[libvirt-users] [virtual interface] detach interface during boot succeed with no changes
by Yalan Zhang
Hi guys,
when I detach an interface from vm during boot (vm boot not finished), it
always fail. I'm not sure if there is an existing bug. I have
confirmed with someone that for disk, there is similar behavior, if
this is also acceptable?
# virsh destroy rhel7.2; virsh start rhel7.2 ;sleep 2; virsh
detach-interface rhel7.2 network 52:54:00:98:c4:a0; sleep 2; virsh
dumpxml rhel7.2 |grep /interface -B9
Domain rhel7.2 destroyed
Domain rhel7.2 started
Interface detached successfully
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0'/>
</controller>
<interface type='network'>
<mac address='52:54:00:98:c4:a0'/>
<source network='default' bridge='virbr0'/>
<target dev='vnet0'/>
<model type='rtl8139'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
When I detach after the vm boot, expand the sleep time to 10, it will succeed.
# virsh destroy rhel7.2; virsh start rhel7.2 ;sleep 10; virsh
detach-interface rhel7.2 network 52:54:00:98:c4:a0; sleep 2; virsh
dumpxml rhel7.2 |grep /interface -B9
Domain rhel7.2 destroyed
Domain rhel7.2 started
Interface detached successfully
-------
Best Regards,
Yalan Zhang
IRC: yalzhang
Internal phone: 8389413
2 years, 3 months
Need more doc for libvirt-console-proxy
by Guy Godfroy
Hello,
I'm making a web app for my company that will enable different teams to
manage their own VMs. I wish to make possible to interact with each VM
console, so I plan to use some xterm.js with websockets.
So I discovered libvirt-console-proxy [1] when I looked for something to
put a libvirt console into a websocket. That seems like the right tool
for the job.
The only doc I found is this article from 2017 [2]. After trying to
understand from this article and from --help, I still have many
questions. I am really bad at reading code so I can't even get answers
from the sources.
My main concern is: How a client is supposed to talk to the proxy? It is
said that a security token must be provided. How? HTTP header? Which
header? Am I missing something in websocket protocol? I think an example
client implementation would help a lot.
Also, I tried to use virtconsoleresolveradm to set up metadata on my
domains like explained in the article [1] :
./virtconsoleresolveradm enable milou
Enabled access to domain 'milou'
But that doesn't seem to do anything (except defining the metadata
namespace in the XML):
virsh metadata milou http://libvirt.org/schemas/console-proxy/1.0
<consoles/>
I precise that I have already this in my XML:
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
Should I remove that? Should I edit that?
Thanks for your help.
Guy Godfroy
[1] https://gitlab.com/libvirt/libvirt-console-proxy
[2]
https://www.berrange.com/posts/2017/01/26/announce-new-libvirt-console-pr...
3 years, 2 months
trying to understand how libvirt uses firewalld
by Felix Schwarz
Hi,
I recently installed a test box using CentOS 8 and installed a CentOS 8 guest
via libvirt (KVM).
I need to use "routed" forwarding as the datacenter only gives me individual IPs
which are routed to the physical interface and the switch only accepts packets
with a well-known MAC address.
On the host I enabled firewalld and moved the guest to a specific firewalld
zone. I verified that libvirt is detecting firewalld.
My idea was that I could use this to create somewhat fine-grained filters on the
host for traffic from the internet to the guest (and possibly vice-versa).
However it seems like that does not work the way I wanted:
It seems as if nothing changes when I allow/disallow SSH for that zone. I can
still ssh from the internet to the guest.
After several reads on the documentation I have a guess of what might be going
on but I'd like to confirm that:
https://libvirt.org/firewall.html#fw-firewalld-and-virtual-network-driver
> If firewalld is active on the host, libvirt will attempt to place the bridge
> interface of a libvirt virtual network into the firewalld zone named
> "libvirt" (thus making all guest->host traffic on that network subject to
> the rules of the "libvirt" zone).
Does that mean libvirt's firewalld usage is ONLY for traffic guest->host and
does not affect all other traffic (e.g. host->guest, guest<->internet)?
That sounds incredibly narrow (and not very useful for me) but it would explain
why I don't see any effects in my experiment...
---
In a related note it would be nice if there was a way to make routed setups with
individual IPs easier. This problem hunts me for more than 10 years (I think I
posted something in 2009 - still the same problem basically) and it would be
nice if libvirt could somehow support this use case better:
I want to allow traffic guest <-> internet in a routed setup. libvirt generates
iptables rules like these:
Chain LIBVIRT_FWO (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br-private * 10.11.0.0/24
0.0.0.0/0
0 0 REJECT all -- br-private * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 ACCEPT all -- br-public * (NETWORK IP )
0.0.0.0/0
43 3232 REJECT all -- br-public * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
I my case "NETWORK IP" is a /32 IPv4 and AFAIK I have to put the host's IPv4
here (which is basically the router) so I can assign the guest IP inside the VM.
What I need is basically a rule like ACCEPT one above but with the GUEST IP. I
have some elaborate Python script which I can use as a "network" hook but that
requires parsing output of "iptables" due to libvirt's events (e.g. libvirtd
restart triggers one "plugged" event per VM).
Thank you very much,
Felix
3 years, 7 months
l3 cache and cpu pinning
by Roman Mohr
Hi,
I have a question regarding enabling l3 cache emulation on Domains. Can
this also be enabled without cpu-pinning, or does it need cpu pinning to
emulate the l3 caches according to the cpus where the guest is pinned to?
Thank you and best regards,
Roman
3 years, 8 months
GlusterFS pools - do they work?
by lejeczek
Hi guys.
I've been a consumer of libvirt for a while but this is
first time I'm trying this:
-> $ virsh vol-create-as glusterfs-VMs2 fcos-node1.qcow2 20G
--format qcow2
error: Failed to create vol fcos-node1.qcow2
error: this function is not supported by the connection
driver: storage pool does not support volume creation
I'm on CentOS Stream with glusterfs-8.4, libvirt-7 and
qemu-kvm-5.2.0
What might be the issue here?
many thanks, L.
3 years, 8 months
external snapshot create error
by Eyüp Hakan Duran
Dear all,
I have been creating external snapshots of my KVM/QEMU VMs for more than a
year on a host machine that runs Manjaro Linux. The current version of
libvirt I am using is 1:7.1.0-3. I just noticed that the script I am using
for this purpose has been failing. More specifically the command below
returns with the error message indicated underneath the command:
sudo virsh snapshot-create-as --no-metadata --domain myVM myVM-state
--diskspec hda,file=overlay.qcow2 --disk-only --atomic
error: XML document failed to validate against schema: Unable to validate
doc against /usr/share/libvirt/schemas/domainsnapshot.rng
Extra element disks in interleave
Element domainsnapshot failed to validate content
I also tried different versions of the command above with similar results,
such as:
sudo virsh snapshot-create-as mvVM --no-metadata myVM-state --diskspec
hda,snapshot=external,file=overlay.qcow2 --disk-only --atomic
Any pointers will be greatly appreciated!
Hakan Duran
3 years, 8 months
could not start libvirt service
by shafnamol N
Hi,
I am using *CentOS 8*. I have built *libvirt* with the following method:
$ meson build -Dsystem=true
$ ninja -C build
$ ninja -C build install
But the problem is when i started it
# systemctl start libvirtd
Job for libvirtd.service failed because the control process exited
with error code.
See "systemctl status libvirtd.service" and "journalctl -xe" for details.
i tried to get the status of libvirt
# systemctl status libvirtd
libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled;
vendor preset: enabled)
Active: failed (Result: exit-code)
What will be the problem?
Thanks for the help in advanc....
3 years, 8 months
Confusion over networking configuration - I might be able to do some documentation
by Ed B
Hi libvirt users,
I have been using libvirt on Debian Linux for a few months. (Mostly with virt-manager. I haven't yet learned all of the command line commands.)
I'm currently confused by bridge mode networking, which I think is what I require to address the particular use case, which I will describe:
My use case:
Prior to this I have been using routed mode to organize my VMs. Most of the VMs I deploy are for services (web servers, mail servers, etc) so I require them to have static IP addresses on my local network.
==== An aside / comment: I *can* set those static IPs using the command line virsh net-edit (from memory) command and then change the settings in the xml files. However, since this seems like something that many users would require regularly it would be nice to be able to set static IP in the GUI when configuring with virt-manager. I assume that the same people who maintain libvirt also maintain virt-manager? If I'm wrong please re-direct me.
Returning to the main discussion: It would be more convenient for me personally if I were able to set the IP addresses of these VMs using static addresses configured via an external DHCP server. I believe I can do this if my network is in "bridge" mode instead of NAT or Routed. I know this should be possible from reading information online but there doesn't seem to be any option for this in the virt-manager GUI.
==== To give more details on my setup: My network has a pfsense instance which is able to provide IP addresses to local machines. I would like to use the same pfsense machine to provide IP addresses to virtual machines. If I am not mistaken, the only way to do this would be to bridge the network on which the VMs reside to the network on which the pfsense machine resides.
I will provide some screenshots to illustrate my confusion. When creating a new virtual network, I assume that I do not want to enable DHCPv4, because I want the pfsense system to allocate IP addresses. I do not know whether I should leave "Enable ipv4 network address space definition" or what the value should be. See image below.
[cid:4e926d97-7a58-4350-93cc-0db7c401c075]
Further in the setup (step 4), I assume I need to choose "Forward to physical network" rather than "Isolated virtual network".
For the destination option, I do not know what should be chosen. I don't fully understand how this option works.
For "Mode" there are three options: NAT, Routed and finally "Open". I cannot find any documentation which indicates what "Open" means. NAT and Routed are clearly not the correct options here - by a process of elimination that would imply that "Open" means "bridged" but I have a feeling that this is incorrect and I don't understand something else. Again, see screengrab below.
[cid:f2ea4e34-c418-48d3-86b2-d7ff1002990a]
I am quite keen to contribute something to documentation. At the moment I don't understand enough about how libvirt works to be able to do this.
Apologies if my questions have been directed to the wrong people. If this is the case could you please re-direct me to the right place to ask such questions?
Best regards
3 years, 8 months
move mount permission denied
by Jiatong Shen
Hello community!
I am faced with a mysterious [error](
https://gist.github.com/jshen28/5f29eed51e0a1308684214b35f009478) which
says move mount is not permissioned.
We are using libvirt with openstack-helm which running libvirt in a docker
based k8s environment. /dev/termination-log is a device created and
attached by k8s and mount looks like `/dev/mapper/ubuntu--vg-root on
/var/log/termination-log type ext4
(rw,relatime,errors=remount-ro,data=ordered)`
Any idea why this happens? appreciate the help!
--
Best Regards,
Jiatong Shen
3 years, 8 months
how to use external snapshots with memory state
by Riccardo Ravaioli
Hi all,
Best wishes for 2021! :)
So I've been reading and playing around with live snapshots and still
haven't figured out how to use an external memory snapshot. My goal is to
take a disk+memory snapshot of a running VM and, if possible, save it in
external files.
As far as I understand, I can run:
$ virsh snapshot-create $VM
... and that'll take an *internal* live snapshot of a given VM, consisting
of its disks and memory state, which will be stored in the qcow2 disk(s) of
the VM. In particular, the memory state will be stored in the first disk of
the VM. I can then use the full range of snapshot commands available:
revert, list, current, delete.
Now, an external snapshot can be taken with:
$ virsh snapshot-create-as --domain $VM mysnapshot --diskspec
vda,file=/home/riccardo/disk_mysnapshot.qcow2,snapshot=external --memspec
file=/home/riccardo/mem_mysnapshot.qcow2,snapshot=external
... with as many "--diskspec" as there are disks in the VM.
I've read the virsh manual and the libvirt API documentation, but it's not
clear to me what exactly I can do then with an external snapshot, in
particular with the file containing the memory state. In articles from 7-8
years ago people state that external memory snapshots cannot be reverted...
is it still the case today? If so, what's a typical usage for such files?
If not with libvirt, is it possible to revert to an external memory + disk
state in other ways, for instance through qemu commands?
Thanks!
Riccardo
3 years, 8 months