February 2012 - Users - libvirt List Archives

[libvirt-users] How to securely license guests?
by David Knierim 05 Feb '12

05 Feb '12

Hi, I have been asked to research and recommend a method to securely license guests on RHEL/KVM 6.2+ hosts. The guests will be running CentOS or RHEL (5.X or 6.2+). The primary driver to license the software is that we will be selling Telecommunications software in countries where it is common to pirate software. As such, we are worried about the software being purchased one time and then multiple instances of the software being used. We plan to use a USB security dongle (I hate that word!) of some kind. If we were running without virtualization, the solution is pretty straight forward. We would install the security dongle on the server and compile the licensing library which accessed the dongle into our code. We understand that this could be circumvented by a dedicated foe, but it would be reasonably secure. However, as soon as the licensed code is running in a guest, things get a lot more complicated. My first thought was that we could use PCI passthrough to map the USB controller to one guest. Unfortunately, they want to have multiple guests access the same security dongle concurrently. I could see using a bridge that is only on the host to allow the guests to communicate with the host which proxies the requests to the security device. However, it would be pretty easy to connect a network tunnel to the bridge which could allow guests at remote sites to access the security dongle and this would allow the licensed software to be replicated. Can anyone recommend a solution or partial solution to this issue? Any thoughts are welcome, David

1 0

[libvirt-users] Deploying OVF on Different virtual platforms
by Nikunj Badjatya 04 Feb '12

04 Feb '12

Hi All, I am new to Virtualization and Libvirt. Pardon if any information is missing.! I am using VMware PowerCLI And Python to automate tasks for managing my Virtual Infrastructure. I have recently come across Libvirt. and have certain questions. Q1. Can Libvirt be used to deploy OVFs on ESX servers.? Q2. If I wrote a script using Libvirt's Python binding ( A simple one, Say turn on/off/suspend VM) , will that script work on different virtualisation platforms.( HyperV, XEN, VMware-ESX ) ? Q3. Is there a suitable reference for Libvirt's Python APIs ? Thanks, Nikunj Bangalore-India

1 0

Re: [libvirt-users] Can a VM tell what host it's on?
by Paul Lussier 03 Feb '12

03 Feb '12

On Thu, Feb 2, 2012 at 2:08 PM, Eric Blake <eblake(a)redhat.com> wrote: > Did you mean for this to go to the list? Yes, sorry :) > On 02/02/2012 12:04 PM, Paul Lussier wrote: >> On Thu, Feb 2, 2012 at 1:52 PM, Eric Blake <eblake(a)redhat.com> wrote: >>> On 02/02/2012 11:33 AM, Whit Blauvelt wrote: >>>> Is there a way internal to a KVM VM to know which host it's running on? >>> >>> No. The ideal hypervisor is one where the guest doesn't even know it is >>> running as a virtual machine. And consider live migration - a guest >>> might not be running on the same host over its lifetime. Therefore, >>> there should be nothing that requires a guest to know which host it is >>> running on. >> >> From a system administration perspective, though, it's imperative to >> know what physical hosts your VMs are running on. Perhaps the VM >> itself doesn't know, but the sysadmin should be able to have some >> means of figuring this out in a dynamic manner, not simply by "keeping >> track" of where VMs are deployed. > > Yes, but that's a different question. It's not the guests' job to know > which host they are running on, rather, it's the management app _outside > of the guests_ that knows which hosts are running which guests. What do you mean by "management app", virt-manager, or something else ? >>> Why do you think you need it? Perhaps if you ask a better question >>> about what you are really trying to solve, we can give a better answer. >> >> Asset tracking, physical host trouble-shooting, etc. If I'm running >> an environment with 2K physical systems, each of which are running 20+ >> VMs, and someone reports a problem with vm-23475, it would be really >> nice to know that I can ask that VM where it is on my network and on >> what physical hosts. Especially if that VM has been around a while >> and possibly migrated to/from several physical systems. > > That's more a question you should be directing to your management app, > not to your guest. Your management app should know which host is > currently running vm-23475; you shouldn't have to directly query > vm-23475 itself (besides, if you treat guests as untrusted code, you > wouldn't want to rely on any answer vm-23475 gave you in the first place). While I agree with you in principle, my impression is that people are not treating guests as untrusted code, but rather, almost exactly like physical hosts. Perhaps I haven't had the luxury of being in a virtual environment where people are doing things the way they were intended :) -- Paul

3 3

[libvirt-users] Can a VM tell what host it's on?
by Whit Blauvelt 02 Feb '12

02 Feb '12

Is there a way internal to a KVM VM to know which host it's running on? It could send a command via ssh to virsh on a host, and learn from that whether the host currently has it running. But is there something within the VM itself which will reveal this? Thanks, Whit

4 6

[libvirt-users] I want to ask How can I get something like id, uuid, its dom0 in the domU ?
by Ming Q 02 Feb '12

02 Feb '12

hello! I'm new here. I want to ask How can I get something like id, uuid, its dom0 in the domU ?

1 0

[libvirt-users] Gigabit network card not fully operational using KVM/Ubuntu
by Josir Cardoso Gomes 01 Feb '12

01 Feb '12

Hi folks, *Host:* Ubuntu 10.04.3 with KVM lspci | grep net 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 06) *Guest:* Ubuntu 10.04.3 lspci: 00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02) 00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II] 00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II] 00:01.2 USB Controller: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] (rev 01) 00:01.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 03) 00:02.0 VGA compatible controller: Cirrus Logic GD 5446 00:03.0 Ethernet controller: Qumranet, Inc. Virtio network device *Problem:* The virtio network device operates on 100Mbits. How do I know that it operates on 100Mbits ? I copy a single big file via rsh and I can see the real speed. The network is completely dedicated to this operations, that is, there is no other traffic between other machines. *Question:* What do I have to do to use full bandwidth ? If this is not the best forum to ask this question, do you suggest another channel ? Thanks in advance, Josir Gomes

1 0

[libvirt-users] libvirt 0.9.4-23 on CentOS 6.2 with xen support
by Rudolf Ladyzhenskii 01 Feb '12

01 Feb '12

Hi, all I am trying to install xen on CentOS 6.2. (64 bit on Intel CPU). I am at the stage when xen kernel is app and running and xend is running. Next issue is that I am getting following message when tyring to run virt-manager: no connection driver available for No connection for URI xen:/// Some Google search pointed me to the fact that libvirt as installed from CentOS repository is not built with xen support. I found some quides on how to rebuild libvirt from source with patches for xen support and follow them. I am trying to rebuild libvirt version 0.9.4-23, as this is the rpm that was installed on CentOS. I am getting an error as I build the rpm. xencapstest fails. So, there are few questions: 1. Is there an easier way to get libvirt to work with xen? 2. If rebuilding of RPM is the only option, how do I fix xencaps error? Thanks, Rudolf P.S. Guide I am trying to follow is: http://www.howtoforge.com/virtualization-with-xen-on-centos-6.2-x86_64-para…

1 0