Virtual Networking
by Armin Lepir
Hi
I am using libvrt for the first time. Im building a KVM for multiple
Virtual OS instances.
The problem i have is with your official documentation for Virtual
Networking.
https://wiki.libvirt.org/page/VirtualNetworking
The following is wrong:
The default mode is BRIDGE + NAT.
Optional mode is ROUTING.
It should be:
The default mode is ROUTING + NAT.
Optional mode is BRIDGE.
As far as i know a bridge operates on the Layer2.
IP and NAT operate on the Layer3.
NAT can not operate on the L2.
Please tell me that im wrong and explain how am i wrong.
Best Regards
2 years, 1 month
Re: MemoryBacking options
by Michal Prívozník
[Once again, I ask you to keep the list on the CC. In gmail's web UI
it's the 'Reply to all' button].
On 10/22/22 11:19, Simon Fairweather wrote:
> Is there a way to limit the shared memory allocated via Libvirt to
> memory backing?
>
Yes, there is.
On the top level there's /domain/memoryBacking [1] that serves as the
default value for the guest. Then, under /domain/cpu/numa/cell [2]
individual guest NUMA nodes are configured and each can have @memAccess
attribute which overrides the top level setting (=memoryBacking). And
finally, under /domain/devices/memory [3] individual RAM modules can be
configured, and each one can have @access attribute which overrides both
top level AND guest NUMA node setting.
For instance:
<domain>
<maxMemory slots='16' unit='GiB'>8</maxMemory>
<memory unit='GiB'>5</memory>
<memoryBacking>
<access mode='private'/>
</memoryBacking>
...
<cpu>
<numa>
<cell id='0' memory='2' unit='GiB' memAccess='shared'/>
<cell id='1' memory='2' unit='GiB' />
</numa>
</cpu>
...
<devices>
<memory model='dimm' access='private'>
<target>
<size unit='GiB'>1</size>
<node>0</node>
</target>
</memory>
</device>
</domain>
Here, the guest NUMA node 0 is going to be shared, except for DIMM
module attached to it (which is going to be private) and NUMA node 1 is
going to be private again.
Michal
1: https://libvirt.org/formatdomain.html#memory-backing
2: https://libvirt.org/formatdomain.html#cpu-model-and-topology
3: https://libvirt.org/formatdomain.html#memory-devices
> >
> On Mon, Oct 17, 2022 at 9:06 AM Michal Prívozník <mprivozn(a)redhat.com
> <mailto:mprivozn@redhat.com>> wrote:
>
> [please keep the list on CC for benefit of the community]
> On 10/16/22 09:58, Simon Fairweather wrote:
> > Thanks Michal, Are there any known issues with Memory Backing. We have
> > QEMU 7.1 and libvirt 8.7.
> >
> > If just Memory Backing is set the VM Freezes after a couple of
> hours and
> > the allocated CPUs show 100% on the host.
> >
> > Seems to happen more on AMD Platforms than Intel.
> >
> > Please advise on any info you need, likely this is a QEMU issue.
> >
> > <memoryBacking>
> > <source type='memfd'/>
> > <access mode='shared'/>
> > </memoryBacking>
>
> Agreed, this smells like QEMU issue. There's nothing obviously wrong
> with this snipped. I have a VM with just that and run it just fine.
> Although, I run it for couple of hours max.
>
> Michal
>
2 years, 1 month
Cannot create vm with machine type raspi2b
by Niccolò Belli
Hi, I'm trying to use virt-manager to create a Raspberry Pi 2 virtual
machine on my Talos 2 ppc64le workstation.
In virt-manager I click on "New", then "Manual install", architecture
"arm" and machine type "raspi2b".
Next I set either "Generic or unknown OS" or "Debian 11" as operating
system, I keep the default 1024 memory and 1 cpu and then I disable
storage for this virtual machine (because I want to use an existing
image with direct kernel boot, see
https://raspi.debian.net/tested-images/).
I check "Customize configuration before install" and I click "Finish".
Unfortunately I get the following error:
Error starting installation: Did not find any UEFI binary path for arch
'armv7l'
So I've decided to start from scratch and select "virt" as machine type
instead of "raspi2b" and change it back later.
With "virt" I manage to reach the configuration overview before the
installation begins.
At this point I have three options for Firmware:
Default
UEFI
UEFI armv7l:/usr/share/qemu/edk2-arm-code.fd
UEFI is the default and if I change the machine type to raspi2b I still
have the same three options (/usr/share/qemu/edk2-arm-code.fd does
indeed exist in my file system).
Unfortunately clicking on "Begin Installation" leads me to yet another
error:
Unable to complete install: 'internal error: Required option 'modelName'
is not set for PCI controller with index '1', model 'pcie-root-port' and
modelName 'none''
If I change the machine type back to "virt" I don't get any error.
I'm using app-emulation/qemu 7.1.0, app-emulation/libvirt-8.8.0 and
virt-manager-4.1.0 on Gentoo Linux ppc64le with a 4K page size kernel.
Thanks,
Niccolo' Belli
2 years, 2 months
How to merge incremental backups generated with virsh backup-begin?
by Jorge Luiz Correa
I'm trying to create incremental backups that I could restore when
necessary. All backups are being generated fine but I couldn't find a way
to recreate an image using all or some of the backup files.
For example, my domain is called jammy and is running.
jammy-backup.xml:
<domainbackup>
<incremental></incremental>
</domainbackup>
jammy-checkpoint.xml
<domaincheckpoint>
<disks>
<disk name="vda" checkpoint="bitmap"/>
</disks>
</domaincheckpoint>
~# virsh backup-begin jammy jammy-backup.xml jammy-checkpoint.xml
* This command with these files generates backup file in
/var/lib/libvirt/images appending the checkpoint timestamp in file name
(jammy.qcow2 -> jammy.qcow2.TIMESTAMP).
~# virsh checkpoint-list jammy
Name Creation Time
-----------------------------------------
1666006874 2022-10-17 08:41:14 -0300
~# ls -lh /var/lib/libvirt/images
-rw-r--r-- 1 libvirt-qemu kvm 2,6G out 18 14:38 jammy.qcow2
-rw------- 1 root root 1,5G out 17 08:41 jammy.qcow2.1666006874
If I create a new domain using jammy.qcow2.1666006874 as disk, everything
works good.
Then, I've created some incremental backups.
jammy-backup.xml:
<domainbackup>
<incremental>1666006874</incremental>
</domainbackup>
~# virsh backup-begin jammy jammy-backup.xml jammy-checkpoint.xml
~# ls -lh /var/lib/libvirt/images
-rw-r--r-- 1 libvirt-qemu kvm 2,6G out 18 14:38 jammy.qcow2
-rw------- 1 root root 1,5G out 17 08:41 jammy.qcow2.1666006874
-rw------- 1 root root 247M out 17 14:42 jammy.qcow2.1666010735
At this point, if I need to restore the backup with checkpoint 1666010735,
how can I create a new image using jammy.qcow2.1666010735 and
jammy.qcow2.1666006874?
I would like to merge the incremental backup jammy.qcow2.1666010735 into
the full backup jammy.qcow2.1666006874, to get a new image so I can create
a new domain using it as disk. Am I doing it the right way?
Ubuntu 22.04 LTS
KVM
libvirt 8.0.0-1ubuntu7.1
qemu 1:6.2+dfsg-2ubuntu6.4
Thank you!
--
Jorge Luiz Corrêa
Embrapa Agricultura Digital
echo "CkpvcmdlIEx1aXogQ29ycmVhCkFu
YWxpc3RhIGRlIFJlZGVzIGUgU2VndXJhbm
NhCkVtYnJhcGEgQWdyaWN1bHR1cmEgRGln
aXRhbCAtIE5USQpBdi4gQW5kcmUgVG9zZW
xsbywgMjA5IChCYXJhbyBHZXJhbGRvKQpD
RVAgMTMwODMtODg2IC0gQ2FtcGluYXMsIF
NQClRlbGVmb25lOiAoMTkpIDMyMTEtNTg4
Mgpqb3JnZS5sLmNvcnJlYUBlbWJyYXBhLm
JyCgo="|base64 -d
--
__________________________
Aviso de confidencialidade
Esta mensagem da
Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica
federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro
de 1972, e enviada exclusivamente a seu destinatario e pode conter
informacoes confidenciais, protegidas por sigilo profissional. Sua
utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei.
Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao
emitente, esclarecendo o equivoco.
Confidentiality note
This message from
Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government
company established under Brazilian law (5.851/72), is directed
exclusively to its addressee and may contain confidential data,
protected under professional secrecy rules. Its unauthorized use is
illegal and may subject the transgressor to the law's penalties. If you
are not the addressee, please send it back, elucidating the failure.
2 years, 2 months
Re: MemoryBacking options
by Michal Prívozník
[please keep the list on CC for benefit of the community]
On 10/16/22 09:58, Simon Fairweather wrote:
> Thanks Michal, Are there any known issues with Memory Backing. We have
> QEMU 7.1 and libvirt 8.7.
>
> If just Memory Backing is set the VM Freezes after a couple of hours and
> the allocated CPUs show 100% on the host.
>
> Seems to happen more on AMD Platforms than Intel.
>
> Please advise on any info you need, likely this is a QEMU issue.
>
> <memoryBacking>
> <source type='memfd'/>
> <access mode='shared'/>
> </memoryBacking>
Agreed, this smells like QEMU issue. There's nothing obviously wrong
with this snipped. I have a VM with just that and run it just fine.
Although, I run it for couple of hours max.
Michal
2 years, 2 months
Qeustion about how to use domsetlaunchsecstate command correctly.
by 贺培轩
Hello,
I'm new to libvirt. I have tried to launch a sev vm with secret
injection recently, and I found the command domsetlaunchsecstate is what I
need. But I had some problem to make it work. Here is what I did to use
this command.
1. run command: virsh create sev-guest.xml
2. create secret header file and secret file.
3. run command: virsh domsetlaunchsecstate sev-guest-1
--secrethdr <hdr-filename> --secret <secret-filename> .
But it will report this error: SEV: not in correct state.
I think it is because the vm is not in a paused state. So how can I launch
a sev vm which is in a paused state? How should I revise my xml file?
The sev-guest.xml I use is as follows:
<domain type="kvm">
<name>sev-guest-1</name>
<uuid>d50a4205-40e0-4482-b0dc-f26bb4a1a9ff</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="
http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://ubuntu.com/ubuntu/16.04"/>
</libosinfo:libosinfo>
</metadata>
<memory>4194304</memory>
<currentMemory>4194304</currentMemory>
<memtune>
<hard_limit>4563402</hard_limit>
</memtune>
<vcpu>32</vcpu>
<cpu mode='custom' match='exact' check='partial'>
<model fallback='forbid'>EPYC</model>
</cpu>
<os>
<type arch="x86_64" machine="q35">hvm</type>
<loader readonly="yes" type="pflash">/data01/OVMF.fd</loader>
<nvram
template="/data01/OVMF.fd">/var/lib/libvirt/qemu/nvram/sev-guest-1_VARS.fd</nvram>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
</features>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
</clock>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/usr/local/bin/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="qcow2"/>
<source file="/data01/AMDSEV/sev-guest-1.qcow2"/>
<target dev="sda" bus="scsi"/>
</disk>
<controller type="scsi" index="0" model="virtio-scsi">
<driver iommu="on"/>
</controller>
<controller type="virtio-serial" index="0">
<driver iommu="on"/>
</controller>
<controller type="usb" index="0" model="ich9-ehci1"/>
<controller type="usb" index="0" model="ich9-uhci1">
<master startport="0"/>
</controller>
<controller type="usb" index="0" model="ich9-uhci2">
<master startport="2"/>
</controller>
<controller type="usb" index="0" model="ich9-uhci3">
<master startport="4"/>
</controller>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x8'/>
<alias name='pci.1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'
multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x9'/>
<alias name='pci.2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0xa'/>
<alias name='pci.3'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0xb'/>
<alias name='pci.4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<console type="pty"/>
<input type="tablet" bus="usb"/>
<graphics type="vnc" port="-1" listen="127.0.0.1"/>
<video>
<model type="vga"/>
<address type='pci' slot='0x07'/>
</video>
<memballoon model="virtio">
<driver iommu="on"/>
</memballoon>
</devices>
<launchSecurity type="sev">
<cbitpos>51</cbitpos>
<reducedPhysBits>1</reducedPhysBits>
<policy>0x05</policy>
<dhCert>XXXXXXXXX</dhCert>
<session>XXXXXXXXXXXXXXXXx</session>
</launchSecurity>
</domain>
Thank you in advance,
Peixuan
2 years, 2 months
Caching qemu capabilities and KubeVirt
by Roman Mohr
Hi,
I have a question regarding capability caching in the context of KubeVirt.
Since we start in KubeVirt one libvirt instance per VM, libvirt has to
re-discover on every VM start the qemu capabilities which leads to a 1-2s+
delay in startup.
We already discover the features in a dedicated KubeVirt pod on each node.
Therefore I tried to copy the capabilities over to see if that would work.
It looks like in general it could work, but libvirt seems to detect a
mismatch in the exposed KVM CPU ID in every pod. Therefore it invalidates
the cache. The recreated capability cache looks esctly like the original
one though ...
The check responsible for the invalidation is this:
```
Outdated capabilities for '%s': host cpuid changed
```
So the KVM_GET_SUPPORTED_CPUID call seems to return
slightly different values in different containers.
After trying out the attached golang scripts in different containers, I
could indeed see differences.
I can however not really judge what the differences in these KVM function
registers mean and I am curious if someone else knows. The files are
attached too (as json for easy diffing).
Best regards,
Roman
2 years, 2 months
MemoryBacking options
by Simon Fairweather
Hi,
Is there any documentation that states which options can be used together
with each other.
<domain>
...
<memoryBacking>
<hugepages>
<page size="1" unit="G" nodeset="0-3,5"/>
<page size="2" unit="M" nodeset="4"/>
</hugepages>
<nosharepages/>
<locked/>
<source type="file|anonymous|memfd"/>
<access mode="shared|private"/>
<allocation mode="immediate|ondemand" threads='8'/>
<discard/>
</memoryBacking>
...
</domain>
2 years, 2 months
