[libvirt-users] SSH from host to domain using hostname
Hello! I want to SSH from host to specific guest using hostname, e.g. ssh <user>@<guest> or ssh test@vm02-fai ssh to guest using IP works w/o issues. I found Wiki article for "NSS module" (http://wiki.libvirt.org/page/NSS_module), but there are no results for the following commands: ld4004:/home # virsh net-dhcp-leases default Expiry Time MAC address Protocol IP address Hostname Client ID or DUID ------------------------------------------------------------------------------------------------------------------- ld4004:/home # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address ------------------------------------------------------------------------------- ld4004:/home # virsh list Id Name State ---------------------------------------------------- 1 vm02-fai running dnsmasq is running: ld4004:/home # netstat -nulpd | grep dnsmasq udp 0 0 192.168.33.1:53 0.0.0.0:* 10318/dnsmasq udp 0 0 192.168.100.1:53 0.0.0.0:* 20145/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 20145/dnsmasq How can I fix this issue? THX
On Mon, Jul 17, 2017 at 02:17:12PM +0000, c.monty@web.de wrote:
Hello!
I want to SSH from host to specific guest using hostname, e.g. ssh <user>@<guest> or ssh test@vm02-fai
ssh to guest using IP works w/o issues.
I found Wiki article for "NSS module" (http://wiki.libvirt.org/page/NSS_module), but there are no results for the following commands: ld4004:/home # virsh net-dhcp-leases default Expiry Time MAC address Protocol IP address Hostname Client ID or DUID -------------------------------------------------------------------------------------------------------------------
ld4004:/home # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address -------------------------------------------------------------------------------
What is the version of your libvirt?
ld4004:/home # virsh list Id Name State ---------------------------------------------------- 1 vm02-fai running
Is this domain plugged into network controlled by libvirt?
dnsmasq is running: ld4004:/home # netstat -nulpd | grep dnsmasq udp 0 0 192.168.33.1:53 0.0.0.0:* 10318/dnsmasq udp 0 0 192.168.100.1:53 0.0.0.0:* 20145/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 20145/dnsmasq
Is this the dnsmasq for libvirt's network?
How can I fix this issue?
THX
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
On 07/17/2017 04:17 PM, c.monty@web.de wrote:
Hello!
I want to SSH from host to specific guest using hostname, e.g. ssh <user>@<guest> or ssh test@vm02-fai
ssh to guest using IP works w/o issues.
I found Wiki article for "NSS module" (http://wiki.libvirt.org/page/NSS_module),
Also, until 3.2.0 it was mandatory to restart the virtual network after configuring the libvirt_guest module (I've updated the wiki accordingly).
but there are no results for the following commands: ld4004:/home # virsh net-dhcp-leases default Expiry Time MAC address Protocol IP address Hostname Client ID or DUID -------------------------------------------------------------------------------------------------------------------
This is the problem. Libvirt is not the one who's assigning IP addresses and thus the NSS module doesn't work.
ld4004:/home # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address -------------------------------------------------------------------------------
ld4004:/home # virsh list Id Name State ---------------------------------------------------- 1 vm02-fai running
dnsmasq is running: ld4004:/home # netstat -nulpd | grep dnsmasq udp 0 0 192.168.33.1:53 0.0.0.0:* 10318/dnsmasq udp 0 0 192.168.100.1:53 0.0.0.0:* 20145/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 20145/dnsmasq
How can I fix this issue?
By having libvirt network assign IP addresses. Generally, <interface type='network'/> is what you should look for. Michal
Hello! I have upgraded all libvirt packages to version 3.5.0-655.1 and restarted host. This is the current default network config: ld4004:~ # virsh net-dumpxml default <network connections='1'> <name>default</name> <uuid>f511d113-d7d1-4714-ad2b-be29ef8f7fc4</uuid> <forward dev='br0' mode='nat'> <nat> <port start='1024' end='65535'/> </nat> <interface dev='br0'/> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:f5:5f:ca'/> <domain name='local.net' localOnly='yes'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.10' end='192.168.100.254'/> </dhcp> </ip> </network> What do I need to configure in order to have NSS working? THX 18. Juli 2017 14:13, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/17/2017 04:17 PM, c.monty@web.de wrote:
Hello!
I want to SSH from host to specific guest using hostname, e.g. ssh <user>@<guest> or ssh test@vm02-fai
ssh to guest using IP works w/o issues.
I found Wiki article for "NSS module" (http://wiki.libvirt.org/page/NSS_module),
Also, until 3.2.0 it was mandatory to restart the virtual network after configuring the libvirt_guest module (I've updated the wiki accordingly).
but there are no results for the following commands: ld4004:/home # virsh net-dhcp-leases default Expiry Time MAC address Protocol IP address Hostname Client ID or DUID ---------------------------------------------------------------------------------------------------- --------------
This is the problem. Libvirt is not the one who's assigning IP addresses and thus the NSS module doesn't work.
ld4004:/home # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address -------------------------------------------------------------------------------
ld4004:/home # virsh list Id Name State ---------------------------------------------------- 1 vm02-fai running
dnsmasq is running: ld4004:/home # netstat -nulpd | grep dnsmasq udp 0 0 192.168.33.1:53 0.0.0.0:* 10318/dnsmasq udp 0 0 192.168.100.1:53 0.0.0.0:* 20145/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 20145/dnsmasq
How can I fix this issue?
By having libvirt network assign IP addresses. Generally, <interface type='network'/> is what you should look for.
Michal
On 07/18/2017 04:31 PM, c.monty@web.de wrote:
Hello!
I have upgraded all libvirt packages to version 3.5.0-655.1 and restarted host.
That wasn't necessary. It's not Windows ;-)
This is the current default network config: ld4004:~ # virsh net-dumpxml default <network connections='1'> <name>default</name> <uuid>f511d113-d7d1-4714-ad2b-be29ef8f7fc4</uuid> <forward dev='br0' mode='nat'> <nat> <port start='1024' end='65535'/> </nat> <interface dev='br0'/> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:f5:5f:ca'/> <domain name='local.net' localOnly='yes'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.10' end='192.168.100.254'/> </dhcp> </ip> </network>
This is looking good.
What do I need to configure in order to have NSS working?
What's the domain's <interface/> type? It should look something like this: <interface type='network'> <source network='default'/> ... </interface> And with this you should be all set. Michal
18. Juli 2017 16:45, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/18/2017 04:31 PM, c.monty@web.de wrote:
Hello!
I have upgraded all libvirt packages to version 3.5.0-655.1 and restarted host.
That wasn't necessary. It's not Windows ;-)
This is the current default network config: ld4004:~ # virsh net-dumpxml default <network connections='1'> <name>default</name> <uuid>f511d113-d7d1-4714-ad2b-be29ef8f7fc4</uuid> <forward dev='br0' mode='nat'> <nat> <port start='1024' end='65535'/> </nat> <interface dev='br0'/> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:f5:5f:ca'/> <domain name='local.net' localOnly='yes'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.10' end='192.168.100.254'/> </dhcp> </ip> </network>
This is looking good.
What do I need to configure in order to have NSS working?
What's the domain's <interface/> type? It should look something like this:
<interface type='network'> <source network='default'/> ... </interface>
And with this you should be all set.
Michal
OK, all libvirt software packages are updated. And this is the configuration /etc/nsswitch.conf ld4004:~ # cat /etc/nsswitch.conf # # /etc/nsswitch.conf # passwd: compat group: compat hosts: files libvirt dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files And this is the domain's interface type / configuration: <interface type='network'> <mac address='52:54:00:31:dd:59'/> <source network='default'/> <model type='rtl8139'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='network'> <mac address='52:54:00:5d:1e:dc'/> <source network='internal'/> <model type='rtl8139'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </interface> However, there's still no record of the domain's IP address: ld4004:~ # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address ------------------------------------------------------------------------------- Could this issue be related to the domain's NIC configuration, means model type='rtl8139' or the fact that 2 NICs are configured? For your information, it fails also with model type='virtio'. Regards
On Wed, Jul 19, 2017 at 08:23:58AM +0000, c.monty@web.de wrote:
18. Juli 2017 16:45, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/18/2017 04:31 PM, c.monty@web.de wrote:
Hello!
I have upgraded all libvirt packages to version 3.5.0-655.1 and restarted host.
That wasn't necessary. It's not Windows ;-)
This is the current default network config: ld4004:~ # virsh net-dumpxml default <network connections='1'> <name>default</name> <uuid>f511d113-d7d1-4714-ad2b-be29ef8f7fc4</uuid> <forward dev='br0' mode='nat'> <nat> <port start='1024' end='65535'/> </nat> <interface dev='br0'/> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:f5:5f:ca'/> <domain name='local.net' localOnly='yes'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.10' end='192.168.100.254'/> </dhcp> </ip> </network>
This is looking good.
What do I need to configure in order to have NSS working?
What's the domain's <interface/> type? It should look something like this:
<interface type='network'> <source network='default'/> ... </interface>
And with this you should be all set.
Michal
OK, all libvirt software packages are updated. And this is the configuration /etc/nsswitch.conf ld4004:~ # cat /etc/nsswitch.conf # # /etc/nsswitch.conf #
passwd: compat group: compat
hosts: files libvirt dns networks: files dns
services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files
bootparams: files automount: files nis aliases: files
And this is the domain's interface type / configuration: <interface type='network'> <mac address='52:54:00:31:dd:59'/> <source network='default'/> <model type='rtl8139'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='network'> <mac address='52:54:00:5d:1e:dc'/> <source network='internal'/> <model type='rtl8139'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </interface>
However, there's still no record of the domain's IP address: ld4004:~ # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address -------------------------------------------------------------------------------
Could this issue be related to the domain's NIC configuration, means model type='rtl8139' or the fact that 2 NICs are configured? For your information, it fails also with model type='virtio'.
Is the guest OS actually doing DHCP ? That you don't see any leases listed with domifaddr or net-dhcp-leases suggests your guests have a static IP address config. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
19. Juli 2017 10:46, "Daniel P. Berrange" <berrange@redhat.com> schrieb:
On Wed, Jul 19, 2017 at 08:23:58AM +0000, c.monty@web.de wrote:
18. Juli 2017 16:45, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/18/2017 04:31 PM, c.monty@web.de wrote:
Hello!
I have upgraded all libvirt packages to version 3.5.0-655.1 and restarted host.
That wasn't necessary. It's not Windows ;-)
This is the current default network config: ld4004:~ # virsh net-dumpxml default <network connections='1'> <name>default</name> <uuid>f511d113-d7d1-4714-ad2b-be29ef8f7fc4</uuid> <forward dev='br0' mode='nat'> <nat> <port start='1024' end='65535'/> </nat> <interface dev='br0'/> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:f5:5f:ca'/> <domain name='local.net' localOnly='yes'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.10' end='192.168.100.254'/> </dhcp> </ip> </network>
This is looking good.
What do I need to configure in order to have NSS working?
What's the domain's <interface/> type? It should look something like this:
<interface type='network'> <source network='default'/> ... </interface>
And with this you should be all set.
Michal
OK, all libvirt software packages are updated. And this is the configuration /etc/nsswitch.conf ld4004:~ # cat /etc/nsswitch.conf # # /etc/nsswitch.conf #
passwd: compat group: compat
hosts: files libvirt dns networks: files dns
services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files
bootparams: files automount: files nis aliases: files
And this is the domain's interface type / configuration: <interface type='network'> <mac address='52:54:00:31:dd:59'/> <source network='default'/> <model type='rtl8139'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='network'> <mac address='52:54:00:5d:1e:dc'/> <source network='internal'/> <model type='rtl8139'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </interface>
However, there's still no record of the domain's IP address: ld4004:~ # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address -------------------------------------------------------------------------------
Could this issue be related to the domain's NIC configuration, means model type='rtl8139' or the fact that 2 NICs are configured? For your information, it fails also with model type='virtio'.
Is the guest OS actually doing DHCP ? That you don't see any leases listed with domifaddr or net-dhcp-leases suggests your guests have a static IP address config.
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Guest OS is Debian 9 with this network configuration: thomas@vm02-fai:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug ens3 iface ens3 inet dhcp # The secondary network interface allow-hotplug ens8 iface ens8 inet static address 192.168.33.250/25 So, to answer your question: yes, 1st interface is doing DHCP.
On 07/19/2017 04:27 PM, c.monty@web.de wrote:
<snip/>
Guest OS is Debian 9 with this network configuration: thomas@vm02-fai:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface auto lo iface lo inet loopback
# The primary network interface allow-hotplug ens3 iface ens3 inet dhcp
# The secondary network interface allow-hotplug ens8 iface ens8 inet static address 192.168.33.250/25
So, to answer your question: yes, 1st interface is doing DHCP.
Well, this doesn't prove it. ens3 might actually be the one that's connected to the 'internal' network. What's the output of 'ip a a s' ran from within the guest? What's the output of 'virsh domifaddr --source agent $domain'? BTW: if you sniff on virbr0 while the domain is starting up do you see any DHCP traffic? Michal
19. Juli 2017 16:36, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/19/2017 04:27 PM, c.monty@web.de wrote:
<snip/>
Guest OS is Debian 9 with this network configuration: thomas@vm02-fai:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface auto lo iface lo inet loopback
# The primary network interface allow-hotplug ens3 iface ens3 inet dhcp
# The secondary network interface allow-hotplug ens8 iface ens8 inet static address 192.168.33.250/25
So, to answer your question: yes, 1st interface is doing DHCP.
Well, this doesn't prove it. ens3 might actually be the one that's connected to the 'internal' network. What's the output of 'ip a a s' ran from within the guest? What's the output of 'virsh domifaddr --source agent $domain'?
BTW: if you sniff on virbr0 while the domain is starting up do you see any DHCP traffic?
Michal
Hm... 'ip a a s' is not working. Do you mean 'ip addr'? root@vm02-fai:/home/thomas# ip a a s Error: inet prefix is expected rather than "s". root@vm02-fai:/home/thomas# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:31:dd:59 brd ff:ff:ff:ff:ff:ff inet 192.168.100.52/24 brd 192.168.100.255 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe31:dd59/64 scope link valid_lft forever preferred_lft forever 3: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:9e:23:26 brd ff:ff:ff:ff:ff:ff inet 192.168.33.250/25 brd 192.168.33.255 scope global ens8 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe9e:2326/64 scope link valid_lft forever preferred_lft forever
19. Juli 2017 17:12, c.monty@web.de schrieb:
19. Juli 2017 16:36, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/19/2017 04:27 PM, c.monty@web.de wrote:
<snip/>
Guest OS is Debian 9 with this network configuration: thomas@vm02-fai:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface auto lo iface lo inet loopback
# The primary network interface allow-hotplug ens3 iface ens3 inet dhcp
# The secondary network interface allow-hotplug ens8 iface ens8 inet static address 192.168.33.250/25
So, to answer your question: yes, 1st interface is doing DHCP.
Well, this doesn't prove it. ens3 might actually be the one that's connected to the 'internal' network. What's the output of 'ip a a s' ran from within the guest? What's the output of 'virsh domifaddr --source agent $domain'?
BTW: if you sniff on virbr0 while the domain is starting up do you see any DHCP traffic?
Michal
Hm... 'ip a a s' is not working. Do you mean 'ip addr'? root@vm02-fai:/home/thomas# ip a a s Error: inet prefix is expected rather than "s".
root@vm02-fai:/home/thomas# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:31:dd:59 brd ff:ff:ff:ff:ff:ff inet 192.168.100.52/24 brd 192.168.100.255 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe31:dd59/64 scope link valid_lft forever preferred_lft forever 3: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:9e:23:26 brd ff:ff:ff:ff:ff:ff inet 192.168.33.250/25 brd 192.168.33.255 scope global ens8 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe9e:2326/64 scope link valid_lft forever preferred_lft forever
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Update: I have captured packets on virbr0 using tcpdump. The saved packets are attached in file virbr0.pcap to this email. In my understanding this confirms DHCP request of guest / domain: ld4004:~ # tcpdump -r /tmp/virbr0.pcap reading from file /tmp/virbr0.pcap, link-type EN10MB (Ethernet) 17:10:31.433263 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 17:10:31.434772 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:31:dd:59 (oui Unknown), length 300 17:10:31.435007 IP 192.168.100.1.bootps > 192.168.100.52.bootpc: BOOTP/DHCP, Reply, length 313 17:10:31.513284 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 17:10:32.169290 IP6 :: > ff02::1:ff31:dd59: ICMP6, neighbor solicitation, who has fe80::5054:ff:fe31:dd59, length 24 17:10:32.393283 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 17:10:33.193292 IP6 fe80::5054:ff:fe31:dd59 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 17:10:33.193414 IP6 fe80::5054:ff:fe31:dd59 > ipv6-allrouters: ICMP6, router solicitation, length 16 17:10:33.277270 IP6 fe80::5054:ff:fe31:dd59 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 17:10:36.441562 ARP, Request who-has 192.168.100.52 tell 192.168.100.1, length 28 17:10:36.441843 ARP, Reply 192.168.100.52 is-at 52:54:00:31:dd:59 (oui Unknown), length 28 17:10:37.161253 IP6 fe80::5054:ff:fe31:dd59 > ipv6-allrouters: ICMP6, router solicitation, length 16 17:10:45.097178 IP6 fe80::5054:ff:fe31:dd59 > ipv6-allrouters: ICMP6, router solicitation, length 16 17:10:46.399986 IP 192.168.100.1.50432 > 192.168.100.52.ssh: Flags [S], seq 3301944072, win 29200, options [mss 1460,sackOK,TS val 21694017 ecr 0,nop,wscale 7], length 0
19. Juli 2017 17:19, c.monty@web.de schrieb:
19. Juli 2017 17:12, c.monty@web.de schrieb:
19. Juli 2017 16:36, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/19/2017 04:27 PM, c.monty@web.de wrote:
<snip/>
Guest OS is Debian 9 with this network configuration: thomas@vm02-fai:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface auto lo iface lo inet loopback
# The primary network interface allow-hotplug ens3 iface ens3 inet dhcp
# The secondary network interface allow-hotplug ens8 iface ens8 inet static address 192.168.33.250/25
So, to answer your question: yes, 1st interface is doing DHCP.
Well, this doesn't prove it. ens3 might actually be the one that's connected to the 'internal' network. What's the output of 'ip a a s' ran from within the guest? What's the output of 'virsh domifaddr --source agent $domain'?
BTW: if you sniff on virbr0 while the domain is starting up do you see any DHCP traffic?
Michal
Hm... 'ip a a s' is not working. Do you mean 'ip addr'? root@vm02-fai:/home/thomas# ip a a s Error: inet prefix is expected rather than "s".
root@vm02-fai:/home/thomas# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:31:dd:59 brd ff:ff:ff:ff:ff:ff inet 192.168.100.52/24 brd 192.168.100.255 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe31:dd59/64 scope link valid_lft forever preferred_lft forever 3: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:9e:23:26 brd ff:ff:ff:ff:ff:ff inet 192.168.33.250/25 brd 192.168.33.255 scope global ens8 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe9e:2326/64 scope link valid_lft forever preferred_lft forever
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Update: I have captured packets on virbr0 using tcpdump. The saved packets are attached in file virbr0.pcap to this email.
In my understanding this confirms DHCP request of guest / domain: ld4004:~ # tcpdump -r /tmp/virbr0.pcap reading from file /tmp/virbr0.pcap, link-type EN10MB (Ethernet) 17:10:31.433263 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 17:10:31.434772 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:31:dd:59 (oui Unknown), length 300 17:10:31.435007 IP 192.168.100.1.bootps > 192.168.100.52.bootpc: BOOTP/DHCP, Reply, length 313 17:10:31.513284 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 17:10:32.169290 IP6 :: > ff02::1:ff31:dd59: ICMP6, neighbor solicitation, who has fe80::5054:ff:fe31:dd59, length 24 17:10:32.393283 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 17:10:33.193292 IP6 fe80::5054:ff:fe31:dd59 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 17:10:33.193414 IP6 fe80::5054:ff:fe31:dd59 > ipv6-allrouters: ICMP6, router solicitation, length 16 17:10:33.277270 IP6 fe80::5054:ff:fe31:dd59 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 17:10:36.441562 ARP, Request who-has 192.168.100.52 tell 192.168.100.1, length 28 17:10:36.441843 ARP, Reply 192.168.100.52 is-at 52:54:00:31:dd:59 (oui Unknown), length 28 17:10:37.161253 IP6 fe80::5054:ff:fe31:dd59 > ipv6-allrouters: ICMP6, router solicitation, length 16 17:10:45.097178 IP6 fe80::5054:ff:fe31:dd59 > ipv6-allrouters: ICMP6, router solicitation, length 16 17:10:46.399986 IP 192.168.100.1.50432 > 192.168.100.52.ssh: Flags [S], seq 3301944072, win 29200, options [mss 1460,sackOK,TS val 21694017 ecr 0,nop,wscale 7], length 0
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Update update: Output of 'virsh domifaddr ' ld4004:~ # virsh domifaddr --source agent $domain error: command 'domifaddr' requires <domain> option ld4004:~ # virsh domifaddr --source agent vm02-fai error: Failed to query for interfaces addresses error: argument unsupported: QEMU guest agent is not configured ld4004:~ # virsh domifaddr --source lease $domain error: command 'domifaddr' requires <domain> option ld4004:~ # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address ------------------------------------------------------------------------------- Question: Why are variables $domain (or $network) not working?
On 07/19/2017 05:23 PM, c.monty@web.de wrote:
<snip/>
Update update: Output of 'virsh domifaddr ' ld4004:~ # virsh domifaddr --source agent $domain error: command 'domifaddr' requires <domain> option ld4004:~ # virsh domifaddr --source agent vm02-fai error: Failed to query for interfaces addresses error: argument unsupported: QEMU guest agent is not configured
ld4004:~ # virsh domifaddr --source lease $domain error: command 'domifaddr' requires <domain> option ld4004:~ # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address -------------------------------------------------------------------------------
Question: Why are variables $domain (or $network) not working?
So usually when discussing on lists, we don't know how are user domains named. Or networks. Or something else. So when asking for XML we use $domain as placeholder and users are supposed to replace that with actual name of the domain. The same applies for network. So these are not bash variables - how can bash possibly know what you're up to? Michal
20. Juli 2017 10:03, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/19/2017 05:23 PM, c.monty@web.de wrote:
<snip/>
Update update: Output of 'virsh domifaddr ' ld4004:~ # virsh domifaddr --source agent $domain error: command 'domifaddr' requires <domain> option ld4004:~ # virsh domifaddr --source agent vm02-fai error: Failed to query for interfaces addresses error: argument unsupported: QEMU guest agent is not configured
ld4004:~ # virsh domifaddr --source lease $domain error: command 'domifaddr' requires <domain> option ld4004:~ # virsh domifaddr --source lease vm02-fai Name MAC address Protocol Address -------------------------------------------------------------------------------
Question: Why are variables $domain (or $network) not working?
So usually when discussing on lists, we don't know how are user domains named. Or networks. Or something else. So when asking for XML we use $domain as placeholder and users are supposed to replace that with actual name of the domain. The same applies for network. So these are not bash variables - how can bash possibly know what you're up to?
Michal
Hi! This is now very clear and understood... this topic regarding variables ($domain or $network) can be closed. Regards Thomas
On 07/19/2017 05:16 PM, c.monty@web.de wrote:
19. Juli 2017 17:12, c.monty@web.de schrieb:
19. Juli 2017 16:36, "Michal Privoznik" <mprivozn@redhat.com> schrieb:
On 07/19/2017 04:27 PM, c.monty@web.de wrote:
<snip/>
Guest OS is Debian 9 with this network configuration: thomas@vm02-fai:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface auto lo iface lo inet loopback
# The primary network interface allow-hotplug ens3 iface ens3 inet dhcp
# The secondary network interface allow-hotplug ens8 iface ens8 inet static address 192.168.33.250/25
So, to answer your question: yes, 1st interface is doing DHCP.
Well, this doesn't prove it. ens3 might actually be the one that's connected to the 'internal' network. What's the output of 'ip a a s' ran from within the guest? What's the output of 'virsh domifaddr --source agent $domain'?
BTW: if you sniff on virbr0 while the domain is starting up do you see any DHCP traffic?
Michal
Hm... 'ip a a s' is not working. Do you mean 'ip addr'? root@vm02-fai:/home/thomas# ip a a s Error: inet prefix is expected rather than "s".
root@vm02-fai:/home/thomas# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:31:dd:59 brd ff:ff:ff:ff:ff:ff inet 192.168.100.52/24 brd 192.168.100.255 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe31:dd59/64 scope link valid_lft forever preferred_lft forever 3: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:9e:23:26 brd ff:ff:ff:ff:ff:ff inet 192.168.33.250/25 brd 192.168.33.255 scope global ens8 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe9e:2326/64 scope link valid_lft forever preferred_lft forever
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Update: I have captured packets on virbr0 using tcpdump. The saved packets are attached in file virbr0.pcap to this email.
In my understanding this confirms DHCP request of guest / domain: ld4004:~ # tcpdump -r /tmp/virbr0.pcap reading from file /tmp/virbr0.pcap, link-type EN10MB (Ethernet) 17:10:31.433263 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 17:10:31.434772 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:31:dd:59 (oui Unknown), length 300 17:10:31.435007 IP 192.168.100.1.bootps > 192.168.100.52.bootpc: BOOTP/DHCP, Reply, length 313
This looks suspicious. Usually, when dnsmasq is assigning IP addresses it looks like this: 17:27:02.822300 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:a4:6f:91 (oui Unknown), length 300 17:27:02.822408 IP 192.168.122.1 > 192.168.122.197: ICMP echo request, id 24889, seq 0, length 28 17:27:02.822443 IP 192.168.122.1.bootps > 192.168.122.197.bootpc: BOOTP/DHCP, Reply, length 300 17:27:02.823032 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:a4:6f:91 (oui Unknown), length 305 17:27:02.823151 IP 192.168.122.1.bootps > 192.168.122.197.bootpc: BOOTP/DHCP, Reply, length 300 Is it possible that something else than dnsmasq is assigning IP addresses? Also, I wonder what's in the DHCP reply from 192.168.100.1. Do you think you can paste it here? Michal
participants (4)
-
c.monty@web.de -
Daniel P. Berrange -
Martin Kletzander -
Michal Privoznik