On 5/5/20 9:26 AM, john doe wrote:
On 5/5/2020 8:29 AM, Michal Privoznik wrote:
> Because interface type='bridge' and type='network' are not the same.
The
> libvirt_guest plugin needs a list of MAC addresses because it tries to
> find a match across libvirt domain name -> list of domain's MAC
> addresses -> list of leases. And whenever a domain is started, all its
> interfaces with type='network' will notify the corresponding network and
> the code that handles libvirt networks will dump the MAC address into a
> file for the NSS plugin to use. But, if plain type='bridge' is used then
> all that is done is that the TAP is plugged into the bridge (which
> ensures the connectivity), but does not notify the network which in turn
> means that the MAC dumping code is not run and hence the NSS plugin
> won't find a match.
>
I don't understand why the network can not be notified, could it be a
feature request?
No. interface type='bridge' exists exactly for the reasons that users
want libvirt just to plug TAP device into a bridge they manage. And they
don't want libvirt to touch the bridge in any other way.
> Is there a reason why you are using interface type='bridge' with the
> default network?
>
I'm just starting with libvirt, so I could be missing something.
Yes, I don't need libvirt touching iptables at all.
In other words, is there a way to be able to use libvirt_guest without
having libvirt interacting with iptables.
I'm not quite sure how to achieve NAT then - do you insert the NAT rules
yourself? If it is so, then what you may do is to change the type of the
default network to 'open' and then use interface type='network' from the
domain.
>>
>>
>>
>> Also, from (1):
>>
>> "virsh net-dhcp-leases $network
>> where $network iterates through
>> all running network..."
>>
>> If I understand correctly, the below should list all running network:
>>
>> $ virsh net-dhcp-leases $network
>> error: command 'net-dhcp-leases' requires <network> option
>
> This lists DHCP leases for given network. To list all running networks
> you can use 'virsh net-list'.
>
I would suggest rephrasing the above to something along the lines of:
"virsh net-dhcp-leases $network, where '$network' is to be supstituted
by the desired network (E.G, 'default') or use virsh net-list to list
all available network."
Actually, the whole statement (copied verbatim from the webpage) is:
The NSS module then merely consults the list trying to find the match.
Users can view the list themselves:
virsh net-dhcp-leases $network
where $network iterates through all running networks.
Maybe I'm assuming too much, but this doesn't say that net-dhcp-leases
will print all running networks. The way I read this is: The NSS module
then merely does equivalent of iterating over every running network and
executing 'net-dhcp-leases' and trying to find the match.
I thought that using shell variables in a documentation for an UNIX-like
command is well understood, but maybe I am wrong.
Michal