January 2020 - Users - libvirt List Archives

Testing mail delivery
by dberrange＠yahoo.com 22 Jan '20

22 Jan '20

We continue to have problems with mail delivery, especially to Yahoo addresses. This mail is a test to investigate delivery behaviour, please ignore this mail thread. Daniel

1 0

[libvirt-users] Connecting a VM to an existing OVS bridge
by Amir Sela 20 Jan '20

20 Jan '20

Hi, I have an existing OVS bridge, that I can see in ovs-vsctl and use for other purposes. I've edited the machine's XML as instructed in http://docs.openvswitch.org/en/latest/howto/libvirt/ When I try to start the VM, i get error: Cannot get interface MTU on 'ovsbr': No such device Any ideas? (Note: I can't see the ovs switch in brctl show or any other regular kernel tool, should it appear there?) Versions: openvswitch-2.10.1-3.fc30.x86_64 libvirt-daemon-5.1.0-9.fc30.x86_64 Thanks!

3 3

USB-hotplugging fails with "failed to load cgroup BPF prog: Operation not permitted" on cgroups v2
by Pol Van Aubel 20 Jan '20

20 Jan '20

Hi all, I've disabled cgroups v1 on my system with the kernel boot option "systemd.unified_cgroup_hierarchy=1". Since doing so, USB hotplugging fails to work, seemingly due to a permissions problem with BPF. Please note that the technique I'm going to describe worked just fine for hotplugging USB devices to running domains until this change. Attaching / detaching USB devices when the domain is down still works as expected. I get the same error when attaching a device in virt-manager, as I do when running the following command: sudo virsh attach-device wenger /dev/stdin --persistent <<END <hostdev mode='subsystem' type='usb' managed='yes'> <source startupPolicy='optional'> <vendor id='0x046d' /> <product id='0xc215' /> </source> </hostdev> END This returns error: Failed to attach device from /dev/stdin error: failed to load cgroup BPF prog: Operation not permitted virt-manager returns basically the same error, but for completeness' sake, here it is: failed to load cgroup BPF prog: Operation not permitted Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/addhardware.py", line 1327, in _add_device self.vm.attach_device(dev) File "/usr/share/virt-manager/virtManager/object/domain.py", line 920, in attach_device self._backend.attachDevice(devxml) File "/usr/lib/python3.8/site-packages/libvirt.py", line 590, in attachDevice if ret == -1: raise libvirtError ('virDomainAttachDevice() failed', dom=self) libvirt.libvirtError: failed to load cgroup BPF prog: Operation not permitted Now, libvirtd is running as root, so I don't understand why any operation on BPF programs is not permitted. I've dug into libvirt's code a bit to see what is throwing this error and it boils down to <https://github.com/libvirt/libvirt/blob/7d608469621a3fda72dff2a89308e68cc9f…> and <https://github.com/libvirt/libvirt/blob/02bf7cc68bfc76242f02d23e73cad36618f…> but I have no clue what that syscall is doing, so that's where my debugging capability basically ends. Maybe this is something as simple as setting the right ACL somewhere. I haven't touched /etc/libvirt/qemu.conf except for setting nvram. There *is* something about cgroup_device_acl there but afaict that's for cgroups v1, when there was still a device cgroup controller. Any help would be greatly appreciated. Domain log files: Upon execution of the above commands, nothing gets added to the domain log in /var/log/qemu/wenger.log, so I've decided they're likely irrelevant to the issue. Please ask for any additional info required. System information: Arch Linux, (normal) kernel 5.4.11 libvirt 5.10.0 qemu 4.2.0, using KVM. Host system is x86_64 on an intel 5820k. Guest system is probably irrelevant, but is Windows 10 on the same. Possibly relevant kernel build options: $ zgrep BPF /proc/config.gz [22:55:52]: zgrep BPF /proc/config.gz CONFIG_CGROUP_BPF=y CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_IPV6_SEG6_BPF=y CONFIG_NETFILTER_XT_MATCH_BPF=m # CONFIG_BPFILTER is not set CONFIG_NET_CLS_BPF=m CONFIG_NET_ACT_BPF=m CONFIG_BPF_JIT=y CONFIG_BPF_STREAM_PARSER=y CONFIG_LWTUNNEL_BPF=y CONFIG_HAVE_EBPF_JIT=y CONFIG_BPF_EVENTS=y # CONFIG_BPF_KPROBE_OVERRIDE is not set # CONFIG_TEST_BPF is not set Regards, Pol Van Aubel

2 1

Prevent virsh live migration from copy zero -- increment copy on live migration possible ?
by Oliver Dzombic 18 Jan '20

18 Jan '20

Hi, i am doing a live migration like this: [root@nodeA ~]#virsh migrate --copy-storage-all --verbose --live kvm1776 qemu+ssh://nodeb/system which works fine with libvirt version 6. The zfs backed hdd is 100G, while its thin-provisioned. The real data on it is 1G. So even its 1G of data, virsh copies a lot of zero's as it seems. There is a lot of HDD IO and network activity, but in fact the size at the target volume does not grow ( since there are no more data ). After it successfully finished the copy, i tried what will happen with the --copy-storage-inc parameter: [root@nodeB ~]# virsh migrate --copy-storage-inc --verbose --live kvm1776 qemu+ssh://nodea/system But that didnt change anything. Even both volumes are identical now, again the whole copy of all ( non existing ) 100GB. Is there any way to make libvirt just copy real data and not Zero's that actually do not exist and causing network and HDD IO traffic ? Thank you ! -- Mit freundlichen Gruessen / Best regards Oliver Dzombic Layer7 Networks mailto:info@layer7.net Anschrift: Layer7 Networks GmbH Zum Sonnenberg 1-3 63571 Gelnhausen HRB 96293 beim Amtsgericht Hanau Geschäftsführung: Oliver Dzombic UST ID: DE259845632

1 0

Bridge-less VM
by Rob Roschewsk 17 Jan '20

17 Jan '20

I'm trying to create a free standing VM that doesn't connect to a bridge. This is supposedly do able according to the WIKI: https://libvirt.org/formatdomain.html#elementsNICSEthernet But with a config similar to: <interface type='ethernet'> <target dev='mytap1' managed='no'/> <model type='virtio'/> </interface> When starting the domain I get the error: error: internal error: process exited while connecting to monitor: 2020-01-16T18:08:04.788860Z qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,vhostfd=26: could not open /dev/net/tun: Operation not permitted Checked permissions on /dev/net/tunand it's 666 If I just configure it as a "bridge" connection the domain starts. Then I can use brctl to remove it from the bridge to get what I want. That just proves it possible but with extra steps (Shout out to Rick and Morty) Thoughts?? Running Ubuntu 16.04.1 Kernel 4.15.0-74 libvirt 1.3.1-1ubuntu10.27 qemu 1:2.5+dfsg-5ubuntu10.41 Thanks, --> Rob

2 1

Volume file permissions and huge volume downloads
by R. Diez 17 Jan '20

17 Jan '20

Hi all: I am using the libvirt version that comes with Ubuntu 18.04.3 LTS. I want to backup a virtual machine in a foolproof way: - Gracefully shutdown the VM. - Backup the disk image. - Restart the VM. I wrote the following script to do that: https://github.com/rdiez/Tools/blob/master/VirtualMachineManager/BackupVm.sh Writing that script was difficult enough because of the virsh limitations (in my opinion) described in the comments. But at least it works. The main problem is that libvirt sets the ownership and permissions of volume files in such a way that a standard user cannot access them, even if it is member of the 'libvirt' group. While the VM is running, volume file permissions are like this: -rw-r----- 1 libvirt-qemu kvm [...] /var/lib/libvirt/images/YourVmDisk.qcow2 When the VM is shutoff: -rw-r----- 1 root root [...] /var/lib/libvirt/images/YourVmDisk.qcow2 The trouble is, I want to access that .qcow2 file when the VM is shutoff. I would really like not to run my script as root. I could not find a way to specify the permissions for the .qcow2 files, so I tried editing the group ownership for the whole pool: virsh pool-edit default <target> <path>/var/lib/libvirt/images</path> <permissions> <mode>0711</mode> <owner>0</owner> <group>131</group> </permissions> </target> Setting <group> to "libvirt" did not work (XML validation error), so I tried the numeric ID of that group (131). That did not work. When I restart libvirt with "service libvirtd restart", my changes to the pool XML file disappear (!). Later on, I found out that you can download a volume like this: virsh vol-download --pool default YourVmDisk.qcow2 YourVmDisk.qcow2 The trouble is that I created the virtual disk with a maximum size of 120 GB. I copied it around a few times, so I think it has lost any "sparseness" inside. Command "virsh vol-download" takes ages and downloads all those 120 GB. My script uses "qemu-img convert", which discards all unused space and writes just 17 GB of data, and that is without turning compression on. The whole backup takes seconds instead of minutes. Can somebody help me with these issues? Thanks in advance, rdiez

2 1

error: internal error: unable to execute QEMU command 'blockdev-mirror': Cannot find device= nor node_name=
by Oliver Dzombic 17 Jan '20

17 Jan '20

Hi, i try to test live-migration using this command: #virsh migrate --copy-storage-all --verbose --live kvm1776 qemu+ssh://nodeb/system Instant error message: error: internal error: unable to execute QEMU command 'blockdev-mirror': Cannot find device=drive-sata0-0-0 nor node_name=drive-sata0-0-0 Its backed via zfs. Source: Virsh command line tool of libvirt 5.10.0 See web site at https://libvirt.org/ Compiled with support for: Hypervisors: QEMU/KVM LXC LibXL OpenVZ VMware PHYP VirtualBox ESX Hyper-V Test Networking: Remote Network Bridging Interface netcf Nwfilter VirtualPort Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM RBD Sheepdog Gluster ZFS Miscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline Target: Virsh command line tool of libvirt 6.0.0 See web site at https://libvirt.org/ Compiled with support for: Hypervisors: QEMU/KVM LXC LibXL OpenVZ VMware VirtualBox ESX Hyper-V Test Networking: Remote Network Bridging Interface netcf Nwfilter VirtualPort Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM RBD Sheepdog Gluster ZFS Miscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline both fedora31. The XML File: <domain type='kvm' id='292'> <name>kvm1776</name> <uuid>a4668f0b-4a71-4956-b74a-a0d3af5fe1f8</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://debian.org/debian/10"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>8192000</memory> <currentMemory unit='KiB'>8192000</currentMemory> <blkiotune> <device> <path>/dev/kvm-storage/465-9fe4507b-c232-47b3-9b3b-f885359449c6</path> <read_iops_sec>500</read_iops_sec> <write_iops_sec>500</write_iops_sec> <read_bytes_sec>51200000</read_bytes_sec> <write_bytes_sec>51200000</write_bytes_sec> </device> </blkiotune> <vcpu placement='static' current='4'>32</vcpu> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <boot dev='hd'/> </os> <features> <acpi/> <apic/> </features> <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>IvyBridge-IBRS</model> <vendor>Intel</vendor> <feature policy='require' name='ss'/> <feature policy='require' name='vmx'/> <feature policy='require' name='pcid'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='arat'/> <feature policy='require' name='tsc_adjust'/> <feature policy='require' name='umip'/> <feature policy='require' name='md-clear'/> <feature policy='require' name='stibp'/> <feature policy='require' name='arch-capabilities'/> <feature policy='require' name='ssbd'/> <feature policy='require' name='xsaveopt'/> <feature policy='require' name='pdpe1gb'/> <feature policy='require' name='ibpb'/> <feature policy='require' name='amd-ssbd'/> <feature policy='require' name='skip-l1dfl-vmentry'/> </cpu> <clock offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <pm> <suspend-to-mem enabled='no'/> <suspend-to-disk enabled='no'/> </pm> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='none' io='native'/> <source dev='/dev/kvm-storage/465-9fe4507b-c232-47b3-9b3b-f885359449c6' index='2'/> <backingStore/> <target dev='sda' bus='sata'/> <alias name='sata0-0-0'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu'/> <target dev='sdb' bus='sata'/> <readonly/> <alias name='sata0-0-1'/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <controller type='usb' index='0' model='qemu-xhci' ports='15'> <alias name='usb'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/> </controller> <controller type='sata' index='0'> <alias name='ide'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <controller type='pci' index='0' model='pcie-root'> <alias name='pcie.0'/> </controller> <controller type='pci' index='1' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='1' port='0x10'/> <alias name='pci.1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/> </controller> <controller type='pci' index='2' model='pcie-to-pci-bridge'> <model name='pcie-pci-bridge'/> <alias name='pci.2'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </controller> <controller type='pci' index='3' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='3' port='0x11'/> <alias name='pci.3'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/> </controller> <controller type='pci' index='4' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='4' port='0x12'/> <alias name='pci.4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/> </controller> <controller type='pci' index='5' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='5' port='0x13'/> <alias name='pci.5'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/> </controller> <controller type='pci' index='6' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='6' port='0x14'/> <alias name='pci.6'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/> </controller> <controller type='pci' index='7' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='7' port='0x15'/> <alias name='pci.7'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/> </controller> <controller type='pci' index='8' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='8' port='0x16'/> <alias name='pci.8'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/> </controller> <controller type='virtio-serial' index='0'> <alias name='virtio-serial0'/> <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/> </controller> <interface type='bridge'> <mac address='16:c7:25:d4:23:14'/> <source network='Public Network' portid='7291b4be-07a7-49ad-b6ce-b1a0593c96c3' bridge='ovsbr'/> <virtualport type='openvswitch'> <parameters interfaceid='a9ddd087-71ca-456f-bb7b-c2848d11a5a6'/> </virtualport> <target dev='k1776-5nEsy'/> <model type='rtl8139'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/> </interface> <serial type='pty'> <source path='/dev/pts/19'/> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/19'> <source path='/dev/pts/19'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <channel type='unix'> <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-292-kvm1776/org.qemu.guest_agent.0'/> <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/> <alias name='channel0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='tablet' bus='usb'> <alias name='input0'/> <address type='usb' bus='0' port='1'/> </input> <input type='mouse' bus='ps2'> <alias name='input1'/> </input> <input type='keyboard' bus='ps2'> <alias name='input2'/> </input> <graphics type='vnc' port='5917' autoport='yes' listen='0.0.0.0' keymap='en-us'> <listen type='address' address='0.0.0.0'/> </graphics> <video> <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/> <alias name='video0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/> </video> <memballoon model='virtio'> <alias name='balloon0'/> <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/> </memballoon> <rng model='virtio'> <backend model='random'>/dev/urandom</backend> <alias name='rng0'/> <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/> </rng> </devices> <seclabel type='dynamic' model='dac' relabel='yes'> <label>+107:+107</label> <imagelabel>+107:+107</imagelabel> </seclabel> </domain> ---- Any idea ? I could not find anything about this error. Thank you very much ! -- Mit freundlichen Gruessen / Best regards Oliver Dzombic Layer7 Networks mailto:info@layer7.net Anschrift: Layer7 Networks GmbH Zum Sonnenberg 1-3 63571 Gelnhausen HRB 96293 beim Amtsgericht Hanau Geschäftsführung: Oliver Dzombic UST ID: DE259845632

2 1

Reload domain configuration on guest restart
by Gionatan Danti 17 Jan '20

17 Jan '20

Hi all, as you surely know, after changing some domain parameters via libvirt (ie: NIC type), the guest need to be shutdown and restarted. A simple reboot will not be sufficient, as libvirt will not launch a new qemu domain (ie: the same qemu process will be in charge to start the new guest instance). It is possible to configure libvirt to start a new qemu domain on guest reboot? Can the <on_reboot> domain attribute be used for implementing something similar? Thanks. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti(a)assyoma.it - info(a)assyoma.it GPG public key ID: FF5F32A8

2 2

libvirt-python: issue on fedora
by Matthias Tafelmeier 16 Jan '20

16 Jan '20

Hello, ran into oddish glitch on fedora 30 cloud image with tooling based on libvirt-python onpython3.7. *qemu-img *is installed though. Could anyone have a look. Build reference, hope it works: https://travis-ci.com/cherusk/godon/builds/144068483?utm_medium=notificatio… Essential stretch: ** ----- Image fedora30 Added Adding a profile named fedora30 with default values + kcli list image +--------------------------------------------+ | Images | +--------------------------------------------+ | /srv/Fedora-Cloud-Base-30-1.2.x86_64.qcow2 | +--------------------------------------------+ + kcli create plan -f /opt/infra/machines.yml micro_fedora Deploying Networks... Network vm_net deployed Deploying Vms... Traceback (most recent call last): File "/usr/bin/kcli", line 11, in <module> load_entry_point('kcli==99.0', 'console_scripts', 'kcli')() File "/usr/lib/python3.7/site-packages/kvirt/cli.py", line 2482, in cli args.func(args) File "/usr/lib/python3.7/site-packages/kvirt/cli.py", line 1071, in create_plan overrides=overrides, wait=wait) File "/usr/lib/python3.7/site-packages/kvirt/config.py", line 1345, in plan plan=plan, basedir=currentplandir, client=vmclient, onfly=onfly, planmode=True) File "/usr/lib/python3.7/site-packages/kvirt/config.py", line 610, in create_vm pcidevices=pcidevices) File "/usr/lib/python3.7/site-packages/kvirt/kvm/__init__.py", line 893, in create storagepool.createXML(volxml, 0) File "/usr/lib64/python3.7/site-packages/libvirt.py", line 3417, in createXML if ret is None:raise libvirtError('virStorageVolCreateXML() failed', pool=self) *libvirt.libvirtError: internal error: creation of non-raw images is not supported without qemu-img * ----- ** -- Regards Matthias Tafelmeier

2 6

[libvirt-users] FYI: intention to remove mail subject prefix & footer text
by Daniel P. Berrangé 15 Jan '20

15 Jan '20

Hi List Subscribers, In recent months we have been seeing an increasing number of bounced deliveries from libvirt mailing lists[1] due to DMARC policies on list subscriber's mail servers. IOW, many subscribers are only receiving a subset of mails sent to the libvirt mailing lists. We believe the root cause of many of the problems is that mailman is modifying the mail subject to add the "[libvirt]" / "[libvirt-users]" prefix, and modifying the mail body to add the footer with links to the listinfo page. These modifications invalidate the DKIM signatures on mails sent to the list by some of our subscribers. This in turn causes DMARC policy rejections by the destination SMTP servers when mailman delivers messages. The solution is to disable any feature in mailman which modifies parts of the mail validated by the DKIM signature. This means removing the subject prefix and the mail body header. Further information on this approach can be seen here: https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html QEMU has made the same change on their mailing list last year: https://lists.gnu.org/archive/html/qemu-devel/2019-09/msg00416.html If you are currently doing mail filtering / sorting based on the subject prefix, you will need to change to use the List-Id header instead. I will wait until the latter part of next week before making this change to allow people time to adapt any filters. Regards, Daniel [1] technically moderators have only been seeing bounces for messages on libvirt-users-list, but that's because we've got mailman configured to send libvir-list bounces to /dev/null. -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

1 1