[libvirt-users] Disable guest discovery in virt-manager
by Gionatan Danti
Hi all,
on CentOS7 / RHEL7 launching virt-manager causes a "discovery process"
of the various configured VMs.
This discovery is executed by inspection and overlayed disk files and it
create a very short lived guest-xxxzzzyyy virtual machine. The end
result is a pretty icon to the left of the virtual machine entry (ie:
CentOS icon for a CentOS VM) and the list of installad packages inside
the virtual disk.
That said, I would like to disable such behavior. How can I do that?
Thanks.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti(a)assyoma.it - info(a)assyoma.it
GPG public key ID: FF5F32A8
6 years, 7 months
[libvirt-users] start a domain, minimal memory request.
by llilulu
Hi:
I use libvirt manage virtual guest, When I start many virtual domain(my host 128G physical memory), example, I start 100 guest, 1G per guest。sometime I will encounter "cannot allocate memory", "cannot set up guest memory \'pc.ram\': cannot allocate memory". sometime encounter qemu process killed by system(oom),
I want to know what minimal memory need when start a domain ? and how many host free memory reserve can ensure vm running steady.
Thanks
6 years, 7 months
[libvirt-users] unprivileged container has wrong owners inside in /proc/ and /sys
by mxs kolo
We run unprivileged lxc containers (libvirt based) with next config:
...
<idmap>
<uid start='0' target='65535' count='65535'/>
<gid start='0' target='65535' count='65535'/>
</idmap>
...
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/lib/libvirt/lxc/test1'/>
<target dir='/'/>
</filesystem>
...
</devices>
Before start we need mount container's LVM:
mount /dev/data/test1 /var/lib/libvirt/lxc/test1
And shift uid/gid:
./uidmapshift -b /var/lib/libvirt/lxc/test1 0 65535 65535
(uidmapshift.c is simple utility, found in LXD community)
As result, our FS permissions look from hardware node as:
[root(a)ops-node01.infra]# ls -la /var/lib/libvirt/lxc/test1/
total 8
dr-xr-xr-x 19 65535 65535 275 Apr 9 18:55 .
drwxrwxrwx 3 root root 26 Apr 9 19:32 ..
-rw-r--r-- 1 65535 65535 0 Mar 30 18:20 .autorelabel
lrwxrwxrwx 1 65535 65535 7 Mar 2 2017 bin -> usr/bin
dr-xr-xr-x 2 65535 65535 6 Nov 5 2016 boot
drwxr-xr-x 4 65535 65535 206 Mar 30 18:03 dev
drwxr-xr-x 59 65535 65535 4096 Apr 9 18:57 etc
drwxr-xr-x 2 65535 65535 6 Nov 5 2016 home
lrwxrwxrwx 1 65535 65535 7 Mar 2 2017 lib -> usr/lib
lrwxrwxrwx 1 65535 65535 9 Mar 2 2017 lib64 -> usr/lib64
drwxr-xr-x 2 65535 65535 6 Nov 5 2016 media
drwxr-xr-x 2 65535 65535 6 Nov 5 2016 mnt
drwxr-xr-x 2 65535 65535 6 Apr 9 18:55 .oldroot
drwxr-xr-x 3 65535 65535 24 Mar 2 2017 opt
dr-xr-xr-x 2 65535 65535 6 Nov 5 2016 proc
dr-xr-x--- 4 65535 65535 172 Apr 9 18:57 root
drwxr-xr-x 13 65535 65535 178 Mar 30 18:03 run
lrwxrwxrwx 1 65535 65535 8 Mar 2 2017 sbin -> usr/sbin
drwxr-xr-x 2 65535 65535 21 Mar 30 18:03 selinux
drwxr-xr-x 2 65535 65535 6 Nov 5 2016 srv
dr-xr-xr-x 2 65535 65535 6 Nov 5 2016 sys
drwxrwxrwt 7 65535 65535 93 Apr 6 21:08 tmp
drwxr-xr-x 13 65535 65535 155 Mar 2 2017 usr
drwxr-xr-x 18 65535 65535 254 Mar 30 18:20 var
Container running, but some FS objects inside get owner 65534.65534:
[root@test1 ~]# find / -uid 65534 -ls | wc -l
40084
It's mostly /sys and /proc objects:
[root@test1 ~]# ls -la /
total 8
dr-xr-xr-x 19 root root 275 Apr 9 18:55 .
dr-xr-xr-x 19 root root 275 Apr 9 18:55 ..
-rw-r--r-- 1 root root 0 Mar 30 18:20 .autorelabel
drwxr-xr-x 2 root root 6 Apr 9 18:55 .oldroot
lrwxrwxrwx 1 root root 7 Mar 2 2017 bin -> usr/bin
dr-xr-xr-x 2 root root 6 Nov 5 2016 boot
drwxr-xr-x 6 root root 440 Apr 9 20:40 dev
drwxr-xr-x 59 root root 4096 Apr 9 18:57 etc
drwxr-xr-x 2 root root 6 Nov 5 2016 home
lrwxrwxrwx 1 root root 7 Mar 2 2017 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Mar 2 2017 lib64 -> usr/lib64
drwxr-xr-x 2 root root 6 Nov 5 2016 media
drwxr-xr-x 2 root root 6 Nov 5 2016 mnt
drwxr-xr-x 3 root root 24 Mar 2 2017 opt
dr-xr-xr-x 348 65534 65534 0 Apr 9 20:40 proc
dr-xr-x--- 4 root root 172 Apr 9 18:57 root
drwxrwxrwt 15 root root 360 Apr 9 20:40 run
lrwxrwxrwx 1 root root 8 Mar 2 2017 sbin -> usr/sbin
drwxr-xr-x 2 root root 21 Mar 30 18:03 selinux
drwxr-xr-x 2 root root 6 Nov 5 2016 srv
dr-xr-xr-x 13 65534 65534 0 Apr 9 20:40 sys
drwxrwxrwt 7 root root 93 Apr 6 21:08 tmp
drwxr-xr-x 13 root root 155 Mar 2 2017 usr
drwxr-xr-x 18 root root 254 Mar 30 18:20 var
[root@test1 ~]# find /sys/ -uid 65534 -ls | wc -l
36871
[root@t1 ~]# find /proc -uid 65534 -ls | wc -l
3200
[root@test1 ~]# find /dev -uid 65534 -ls
2121875 0 drwxrwxrwt 2 65534 65534 40 Apr 10 13:57 /dev/mqueue
It's feature ? Look like libvirt make all this objects from real root
with owner root.root
You can't call virLXCControllerSetupUserns() before make this objects, right ?
Because you need root permissions for some operations.
After you set uid range for process 65535-131070, we can't show object
with uid.gid 0 and then kernel use values from
/proc/sys/kernel/overflowuid and /proc/sys/kernel/overflowgid.
It's can probably affect some process in container ?
As solution is shift uid/gid _after_ make all objects and _before_
enter userNS ?
As workaround we can try set 0 for overflowuid and overflowgid
p.s.
We use type='mount' instead type='block' because in unprivileged
container mount() call failed, more detailes in
https://bugzilla.redhat.com/show_bug.cgi?id=1328946
b.r.
Maxim Kozin
6 years, 7 months
[libvirt-users] nm-bridge & nm-team and no connection.
by lejeczek
hi guys
I have a kvm quest & two nodes.
a kvm guest on nodeA and IPaddr2 on nodeB(at this time)
nodeA & nodeB comprise a HA cluster
now...
- nodeA can ping IPaddr2 IP
- nodeB can ping kvm guest IP
- kvm guest can get to nodeB's IP but*
Only a bit non-common bit in my setup is:
- both nodeA & nodeB be interfaces which are relevant to the
subnet on which it operates are NetworkManger bridges put on
top of NM team devices, like: ifaceSlaveA + ifaceSlaveB =
teamInt = bridgeInt
But maybe it's common, maybe many do that(?)
And it seems that that "bridge ontop of nm-team" is doing
something not... well, not doing something(?)
*but - If I do not nmcli c d & nmcli c u on that nm-bridge
before I start kvm guest then all nodes, except for the host
to the guest, cannot get to kvm-guest's IP which is on the
hosts' bridge network.
I did that and then... I reboot kvm guest and.. again cannot
ping between kvm guest and other nodes.
bit tricky, how would you trouble shoot it? Where to start?
many thanks, L.
6 years, 7 months
[libvirt-users] Permissions and ownership on /dev/kvm keep reverting after starting a vm
by TomK
Hey guys,
/dev/kvm permissions and ownership keeps reverting after starting a vm.
The ownership and permissions keep going back to
crw-rw—— root root ....
After starting a vm. I have to revert the perms and ownership to:
crw-crw-crw root kvm ....
To start any vm but it goes back to the first set of permissions as soon
as I start another vm. Wondering what could be doing this?
Cheers,
Tom
Sent from my iPhone
6 years, 7 months
[libvirt-users] error : virHashForEach:597 : Hash operation not allowed during iteration
by Vincent Bernat
Hey!
On many of our servers, we often have the following error:
error : virHashForEach:597 : Hash operation not allowed during iteration
When querying the list of domains, this means libvirt will silently
return 0 domain (most uses of virHashForEach don't handle the return
code).
We are using a hook, but the hook doesn't query libvirt back, so it
should be safe from this point of view. However, we have several sources
querying libvirt at regular interval (once every 5 seconds from two
different sources). I am unable to reproduce the problem with just
running "virsh list" in parallel.
We are using libvirt 3.6.
Is it an expected constraint to not be able to reliably query libvirt
from several sources? Have fixes for this problem been pushed since 3.6?
--
A kind of Batman of contemporary letters.
-- Philip Larkin on Anthony Burgess
6 years, 7 months
[libvirt-users] Adjusting vram for windows/photoshop
by Alex
Hi,
I have a fedora27 system with a win10 guest trying to use photoshop
2015. I've adjusted the vram parameter for the guest to 512M with QXL,
but photoshop still reports "3D features and some filters require
512MB vRAM and photoshop has detected less than that on your system."
What is the proper way to adjust the vram value to provide at least 512MB vram?
I've included my xml config below. I'm connecting to the guest using
VNC. I believe I have the server side configured properly for spice,
but do I need a windows client to use it to connect to the guest?
<domain type='kvm'>
<name>win10</name>
<uuid>337f9410-3286-4ef5-a3e8-8271e38ea1e5</uuid>
<memory unit='KiB'>6320128</memory>
<currentMemory unit='KiB'>6320128</currentMemory>
<vcpu placement='static'>4</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-2.4'>hvm</type>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
</hyperv>
<vmport state='off'/>
</features>
<cpu mode='host-model' check='partial'>
<model fallback='allow'/>
</cpu>
<clock offset='localtime'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='yes'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/bin/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/win10.qcow2'/>
<target dev='vda' bus='virtio'/>
<boot order='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07'
function='0x0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdb' bus='ide'/>
<readonly/>
<boot order='1'/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='usb' index='0' model='ich9-ehci1'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x7'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci1'>
<master startport='0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0' multifunction='on'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci2'>
<master startport='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x1'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci3'>
<master startport='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01'
function='0x1'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x0'/>
</controller>
<controller type='scsi' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x09'
function='0x0'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:52:6b:61'/>
<source bridge='br0'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04'
function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='524288'
heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02'
function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08'
function='0x0'/>
</memballoon>
</devices>
</domain>
6 years, 7 months
[libvirt-users] Virsh Domain - Serial port; what does the attribute “port” of the serial node's child “target” do?
by thilo.cestonaro@ts.fujitsu.com
Hi all!
I want to assign a real serialport to my kvm virtual machine via virsh.
When I add the following XML snippet to the domain xml, it gets successfully
attached but not as I expected it to happen.
<serial type='dev'>
<source path='/dev/ttyS3'/>
<target type='isa-serial' port='2'>
<model name='isa-serial'/>
</target>
<alias name='ua-Serial3'/>
</serial>
I expected, that given the target port 2 it will be connected to /dev/ttyS2 in
the VM. But the target port gets totaly ignored and it will always be connected
to ttyS0. Unless I define another serial before this, then it is connected to
ttyS1, which is just the order of the serial devices in the xml then, still
ignoring the target port. So, do I understand the target port absolutely wrong
or is this a bug virsh?
Cheers Thilo
6 years, 7 months
[libvirt-users] IP pool x bridge
by Thiago Oliveira
Hi there!
I have a question about IP Pool. I have one physical server with a ip pool
with /28 and I would like to use those IP's into the guests. I have tried
the below:
1-) Use bridge on physical server, create bridge in network configurations
and configure the IP into the guest. Ok, works, but someone can change the
IP, for example, change from 104.34.45.23/28 to 104.34.45.24/28. This is
not good. How can I prevent this change by the user using bridge mode?
2-) Create a subnet pool with /29, but the system returns the error because
the pool is at the same subnet of the bridge.
Thanks.
Thiago
6 years, 7 months
