[libvirt-users] ceph rbd pool and libvirt manageability (virt-install)
by Jelle de Jong
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello everybody,
I created a rbd pool and activated it, but I can't seem to create
volumes in it with virsh or virt-install?
# virsh pool-dumpxml myrbdpool
<pool type='rbd'>
<name>myrbdpool</name>
<uuid>2d786f7a-2df3-4d79-ae60-1535bcf1c6b5</uuid>
<capacity unit='bytes'>6997998301184</capacity>
<allocation unit='bytes'>10309227031</allocation>
<available unit='bytes'>6977204658176</available>
<source>
<host name='ceph01.powercraft.nl' port='6789'/>
<host name='ceph02.powercraft.nl' port='6789'/>
<host name='ceph03.powercraft.nl' port='6789'/>
<name>libvirt-pool</name>
<auth type='ceph' username='libvirt'>
<secret uuid='029a334e-ed57-4293-bb99-ffafa8867122'/>
</auth>
</source>
</pool>
# virt-install --version
1.0.1
# virsh --version
1.2.9
I ended using virsh edit ceph-test.powercraft.nl and making creating
the disk manually.
<disk type='network' device='disk'>
<auth username='libvirt'>
<secret type='ceph' uuid='029a334e-ed57-4293-bb99-ffafa8867122'/>
</auth>
<source protocol='rbd' name='libvirt-pool/kvm01-storage'>
<host name='ceph01.powercraft.nl' port='6789'/>
<host name='ceph02.powercraft.nl' port='6789'/>
<host name='ceph03.powercraft.nl' port='6789'/>
</source>
<target dev='vdc' bus='virtio'/>
</disk>
I use virt-install a lot to define, import and undefine domains, how
can I use virt-install to manage my rdb disks?
Kind regards,
Jelle de Jong
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iJwEAQECAAYFAlV1xlQACgkQ1WclBW9j5HkbPQP+PjNrzvlqysslOp2Yk7wH4Mxy
2sh2dn96G0KOAHEeEn3BN6IWlnD1TADZbHdpTtMwkdv48Xwn0sP1s+3QDM4pb3gP
n+z+dVxS8FouDIy/eiso3IBCj3g4TWbEX8ZHqs3jKqe0lZgAXBzB9xYSUowcEBrZ
ddkPbr8p8ozWyOG+9V8=
=lkK7
-----END PGP SIGNATURE-----
6 years, 2 months
[libvirt-users] virRandomBits - not very random
by Brian Rak
I just ran into an issue where I had about 30 guests get duplicate mac
addresses assigned. These were scattered across 30 different machines.
Some debugging revealed that:
1) All the host machines were restarted within a couple seconds of each
other
2) All the host machines had fairly similar libvirtd pids (within ~100
PIDs of each other)
3) Libvirt seeds the RNG using 'time(NULL) ^ getpid()'
This perfectly explains why I saw so many duplicate mac addresses.
Why is the RNG seed such a predictable value? Surely there has to be a
better source of a random seed then the timestamp and the pid?
The PID seems to me to be a very bad source of any randomness. I just
ran a test across 60 of our hosts. 43 of them shared their PID with at
least one other machine.
6 years, 5 months
[libvirt-users] Way to detect virtual machine cpu features
by Lei Zhang
Hello everyone
I want to know how can I use libvirt to detect what cpu features a virtual
machine will see.
I guess I could do it in following way:
1. if cpu mode is 'custom', use 'virsh cpu-baseline --features' on the cpu
model to get model features.
2. if cpu mode is 'host-passthrough' or 'host-model', do a 'virsh
capabilities' to list cpu features of physical host, they are identical to
features of virtual machine.
Is this right way to do things? Look forward to your valuable comments.
Best regards,
Lei
7 years, 4 months
[libvirt-users] Ubuntu 16.04 libvirt-guests.sh [6917] - running guests under URI address default: no running guests
by Jędrek Domański
Hi
I have recently upgraded from Ubuntu 15.04 to 16.04 and now everytime I
shutdown my PC I get a black screen where it says "libvirt-guests.sh [6917]
- running guests under URI address default: no running guests" and the PC
just hangs forever and will not shutdown. I need to manually kill it in
order to shut it down which is a pain in the ass. I have done some
investigation and here is what I've found out so far.
I have uninstalled libvirt, kvm and qemu:
sudo apt-get purge libvirt* kvm qemu*
The problem has gone, however I noticed some error messages at boot saying
something that "FAILED Qemu .... It flashes so quickly and I am not able to
read what exactly it says. I installed libvirt again:
sudo apt install qemu-kvm libvirt-bin
and the problem is back!
So is this script trying to shutdown my virtual machines? It looks like it
does but since it does not find any it hangs? I don't have any machines,
though. I used to have one, but I removed it. What is interesting, my PC
hangs at shutdown randomly, that is sometimes it hangs for like 15 seconds
and it shutsdown but in most cases it hangs forever. So this happens
randomly.
So, this investigation has brought me to you guys so please help me. I have
attached a screen (sorry for polish error message but the translation is in
the email title).
I have also posted a thread on AskUbuntu on this:
https://askubuntu.com/questions/925696/ubuntu-16-04-
libvirt-guests-sh-6917-running-guests-under-uri-address-default
Thank you,
Jędrzej
7 years, 4 months
[libvirt-users] virtual drive performance
by Dominik Psenner
Hi,
I'm investigating a performance issue on a virtualized windows server
host that is run on a ubuntu machine via libvirt/qemu. While the host
can easily read/write on the raid drive with 100Mmb/s as observable with
dd, the virtualized windows server running on that host is barely able
to read/write with at most 8Mb/s and averages around 1.4Mb/s. This has
grown to the extent that the virtualized host is often unresponsive and
even unable to start up its services with system default timeouts. Any
help to improve the situation is greatly appreciated.
This is the configuration of the virtualized host:
~$ virsh dumpxml windows-server-2016-x64
<domain type='kvm' id='1'>
<name>windows-server-2016-x64</name>
<uuid>XXX</uuid>
<memory unit='KiB'>2097152</memory>
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu placement='static'>2</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
</hyperv>
</features>
<cpu mode='custom' match='exact'>
<model fallback='allow'>IvyBridge</model>
<topology sockets='1' cores='2' threads='1'/>
</cpu>
<clock offset='localtime'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='yes'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none'/>
<source
file='/var/data/virtuals/machines/windows-server-2016-x64/image.qcow2'/>
<backingStore/>
<target dev='hda' bus='ide'/>
<alias name='ide0-0-0'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source
file='/var/data/virtuals/machines/windows-server-2016-x64/dvd.iso'/>
<backingStore/>
<target dev='hdb' bus='ide'/>
<readonly/>
<alias name='ide0-0-1'/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<controller type='usb' index='0' model='ich9-ehci1'>
<alias name='usb'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x7'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci1'>
<alias name='usb'/>
<master startport='0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x0' multifunction='on'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci2'>
<alias name='usb'/>
<master startport='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x1'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci3'>
<alias name='usb'/>
<master startport='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'>
<alias name='pci.0'/>
</controller>
<controller type='ide' index='0'>
<alias name='ide'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01'
function='0x1'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:0e:f2:23'/>
<source bridge='br0'/>
<target dev='vnet0'/>
<model type='rtl8139'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/1'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='tablet' bus='usb'>
<alias name='input0'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='5900' autoport='yes' listen='127.0.0.1'>
<listen type='address' address='127.0.0.1'/>
</graphics>
<video>
<model type='vga' vram='16384' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02'
function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04'
function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'>
<label>libvirt-XXX</label>
<imagelabel>libvirt-XXX</imagelabel>
</seclabel>
</domain>
Cheers,
Dominik
7 years, 4 months
[libvirt-users] Question about disabling '3dnowprefetch' CPU feature in Xen Guest using libvirt
by Charles Shih
Dear All,
I'm reaching this mail-list to ask a small question about disabling
'3dnowprefetch' CPU feature in Xen Guest using libvirt.
This is my environment:
Fedora release 26 (Twenty Six)
4.11.0-0.rc3.git0.2.fc26.x86_64
xen-4.8.1-2.fc26.x86_64
libvirt-3.2.1-1.fc26.x86_64
I can disable '3dnowprefetch' CPU feature in guest via 'xl' command,
with adding `cpuid='host,3dnowprefetch=0'` into the CFG file.
However, follow the instruction (https://libvirt.org/
formatdomain.html#elementsCPU), I added the following block into my XML
file:
```
<cpu mode='host-passthrough' check='none'>
<feature policy='disable' name='3dnowprefetch'/>
</cpu>
```
Created the instance, seemed this feature was not being disabled in my
guest. (I was able to see '3dnowprefetch' in `lscpu` outputs)
Anybody has idea on this? Does libvirt support this for Xen?
Any help would be appreciated. Thank you in advance.
Regards,
Charles
Charles Shih (史晨)
Quality Engineer
Red Hat, Platform QE, Virt QE, Section 1
Email: cheshi(a)redhat.com
IRC: cheshi @ #eng-china, #hyperv ,#qa, #virt
T: +86 10 65627484 <010%206562%207484> - IP: 8387484
M: +86 18611268098 <186%201126%208098>
7 years, 4 months
Re: [libvirt-users] recovering from deleted snapshot
by Doug Hughes
On Jun 30, 2017 6:22 AM, "Peter Krempa" <pkrempa(a)redhat.com> wrote:
>
> On Fri, Jun 30, 2017 at 12:05:47 +0200, Peter Krempa wrote:
> > On Thu, Jun 22, 2017 at 11:02:41 -0400, Doug Hughes wrote:
> >
> > [...]
> >
> > > virsh blockcommit $vm $DISK --active --pivot
> > >
> > > Normally this works fine, though something went wrong on the 20th.
> > > something happened to make the blockcommit fail, but the -snap file
got
> > > deleted (note to self - check return code from blockcommit command!)
> > >
> > > So now I'm in a state. The domain i still running. but it's running
off
> > > the -snapshot that is in the xml. I googled around for how to recover
a
> > > blockcommit from a deleted snapshot, but didn't find anything.
(pointers
> > > welcome)
>
> In fact, it's way simpler. If libvirt still knows about the overlay
> image (this is necessary only so that it can say the proper things to
> qemu) you can re-do the block commit:
>
> $ virsh list
> Id Name State
> ----------------------------------------------------
> 3 fedora23 running
>
> $ virsh snapshot-create-as --disk-only --no-metadata fedora23
> Domain snapshot 1498817916 created
> $ virsh domblklist fedora23
> Target Source
> ------------------------------------------------
> vda /var/lib/libvirt/images/fedora23.1498817916
> hda -
>
> $ rm /var/lib/libvirt/images/fedora23.1498817916
> $ ls /var/lib/libvirt/images/fedora23.1498817916
> ls: cannot access '/var/lib/libvirt/images/fedora23.1498817916': No such
file or directory
> $ virsh blockcommit --active --pivot fedora23 vda
>
> Successfully pivoted
> $ virsh domblklist fedora23
> Target Source
> ------------------------------------------------
> vda /var/lib/libvirt/images/fedora23.qcow2
> hda -
>
Thanks for the reply! The original image is still there. Only the 1st and
only top-level snapshot is deleted.
the blockcommit fails though:
[root@vm1 ~]# virsh blockcommit serv1r2 vda --active --pivot
error: block copy still active: disk 'vda' already in active block job
7 years, 4 months
[libvirt-users] recovering from deleted snapshot
by Doug Hughes
I have an automatic process setup. It's still pretty new and obviously
in need of better error handling because now I find myself in a bad state.
I run snapshot-create-as across all my vms, then do zfs replication to
the target backup system, then blockcommit everything.
virsh snapshot-create-as --domain $vm snap --diskspec
$DISK,file=$VMPREFIX/"$vm"-snap.qcow2 --disk-only --atomic --no-metadata
--quiesce
...
virsh blockcommit $vm $DISK --active --pivot
Normally this works fine, though something went wrong on the 20th.
something happened to make the blockcommit fail, but the -snap file got
deleted (note to self - check return code from blockcommit command!)
So now I'm in a state. The domain i still running. but it's running off
the -snapshot that is in the xml. I googled around for how to recover a
blockcommit from a deleted snapshot, but didn't find anything. (pointers
welcome)
[root@vm1 images]# virsh domblklist serv1r2
Target Source
------------------------------------------------
vda /var/lib/libvirt/images/serv1r2-snap.qcow2
fda -
hdb /var/lib/libvirt/images/virtio-win-0.1.126.iso
I can see the size increasing on the deleted file in lsof:
qemu-kvm 48994 49033 qemu 97u REG 0,44
1855913984 1078 /var/lib/libvirt/images/serv1r2-snap.qcow2 (deleted)
...
qemu-kvm 48994 49033 qemu 97u REG 0,44
1856110592 1078 /var/lib/libvirt/images/serv1r2-snap.qcow2 (deleted)
--
so, do I need to rollback the zfs snapshot image or is there some other
way to recover from this snafu?
Thanks.
7 years, 4 months
[libvirt-users] Problems creating a new volume
by Pablo Vieytes
Hi,
I'm having troubles creating a new storage volume in c++.
This is my code:
storageVolXml = "<volume>\
<name>" + name +".img</name>\
<allocation>0</allocation>\
<capacity unit=\"G\">" + hd + "</capacity>\
<target>\
<path>" + filePath + "</path>\
<format type='"+ diskFormatType + "'/>\
</target>\
</volume>";
storageVolPtr = virStorageVolCreateXML(pool,
storageVolXml.toLatin1().data(),
VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA);
I don't have any error but no file is created in the specified path (filePath).
Any suggestion?
Thanks in advance.
7 years, 5 months
[libvirt-users] Accepting RELATED, ESTABLISHED (TCP) connections into VM using Network Filters
by Wido den Hollander
Hi,
Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters.
My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt.
Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back RELATED,ESTABLISHED connections into the VM.
In the guest's XML I have this defined:
<filterref filter='nwfilter-test'>
<parameter name='IP' value='192.168.200.250'/>
<parameter name='IPV6' value='2001:db8:100:0:5054:ff:fe9c:6ce6'/>
<parameter name='IPV6' value='fe80::5054:ff:fe9c:6ce6'/>
</filterref>
And the filter currently looks like this:
<filter name='nwfilter-test' chain='root'>
<uuid>a2493284-9dd5-4c20-98b5-7e70745b53de</uuid>
<!-- These are default build-in filters from libvirt and are mainly ipv4 only-->
<filterref filter='no-mac-spoofing'/>
<filterref filter='no-ip-spoofing'/>
<filterref filter='no-arp-spoofing'/>
<filterref filter='allow-dhcp'/>
<!-- IPv4 Rules -->
<rule action='accept' direction='in' priority='100'>
<all state='RELATED,ESTABLISHED'/>
</rule>
<rule action='return' direction='in' priority='500'>
<icmp/>
</rule>
<rule action='accept' direction='in' priority='500'>
<tcp dstportstart='22'/>
</rule>
<rule action='accept' direction='in' priority='500'>
<tcp dstportstart='80'/>
</rule>
<rule action='reject' direction='in' priority='1000'>
<all/>
</rule>
</filter>
I can SSH into the VM and also visit the Webserver running on it. But going out the VM results in issues:
root@nwfilter-test:~# telnet 109.72.92.155 80
Trying 109.72.92.155...
telnet: Unable to connect to remote host: Connection refused
root@nwfilter-test:~#
I can however ping the same target:
root@nwfilter-test:~# ping -c 2 109.72.92.155
PING 109.72.92.155 (109.72.92.155) 56(84) bytes of data.
64 bytes from 109.72.92.155: icmp_seq=1 ttl=56 time=13.2 ms
64 bytes from 109.72.92.155: icmp_seq=2 ttl=56 time=14.1 ms
--- 109.72.92.155 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 13.225/13.703/14.182/0.492 ms
root@nwfilter-test:~#
Looking at iptables-save it seems like the right rules are programmed:
-A FI-vnet1 -p icmp -j RETURN
-A FI-vnet1 -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A FI-vnet1 -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A FI-vnet1 -j REJECT --reject-with icmp-port-unreachable
-A FO-vnet1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FO-vnet1 -p icmp -j RETURN
-A FO-vnet1 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -m conntrack --ctdir ORIGINAL -j ACCEPT
-A FO-vnet1 -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -m conntrack --ctdir ORIGINAL -j ACCEPT
-A FO-vnet1 -j REJECT --reject-with icmp-port-unreachable
-A HI-vnet1 -p icmp -j RETURN
-A HI-vnet1 -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A HI-vnet1 -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A HI-vnet1 -j REJECT --reject-with icmp-port-unreachable
-A libvirt-host-in -m physdev --physdev-in vnet1 -g HI-vnet1
-A libvirt-in -m physdev --physdev-in vnet1 -g FI-vnet1
-A libvirt-in-post -m physdev --physdev-in vnet1 -j ACCEPT
-A libvirt-out -m physdev --physdev-out vnet1 --physdev-is-bridged -g FO-vnet1
I tried changing 'accept' into 'return' for the incoming RELATED,ESTABLISHED rules, but that didn't help.
I also tried searching for example of more complex network filters, but all I keep finding are the default filters of Libvirt.
Does anybody know what I'm doing wrong here? Or are there any examples of working filters out there?
Thank you!
Wido
[0]: http://cloudstack.apache.org/
7 years, 5 months
