On 5/5/20 9:26 AM, john doe wrote:
On 5/5/2020 8:29 AM, Michal Privoznik wrote:
Because interface type='bridge' and type='network' are not the same. The libvirt_guest plugin needs a list of MAC addresses because it tries to find a match across libvirt domain name -> list of domain's MAC addresses -> list of leases. And whenever a domain is started, all its interfaces with type='network' will notify the corresponding network and the code that handles libvirt networks will dump the MAC address into a file for the NSS plugin to use. But, if plain type='bridge' is used then all that is done is that the TAP is plugged into the bridge (which ensures the connectivity), but does not notify the network which in turn means that the MAC dumping code is not run and hence the NSS plugin won't find a match.
I don't understand why the network can not be notified, could it be a feature request?
No. interface type='bridge' exists exactly for the reasons that users want libvirt just to plug TAP device into a bridge they manage. And they don't want libvirt to touch the bridge in any other way.
Is there a reason why you are using interface type='bridge' with the default network?
I'm just starting with libvirt, so I could be missing something.
Yes, I don't need libvirt touching iptables at all.
In other words, is there a way to be able to use libvirt_guest without having libvirt interacting with iptables.
I'm not quite sure how to achieve NAT then - do you insert the NAT rules yourself? If it is so, then what you may do is to change the type of the default network to 'open' and then use interface type='network' from the domain.
Also, from (1):
"virsh net-dhcp-leases $network where $network iterates through all running network..."
If I understand correctly, the below should list all running network:
$ virsh net-dhcp-leases $network error: command 'net-dhcp-leases' requires <network> option
This lists DHCP leases for given network. To list all running networks you can use 'virsh net-list'.
I would suggest rephrasing the above to something along the lines of:
"virsh net-dhcp-leases $network, where '$network' is to be supstituted by the desired network (E.G, 'default') or use virsh net-list to list all available network."
Actually, the whole statement (copied verbatim from the webpage) is: The NSS module then merely consults the list trying to find the match. Users can view the list themselves: virsh net-dhcp-leases $network where $network iterates through all running networks. Maybe I'm assuming too much, but this doesn't say that net-dhcp-leases will print all running networks. The way I read this is: The NSS module then merely does equivalent of iterating over every running network and executing 'net-dhcp-leases' and trying to find the match. I thought that using shell variables in a documentation for an UNIX-like command is well understood, but maybe I am wrong. Michal