Libvirt
by Gk Gk
Hi All,
I am trying to collect memory, disk and network stats for a VM on kvm host.
It seems that the statistics are not matching what the OS inside the VM is
reporting. Why is this discrepancy ?
Is this a known bug of libvirt ? Also I heard that libvirt shows cumulative
figures for these measures ever since the VM was created. Also I tested by
creating a new vm and comparing the stats without a reboot . Even in this
case, the stats dont agree. Can someone help me here please ?
Thanks
Kumar
1 year
ipv6 can not work for direct type interface
by Yalan Zhang
Hi there,
I have a question regarding direct type interfaces. Would someone be able
to take a look at it?
When I start 2 VMs on the same host with interface "direct type + bridge
mode", just as below:
<interface type="direct">
<mac address="52:54:00:9e:7b:51"/>
<source dev="eno1" mode="bridge"/>
<model type="virtio"/>
</interface>
The 2 VMs can connect to each other via ipv4, but can not connect to each
other via ipv6.
Maybe it's related to some kernel parameters, but I don't know how to
debug.
Is there anyone who can help me?
Thank you!
BR,
Yalan
1 year, 3 months
Security Logs
by Simon Fairweather
Hi
Is there a way to enable logging of security revents, i.e. a remote client
connecting to VNC/SPICE for console.
I cannot see/find any documentation, I have also requested a feature
request on QEMU gitlab.
Regards
Simon.
1 year, 4 months
Issue with libvirtd service and virsh on Debian 13 "trixie" (testing)
by pascal
Hi,
I just upgraded to Debian 13 and observing an issue related to libvirtd
service. It happens during up time, the service is initially running
and all is working fine. I can run virt-manager and use VMs. Then close
virt-manager.
After some time (5min), here is what happens :
- virt-manager keeps on "Connecting... " when launching it.
- "sudo virsh net-list --all" command hangs and does not respond. I
have to type Ctrl-C.
At that step, I need to restart the libvirtd service : "sudo systemctl
restart libvirtd"
Then everything is back and running as expected... For 5 minutes as
issue comes back.
All logs here : https://pastebin.com/qHQWLF4i
-=-
Versions used :
sudo apt policy qemu-system
Installé : 1:8.0.2+dfsg-3
sudo apt policy libvirt-daemon-system
Installé : 9.5.0-1
$ sudo apt policy virt-manager
Installé : 1:4.1.0-2
Can you help here ?
Thanks and regards,
Pascal
1 year, 4 months
Cannot access guest with bridged networking when using firewalld (nftables backend) on Debian 12 Bookworm
by Niccolò Belli
firewalld version 1.3.0-1
libvirt version 9.0.0-4
network-manager version 1.42.4-1
# firewall-cmd --get-active-zones
libvirt
interfaces: br28
public
interfaces: dac0 dac0.100 dac0.28 ftth
# firewall-cmd --list-all --zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: dac0 dac0.100 dac0.28 ftth
sources:
services: dhcpv6-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dac0 is a Direct Attach cable with several vlans.
dac0.100 is the vlan where I create the ppoe connection from my FTTH
provider.
ftth is the ppp name.
dac0.28 is the vlan for the public /28 IPv4 subnet.
br28 is the bridge where dac0.28 is attached.
# brctl show
bridge name bridge id STP enabled interfaces
br28 8000.d2605c025b1d no dac0.28
vnet1
# firewall-cmd --list-all --zone=libvirt
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: br28
sources:
services: dhcp dhcpv6 dns ssh tftp
ports:
protocols: icmp ipv6-icmp
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
# nft list tables
table inet firewalld
table ip mangle
# nft list table ip mangle
# Warning: table ip mangle is managed by iptables-nft, do not touch!
table ip mangle {
chain FORWARD {
type filter hook forward priority mangle; policy accept;
oifname "ftth" tcp flags syn / syn,rst tcp option maxseg size
1400-65495 counter packets 0 bytes 0 tcp option maxseg size set rt mtu
}
}
The previous rule is created by NetworkManager to clamp-mss-to-pmtu for
the ftth pppoe.
This is how I create the bridge and the dac0.28 vlan with
NetworkManager:
# nmcli con add ifname br28 type bridge con-name br28 ipv4.method manual
ipv4.addresses MY_IP/28 connection.zone libvirt
# nmcli connection add type vlan con-name dac0.28 ifname dac0.28
vlan.parent dac0 vlan.id 28 ipv4.method disabled ipv6.method disabled
master br28 slave-type bridge
I also have isc-dhcp-server, wide-dhcpv6-client and radvd running.
# nmcli con
NAME UUID TYPE DEVICE
ftth f370639c-2712-49c2-9749-e39f17102346 pppoe ftth
br28 e4d2aad3-ef2d-4ac0-bda5-58471f21655c bridge br28
lo f0327b03-bbc3-4078-8bd1-5225df0ce153 loopback lo
vnet1 25ae75cd-1606-4fd7-8213-09f4ef1280c4 tun vnet1
dac0 040e747e-fd7e-41e9-b6a6-ccec9e73c022 ethernet dac0
dac0.100 147c1632-2c60-42f3-a97a-a6733ef69f4c vlan dac0.100
dac0.28 cefb4bf3-dda9-465a-95d0-512ac1294a5b vlan dac0.28
enp1s0 81a44a95-efdc-47e2-9c12-76a0a140ca5a ethernet --
The previous are all dark green expect lo and vnet1 which are light
green (externally managed) and enp1s0 which is white (disconnected).
The br_netfilter module is not loaded and thus
net.bridge.bridge-nf-call-ip6tables, net.bridge.bridge-nf-call-iptables,
net.bridge.bridge-nf-call-arptables are not even exposed to
/proc/sys/net/bridge.
I don't have any nwfilter enabled yet, I'd like to get the basics
working first.
The guest gets an IP (both v4 and v6) and can reach the internet.
Unfortunately the guest cannot be reached from the outside:
$ ping GUEST_IP
PING GUEST_IP (GUEST_IP) 56(84) bytes of data.
From FTTH_IP icmp_seq=1 Packet filtered
$ ssh GUEST_IP
ssh: connect to host GUEST_IP port 22: No route to host
Routed networking works fine, but libvirt is in charge to create
everything in that case (creating the bridge, assigning the
libvirt-routed zone, enabling the libvirt-routed policies, etc) while
bridged networking must be configured manually (at least on non-RedHat
distros).
What's wrong? It looks suspiciously similar to
https://bbs.archlinux.org/viewtopic.php?id=274670
Thanks,
Niccolo' Belli
1 year, 4 months
