --console
If all login attempts are rejected, please boot host machine with audit=0
# vi /etc/default/grub
GRUB_CMDLINE_LINUX=" [...] audit=0 [...]"
# grub2-mkconfig -o /boot/grub2/grub.cfg
# reboot
4. Problems and solutions
a)
"Cannot add dependency job for unit display-manager.service, ignoring:
Unit display-manager.service failed to load: No such file or directory."
Delete or just comment line "Wants=display-manager.service"
# cat /usr/lib/systemd/system/default.target
[Unit]
Description=Graphical Interface
Documentation=man:systemd.special(7)
Requires=multi-user.target
After=multi-user.target
Conflicts=rescue.target
#Wants=display-manager.service
AllowIsolate=yes
[Install]
Alias=default.target
b)
[FAILED] Failed to mount Huge Pages File System.
See 'systemctl status dev-hugepages.mount' for details.
[FAILED] Failed to mount Configuration File System.
See 'systemctl status sys-kernel-config.mount' for details.
[FAILED] Failed to mount Debug File System.
See 'systemctl status sys-kernel-debug.mount' for details.
[FAILED] Failed to mount FUSE Control File System.
See 'systemctl status sys-fs-fuse-connections.mount' for details.
Based on knowledge, which gave Daniel: "When a syscall requires
CAP_SYS_ADMIN, for example, the kernel will either use
capable(CAP_SYS_ADMIN) which only succeeds in the host, or
ns_capable(CAP_SYS_ADMIN) which is allowed to suceed in the container.
Different filesystems have differing restrictions, but at this time the
vast majority of filesystems require that capable(CAP_SYS_ADMIN)
succeeed and thus you can only mount them in the host.",
and discussion about "allow some kernel filesystems to be mounted in a
user namespace" from:
http://comments.gmane.org/gmane.linux.kernel/1525998
I decided to disable mounting this filesystems:
# systemctl mask dev-hugepages.mount
ln -s '/dev/null' '/etc/systemd/system/dev-hugepages.mount'
# systemctl mask sys-kernel-config.mount
ln -s '/dev/null' '/etc/systemd/system/sys-kernel-config.mount'
# systemctl mask sys-kernel-debug.mount
ln -s '/dev/null' '/etc/systemd/system/sys-kernel-debug.mount'
# systemctl mask sys-fs-fuse-connections.mount
ln -s '/dev/null' '/etc/systemd/system/sys-fs-fuse-connections.mount'
c)
[FAILED] Failed to start D-Bus System Message Bus.
See 'systemctl status dbus.service' for details.
Feb 26 09:26:12 localhost.localdomain systemd[1]: Starting D-Bus System
Message Bus...
Feb 26 09:26:12 localhost.localdomain systemd[20]: Failed at step
OOM_ADJUST spawning /bin/dbus-daemon: Permission denied
# echo -900 > /proc/20/oom_score_adj
/proc/20/oom_score_adj: Permission denied
# ls -l /proc/20/oom_score_adj
-rw-r--r--. 1 65534 65534 0 Feb 26 10:28 /proc/20/oom_score_adj
Regarding to kernel documentation in user namespace local root user (on
guest) cannot set the OOM on any value. Set OOM on any value required
except CAP_SYS_RESOURCE also full root privileges.
To disable OOM support delete or just comment line "OOMScoreAdjust=-900"
# cat /usr/lib/systemd/system/dbus.service
[Unit]
Description=D-Bus System Message Bus
Requires=dbus.socket
After=syslog.target
[Service]
ExecStart=/bin/dbus-daemon --system --address=systemd: --nofork
--nopidfile --systemd-activation
ExecReload=/bin/dbus-send --print-reply --system --type=method_call
--dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
#OOMScoreAdjust=-900
5. Final systemd start
# virsh --connect lxc:/// start mycontainer --console
systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA
+SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Detected virtualization 'lxc-libvirt'.
Welcome to Fedora 20 (Heisenbug)!
Failed to install release agent, ignoring: No such file or directory
[ OK ] Reached target Remote File Systems.
[ OK ] Created slice Root Slice.
[ OK ] Created slice User and Session Slice.
[ OK ] Created slice System Slice.
[ OK ] Created slice system-getty.slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Reached target Paths.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Listening on Journal Socket.
Mounting POSIX Message Queue File System...
Starting Journal Service...
[ OK ] Started Journal Service.
Starting Create static device nodes in /dev...
[ OK ] Reached target Swap.
Mounting Temporary Directory...
Starting Load/Save Random Seed...
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Started Create static device nodes in /dev.
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Started Load/Save Random Seed.
[ OK ] Mounted Temporary Directory.
[ OK ] Reached target Local File Systems.
Starting Trigger Flushing of Journal to Persistent Storage...
Starting Recreate Volatile Files and Directories...
[ OK ] Started Trigger Flushing of Journal to Persistent Storage.
[ OK ] Started Recreate Volatile Files and Directories.
Starting Update UTMP about System Reboot/Shutdown...
[ OK ] Started Update UTMP about System Reboot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Reached target Timers.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting OpenSSH server daemon...
Starting Permit User Sessions...
Starting D-Bus System Message Bus...
[ OK ] Started D-Bus System Message Bus.
Starting Login Service...
[ OK ] Started OpenSSH server daemon.
[ OK ] Started Permit User Sessions.
Starting Console Getty...
[ OK ] Started Console Getty.
[ OK ] Reached target Login Prompts.
Starting Cleanup of Temporary Directories...
[ OK ] Started Cleanup of Temporary Directories.
[ OK ] Started Login Service.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Fedora release 20 (Heisenbug)
Kernel 3.14.0-0.rc2.git0.1.fc21.i686 on an i686 (console)
localhost login: root
Password:
Last login: Wed Feb 26 09:26:21 on pts/0
-bash-4.2#
- verification which namespace is used
inside container
# ls -l /proc/self/ns/
ipc -> ipc:[4026532341]
mnt -> mnt:[4026532338]
net -> net:[4026532344]
pid -> pid:[4026532342]
user -> user:[4026532337]
uts -> uts:[4026532339]
outside container
$ ls -l /proc/self/ns/
ipc -> ipc:[4026531839]
mnt -> mnt:[4026531840]
net -> net:[4026531956]
pid -> pid:[4026531836]
user -> user:[4026531837]
uts -> uts:[4026531838]
I know that no one likes to read long emails , but most is config and
logs. I will be grateful for comments and suggestions.
Regards.
--
Dariusz Michaluk
Samsung R&D Institute Poland
Samsung Electronics
d.michaluk(a)samsung.com
10 years, 9 months
[libvirt-users] 'virsh capabilities' on Debian Wheezy-amd64 reports different cpu to Wheezy-i386 (on same hardware)
by Struan Bartlett
Hi
On a range of Dell servers containing Intel 64bit processors, 'virsh
capabilities' reports the cpu differently on Debian Wheezy-amd64 and
Wheezy-i386. The results given by the Wheezy-i386 version seem very
wrong (since n270 is an Atom processor). Apart from architecture, the
package versions of libvirt-bin are identical: 1.2.1-1~bpo70+1.
/usr/share/libvirt/cpu_map.xml files are identical. Is this a known
issue? Details for one server are:
# cat /proc/cpuinfo| head -n 26
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 45
model name : Intel(R) Xeon(R) CPU E5-2650L 0 @ 1.80GHz
stepping : 7
microcode : 0x70d
cpu MHz : 1800.054
cache size : 20480 KB
physical id : 0
siblings : 16
core id : 0
cpu cores : 8
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe
syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good
nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64
monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1
sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat
xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid
bogomips : 3600.10
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:
...
</proc/cpuinfo for processors 1..31 snipped here for brevity>
# Running Wheezy-amd64 libvirt-bin1.2.1-1~bpo70+1
# virsh capabilities
<cpu>
<arch>x86_64</arch>
<model>SandyBridge</model>
<vendor>Intel</vendor>
<topology sockets='2' cores='8' threads='2'/>
<feature name='pdpe1gb'/>
<feature name='osxsave'/>
<feature name='dca'/>
<feature name='pcid'/>
<feature name='pdcm'/>
<feature name='xtpr'/>
<feature name='tm2'/>
<feature name='est'/>
<feature name='smx'/>
<feature name='vmx'/>
<feature name='ds_cpl'/>
<feature name='monitor'/>
<feature name='dtes64'/>
<feature name='pbe'/>
<feature name='tm'/>
<feature name='ht'/>
<feature name='ss'/>
<feature name='acpi'/>
<feature name='ds'/>
<feature name='vme'/>
</cpu>
# Running Wheezy-i386 libvirt-bin1.2.1-1~bpo70+1
# virsh capabilities
<cpu>
<arch>x86_64</arch>
<model>n270</model>
<vendor>Intel</vendor>
<topology sockets='2' cores='8' threads='2'/>
<feature name='lahf_lm'/>
<feature name='lm'/>
<feature name='rdtscp'/>
<feature name='pdpe1gb'/>
<feature name='avx'/>
<feature name='osxsave'/>
<feature name='xsave'/>
<feature name='aes'/>
<feature name='tsc-deadline'/>
<feature name='popcnt'/>
<feature name='x2apic'/>
<feature name='sse4.2'/>
<feature name='sse4.1'/>
<feature name='dca'/>
<feature name='pcid'/>
<feature name='pdcm'/>
<feature name='xtpr'/>
<feature name='cx16'/>
<feature name='tm2'/>
<feature name='est'/>
<feature name='smx'/>
<feature name='vmx'/>
<feature name='ds_cpl'/>
<feature name='dtes64'/>
<feature name='pclmuldq'/>
<feature name='pbe'/>
<feature name='tm'/>
<feature name='ht'/>
<feature name='ss'/>
<feature name='acpi'/>
<feature name='ds'/>
<feature name='pse36'/>
</cpu>
Kind regards
Struan Bartlett
--
Struan Bartlett
NewsNow Publishing Limited
Tel: +44 (0)845 838 8890
Fax: +44 (0)845 838 8898
The UK's #1 News Portal:
> www.NewsNow.co.uk <http://www.NewsNow.co.uk> (est. 1998)
Also tailored for Mobile:
> mobile.NewsNow.co.uk <http://mobile.NewsNow.co.uk/>
Now with FREE Personalisation:
> Register <http://www.NewsNow.co.uk/register/>
Bespoke B2B Internet News Monitoring:
> Internet News Monitoring
<http://www.newsnow.co.uk/services/newsmonitoring/>
Bespoke B2B Headlines for Websites:
> Editorial-In-A-Box <http://www.newsnow.co.uk/services/websites/>
NewsNow Publishing Limited, trading also as NewsNow.co.uk, is a company
registered in England and Wales under company no. 3435857 with
registered office The Euston Office, 1 Euston Square, 40 Melton Street,
London NW1 2FD
10 years, 9 months
[libvirt-users] Set a domain name instead of an ip address into tls certificate
by Pasquale Dir
I tried to set cn=myMachine instead of cn=192.168.1.x
and...everything frezees!
virsh -c qemu://.../system
tries to connect forever.
You really need static ip addresses in the cn field??
I think this is an HUGE bug: you are saying to me that each time I change
network or ip (because, dear sirs, dhcp exists) I have to generate a whole
new couple of certificates??
I hope it is not the case....
regards
Pasquale
10 years, 9 months
[libvirt-users] Mouse events
by lukass.vacek@seznam.cz
Hello,
I would like to ask if is there any way how to send mouse event to running
domain. I am looking for something like a method for handling keyboard
events(virDomainSendKey method). Is it implemented yet or is it future todo
item(when It will be released?)?
Thank for your answer
10 years, 9 months
[libvirt-users] bridge / ubuntu / no arp reply
by François Chenais
Hello
I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't work.
(Everything is ok with NAT)
Network sniffing shows that arp replies don't come back to the guest.
Test 1
------
Guest : ping host_bridge_ip (ok)
Test 2
------
Guest: ping other_lan_host (KO)
other_lan_host
- receives arp who-is request
- sends arp reply
- arp -a shows the guest macaddr
=> Guest doesn't receive reply
Test 3
------
other_lan_host ping the Guest (KO)
- arp -a shows "incomplete" addr
- Guest receives nothing
On Host
-------
network tcpdump on bridge or vnet interfaces shows request but no reply ...
Thanks in advance for help or ideas
François
10 years, 10 months
[libvirt-users] POOL of SRIOV networks with multiple PFs
by john fisher
We are using an Intel 82599 chip that allows 4 PFs ( eth0..3) per VM. I am able to manually start VMs using the hostdev
definition for the four network connections, but I'd like to start using the pool approach. Ubuntu 12.04 libvirt 1.0.0
Following:
http://wiki.libvirt.org/page/Networking#Assignment_from_a_pool_of_SRIOV_V...
I can get a pool working with one network-
<network>
<name>passthrough_eth0</name>
<forward mode='hostdev' managed='yes'>
<pf dev='eth0'/>
</forward>
</network>
and I can get the four networks started using similar xml. Using one stanza of network type passthrough, I can get a
pool on one PF.
But when I try to create the VM using four stanzas of network definition,
<interface type='network'>
<source network='passthrough_eth0'/>
</interface>
<interface type='network'>
<source network='passthrough_eth1'/>
</interface>
<interface type='network'>
<source network='passthrough_eth2'/>
</interface>
<interface type='network'>
<source network='passthrough_eth3'/>
</interface>
I get this error:
"error: Failed to create domain from ./vm0.xml
error: internal error Process exited while reading console log output: kvm: -device
pci-assign,host=01:10.1,id=hostdev0,configfd=47,bus=pci.0,addr=0x8: Duplicate ID 'hostdev0' for device "
Ideas?
--
John Fisher
10 years, 10 months