July 2023 - Users - libvirt List Archives

Libvirt
by Gk Gk 27 Oct '23

27 Oct '23

Hi All, I am trying to collect memory, disk and network stats for a VM on kvm host. It seems that the statistics are not matching what the OS inside the VM is reporting. Why is this discrepancy ? Is this a known bug of libvirt ? Also I heard that libvirt shows cumulative figures for these measures ever since the VM was created. Also I tested by creating a new vm and comparing the stats without a reboot . Even in this case, the stats dont agree. Can someone help me here please ? Thanks Kumar

2 5

ipv6 can not work for direct type interface
by Yalan Zhang 07 Aug '23

07 Aug '23

Hi there, I have a question regarding direct type interfaces. Would someone be able to take a look at it? When I start 2 VMs on the same host with interface "direct type + bridge mode", just as below: <interface type="direct"> <mac address="52:54:00:9e:7b:51"/> <source dev="eno1" mode="bridge"/> <model type="virtio"/> </interface> The 2 VMs can connect to each other via ipv4, but can not connect to each other via ipv6. Maybe it's related to some kernel parameters, but I don't know how to debug. Is there anyone who can help me? Thank you! BR, Yalan

1 1

Security Logs
by Simon Fairweather 23 Jul '23

23 Jul '23

Hi Is there a way to enable logging of security revents, i.e. a remote client connecting to VNC/SPICE for console. I cannot see/find any documentation, I have also requested a feature request on QEMU gitlab. Regards Simon.

1 0

Issue with libvirtd service and virsh on Debian 13 "trixie" (testing)
by pascal 15 Jul '23

15 Jul '23

Hi, I just upgraded to Debian 13 and observing an issue related to libvirtd service. It happens during up time, the service is initially running and all is working fine. I can run virt-manager and use VMs. Then close virt-manager. After some time (5min), here is what happens : - virt-manager keeps on "Connecting... " when launching it. - "sudo virsh net-list --all" command hangs and does not respond. I have to type Ctrl-C. At that step, I need to restart the libvirtd service : "sudo systemctl restart libvirtd" Then everything is back and running as expected... For 5 minutes as issue comes back. All logs here : https://pastebin.com/qHQWLF4i -=- Versions used : sudo apt policy qemu-system Installé : 1:8.0.2+dfsg-3 sudo apt policy libvirt-daemon-system Installé : 9.5.0-1 $ sudo apt policy virt-manager Installé : 1:4.1.0-2 Can you help here ? Thanks and regards, Pascal

2 1

Cannot access guest with bridged networking when using firewalld (nftables backend) on Debian 12 Bookworm
by Niccolò Belli 12 Jul '23

12 Jul '23

firewalld version 1.3.0-1 libvirt version 9.0.0-4 network-manager version 1.42.4-1 # firewall-cmd --get-active-zones libvirt interfaces: br28 public interfaces: dac0 dac0.100 dac0.28 ftth # firewall-cmd --list-all --zone=public public (active) target: default icmp-block-inversion: no interfaces: dac0 dac0.100 dac0.28 ftth sources: services: dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: dac0 is a Direct Attach cable with several vlans. dac0.100 is the vlan where I create the ppoe connection from my FTTH provider. ftth is the ppp name. dac0.28 is the vlan for the public /28 IPv4 subnet. br28 is the bridge where dac0.28 is attached. # brctl show bridge name bridge id STP enabled interfaces br28 8000.d2605c025b1d no dac0.28 vnet1 # firewall-cmd --list-all --zone=libvirt libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: br28 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject # nft list tables table inet firewalld table ip mangle # nft list table ip mangle # Warning: table ip mangle is managed by iptables-nft, do not touch! table ip mangle { chain FORWARD { type filter hook forward priority mangle; policy accept; oifname "ftth" tcp flags syn / syn,rst tcp option maxseg size 1400-65495 counter packets 0 bytes 0 tcp option maxseg size set rt mtu } } The previous rule is created by NetworkManager to clamp-mss-to-pmtu for the ftth pppoe. This is how I create the bridge and the dac0.28 vlan with NetworkManager: # nmcli con add ifname br28 type bridge con-name br28 ipv4.method manual ipv4.addresses MY_IP/28 connection.zone libvirt # nmcli connection add type vlan con-name dac0.28 ifname dac0.28 vlan.parent dac0 vlan.id 28 ipv4.method disabled ipv6.method disabled master br28 slave-type bridge I also have isc-dhcp-server, wide-dhcpv6-client and radvd running. # nmcli con NAME UUID TYPE DEVICE ftth f370639c-2712-49c2-9749-e39f17102346 pppoe ftth br28 e4d2aad3-ef2d-4ac0-bda5-58471f21655c bridge br28 lo f0327b03-bbc3-4078-8bd1-5225df0ce153 loopback lo vnet1 25ae75cd-1606-4fd7-8213-09f4ef1280c4 tun vnet1 dac0 040e747e-fd7e-41e9-b6a6-ccec9e73c022 ethernet dac0 dac0.100 147c1632-2c60-42f3-a97a-a6733ef69f4c vlan dac0.100 dac0.28 cefb4bf3-dda9-465a-95d0-512ac1294a5b vlan dac0.28 enp1s0 81a44a95-efdc-47e2-9c12-76a0a140ca5a ethernet -- The previous are all dark green expect lo and vnet1 which are light green (externally managed) and enp1s0 which is white (disconnected). The br_netfilter module is not loaded and thus net.bridge.bridge-nf-call-ip6tables, net.bridge.bridge-nf-call-iptables, net.bridge.bridge-nf-call-arptables are not even exposed to /proc/sys/net/bridge. I don't have any nwfilter enabled yet, I'd like to get the basics working first. The guest gets an IP (both v4 and v6) and can reach the internet. Unfortunately the guest cannot be reached from the outside: $ ping GUEST_IP PING GUEST_IP (GUEST_IP) 56(84) bytes of data. From FTTH_IP icmp_seq=1 Packet filtered $ ssh GUEST_IP ssh: connect to host GUEST_IP port 22: No route to host Routed networking works fine, but libvirt is in charge to create everything in that case (creating the bridge, assigning the libvirt-routed zone, enabling the libvirt-routed policies, etc) while bridged networking must be configured manually (at least on non-RedHat distros). What's wrong? It looks suspiciously similar to https://bbs.archlinux.org/viewtopic.php?id=274670 Thanks, Niccolo' Belli

1 0