Re: [libvirt-users] nwfilter and address of network ip address
by Dan
On Fri, May 5, 2017 at 4:29 PM, Nicolas Bock <nicolasbock(a)gmail.com> wrote:
> Hi,
>
> I am running a webserver on the libvirt host and would like to add a
> nwfilter such that a VM can access that server. The corresponding iptables
> rule would look like this:
>
> iptables --append INPUT --in-interface virbr0 --destination 192.168.122.1
> --protocol tcp --dport 80 --jump ACCEPT
>
> where the network is using virbr0 and sits at 192.168.122.1. I don't want
> to hardcode the host IP address in the nwfilter so that I can use that
> filter for other networks. Is it possible to reference the host's IP
> address in the filter?
>
> Thanks!
>
> Nick
>
> Hi Nick,
I used to have similar question before too. Not sure if this could be
helpful for you,
Probably just use arp or arpscan. But to be more specific, if the domain
name of the
client (assuming you want to confine HTTP service to only a selected few
clients, e.g.,
192.168.122.1 in your case) is known, you probably could do
$ virsh domiflist DOMAIN
In particular, to get the IP address of a domain, it is something like the
following:
$ for MAC in `virsh domiflist <DOMAIN> | grep -o -E
"([0-9a-f]{2}:){5}([0-9a-f]{2})"` ; do
arp -e | grep $MAC | grep -o -P
"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" ;
done
Alternatively, if the NETWORK name is known, IP addr can be obtained
directly with
$ virsh net-dhcp-leases NETWORK
Another way to the get IP addr, if qemu guest agent is installed on the
client,
$ virsh domifaddr DOMAIN
So that you can pass IP to the XML, and somehow you can trigger the update
of
NWFILTER with some magic, quite a hack.
Or, you could just use client's MAC addr to define the filter:
https://libvirt.org/formatnwfilter.html#nwfelemsRulesProtoMAC
But I don't think there is direct way to specify a client's domain name in
the NWFILTER XML definition as of now.
P.S. I am new to libvirt, so everything above could be wrong.
Dan
_______________________________________________
> libvirt-users mailing list
> libvirt-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
>
7 years, 2 months
[libvirt-users] nwfilter and address of network ip address
by Nicolas Bock
Hi,
I am running a webserver on the libvirt host and would like to add
a nwfilter such that a VM can access that server. The
corresponding iptables rule would look like this:
iptables --append INPUT --in-interface virbr0 --destination 192.168.122.1 --protocol tcp --dport 80 --jump ACCEPT
where the network is using virbr0 and sits at 192.168.122.1. I
don't want to hardcode the host IP address in the nwfilter so that
I can use that filter for other networks. Is it possible to
reference the host's IP address in the filter?
Thanks!
Nick
7 years, 2 months
[libvirt-users] virsh snapshot delete / live-migration issues
by chihhang wu
Sorry, I made a mistake with my title. So I resend this email.
----------------------------------------------------------------------------------
Hi,
I'd like to live-migration after snapshots deleted.
But it doesn't work.Here's my steps:
# virsh snapshot-create VM
# virsh snapshot-delete VM Snapshot
# virsh migrate --live VM qemu+ssh://localadmin@compute3/system
And It comes out this message:
# internal error: unable to execute QEMU command
'migrate-set-capabilities': There's a migration process in progress
Even I create a no-metadata snapshot, it still have same error.
After I reboot the VM, the live-migration finally works.
Does it has any suggestion way or command to solve this problem without
reboot the VM?
Here's my environment:
Ubuntu 14.04.5 LTS
Compiled against library: libvirt 1.3.1
Using library: libvirt 1.3.1
Using API: QEMU 1.3.1
Running hypervisor: QEMU 2.5.0
Best regards,
Chihhang Wu
7 years, 2 months
[libvirt-users] Libvirtd freezes
by Stefano Ricci
Hello everyone
I come back to ask for a hand to solve a problem that has affected me
since October 2016 and I have not yet solved using libvirt.
I thought I would solve it by going to a 4.9.x kernel with qemu
2.8.1.1 and with libvirt 3.2.0.
Compile it all in a stable LFS environment version 7.9 and that all
checks pass without errors.
The strange thing is that the libvirtd process starts without errors
but has arrived at the qemu process launch to understand the system's
capabilities freezes until the following process is killed
/usr/bin/qemu-system-x86_64 -S -none-user-config -nodefaults
-nographic -machine none, accel = kvm: tcg -qmp unix:
/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait-pidfile/var/lib/libvirt/qemu/capabilities.Pidfile
-daemonize, since that time libvirtd resumes running and can be used
with virsh.
Performing qemu independently of libvirt works regularly, creates and
runs virtual machines smoothly.
Thanks in advance
Stefano Ricci
7 years, 2 months
[libvirt-users] building virtual desktops with libvirt, KVM, SPICE and GNOME
by Daniel Pocock
Can anybody comment on how to host virtual desktops on a headless server
using libvirt and KVM on the server and a SPICE client to access the
virtual desktop? Is there a standard way of doing this?
I've seen many fragments of information about how to do this but I
didn't come across a single guide describing the entire solution.
Search engines also return a lot of information about gaining remote
access to a real physical desktop but that is not what I'm looking for.
I've also come across many real-world scenarios where people are
manually starting VNC server processes for each user on different ports
but I was hoping to find out if there is a more standard way of doing
this now.
When I say "virtual desktop", the type of user experience I'm thinking
about is that named users can run a SPICE client anywhere and always
connect to the same host/desktop. E.g. if they leave some windows open,
disconnect, go to another physical machine and reconnect with the same
username they will see the same desktop with the same windows open.
Regards,
Daniel
7 years, 2 months
[libvirt-users] virsh snapshot delete / live-migration issues
by chihhang wu
Hi,
I'd like to live-migration after snapshots deleted.
But it doesn't work.Here's my steps:
# virsh snapshot-create VM
# virsh snapshot-delete VM Snapshot
# virsh migrate --live VM qemu+ssh://localadmin@compute3/system
And It comes out this message:
# internal error: unable to execute QEMU command
'migrate-set-capabilities': There's a migration process in progress
Even I create a no-metadata snapshot, it still have same error.
After I reboot the VM, the live-migration finally works.
Does it has any suggestion way or command to solve this problem without
reboot the VM?
Here's my environment:
Ubuntu 14.04.5 LTS
Compiled against library: libvirt 1.3.1
Using library: libvirt 1.3.1
Using API: QEMU 1.3.1
Running hypervisor: QEMU 2.5.0
Best regards,
Chihhang Wu
7 years, 2 months
