[libvirt-users] Using qemu active blockcommit results in 'Permission denied' error
by Marcus Hoffmann
Hello all,
I tried following this guide:
https://wiki.libvirt.org/page/Live-disk-backup-with-active-blockcommit
Unfortunately when I try to do the final virsh blockcommit step I always
get the following error:
error: internal error: unable to execute QEMU command 'block-commit':
Could not reopen file: Permission denied
I checked directory und image file permissions, app-armor profiles (set
to complain mode for now.) and libvirt logs but nothing there gives me
any hints what might be going wrong.
This is on a debian buster system, using
libvirtd (libvirt) 5.0.0
qemu 3.1+dfsg-7
I would appreciate any hints on how to proceed/get more debug info on this.
Thanks!
Marcus
6 years
[libvirt-users] lxc - pass filesystem off host's automounts
by lejeczek
hi guys
in my qutest I have this:
...
<filesystem type='mount' accessmode='passthrough'>
<source dir='/home'/>
<target dir='/home'/>
</filesystem>
...
and on the host /home/* are user home dirs which are automounted off a
glusterfs volume.
The guest starts okey, I can see dirs under /home but if I go to
/home/userA I get:
ls: cannot access /home/userA/: Too many levels of symbolic links
Do you know if what I'm trying should just work a okey?
many thanks, L.
6 years
[libvirt-users] Same host migration
by Sukrit Bhatnagar
Hi,
I have been selected for GSoC'19 under qemu and was
trying out migration of the pvrdma device.
For my current task, I need to perform a "null" migration
i.e. migrate the VM to the same host for testing purpose.
I am using libvirt 5.1.0 on Fedora 30.
>From what I know, libvirt does not allow this type of
migration by default.
Trying this:
virsh migrate --unsafe --verbose fedora29 qemu+unix:///system
results in the following error:
error: internal error: Attempt to migrate guest to the same host dell
Is there some way I can get this to work? If the solution
requires changing the source code, then that is
also fine. Using qemu-system-x86_64 to perform
migration allows same-host migration. I need the same
functionality using virsh as libvirt performs some additional
servicing which is required for the device I am migrating.
Thanks,
Sukrit
6 years
[libvirt-users] Cloud automation
by Adrien Macor
Hi,
I have a question for you:
Let’s suppose I have three physical servers; two on the same area, and the last one elsewhere (not on the same network, but all three have connectivity between each others).
May I use this infrastructure with libvirt? I mean in terms of cloud automation: is it possible to remotely deploy VMs (with particulary configurations) with libvirt?
For example, is it possible to have one master node controlling the two others?
Thanks for the reply
6 years
Re: [libvirt-users] Easy solution for custom firewall rules-
by Joshua Kramer
Nakta wrote:
> libvirts nwfilter module can achieve that.
I read over those resources and I did what I thought would be correct,
but it's not having any effect.
I created a new nwfilter like this:
<filter name='allow-virbr2-vpn' chain='ipv4' priority='-700'>
<rule action='accept' direction='in' priority='500'>
<all state='ESTABLISHED'/>
</rule>
<rule action='accept' direction='out' priority='500'>
<all state='ESTABLISHED,RELATED'/>
</rule>
<rule action='accept' direction='in' priority='100'>
<ip dstipaddr='192.168.8.0' dstipmask='24'/>
</rule>
<rule action='accept' direction='out' priority='100'>
<ip srcipaddr='192.168.8.0' srcipmask='24'/>
</rule>
<rule action='drop' direction='inout' priority='500'>
<all/>
</rule>
</filter>
I then associated that filter with the Interface device on the VM
server within KVM... and shutdown/restart that VM.
<interface type='network'>
<mac address='XX:XX:XX:XX:XX:XX'/>
<source network='locservers'/>
<model type='virtio'/>
<filterref filter='allow-virbr2-vpn'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
After this, nothing happens. I did 'ebtables --list', and the new
rules aren't there. I also did the same with iptables as well as
firewalld itself. The new rules are nowhere to be found.
What did I do incorrectly here?
Thanks!
-JK
6 years, 1 month
[libvirt-users] Easy solution for custom firewall rules- is it possible?
by Joshua Kramer
Hello All-
I've looked in several places and haven't found an answer to this
question: is it possible to have libvirt add custom rules to iptables
for virtual network interfaces? I took a look at the "Firewall and
Network Filtering in Libvirt" page and it seems overly complicated for
what I want to do.
Given an interface virbr2 and its network 192.168.4.0/24, libvirt
installs the following rules in iptables. Essentially, these rules
will drop any packets for the interface virbr2 where the source or
destination is not on the 192.168.4.0/24 network.
-P FORWARD ACCEPT
-A FORWARD -d 192.168.4.0/24 -o virbr2 -j ACCEPT
-A FORWARD -s 192.168.4.0/24 -i virbr2 -j ACCEPT
-A FORWARD -i virbr2 -o virbr2 -j ACCEPT
-A FORWARD -o virbr2 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr2 -j REJECT --reject-with icmp-port-unreachable
I have a VPN server on the 4/24 network- and it hands out addresses in
the 8/24 network. So I would like libvirt to also create the
following rules in iptables:
-A FORWARD -d 192.168.8.0/24 -o virbr2 -j ACCEPT
-A FORWARD -s 192.168.8.0/24 -i virbr2 -j ACCEPT
I've tried creating direct rules in firewalld for the FORWARD_direct
chain. Firewalld happily creates those rules, but they are never
reached, because they fall AFTER the libvirt rules. I've also tried
creating an IP address on the virbr2 interface in the 8/24 network,
but that doesn't work either. How can I get this done?
Thanks!!
-JK
6 years, 1 month
