April 2013 - Users - libvirt List Archives

[libvirt-users] Lack of ebtables rules when using nwfilters
by Maciej Gałkiewicz 23 Apr '13

23 Apr '13

Hi I am using libvirt (0.9.12) with openstack and xen. It looks like libvirt is not creating ebtables rules against arp spoofing etc. Here are my configs: VM definition: <domain type='xen'> <uuid>d49b777f-32f1-4093-ae47-a12efd0efd2c</uuid> <name>instance-00000168</name> <memory>2097152</memory> <os> <type>linux</type> <root>/dev/xvda</root> <kernel>/var/lib/nova/instances/instance-00000168/kernel</kernel> <cmdline>ro</cmdline> <initrd>/var/lib/nova/instances/instance-00000168/ramdisk</initrd> </os> <features> <acpi/> </features> <vcpu>2</vcpu> <devices> <disk type='file' device='disk'> <driver type='raw' cache='none'/> <source file='/var/lib/nova/instances/instance-00000168/disk'/> <target dev='sda' bus='scsi'/> </disk> <disk type='file'> <driver type='raw' cache='none'/> <source file='/var/lib/nova/instances/instance-00000168/disk.swap'/> <target dev='sdb' bus='scsi'/> </disk> <interface type='bridge'> <source bridge='br0'/> <mac address='fa:16:3e:1e:70:87'/> <filterref filter="nova-instance-instance-00000168-fa163e1e7087"> <parameter name="IP" value="10.255.0.114" /> <parameter name="DHCPSERVER" value="10.255.0.3" /> </filterref> </interface> <console type='pty'/> <graphics type='vnc' port='-1' autoport='yes' keymap='en-us' listen='127.0.0.1'/> </devices> </domain> # virsh nwfilter-dumpxml nova-instance-instance-00000168-fa163e1e7087 <filter name='nova-instance-instance-00000168-fa163e1e7087' chain='root'> <uuid>b6475525-5901-aeab-4ed0-dc0d7b545aea</uuid> <filterref filter='nova-base'/> </filter> # virsh nwfilter-dumpxml nova-base <filter name='nova-base' chain='root'> <uuid>197b7f7a-389c-bd6d-6b77-07b88d3d9138</uuid> <filterref filter='no-mac-spoofing'/> <filterref filter='no-ip-spoofing'/> <filterref filter='no-arp-spoofing'/> </filter> # ebtables -t nat -L Bridge table: nat Bridge chain: PREROUTING, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT Bridge chain: POSTROUTING, entries: 0, policy: ACCEPT # ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT logs: 2013-04-23 10:47:37.438+0000: 30155: debug : virNWFilterDefineXML:16099 : conn=0x1331ff0, xmlDesc=<filter name='nova-instance-instance-00000167-fa163e4faae5' chain='roo t'><filterref filter='nova-base'/></filter> 2013-04-23 10:47:37.544+0000: 30155: debug : virNWFilterFree:15971 : nwfilter=0x7f18400bc2b0 2013-04-23 10:47:37.544+0000: 30155: debug : virUnrefNWFilter:1262 : unref nwfilter 0x7f18400bc2b0 nova-instance-instance-00000167-fa163e4faae5 1 2013-04-23 10:47:37.544+0000: 30155: debug : virReleaseNWFilter:1222 : release nwfilter 0x7f18400bc2b0 nova-instance-instance-00000167-fa163e4faae5 875ff1e5-fc4d-2fca-9 da2-f163f273ad6a 2013-04-23 10:47:37.544+0000: 30155: debug : virReleaseNWFilter:1229 : unref connection 0x1331ff0 2 regards Maciej Gałkiewicz

2 1

[libvirt-users] Create image from running domain
by Hongbin Lu 23 Apr '13

23 Apr '13

Hi. A short question. I want to know what is the proper steps to create an image from a running domain and use it as base image of another domains. The domain is with Qemu Hypervisor, persistent, and created based on Ubuntu Cloud image. Thank in advance Hongbin

3 2

[libvirt-users] failure creating a snapshot volume within a lvm-based pool
by Edoardo Comar 23 Apr '13

23 Apr '13

Hi I have defined a logical pool and a volume within it # virsh vol-create-as images_lvm myvol 2G Vol myvol created # virsh vol-list images_lvm Name Path ----------------------------------------- myvol /dev/libvirt_images_vg/myvol if I try to create another volume using the previous one as backing-vol, the creation fails with what looks like an incorrect commandline for lvcreate: # virsh vol-create-as images_lvm myvol-instance 2G --backing-vol myvol error: Failed to create vol myvol-instance error: internal error Child process (/usr/sbin/lvcreate --name myvol-instance -L 2097152K -s=/dev/libvirt_images_vg/myvol) unexpected exit status 3: /usr/sbin/lvcreate: invalid option -- '=' Error during parsing of command line. Exactly the same happens if I specify a qcow2 format (the doc however says that The logical volume pool does not use the volume format type element). is this a known bug? I'm running Fedora 18 # virsh version Compiled against library: libvirt 0.10.2 Using library: libvirt 0.10.2 Using API: QEMU 0.10.2 Running hypervisor: QEMU 1.2.2 -------------------------------------------------- regards, Edoardo Comar WebSphere Application Service Platform for Networks (ASPN) ecomar(a)uk.ibm.com Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

2 2

Re: [libvirt-users] Fwd: kvm
by Stefan Hajnoczi 23 Apr '13

23 Apr '13

On Mon, Apr 22, 2013 at 10:59:25AM +0100, Gary Lloyd wrote: > I was wondering if anyone could help me with an issue with KVM and ISCSI. > > If we restart a controller on our EqualLogic SAN or there are any > network interruptions on the storage network, KVM guests throw a > wobbler and their files systems go into read only(centos 5.9 guest > with virtio driver). > > I have read a few forums that indicate you can set disk timeout values > on the guests themselves but this is not possible using the virtio > driver, which is what we are currently using. > > Is there any way we can instruct KVM to pause the vm's if there is a > storage failure and resume them when the storage comes back online ? > > We are currently running Centos 6.4. There seems to be a werror='stop' > and rerror='stop' options to achieve this but if I try to put these in > options in the libvirt xml file for a vm, libvirt appears to be > removing them. Please email libvirt-users(a)redhat.com for questions about libvirt in the future. This is a question about libvirt domain XML. The documentation is here: http://libvirt.org/formatdomain.html#elementsDisks The attribute is called "error_policy". The documentation says: The optional error_policy attribute controls how the hypervisor will behave on a disk read or write error, possible values are "stop", "report", "ignore", and "enospace".Since 0.8.0, "report" since 0.9.7 The default setting of error_policy is "report". There is also an optional rerror_policy that controls behavior for read errors only. Since 0.9.7. If no rerror_policy is given, error_policy is used for both read and write errors. If rerror_policy is given, it overrides the error_policy for read errors. Also note that "enospace" is not a valid policy for read errors, so if error_policy is set to "enospace" and no rerror_policy is given, the read error policy will be left at its default, which is "report". Stefan

1 0

[libvirt-users] Libvirt profiling
by Jon Martin Sigvaldsen 23 Apr '13

23 Apr '13

Hi For a school project I am researching performance issues when using libvirt to run very large numbers of virtual machines. My experiments indicate that having more CPU cores negatively impacts the performance. A simple desktop with an Intel Core 2 Duo E6550 performs better than a server with a 48 core AMD CPU. Limiting the cores used through 'cputune' improves performance on the server. If anyone has got any explanations for this, it would be greatly appreciated. Further on I would like to profile the slowdowns, but I am not sure how to approach this problem. Any recommendations on how to do this? Best regards Jon

2 1

[libvirt-users] Sanlock - what are my options?
by Russell Jones 22 Apr '13

22 Apr '13

Hi all, I have an RHCS 2 node cluster utilizing SAN storage with GFS2 for the VM images. I am looking into configuring Sanlock, however am running into some architecture questions with it. The documentation for Sanlock states: "The sanlock plugin needs to create leases in a directory that is on a filesystem shared between all hosts running virtual machines. Obvious choices for this include NFS or GFS2." I do not have a highly available NFS mount where I can store the disk leases, and I cannot store the lockspace on the same GFS2 mount as the disk images as during fencing/journal recovery disk I/O can become blocked, which causes Sanlock to log warnings/errors about renewals. Is there another option for configuration?

1 0

[libvirt-users] problem when get the vm cpu stat
by Wangkai (Kevin,C) 20 Apr '13

20 Apr '13

Hi all, I try to get vm cpu stat by function "virDomainGetCPUStats", when the vm Cpu usage is 100%, I can see from the vm shell by "top", when the info Get by the "virDomainGetCPUStats" show only the "cpu_time" increased, "user_time" and "system_time" was not changed at all. Is that correct ? How can I get the vm cpu usage? nparams = virDomainGetCPUStats(domain, NULL, 0, -1, 1, 0); virDomainGetCPUStats(domain, params, nparams, -1, 1, 0); Thanks, Kevin.

2 2

[libvirt-users] Unexplained shutdown of VM on upgrade of libvirt package
by Chandana De Silva 19 Apr '13

19 Apr '13

I am running KVM on Centos 6.3 and am seeing an unexplained shut down of two guests. The libvirt package was upgraded to libvirt-0.10.2-18.el6_4.4.x86_64 at the time of the shutdown. Only the two guests shown below was affected, while 9 others running on the same hypervisor were not. Can some one help me to find the cause please ? Regards Chandana GUEST #1 ======== 2013-04-10 04:15:02.903+0000: starting up LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name guinness-a -S -M rhel6.3.0 -enable-kvm -m 4471 -smp 2,sockets=2,cores=1,threads=1 -uuid 894072ba-634c-40a2-9f70-0338d124abc3 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/guinness-a.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/guinness-a.img,if=none,id=drive-ide0-0-0,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=28,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=54:52:00:98:7f:cc,bus=pci.0,addr=0x3 -netdev tap,fd=33,id=hostnet1 -device e1000,netdev=hostnet1,id=net1,mac=54:52:00:c4:d4:fd,bus=pci.0,addr=0x5 -netdev tap,fd=34,id=hostnet2 -device e1000,netdev=hostnet2,id=net2,mac=54:52:00:a3:33:24,bus=pci.0,addr=0x6 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -vnc 127.0.0.1:1 -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 char device redirected to /dev/pts/11 2013-04-19 01:31:23.502+0000: shutting down qemu: terminating on signal 15 from pid 12852 GUEST #2 ======== 2013-03-24 22:30:36.881+0000: starting up LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name singha-a -S -M rhel6.3.0 -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -uuid 52761f28-8f8d-4d79-a9c0-fd5222502cf4 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/singha-a.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/singha-a.img,if=none,id=drive-ide0-0-0,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=32,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=54:52:00:2c:75:26,bus=pci.0,addr=0x3 -netdev tap,fd=33,id=hostnet1 -device e1000,netdev=hostnet1,id=net1,mac=54:52:00:b3:80:dd,bus=pci.0,addr=0x5 -netdev tap,fd=34,id=hostnet2 -device e1000,netdev=hostnet2,id=net2,mac=54:52:00:e6:aa:a2,bus=pci.0,addr=0x6 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -vnc 127.0.0.1:0 -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 char device redirected to /dev/pts/5 2013-04-19 01:31:23.515+0000: shutting down qemu: terminating on signal 15 from pid 12852 PID 12582 is the libvirtd daemon, and I see this in the libvirtd log: 2013-04-19 01:31:23.492+0000: 13039: info : libvirt version: 0.10.2, package: 18.el6_4.4 (CentOS BuildSystem <http://bugs.centos.org>, 2013-04-18-16:13:45, c6b7.bsys.dev.centos.org) 2013-04-19 01:31:23.492+0000: 13039: error : virSecuritySELinuxReserveSecurityLabel:676 : internal error MCS level for existing domain label already reserved 2013-04-19 01:31:23.515+0000: 13035: error : virSecuritySELinuxReserveSecurityLabel:676 : internal error MCS level for existing domain label already reserved

1 0

[libvirt-users] How can I define a network using an exist host bridge
by Wangkai (Kevin,C) 18 Apr '13

18 Apr '13

Hi all, When I defined a network use the host bridge "virbr1" an error occurred : "libvir: error : Unable to create bridge virbr1: File exists" But how can I define this network use the host bridge "virbr1" ? <network> <name>def1</name> <bridge name='virbr1'/> <forward mode='nat'> <interface dev='eth0'/> </forward> </network> Thanks, Kevin

2 2

[libvirt-users] libvirt 1.0.3 Vs 1.0.4 / cgroup devices
by Mohamed Larabi 18 Apr '13

18 Apr '13

Hi there, I am using libvirt with lxc to create fedora 16 & 18 containers on fedora 18 host. first I did the setup with libvirt 1.0.3 and everything worked fine, then after upgrading to libvirt 1.0.4, I could not create character device on the guests : Test on the guest1 : # ls -l /dev total 0 lrwxrwxrwx. 1 root root 10 Apr 17 21:18 console -> /dev/pts/0 lrwxrwxrwx. 1 root root 11 Apr 17 21:18 core -> /proc/kcore lrwxrwxrwx. 1 root root 13 Apr 17 21:18 fd -> /proc/self/fd crw-rw-rw-. 1 root root 1, 7 Apr 17 21:18 full drwxr-xr-x. 2 root root 0 Apr 17 21:18 hugepages prw-------. 1 root root 0 Apr 17 21:18 initctl srw-rw-rw-. 1 root root 0 Apr 17 21:18 log drwxrwxrwt. 2 root root 40 Apr 17 21:18 mqueue crw-rw-rw-. 1 root root 1, 3 Apr 17 21:18 null crw-rw-rw-. 1 root root 5, 2 Apr 18 10:31 ptmx drwxr-xr-x. 2 root root 0 Apr 17 21:18 pts crw-r--r--. 1 root root 1, 8 Apr 17 21:19 random drwxrwxrwt. 2 root root 40 Apr 17 21:18 shm lrwxrwxrwx. 1 root root 15 Apr 17 21:18 stderr -> /proc/self/fd/2 lrwxrwxrwx. 1 root root 15 Apr 17 21:18 stdin -> /proc/self/fd/0 lrwxrwxrwx. 1 root root 15 Apr 17 21:18 stdout -> /proc/self/fd/1 lrwxrwxrwx. 1 root root 10 Apr 17 21:18 tty1 -> /dev/pts/0 crw-rw-rw-. 1 root root 1, 9 Apr 17 21:18 urandom crw-rw-rw-. 1 root root 1, 5 Apr 17 21:18 zero # rm -f /dev/random (successful) # mknod random c 1 8 mknod: `random': Operation not permitted Config on the host : knowing that selinux is set to permissive and c 1:8 rwm is in the cgroup devices list of the guest1 # cat /sys/fs/cgroup/devices/ libvirt/lxc/guest1/devices. list c 1:3 rwm c 1:5 rwm c 1:7 rwm c 1:8 rwm c 1:9 rwm c 5:0 rwm c 5:2 rwm c 10:229 rwm c 136:* rwm is this a change that was introduced intentially on 1.0.4 ? if yes, how can I make it work ? please advice Thank you in advance Mohamed

2 3