November 2020 - Users - libvirt List Archives

DNS forwarding for guest domains on isolated network
by Jörg Kastning 11 Nov '20

11 Nov '20

Hi @all, I'm having trouble to realize my use case and hope somebody could help me. # Use case For a home lab I want to deploy several guest domains. These domains must not have a direct or NAT connection to the internet or my LAN. They should only be able to reach my LAN and the internet through a proxy. # What I've done I've created the following virtual switch in isolated mode: $ sudo virsh net-dumpxml private1 <network connections='3'> <name>private1</name> <uuid>THE-UUID</uuid> <bridge name='virbr1' stp='on' delay='0'/> <mac address='DE:AD:BE:EF:FF:FF'/> <domain name='private1'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.128' end='192.168.100.254'/> </dhcp> </ip> </network> I've setup a guest domain that serves as a proxy and several other guests. # My issue Nameresolution for *.private1 works fine on this network. But I'm not able to resolve domains from the outside world like github.com. I understood that libvirt is forwarding dns resolution requests to the hosts nameserver configured in /etc/resolv.conf in case the dnsmasq instance for the virtual network is not able to resolve the name. My guess, in my setup this don't work, because the virtual switch is in isolated mode, right? # My questions * What can I do to achieve my use case described above? * Is it possible to use the isolated mode here or do I have to use a different mode? It's important that the guest domains could only connect to the internet by using the proxy. Regards, Joerg

2 2

Upgrade CentOS 7 to 8, error: network is already in use by interface
by Filip Hruska 07 Nov '20

07 Nov '20

Hi, I've been trying to migrate some of my CentOS 7 KVM hypervisors to CentOS 8, and I have encountered the following issue while trying to load my network config: virsh: error: Failed to start network test1 error: internal error: Network is already in use by interface virbr2 journalctl: error : networkCheckRouteCollision:123 : internal error: Network is already in use by interface virbr2 I use the following network definitions, which are a bit non-standard, however they work perfectly on CentOS 7: <network> <name>test1</name> <forward mode='open'/> <bridge name='virbr1' stp='off' delay='0'/> <mac address='52:54:00:c1:a7:7c'/> <dns enable='no'/> <ip address='10.0.0.1' netmask='255.255.255.255'></ip> <route address='192.168.1.22' prefix='32' gateway='10.0.0.1'/> </network> <network> <name>test2</name> <forward mode='open'/> <bridge name='virbr2' stp='off' delay='0'/> <mac address='52:54:00:54:09:3c'/> <dns enable='no'/> <ip address='10.0.0.1' netmask='255.255.255.255'></ip> <route address='192.168.1.33' prefix='32' gateway='10.0.0.1'/> </network> My question is, why is the behaviour different across CentOS releases, despite the libvirt versions apparently matching? Output from both systems is the same: # virsh version Compiled against library: libvirt 4.5.0 Using library: libvirt 4.5.0 Using API: QEMU 4.5.0 Running hypervisor: QEMU 2.12.0 What would be the best approach on patching out this check, so I can continue using my network config? Just to summarize the expected output: - virbr1 and virbr2 get created, each one with an address 10.0.0.1/32. - Two routes get created: 192.168.1.22 via 10.0.0.1 dev virbr1 192.168.1.33 via 10.0.0.1 dev virbr2 Thanks, Filip Hruska

1 0

consume existing tap device when libvirt / qemu run as different users
by Miguel Duarte de Mora Barroso 07 Nov '20

07 Nov '20

Hello, I'm having some doubts about consuming an existing - already configured - tap device from libvirt (with `managed='no' ` attribute set). In KubeVirt, we want to have the consumer side of the tap device run without the NET_ADMIN capability, which requires the UID / GID of the tap creator / opener to match, as per the kernel code in [0]. As such, we create the tap device (with the qemu user / group on behalf of qemu), which will ultimately be the tap consumer. This leads me to question: why is libvirt opening / calling `ioctl(..., TUNSETIFF, ...) ` on the tap device when it already exists - [1] & [2] ? Why can't the tap device (already configured) be left alone, and let qemu consume it ? The above is problematic for KubeVirt, since our setup currently has libvirt running as root (while qemu runs as a different user), which is preventing us from removing NET_ADMIN (libvirt & qemu run as different users). Thanks in advance for your time, Miguel [0] - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/dri… [1] - https://github.com/libvirt/libvirt/blob/99a1cfc43889c6d425a64013a12b234dde8… [2] - https://github.com/libvirt/libvirt/blob/v6.0.0/src/util/virnetdevtap.c#L274

2 1

Set hostname of guest during installation time
by john doe 05 Nov '20

05 Nov '20

Hi, I would like to set the hostname when installing a guest, with the below command the hostname is not set to 'try06' in the guest: virt-install --name=try06 --graphic none --pxe --network bridge=virbr0 How can I set the hostname of the guest during installation time? I realy appriciate the support I'm getting in here, I'm fairly new to libvirt. -- John Doe

4 24

Libvirt driver iothread property for virtio-scsi disks
by Nir Soffer 04 Nov '20

04 Nov '20

The docs[1] say: - The optional iothread attribute assigns the disk to an IOThread as defined by the range for the domain iothreads value. Multiple disks may be assigned to the same IOThread and are numbered from 1 to the domain iothreads value. Available for a disk device target configured to use "virtio" bus and "pci" or "ccw" address types. Since 1.2.8 (QEMU 2.1) Does it mean that virtio-scsi disks do not use iothreads? I'm experiencing a horrible performance using nested vms (up to 2 levels of nesting) when accessing NFS storage running on one of the VMs. The NFS server is using scsi disk. My theory is: - Writing to NFS server is very slow (too much nesting, slow disk) - Not using iothreads (because we don't use virtio?) - Guest CPU is blocked by slow I/O Does this make sense? [1] https://libvirt.org/formatdomain.html#hard-drives-floppy-disks-cdroms Nir

3 4

proper config for qemu's host_cdrom
by daggs 02 Nov '20

02 Nov '20

Greetings, I was wondering what is the proper way to configure a scsi cdrom pass-through so in when the qemu line is generated, host_Cdrom will be used instead of host_device. looking at https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_block.c#L1090, I see that hostcdrom must be true. in order for that to be true, the following must be (see https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_domain.c#L71…) 1. disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM 2. disksrc->format == VIR_STORAGE_FILE_RAW 3. virStorageSourceIsBlockLocal(disksrc) 4. virFileIsCDROM(disksrc->path) == 1 virFileIsCDROM uses the kernel, so I assume that as disksrc->path points to the actual path (I can see it in the qemu line) than #4 returns 1. the other 3 are more complicated. my xml snippet is this: <devices> <hostdev mode='subsystem' type='scsi' rawio='yes'> <source> <adapter name='scsi_host0'/> <address bus='0' target='0' unit='0'/> </source> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </hostdev> </devices> Thanks, Dagg

2 2

about the new added attributes "check" and "type" for interface mac element
by Yalan Zhang 02 Nov '20

02 Nov '20

Hi all, I have done some tests for the new attributes "check" and "type", could you please help to have a check? And I have some questions about the patch, please help to have a look, Thank you! The questions: 1. in step 4 below, the error message should be updated: Actual results: XML error: invalid mac address **check** value: 'next'. Valid values are "generated" and "static". expected results: XML error: invalid mac address **type** value: 'next'. Valid values are "generated" and "static". 2. I have checked the vmware OUI definition and found this: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking… it says the VMware OUI is 00:50:56, not 00:0c:29 in the patches. Am I missing something? 3. Could you please tell more about the user story? as I can not understand the scenario when " it will ignore all the checks libvirt does about the origin of the MAC address(whether or not it's in a VMWare OUI) and forward the original one to the ESX server telling it not to check it either". Does it happen when we try to transform a kvm guest to a vmware guest? 4. How to test it as a libvirt QE? Are the test scenarios below enough without ESX env? Test steps: 1. Start vm with different configuration with mac in "00:0c:29" range: # virsh dumpxml rhel | grep /interface -B12 ... <interface type='network'> <mac address='00:0c:29:e7:9b:cb' type='generated' check='yes'/> <source network='default'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/> </interface> <interface type='network'> <mac address='00:0c:29:3b:e0:50' type='static' check='no'/> <source network='default'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x0d' slot='0x00' function='0x0'/> </interface> <interface type='network'> <mac address='00:0c:29:73:f6:dc' type='generated' check='no'/> <source network='default'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x0e' slot='0x00' function='0x0'/> </interface> <interface type='network'> <mac address='00:0c:29:aa:dc:6c' type='static' check='yes'/> <source network='default'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x0f' slot='0x00' function='0x0'/> </interface> # virsh start rhel Domain rhel started 2. login guest and check the interfaces: # ip addr ... 2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:e7:9b:cb brd ff:ff:ff:ff:ff:ff inet 192.168.122.142/24 brd 192.168.122.255 scope global dynamic noprefixroute enp5s0 valid_lft 3584sec preferred_lft 3584sec inet6 fe80::351c:686a:863e:4a7f/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: enp11s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:3b:e0:50 brd ff:ff:ff:ff:ff:ff inet 192.168.122.202/24 brd 192.168.122.255 scope global dynamic noprefixroute enp11s0 valid_lft 3584sec preferred_lft 3584sec inet6 fe80::2b79:4675:6c59:6822/64 scope link noprefixroute valid_lft forever preferred_lft forever 4: enp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:73:f6:dc brd ff:ff:ff:ff:ff:ff inet 192.168.122.33/24 brd 192.168.122.255 scope global dynamic noprefixroute enp12s0 valid_lft 3584sec preferred_lft 3584sec inet6 fe80::e43d:555:ba85:4030/64 scope link noprefixroute valid_lft forever preferred_lft forever 5: enp13s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:aa:dc:6c brd ff:ff:ff:ff:ff:ff inet 192.168.122.161/24 brd 192.168.122.255 scope global dynamic noprefixroute enp13s0 valid_lft 3584sec preferred_lft 3584sec inet6 fe80::f32d:e2e8:9c8b:47fd/64 scope link noprefixroute valid_lft forever preferred_lft forever 3. start vm without the "check" and "type" attributes, and check the live xml do not include these attributes, either. # virsh start vm1 virshDomain vm1 started # virsh dumpxml vm1 | grep /interface -B8 </controller> <interface type='network'> <mac address='52:54:00:bb:cd:89'/> <source network='default' portid='b02dc78f-69ad-4db7-870c-f371fd730537' bridge='virbr0'/> <target dev='vnet22'/> <model type='virtio'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> 4. negative test: Set "<mac address='52:54:00:bb:cd:89' type='next'/>" in virsh edit # virsh edit vm1 error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng Extra element devices in interleave Element domain failed to validate content Failed. Try again? [y,n,i,f,?]: ----> press 'i' error: XML error: invalid mac address check value: 'next'. Valid values are "generated" and "static". Failed. Try again? [y,n,f,?]: ------- Best Regards, Yalan Zhang IRC: yalzhang

1 1