August 2013 - Users - libvirt List Archives

[libvirt-users] Error while starting the node on ESXi hypervisor
by varun bhatnagar 13 Aug '13

13 Aug '13

Hi, Today I was trying to start a node using libvirt on ESX (esxi-5.1) hypervisor and I got the following error message: *virsh # define /local/myNode/esxdomain.xml* *Domain testNode defined from /local/myNode/esxdomain.xml* *virsh # start testNode* *error: Failed to start domain testNode* *error: internal error: Could not start domain: GenericVmConfigFault - Cannot open the disk /vmfs/volues/5208f99d-760cf4a2-000c29520788/testNode.vmdk or one of the snapshot disks it depends on.* * * * * I checked the datastore of my ESX server and found out that instead of file one directory is getting created with the name* cluster.vmdk *and inside it there are few more files but cluster.vmdk file is not there. * * /vmfs/volumes # cd datastore1 /vmfs/volues/5208f99d-760cf4a2-000c29520788 # ls cluster.vmdk /vmfs/volues/5208f99d-760cf4a2-000c29520788 # cd cluster.vmdk /vmfs/volues/5208f99d-760cf4a2-000c29520788/cluster.vmdk # ls -ltr *-rw-r--r-- 1 root root 261 Aug 12 17:30 cluster.vmdk* *-rw-r--r-- 1 root root 674 Aug 12 17:30 cluster.vmx* *-rw-r--r-- 1 root root 0 Aug 12 17:30 cluster.vmsd* /vmfs/volues/5208f99d-760cf4a2-000c29520788/cluster.vmdk # Can anyone tell me how to start a node and why I am getting that error message. Below is my xml file. *<domain type='vmware'>* * <name>testNode</name>* * <uuid>50115e16-9bdc-49d7-f171-53c4d7f91710</uuid>* * <memory>1048576</memory>* * <currentMemory>1048576</currentMemory>* * <vcpu>1</vcpu>* * <os>* * <type arch='x86_64'>hvm</type>* * </os>* * <devices>* * <disk type='file' device='disk'>* * <source file='[datastore1] cluster.vmdk'/>* * <target dev='sda' bus='scsi'/>* * <address type='drive' controller='0' bus='0' unit='0'/>* * </disk>* * <controller type='scsi' index='0'/>* * <interface type='bridge'>* * <mac address='00:50:56:25:48:c7'/>* * <source bridge='VM Network'/>* * </interface>* * </devices>* *</domain>*

2 3

[libvirt-users] vnc ip binding problem
by Jungnam Lee 12 Aug '13

12 Aug '13

Hi, all. I tested some operations with libvirt 1.1 on Xen 4.3 Creating vm seems okay, but I cannot connect to its vnc console. So, I checked its bining. [root@dev-2 ~]# netstat -antp|grep 5900 tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN 10508/qemu-system-i I tried several times, but it always binds 127.0.0.1 only. here's my xml. <domain type='xen' id='3'> <name>fv0</name> <uuid>4dea22b31d52d8f32516782e98ab3fa0</uuid> <os> <type arch='x86_64'>hvm</type> <loader>/usr/local/lib/xen/boot/hvmloader</loader> <boot dev='hd'/> </os> <memory>524288</memory> <vcpu>1</vcpu> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <features> <pae/> <acpi/> <apic/> </features> <clock sync="localtime"/> <devices> <emulator>/usr/local/lib/xen/bin/qemu-dm</emulator> <interface type='bridge'> <source bridge='cibr2'/> <mac address='00:16:3e:5d:c7:9e'/> <virtualport type='openvswitch'/> <script path='vif-openvswitch'/> </interface> <disk type='file'> <driver name="tap2" type="vhd"/> <source file='/var/cloudit/cache/centOS-6.4-x86_64_130711.vhd'/> <target dev='xvda' bus='xen'/> </disk> <graphics type='vnc' port='5900'> <listen type='address' address='172.31.0.104'/> </graphics> </devices> </domain> I tried both 0.0.0.0 and my public ip on the address attribute, and those didn't work too. Did I miss something? Regards, Jungnam Lee

2 1

[libvirt-users] libvirt possibly ignoring cache=none ?
by Brano Zarnovican 12 Aug '13

12 Aug '13

Hi, I have an instance with 8G ram assigned. All block devices have cache disabled (cache=none) on host. However, cgroup is reporting 4G of cache associated to the instance (on host) # cgget -r memory.stat libvirt/qemu/i-000009fa libvirt/qemu/i-000009fa: memory.stat: cache 4318011392 rss 8676360192 ... When I drop all system caches on host.. # echo 3 > /proc/sys/vm/drop_caches # ..cache associated to the instance drops too. # cgget -r memory.stat libvirt/qemu/i-000009fa libvirt/qemu/i-000009fa: memory.stat: cache 122880 rss 8674291712 ... Can somebody explain what is cached, if there is cache=none everywhere ? Thanks, Brano Zarnovican PS: versions: Scientific Linux release 6.4 (Carbon) kernel-2.6.32-358.11.1.el6.x86_64 qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64 libvirt-0.10.2-18.el6_4.5.x86_64

4 6

[libvirt-users] KVM bridge wonkiness in Fedora19
by Lonni J Friedman 11 Aug '13

11 Aug '13

Greetings, I'm attempting to get several virtual machines setup on a Fedora19 host system, with the traditional bridge network devices (br0, br1, etc). I've done this many times before with older versions of Fedora (16, 14, etc), and it just works. However, for reasons that I cannot figure out, the bridge doesn't seem to be working in Fedora19. While I can successfully connect to the outside world (local network + internet) from inside a VM, nothing can communicate with the VM from outside (local network). I'm referring to something as trivial as pinging. From inside the VM, I can ping anything successfully (0% packet loss). However, from outside the VM (on the host, or any other system on the same network), I see 100% packet loss when pinging the IP address of the VM. My first question is simply, does anyone else have this working successfully in F19? And if so, what steps did you need to follow? I'm not using NetworkManager at all, its all the network service. There are no firewalls involved anywhere (iptables & firewall services are currently disabled). Here's the current host configuration: # brctl show bridge name bridge id STP enabled interfaces br0 8000.38eaa792efe5 no em2 vnet1 br1 8000.38eaa792efe6 no em3 br2 8000.38eaa792efe7 no em4 vnet0 virbr0 8000.525400db3ebf yes virbr0-nic # more /etc/sysconfig/network-scripts/ifcfg-em2 TYPE=Ethernet BRIDGE="br0" NAME=em2 DEVICE="em2" UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd ONBOOT=yes HWADDR=38:EA:A7:92:EF:E5 NM_CONTROLLED="no" # more /etc/sysconfig/network-scripts/ifcfg-br0 TYPE=Bridge NM_CONTROLLED="no" BOOTPROTO=dhcp NAME=br0 DEVICE="br0" ONBOOT=yes # ifconfig em2 ;ifconfig br0 em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid 0x20<link> ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet) RX packets 100093 bytes 52354831 (49.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 25321 bytes 15791341 (15.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device memory 0xf7d00000-f7e00000 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.31.99.226 netmask 255.255.252.0 broadcast 10.31.99.255 inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid 0x20<link> ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet) RX packets 19619 bytes 1963328 (1.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11 bytes 1074 (1.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with this problem): <interface type='bridge'> <mac address='52:54:00:26:22:9d'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> I can provide additional information, if requested. thanks!

2 1

[libvirt-users] state of setvcpus
by Thomas Stein 09 Aug '13

09 Aug '13

Hello. Does someone know in what state setvcpu command is? I get: virsh # setvcpus gentookvm 4 error: internal error: cannot change vcpu count of this domain and error : qemuDomainHotplugVcpus:4087 : internal error: cannot change vcpu count of this domain Does this work for someone? cheers t.

2 5

[libvirt-users] Hyper-V driver API version support
by surface＠me.is-a-linux-user.org 09 Aug '13

09 Aug '13

Hello The "version" function is not supported by the hyperv driver: $ virsh --connect=hyperv://hypervhost version Compiled against library: libvirt 1.1.1 Using library: libvirt 1.1.1 Using API: Hyper-V 1.1.1 error: failed to get the hypervisor version error: this function is not supported by the connection driver: virConnectGetVersion But we need this funtion for the "external/libvirt" stonith plugin of clusterglue: $ cat /usr/lib/stonith/plugins/libvirt | more # get status of stonith device (*NOT* of the domain). # If we can retrieve some info from the hypervisor # the stonith device is OK. libvirt_status() { out=$($VIRSH -c $hypervisor_uri version 2>&1) if [ $? -eq 0 ] then out=`echo "$out" | tail -1` ha_log.sh notice "$hypervisor_uri: $out" return 0 fi ha_log.sh err "Failed to get status for $hypervisor_uri" ha_log.sh err "$out" return 1 } So, we can't implement libvirt stonith with hyperv support in our corosync/pacemaker cluster. Is it possible to implement the "version" function for hyperv into virConnectGetVersion? Or exist any workaround for this problem? Regards Rocco

1 0

[libvirt-users] direct local access to Xen without libvirtd
by Jungnam Lee 07 Aug '13

07 Aug '13

Hi all. I'm just new to libvirt. Looking page here http://libvirt.org/drvxen.html , there are examples of connection URIs to Xen. xen:/// (local access, direct) xen+unix:/// (local access, via daemon) xen://example.com/ (remote access, TLS/x509) xen+tcp://example.com/ (remote access, SASl/Kerberos) xen+ssh://root@example.com/ (remote access, SSH tunnelled) I thought the first example 'xen:///' would not need libvirtd, because the second line said 'via daemon'. But my C code using URI above prompts 'Failed to connect socket' error. So it seems that running libvirtd is mandatory. Is this right? Thanks for your reply in advance. Regards, Jungnam Lee

2 1

[libvirt-users] Is there any virsh command to setup cpusettune for lxc?
by hzguanqiang＠corp.netease.com 07 Aug '13

07 Aug '13

Hi Gao feng, I noticed one of your patch which adds cpuset cgroup support for lxc have been merged in libvirt 1.0.4. But I can't find any virsh command to set cpusettune for lxc container. Is there anyone? And how can I configure cpusettune for lxc container lively? Thanks ------------------ Best regards! GuanQiang

2 2

[libvirt-users] LIbvirt seclabel.
by cooldharma06 06 Aug '13

06 Aug '13

hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What are the procedures(syntax and tags) to use for xsm label in xml file.? Regards, cooldharma06

2 1

[libvirt-users] Getting nwfilter to work on Debian Wheezy
by Sven Schwedas 06 Aug '13

06 Aug '13

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge in virsh: > <network> > <name>foo</name> > <forward dev='eth0' mode='route'> > <interface dev='eth0'/> > </forward> > <bridge name='foo-br0' stp='off' delay='0' /> > <ip address='192.168.128.161' netmask='255.255.255.240'> > </ip> > </network> The domU is configured to use this bridge (static IP configured in DomU): > <interface type='network'> > <source network='foo'/> > <target dev='vnet0'/> > <model type='virtio'/> > <filterref filter='test-eth0'> > <parameter name='CTRL_IP_LEARNING' value='none'/> > <parameter name='IP' value='192.168.128.162'/> > </filterref> > <alias name='net0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> > </interface> With an empty filter, connectivity is working fine. Now, if I add the example ruleset suggested in the documentation ( http://libvirt.org/formatnwfilter.html#nwfwriteexample ), *incoming* ICMP works (but not outgoing), and inbound SSH traffic is blocked, together with outbound DNS. The linked rules produce the following iptables chains: > Chain INPUT (policy ACCEPT) > target prot opt source destination > libvirt-host-in all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 > libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 > libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 192.168.128.160/28 > ACCEPT all -- 192.168.128.160/28 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable > REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain FI-vnet0 (1 references) > target prot opt source destination > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED ctdir ORIGINAL > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED ctdir ORIGINAL > RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY > RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED ctdir REPLY > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > Chain FO-vnet0 (1 references) > target prot opt source destination > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED ctdir REPLY > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED ctdir REPLY > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED ctdir ORIGINAL > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > Chain HI-vnet0 (1 references) > target prot opt source destination > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED ctdir ORIGINAL > RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED ctdir ORIGINAL > RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY > RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED ctdir REPLY > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > Chain libvirt-host-in (1 references) > target prot opt source destination > HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 > > Chain libvirt-in (1 references) > target prot opt source destination > FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 > > Chain libvirt-in-post (1 references) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 > > Chain libvirt-out (1 references) > target prot opt source destination > FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 I've tried fidgeting with the configuration (direction inout instead of in/out, etc.), but I didn't find a setup that works as intended. What am I missing? -- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas(a)tao.at | +43 (0)680 301 7167 http://software.tao.at

5 8