On 5/5/20 11:25 AM, john doe wrote:
On 5/5/2020 10:41 AM, Michal Privoznik wrote:
> On 5/5/20 9:26 AM, john doe wrote:
>> On 5/5/2020 8:29 AM, Michal Privoznik wrote:
>>> Because interface type='bridge' and type='network' are not
the same.
>>> The
>>> libvirt_guest plugin needs a list of MAC addresses because it tries to
>>> find a match across libvirt domain name -> list of domain's MAC
>>> addresses -> list of leases. And whenever a domain is started, all its
>>> interfaces with type='network' will notify the corresponding network
>>> and
>>> the code that handles libvirt networks will dump the MAC address into a
>>> file for the NSS plugin to use. But, if plain type='bridge' is used
>>> then
>>> all that is done is that the TAP is plugged into the bridge (which
>>> ensures the connectivity), but does not notify the network which in
>>> turn
>>> means that the MAC dumping code is not run and hence the NSS plugin
>>> won't find a match.
>>>
>>
>> I don't understand why the network can not be notified, could it be a
>> feature request?
>
> No. interface type='bridge' exists exactly for the reasons that users
> want libvirt just to plug TAP device into a bridge they manage. And they
> don't want libvirt to touch the bridge in any other way.
>
>>
>>> Is there a reason why you are using interface type='bridge' with the
>>> default network?
>>>
>>
>> I'm just starting with libvirt, so I could be missing something.
>>
>> Yes, I don't need libvirt touching iptables at all.
>>
>> In other words, is there a way to be able to use libvirt_guest without
>> having libvirt interacting with iptables.
>
> I'm not quite sure how to achieve NAT then - do you insert the NAT rules
> yourself?
Yes, my frontent to iptables will do that.
> If it is so, then what you may do is to change the type of the
> default network to 'open' and then use interface type='network' from
the
> domain.
>
Thank you, I'll need to look into that.
Is there a way to do that with virt-install?
Let me check the man page for you.
--network network=my_libvirt_virtual_net
>>
>>>>
>>>>
>>>>
>>>> Also, from (1):
>>>>
>>>> "virsh net-dhcp-leases $network
>>>> where $network iterates through
>>>> all running network..."
>>>>
>>>> If I understand correctly, the below should list all running network:
>>>>
>>>> $ virsh net-dhcp-leases $network
>>>> error: command 'net-dhcp-leases' requires <network> option
>>>
>>> This lists DHCP leases for given network. To list all running networks
>>> you can use 'virsh net-list'.
>>>
>>
>> I would suggest rephrasing the above to something along the lines of:
>>
>> "virsh net-dhcp-leases $network, where '$network' is to be
supstituted
>> by the desired network (E.G, 'default') or use virsh net-list to list
>> all available network."
>
> Actually, the whole statement (copied verbatim from the webpage) is:
>
> The NSS module then merely consults the list trying to find the match.
> Users can view the list themselves:
>
> virsh net-dhcp-leases $network
>
> where $network iterates through all running networks.
>
'$network iterates through all running networks.' I don't understand
what 'all networks' refers to?
Just like there can be multiple domains running there can be multiple
networks.
> Maybe I'm assuming too much, but this doesn't say that net-dhcp-leases
> will print all running networks. The way I read this is: The NSS module
> then merely does equivalent of iterating over every running network and
> executing 'net-dhcp-leases' and trying to find the match.
>
> I thought that using shell variables in a documentation for an UNIX-like
> command is well understood, but maybe I am wrong.
>
That is the first time that I see this syntax being used, simply adding
somewhere that when an example for a command is shown like so, this
should be substituted.
Our docs are kept in a repository. In this specific example it is
docs/nss.html.in:
https://gitlab.com/libvirt/libvirt/-/blob/master/docs/nss.html.in
If you feel like our docs are misleading, please post a patch.
Michal