[libvirt-users] import qcow with snapshots
by Chris
All,
is it possible to create a new KVM machine from an existing qcow (v3)
image with snapshots? snapshot-list doesn't show them, when using
virt-manager 1:1.5.1-0ubuntu1.1 to create the machine.
* t-ad5.img: QEMU QCOW Image (v3), 42949672960 bytes
chris@cd:/data/md0$ qemu-img snapshot -l t-ad5.img
Snapshot list:
ID TAG VM SIZE DATE VM CLOCK
1 pre-domain 0 2018-05-08 21:27:40 00:00:00.000
chris@cd:~$ virsh snapshot-list t-ad5
Name Creation Time State
------------------------------------------------------------
- Chris
5 years, 11 months
Re: [libvirt-users] certificate pinning
by Daniel P. Berrangé
Re-adding the libvirt-users list - please don't take discussions off-list.
On Mon, Dec 10, 2018 at 01:10:18PM +0300, Anastasiya Ruzhanskaya wrote:
> I already found out how to set up all the certificates and tls works fine
> for me.
> What if I want to put a proxy between client and server in libvirt? He has
> his own CA, and this is only one more CA I would like libvirt to trust to.
> Is it somehow achievable? I see that libvirt takes certificates only from
> predefined paths. For me doesn't work if I just incert another CA
> certificate to the cacert.pem file. Do you know any approaches how it can
> be made in another way?
The cacert.pem file can contain multiple certificates, just concatenate
all the CA pem files.
>
> пн, 10 дек. 2018 г. в 12:38, Daniel P. Berrangé <berrange(a)redhat.com>:
>
> > On Sat, Dec 08, 2018 at 11:19:40AM +0300, Anastasiya Ruzhanskaya wrote:
> > > Hello!
> > > Does libvirt uses certificate pinning in tls? I want to setup a
> > transparent
> > > proxy (mitmproxy) and can't do this even after I added mitmproxy ca
> > > certificate to the trusted certificates in ubuntu.
> >
> > Libvirt doesn't ever use the global certificates stores, because public
> > CAs are not relevant to libvirt deployments - indeed trusting the global
> > cert store in the OS would lower security by opening it upto arbitrary
> > CAs. See this doc for where libvirt finds CA certs
> >
> > https://libvirt.org/remote.html#Remote_certificates
> >
> >
> > Regards,
> > Daniel
> > --
> > |: https://berrange.com -o-
> > https://www.flickr.com/photos/dberrange :|
> > |: https://libvirt.org -o-
> > https://fstop138.berrange.com :|
> > |: https://entangle-photo.org -o-
> > https://www.instagram.com/dberrange :|
> >
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
5 years, 11 months
[libvirt-users] certificate pinning
by Anastasiya Ruzhanskaya
Hello!
Does libvirt uses certificate pinning in tls? I want to setup a transparent
proxy (mitmproxy) and can't do this even after I added mitmproxy ca
certificate to the trusted certificates in ubuntu.
5 years, 11 months
[libvirt-users] libvirt 4.1 and later - howto configure LXC with interface macvlan type='direct' ?
by mxs kolo
Hi all
After upgrade from Centos 7.5 to Centos 7.6, our test environment
geted new version of libvirt 4.5.0
In which our old containers have broken config and can't start:
2018-12-05 10:38:32.634+0000: 18010: debug :
virLXCControllerGetNICIndexes:368 : Getting nic indexes
2018-12-05 10:38:32.634+0000: 18010: error :
virLXCControllerGetNICIndexes:400 : unsupported configuration:
Unsupported net type direct
Failure in libvirt_lxc startup: unsupported configuration: Unsupported
net type direct
We use next section for network interface:
<interface type='direct'>
<mac address='02:00:21:3b:eb:e1'/>
<source dev='eno1.710' mode='bridge'/>
</interface>
It's linux macvlan solutions and it's worked at least since libvirt
1.2.7 for us.
As I can see, in version 4.1.0 and later, some changes about DIRECT
connect was implemented.
VIR_DOMAIN_NET_TYPE_DIRECT is still fully supported in src/lxc/lxc_driver.c
But in src/lxc/lxc_controller.c
--- libvirt-3.9.0/src/lxc/lxc_controller.c 2017-09-28
13:15:43.322712913 +0300
+++ libvirt-4.1.0/src/lxc/lxc_controller.c 2018-02-28
16:21:05.158799006 +0300
@@ -395,8 +395,14 @@
case VIR_DOMAIN_NET_TYPE_INTERNAL:
case VIR_DOMAIN_NET_TYPE_DIRECT:
case VIR_DOMAIN_NET_TYPE_HOSTDEV:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unsupported net type %s"),
+ virDomainNetTypeToString(ctrl->def->nets[i]->type));
+ goto cleanup;
+ case VIR_DOMAIN_NET_TYPE_LAST:
default:
- break;
+ virReportEnumRangeError(virDomainNetType,
ctrl->def->nets[i]->type);
+ goto cleanup;
}
}
Since version 4.1.0 which config need be used to configure macvlan for
lxc cointainers ?
5 years, 11 months
Re: [libvirt-users] no drm render nodes available
by Erik Skultety
On Thu, Dec 06, 2018 at 05:55:54AM -0800, Michael Taboada wrote:
> Hi,
> Yes. Qemu is version 3.0.0-4, and output is below:
>
> ls -l /dev/dri:
>
> total 0
> drwxr-xr-x 2 root root 60 Nov 28 16:46 by-path
> crw-rw---- 1 root video 226, 0 Nov 28 16:46 card0
>
> domain xml is attached.
> -Michael.
[Putting libvirt-users back on CC]
Yep, this is a pretty serious fail on my account, the code assumes SPICE needs
a DRM render node every time one isn't defined within the XML due to a missing
check for presence of the <gl> element.
I stripped the XML you sent me to the bare minimum to demonstrate a reproducer:
...
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
...
Let me know whether you want to create a BZ/fix the bug/both otherwise I'll
take care of everything and mention you in the commit message.
Thanks,
Erik
5 years, 11 months
[libvirt-users] connecting two vm in a network
by daggs
Greetings,
my router is running under a vm, I want to start another vm on that host and have to connected to the router vm in the same manner the host connects to the vm router.
looking at the docs, I think that guest private network is what I need. thing is, from what I see, I need to define an ip and such. that's what the router suppose to provide so I'm not sure what exactly I need to configure and how.
what is the correct config to achieve what I need?
Thanks,
Dagg.
5 years, 11 months
[libvirt-users] no drm render nodes available
by Michael Taboada
Hi,
I get this error when trying to start a vm using spice as the graphics: "error: internal error: No DRM render nodes available" I can't seem to figure out what could be going on, since it worked just a little while ago.
Using arch linux, and libvirt from git (4.10.0.22.g6a6925b9b7-1).
-Michael.
5 years, 11 months
[libvirt-users] XML-RPC
by Xxxx Zzz
Hi all,
I have 2 Centos servers running libvirtd. They are running using peacemaker
cluster. After I had to reboot server 1, I can't no longer start VMs on
server 2. I'm getting the following error message:
error: Failed to start domain testvm
error: internal error: Process exited prior to exec: libvirt: XML-RPC error
: Failed to connect socket to '/var/run/libvirt/virtlockd-sock': Connection
refused
I can see that the deamon is listening on the port. I also couldn't find
any further information in any logfile.
Any idea?
Thanks,
Markus
5 years, 11 months
[libvirt-users] console type tcp with logging
by Vasiliy Tolstov
Hi! I want to have ability to connect to guest console via libvirt api
(and expose this data to xtermjs via websocket) with getty tty. And
also i want to have log of tty1 (do log grub, kernel booting and
errors).
What i need to do in libvirt xml for such case?
--
Vasiliy Tolstov,
e-mail: v.tolstov(a)selfip.ru
5 years, 11 months
[libvirt-users] How to get list of CPUs compatible with the host CPU and vendor?
by Milan Zamazal
Hi, I'm trying to use virConnectGetDomainCapabilities to get the list of
CPUs compatible with the host CPU. I would like to further limit the
list to CPUs of the same vendor as the host CPU. How can I do that?
I tried to use virConnectBaselineCPU with <vendor> element and checking
whether I obtain the same CPU, but that doesn't filter out CPUs without
any vendor such as `kvm64' or `pentium'.
Thanks,
Milan
5 years, 11 months
