Best practice to manage network
by linux@hklb.ch
Hi,
First, sorry if the topic has already been discussed recently (the only thread I found related to my problem was created in 2010..)
I have a hypervisor with KVM and LXC installed on a Debian 12, and I'm using libvirt to create my VM. All my networks are defined in my /etc/network/interfaces.d/* (I'm using openvswitch with specific options, such as port mirroring/patch/...) , and I'm configuring the network on my VM XML definition like this :
<interface type='bridge'>
<mac address='52:54:00:ab:c3:d3'/>
<source bridge='prod'/>
<vlan>
<tag id='55'/>
</vlan>
<virtualport type='openvswitch'>
<parameters interfaceid='331d973c-0c5b-4d3c-b2ad-590f908e680d'/>
</virtualport>
<target dev='vnet180'/>
<model type='virtio'/>
<mtu size='9216'/>
<alias name='net1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</interface>
It is working perfectly, until I'm restarting my network (using ifreload, ifup, systemctl network restart, ...) - all my VM come unreachable... To make it work again, I also need to restart libvirtd
Is it still expected to have this behavior ? What would be a better way to configure the network ?
Thanks in advance
Lucas
3 months, 3 weeks
kernel panic when hotswapping nvidia gpu via gpu passthrough in a
windows vm
by 5zj1zxgr@anonaddy.me
This may be more issue with nvidia drivers, but just wanted to check if anyone tried to perform gpu passthrough with an nvidia gpu that is used as a secondary gpu on a nvidia "prime" laptop - laptop with both an integrated intel iGPU and a secondary nvidia dGPU.
I was able SOMETIMES to perform GPU passthrough successfully with a VM, but SOMETIMES it led to kernel panics. It usually happens when virtual machine shuts down and nvidia dGPU is returned to the host.
Dec 30 14:29:53 host kernel: ACPI Error: Needed [Integer/String/Buffer], found [Reference] 00000000f0ed5a9d (20240827/exresop-388)
Dec 30 14:29:53 host kernel: ACPI Error: AE_AML_OPERAND_TYPE, While resolving operands for [And] (20240827/dswexec-433)
Dec 30 14:29:53 host kernel: ACPI Error: Aborting method \_SB.PCI0.LPCB.EC0._Q20 due to previous error (AE_AML_OPERAND_TYPE) (20240827/psparse-529)
Dec 30 14:29:56 host kernel: ACPI Error: Needed [Integer/String/Buffer], found [Reference] 0000000059be91f0 (20240827/exresop-388)
Dec 30 14:29:56 host kernel: ACPI Error: AE_AML_OPERAND_TYPE, While resolving operands for [And] (20240827/dswexec-433)
Dec 30 14:29:56 host kernel: ACPI Error: Aborting method \_SB.PCI0.LPCB.EC0._Q20 due to previous error (AE_AML_OPERAND_TYPE) (20240827/psparse-529)
Any advice would be really appreciated.
3 months, 4 weeks
Re: Features from Capabilities
by Simon Fairweather
For HyperV looks like I can build a list from the schema, but for CPU
options would I use the xml in /usr/share/libvirt/cpu
4 months
Features from Capabilities
by Simon Fairweather
HI,
Is there any documentation or somewhere I can look at features that could
be selected?
I have started to create an extract from capabilities and
domcapabilities to provide a list I can use for selection.
Example these are the following entries I have selected to allow running of
Hyperv in Server 2019
<features>
<acpi/>
<apic/>
<hyperv mode='custom'>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
<vendor_id state='on' value='none'/>
</hyperv>
</features>
<cpu mode='custom' match='strict' check='none'>
<model fallback='forbid'>Skylake-Client-IBRS</model>
<topology sockets='1' dies='1' clusters='1' cores='4' threads='1'/>
</cpu>
<clock offset='localtime'>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='no'/>
</clock>
But looking to find a list of options that would be valid to be specified.
Regards
Simon.
4 months
Overriding qemu.conf libvirt-qemu user per-domain
by Pascal Proulx
Hello,
How can I override the libvirt-qemu user defined in
/etc/libvirt/qemu.conf using a per-domain (virtual machine) override
using the domain XML definitions? I can find qemu arg overrides but not
this and I may have missed it.
Thank you
4 months, 1 week
List of valid arch's for virt-install
by Jeffrey Walton
Hi Everyone,
I'm converting about 150 Virtual Box vm's to QEMU/KVM using `qemu-img
convert` followed by a `virt-install`. The vm's are a mix of amd64,
i686 and mx32, and they will run on a amd64 machine. I want to use the
`virt-install --arch` option during the conversion.
The man page for virt-install [1] does not list valid arch's. (I can't
find a page for virt-install at libvirt.org).
Where can I find the list of valid arch's for virt-install?
A related question is, if I also specify `--cpu host` to ensure the
host cpu's ISA's are available to the vm, then will that conflict with
the `--arch arch` option?
Thanks in advance.
[1] https://manpages.org/virt-install
4 months, 2 weeks
Running libvirt without dnsmasq
by procmem@riseup.net
Hi, we are trying to document a way for our users to run libvirt without dnsmasq to reduce attack surface on the host. We are aware that the default network uses it but plan to disable that and use our own custom configured networks instead. Uninstalling dnsmasq causes libvirt to refuse to start even if the default network is no longer running. Is this possible or is this something that needs code changes upstream?
4 months, 2 weeks
linux guests can ping websites but cannot browse the internet while
Windows guest has no issues, using 'default' nat forwarding
by persev@guysmail.com
Hello.
I had been using linux and Windows guests with QEMU KVM for a long time with no issues on LinuxMint 21.2. Then one day all the linux guests could not connect to the internet effectively. (I guess, an
apt upgrade
has some responsibility here, not sure).
Then I installed LinuxMint 22, hoping to get an overall upgrade. Setup a Debian 12 KVM guest anew but noticed the same issues. I can ping websites from inside the VM and there are no packet loss. But other than that, the VM seemingly cannot connect to the internet. `ping wikipedia.org` works flawless but `curl` results in the following:
$ curl -v 'wikipedia.org'
Trying 103.102.166.224:80...
Trying [<IPv6 address>]:80...
Immediate connect failed for [<IPv6 address>]:80... Network is unreachable
doing an apt update also results in Network unreachable.
Also, Firefox cannot load websites. So it appears the guest vm can only resolve dns names and nothing else.
Surprisingly, I have a Windows guest that has no internet issue at all; websites load fine in Edge. My Android Virtual Device (which uses qemu) works fine too.
What might be the problem here? Am I missing some configuration in the host?
Any help is appreciated. What other info can I post here to help identify the problem?
$ uname -a
Linux hp 6.8.0-49-generic #49-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 4 02:06:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
$ virsh net-dumpxml default
<network connections='1'>
<name>default</name>
<uuid>...</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:44:e6:c0'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
The network tag from xml config for this debian12 VM is
<interface type="network">
<mac address="52:54:00:79:b8:39"/>
<source network="default" portid="c2529d6f-088f-4b5d-8829-625d494213e5" bridge="virbr0"/>
<target dev="vnet0"/>
<model type="virtio"/>
<alias name="net0"/>
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</interface>
From inside the guest
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:79:b8:39 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.65/24 brd 192.168.122.255 scope global dynamic noprefixroute enp2s0
valid_lft 2549sec preferred_lft 2549sec
inet6 fe80::b96d:f09b:80d1:b1ae/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4 months, 3 weeks
