October 2024 - Users - libvirt List Archives

Running libvirt without dnsmasq
by procmem＠riseup.net 10 Dec '24

10 Dec '24

Hi, we are trying to document a way for our users to run libvirt without dnsmasq to reduce attack surface on the host. We are aware that the default network uses it but plan to disable that and use our own custom configured networks instead. Uninstalling dnsmasq causes libvirt to refuse to start even if the default network is no longer running. Is this possible or is this something that needs code changes upstream?

5 8

trustGuestRxFilters broken after upgrade to Debian 12
by Paul B. Henson 01 Nov '24

01 Nov '24

We've been running Debian 11 for a while, using sr-iov: <network> <name>sr-iov-intel-10G-1</name> <uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid> <forward mode='hostdev' managed='yes'> <pf dev='eth2'/> </forward> </network> and allocating vf's from the pool: <interface type='network' trustGuestRxFilters='yes'> <mac address='52:54:00:08:da:5b'/> <source network='sr-iov-intel-10G-1'/> <vlan> <tag id='50'/> </vlan> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> After upgrading to Debian 12, when I try to start any vm which uses the trustGuestRxFilters option, it fails to start with the message: error: internal error: unable to execute QEMU command 'query-rx-filter': invalid net client name: hostdev0 If I remove the option, it starts fine (but of course is broken functionality wise as the option wasn't there just for fun :) ). Any thoughts on what's going on here? The Debian 12 versions are: libvirt-daemon/stable,now 9.0.0-4 qemu-system-x86/stable,now 1:7.2+dfsg-7+deb12u3 I see Debian 12 backports has version 8.1.2+ds-1~bpo12+1 of qemu, but no newer versions of libvirt. I haven't tried the backports version to see if that resolves the problem. Thanks much...

5 7

reconfiguring a two vms bridge to two vms + the host with proper iface naming
by daggs 29 Oct '24

29 Oct '24

Greetings, I have two vms (vm1 and vm2) connected via a bridge named br1. libvirt creates two taps, tap0 and tap1 I'm trying to rename them to some thing more meaningful for starts. I assume that I cannot use vnet-vm1 or vnet-vm2 so I decided to configure it like this: vm1: <interface type='bridge'> <source bridge='br1'/> <target dev='vnet1'/> </interface> vm2: <interface type='bridge'> <source bridge='br1'/> <target dev='vnet2'/> </interface> but when start the vms, the iface names are still tap1 and tap2. am I doing something wrong? in addition, I want to add the host to br1, so I ran this after the bridge exists: ip link set dev tap3 master br1 I see it when I run brctl show br1, but I'm unable to get ip, am I doing something wrong here too? Thanks, Dagg.

3 4

[FOSDEM] Call for participation: Virtualization and Cloud infrastructure Room at FOSDEM 2025
by Piotr Kliczewski 28 Oct '24

28 Oct '24

We are excited to announce that the call for proposals is now open for the Virtualization and Cloud infrastructure devroom at the upcoming FOSDEM 2025, to be hosted on Sunday (Feb 2) 2025. This devroom is a collaborative effort, and is organized by dedicated folks from projects such as OpenStack, Xen Project, KubeVirt, QEMU, KVM, and Foreman. We invite everyone involved in these fields to submit your proposals by December 8th, 2024. About the Devroom The Virtualization & IaaS devroom will feature session topics such as open source hypervisors or virtual machine managers such as Xen Project, KVM, bhyve and VirtualBox as well as Infrastructure-as-a-Service projects such as KubeVirt, Apache CloudStack, OpenStack, QEMU and OpenNebula. This devroom will host presentations that focus on topics of shared interest, such as KVM; libvirt; shared storage; virtualized networking; cloud security; clustering and high availability; interfacing with multiple hypervisors; hyperconverged deployments; and scaling across hundreds or thousands of servers. Presentations in this devroom will be aimed at developers working on these platforms who are looking to collaborate and improve shared infrastructure or solve common problems. We seek topics that encourage dialog between projects and continued work post-FOSDEM. Important Dates Submission deadline: 8th December 2024 Acceptance notifications: 10th December 2024 Final schedule announcement: 15th December 2024 Devroom: 2nd February 2025 Submit Your Proposal All submissions must be made via the Pretalx event planning site[1]. It is a new submission system so you will need to create an account. If you submitted proposals for FOSDEM in previous years, you won’t be able to use your existing account. During submission please make sure to select Virtualization and Cloud infrastructure from the Track list. Please provide a meaningful abstract and description of your proposed session. Submission Guidelines We expect more proposals than we can possibly accept, so it is vitally important that you submit your proposal on or before the deadline. Late submissions are unlikely to be considered. All presentation slots are 30 minutes, with 20 minutes planned for presentations, and 10 minutes for Q&A. All presentations will be recorded and made available under Creative Commons licenses. In the Submission notes field, please indicate that you agree that your presentation will be licensed under the CC-By-SA-4.0 or CC-By-4.0 license and that you agree to have your presentation recorded. For example: "If my presentation is accepted for FOSDEM, I hereby agree to license all recordings, slides, and other associated materials under the Creative Commons Attribution Share-Alike 4.0 International License. Sincerely, <NAME>." In the Submission notes field, please also confirm that if your talk is accepted, you will be able to attend FOSDEM and deliver your presentation. We will not consider proposals from prospective speakers who are unsure whether they will be able to secure funds for travel and lodging to attend FOSDEM. (Sadly, we are not able to offer travel funding for prospective speakers.) Code of Conduct Following the release of the updated code of conduct for FOSDEM[3], we'd like to remind all speakers and attendees that all of the presentations and discussions in our devroom are held under the guidelines set in the CoC and we expect attendees, speakers, and volunteers to follow the CoC at all times. If you submit a proposal and it is accepted, you will be required to confirm that you accept the FOSDEM CoC. If you have any questions about the CoC or wish to have one of the devroom organizers review your presentation slides or any other content for CoC compliance, please email us and we will do our best to assist you. Questions? If you have any questions about this devroom, please send your questions to our devroom mailing list. You can also subscribe to the list to receive updates about important dates, session announcements, and to connect with other attendees. See you all at FOSDEM! [1] https://pretalx.fosdem.org/fosdem-2025/cfp [2] virtualization-devroom-manager at fosdem.org [3] https://fosdem.org/2025/practical/conduct/

1 0

SEV start VM help
by 435285706＠qq.com 28 Oct '24

28 Oct '24

Hi, I'm new to libvirt. I recently tried to start a sev vm with secret injection, and the documentation on this is very good, could you provide me with the steps to start a VM with libvirt's SEV, or documentation on this, thank you very much!

2 1

SEV start VM
by 435285706＠qq.com 25 Oct '24

25 Oct '24

Hi, I'm new to libvirt. I recently tried to start a sev vm with secret injection, and the documentation on this is very good, could you provide me with the steps to start a VM with libvirt's SEV, or documentation on this, thank you very much!

1 0

FreeBSD dhcp failing with UDP checksum errors
by Richard W.M. Jones 21 Oct '24

21 Oct '24

I recently reinstalled Fedora (host) and I'm trying to import a previously working FreeBSD 13 guest. It boots fine, but fails to get an address from DHCP. In the FreeBSD boot output it prints: Starting dhclient. DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 7 DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9 DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9 DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 10 DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 17 5 bad udp checksums in 5 packets Indeed, tcpdumping the network on the host side shows that checksums are wrong (note "bad udp cksum" in the reply message): 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 52:54:00:d4:07:ab (oui Unknown), length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000) Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Discover Requested-IP (50), length 4: freebsd.home.annexia.org Client-ID (61), length 7: ether 52:54:00:d4:07:ab Hostname (12), length 7: "freebsd" Parameter-Request (55), length 10: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12) Unknown (119), MTU (26) END (255), length 0 PAD (0), length 0, occurs 20 13:07:37.304083 IP (tos 0xc0, ttl 64, id 20207, offset 0, flags [none], proto UDP (17), length 328) cash.bootps > 192.168.122.203.bootpc: [bad udp cksum 0x7763 -> 0x88a0!] BOOTP/DHCP, Reply, length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000) Your-IP 192.168.122.203 Server-IP cash Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Offer Server-ID (54), length 4: cash Lease-Time (51), length 4: 3600 RN (58), length 4: 1800 RB (59), length 4: 3150 Subnet-Mask (1), length 4: 255.255.255.0 BR (28), length 4: 192.168.122.255 Default-Gateway (3), length 4: cash Domain-Name-Server (6), length 4: cash END (255), length 0 PAD (0), length 0, occurs 8 I guess this is something to do with checksum offloading. I can only find ancient bugs related to this. How to fix? The host is: libvirt-daemon-10.6.0-1.fc41.x86_64 dnsmasq-2.90-3.fc41.x86_64 Linux cash 6.11.0-0.rc5.20240830git20371ba12063.47.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 15:36:28 UTC 2024 x86_64 GNU/Linux Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com nbdkit - Flexible, fast NBD server with plugins https://gitlab.com/nbdkit/nbdkit

3 7

AMD SEV-SNP encryption at rest
by me+libvirt＠gsora.xyz 14 Oct '24

14 Oct '24

Hello folks, I’m exploring the capabilities of the AMD SEV-SNP platform for a TEE implementation that will handle and store secret data. This data should be tied to a single guest, that is no other guest that boots with the same kernel/initrd/cmdline - in the form of a UKI - should be able to decrypt it. I have a prototype that encrypts the boot disk with a key derived from the VCEK, but a different guest is able to derive the same key provided it boots either the same UKI. The key has been derived with the snpguest tool developed by the virtee project. Does anybody have experience with encryption at rest with the AMD SEV SNP platform? I understand that it’s possible to inject secrets into a SEV VM at creation time, but documentation is scarce on that front. Thank you

2 1

New application (library)
by Erik Huelsmann 04 Oct '24

04 Oct '24

Hi! On https://libvirt.org/apps.html it says to send a mail to this mailinglist to get your app listed on apps/libraries the list. Over the past months, I've been writing a set of Perl libraries, culminating in Sys::Async::Virt (https://metacpan.org/pod/Sys::Async::Virt) which is a library for developing LibVirt client applications supporting the asynchronous paradigm introduced by Future::AsyncAwait ( https://metacpan.org/pod/Future::AsyncAwait) The library binds to the network protocol and instantiates Perl objects for manipulating server-side resources. The API tries to stay close to the Sys::Virt API, although I've been looking closely at the C API as well. At the time of writing, the local and ssh transports are supported, but work is on-going for more. Not all protocol messages are supported at the moment; 47 out of 448 messages are remaining. Effort to implement them is on-going here too. The list of unimplemented messages is published at the bottom of the documentation page on MetaCPAN referenced above. Let me know your feedback, or submit your bugs and ideas at https://github.com/ehuelsmann/perl-sys-async-virt. Thanks in advance for listing the library! -- Bye, Erik. http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.

1 0

How to use UEFI_VARS.fd using virt-manager on Ubuntu 24.04...
by Mario Marietto 01 Oct '24

01 Oct '24

Hello. On FreeBSD I've installed Windows 11 on the first partition of a 200 GB disk and Android X86 on the second partition of a 200 GB image file called "Android.img". This is how I boot Android : /usr/sbin/./bhyve-win -S -c sockets=4,cores=2,threads=1 -m 8G -w -H -A \ -s 0,hostbridge \ -s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Android/Android.img,bootindex=1 \ -s 13,virtio-net,tap13 \ -s 29,fbuf,tcp=0.0.0.0:5913,w=1600,h=950,wait \ -s 30,xhci,tablet \ -s 31,lpc \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd,/usr/local/share/uefi-firmware/BHYVE_UEFI_VARS.fd \ as you can see to boot Android correctly,I SHOULD use "/usr/local/share/uefi-firmware/BHYVE_UEFI_VARS.fd" Now I'm using Ubuntu 24.04 and I want to boot Android from the same img file. But,what I don't know is how to add the parameter "/usr/local/share/uefi-firmware/BHYVE_UEFI_VARS.fd" to virt-manager. Without it Android will not boot,but only Windows is able to boot ONLY from the first partition.... -- Mario.

1 0