How can I create a VM in virt-manager that can access the internet
through
the host but can't even see the host or other devices on the LAN?
by imthenachoman@gmail.com
I want to be able to create multiple VMs for testing purposes -- questionable websites, files that could be infected with a virus, etc.
I want to make sure these VMs should be able to access the internet (through the host) but they should not be able to access the host or any other device on the LAN.
I tried `NAT` mode but that let's me access the host and other devices on the LAN.
I tried `Isolated` mode but that doesn't give me internet access.
I don't want to run a second VM and route traffic through it.
I want to avoid creating FW rules on the host or VMs because I'll be creating and destroying VMs all the time.
And I think I need to use some kind of NAT because I don't want my router to know/see the VMs as clients.
What do I need to do?
5 hours, 9 minutes
qemu guest agent with openbsd
by Christian Haumesser
Hello,
I have an OpenBSD 7.5 guest running on Debian bookworm with libvirt (9.0) and qemu (7.2).
I'd like to use the qemu guest agent in this guest, but I can't seem to figure out how to craft the libvirt xml to expose the serial port in a way that OpenBSD and libvirt can use it together (or if it’s even possible).
Per the libvirt docs <https://wiki.libvirt.org/Qemu_guest_agent.html>, I’m currently using:
> <channel type='unix'>
> <source mode='bind'/>
> <target type='virtio' name='org.qemu.guest_agent.0'/>
> </channel>
But OpenBSD doesn’t directly support the virtio console driver. Consistent with this 2020 thread <https://undeadly.org/cgi?action=article;sid=20200514073852> from the OpenBSD ports making list, I see the following message in my guest’s dmesg output:
> virtio5 at pci0 dev 10 function 0 "Qumranet Virtio Console" rev 0x00
> virtio5: no matching child driver; not configured
Thanks to this libvir-list thread <https://listman.redhat.com/archives/libvir-list/2015-October/120250.html> from 2015, I’ve realized that I can manually expose an ISA serial console that will allow me to connect to the guest agent using native qemu tooling; but there doesn’t seem to be a way to create a channel that libvirt can communicate over without virtio console support in the guest. The thread discusses a couple of approaches to resolving this issue with code changes, but it seems like the discussion stalled out before anything happened.
Am I missing something or is it still impossible?
Thanks!
5 days, 8 hours
What's wrong with internal VM snapshots?
by Marius Vollmer
Hi!
I am trying to improve the support for VM snapshots in the Cockpit web
console, and I am afraid I have questions...
We have been asked to prefer the "external" over the "internal" snapshot
format, at least on RHEL. I haven't yet figured out why, and
consequently I am struggling with deciding how hard the Cockpit UI
should push people towards external snapshots.
So, what's wrong with internal snapshots?
I heard they are "unreliable", but how so in detail? Does the data
structure inside the qcow2 files get corrupted easily? Do they behave
poorly when the snapshot process runs out of disk in the middle? That
sort of thing would help me a lot to figure out what Cockpit should be
doing on platforms other than RHEL.
And how well (or how soon) can external snapshots be expected to work?
I have severely messed up my libvirt state a couple of times while
playing around with them, and my confidence in them right now isn't
great. :-) Are you surprised by this? Or are external snapshots not yet
considered ready?
(Most recent example from my experiments: Deleting a full system
snapshot of a paused machine fails with "internal error: unable to
execute QEMU command 'block-commit': Block node is read-only". Reverting
to it works and after that it can also be deleted, all while the VM is
paused.)
Thanks!
1 week, 5 days
