May 2017 - Users - libvirt List Archives

Re: [libvirt-users] nwfilter and address of network ip address
by Dan 08 May '17

08 May '17

On Fri, May 5, 2017 at 4:29 PM, Nicolas Bock <nicolasbock(a)gmail.com> wrote: > Hi, > > I am running a webserver on the libvirt host and would like to add a > nwfilter such that a VM can access that server. The corresponding iptables > rule would look like this: > > iptables --append INPUT --in-interface virbr0 --destination 192.168.122.1 > --protocol tcp --dport 80 --jump ACCEPT > > where the network is using virbr0 and sits at 192.168.122.1. I don't want > to hardcode the host IP address in the nwfilter so that I can use that > filter for other networks. Is it possible to reference the host's IP > address in the filter? > > Thanks! > > Nick > > Hi Nick, I used to have similar question before too. Not sure if this could be helpful for you, Probably just use arp or arpscan. But to be more specific, if the domain name of the client (assuming you want to confine HTTP service to only a selected few clients, e.g., 192.168.122.1 in your case) is known, you probably could do $ virsh domiflist DOMAIN In particular, to get the IP address of a domain, it is something like the following: $ for MAC in `virsh domiflist <DOMAIN> | grep -o -E "([0-9a-f]{2}:){5}([0-9a-f]{2})"` ; do arp -e | grep $MAC | grep -o -P "^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" ; done Alternatively, if the NETWORK name is known, IP addr can be obtained directly with $ virsh net-dhcp-leases NETWORK Another way to the get IP addr, if qemu guest agent is installed on the client, $ virsh domifaddr DOMAIN So that you can pass IP to the XML, and somehow you can trigger the update of NWFILTER with some magic, quite a hack. Or, you could just use client's MAC addr to define the filter: https://libvirt.org/formatnwfilter.html#nwfelemsRulesProtoMAC But I don't think there is direct way to specify a client's domain name in the NWFILTER XML definition as of now. P.S. I am new to libvirt, so everything above could be wrong. Dan _______________________________________________ > libvirt-users mailing list > libvirt-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/libvirt-users >

3 6

[libvirt-users] nwfilter and address of network ip address
by Nicolas Bock 05 May '17

05 May '17

Hi, I am running a webserver on the libvirt host and would like to add a nwfilter such that a VM can access that server. The corresponding iptables rule would look like this: iptables --append INPUT --in-interface virbr0 --destination 192.168.122.1 --protocol tcp --dport 80 --jump ACCEPT where the network is using virbr0 and sits at 192.168.122.1. I don't want to hardcode the host IP address in the nwfilter so that I can use that filter for other networks. Is it possible to reference the host's IP address in the filter? Thanks! Nick

1 0

[libvirt-users] virsh snapshot delete / live-migration issues
by chihhang wu 05 May '17

05 May '17

Sorry, I made a mistake with my title. So I resend this email. ---------------------------------------------------------------------------------- Hi, I'd like to live-migration after snapshots deleted. But it doesn't work.Here's my steps: # virsh snapshot-create VM # virsh snapshot-delete VM Snapshot # virsh migrate --live VM qemu+ssh://localadmin@compute3/system And It comes out this message: # internal error: unable to execute QEMU command 'migrate-set-capabilities': There's a migration process in progress Even I create a no-metadata snapshot, it still have same error. After I reboot the VM, the live-migration finally works. Does it has any suggestion way or command to solve this problem without reboot the VM? Here's my environment: Ubuntu 14.04.5 LTS Compiled against library: libvirt 1.3.1 Using library: libvirt 1.3.1 Using API: QEMU 1.3.1 Running hypervisor: QEMU 2.5.0 Best regards, Chihhang Wu

2 1

[libvirt-users] Libvirtd freezes
by Stefano Ricci 04 May '17

04 May '17

Hello everyone I come back to ask for a hand to solve a problem that has affected me since October 2016 and I have not yet solved using libvirt. I thought I would solve it by going to a 4.9.x kernel with qemu 2.8.1.1 and with libvirt 3.2.0. Compile it all in a stable LFS environment version 7.9 and that all checks pass without errors. The strange thing is that the libvirtd process starts without errors but has arrived at the qemu process launch to understand the system's capabilities freezes until the following process is killed /usr/bin/qemu-system-x86_64 -S -none-user-config -nodefaults -nographic -machine none, accel = kvm: tcg -qmp unix: /var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait-pidfile/var/lib/libvirt/qemu/capabilities.Pidfile -daemonize, since that time libvirtd resumes running and can be used with virsh. Performing qemu independently of libvirt works regularly, creates and runs virtual machines smoothly. Thanks in advance Stefano Ricci

2 12

[libvirt-users] building virtual desktops with libvirt, KVM, SPICE and GNOME
by Daniel Pocock 02 May '17

02 May '17

Can anybody comment on how to host virtual desktops on a headless server using libvirt and KVM on the server and a SPICE client to access the virtual desktop? Is there a standard way of doing this? I've seen many fragments of information about how to do this but I didn't come across a single guide describing the entire solution. Search engines also return a lot of information about gaining remote access to a real physical desktop but that is not what I'm looking for. I've also come across many real-world scenarios where people are manually starting VNC server processes for each user on different ports but I was hoping to find out if there is a more standard way of doing this now. When I say "virtual desktop", the type of user experience I'm thinking about is that named users can run a SPICE client anywhere and always connect to the same host/desktop. E.g. if they leave some windows open, disconnect, go to another physical machine and reconnect with the same username they will see the same desktop with the same windows open. Regards, Daniel

2 2

[libvirt-users] virsh snapshot delete / live-migration issues
by chihhang wu 02 May '17

02 May '17

Hi, I'd like to live-migration after snapshots deleted. But it doesn't work.Here's my steps: # virsh snapshot-create VM # virsh snapshot-delete VM Snapshot # virsh migrate --live VM qemu+ssh://localadmin@compute3/system And It comes out this message: # internal error: unable to execute QEMU command 'migrate-set-capabilities': There's a migration process in progress Even I create a no-metadata snapshot, it still have same error. After I reboot the VM, the live-migration finally works. Does it has any suggestion way or command to solve this problem without reboot the VM? Here's my environment: Ubuntu 14.04.5 LTS Compiled against library: libvirt 1.3.1 Using library: libvirt 1.3.1 Using API: QEMU 1.3.1 Running hypervisor: QEMU 2.5.0 Best regards, Chihhang Wu

1 0