Re: about the script /etc/qemu-ifup with nmcli command
Hi, Could anyone familiar with NetworkManager help with this? This question has been bothering me for a long time. Thank you very much! --- Best Regards, Yalan Zhang IRC: yalzhang On Wed, Oct 21, 2020 at 6:31 PM Yalan Zhang wrote: > Hi, > > I have tried the qemu-ifup script as below with nmcli command as brctl is > deprecated on rhel8, but the guest network can not work. > I think the script needs update. Could you please help to have a look? > Thank you in advance. > > 1. prepare a linux bridge on the host named br0; > > 2. prepare the qemu-ifup script as below: > # cat /etc/qemu-ifup > #!/bin/bash > # A br0 bridge should be already set up. > # Compare with: > # http://en.wikibooks.org/wiki/QEMU/Networking#qemu-ifup > # > # For the bridge setup, see: > # http://wiki.libvirt.org/page/Networking#Fedora.2FRHEL_Bridging > # http://gist.github.com/393525 > ip link set "$1" up > nmcli c add type bridge-slave ifname $1 con-name $1 master br0 autoconnect > yes > > 3. start vm with below interface setting: > # virsh dumpxml rh | grep /interface -B5 > > > > >function='0x0'/> > > # virsh start rh > Domain rh started > > 4.check on guest, the interface can not get dhcp ip address; > > 5. check on host, > # nmcli con > NAMEUUID TYPE DEVICE > br0 f68f73c7-10ee-40c1-bb09-3366d11ac896 bridgebr0 > ... > vnet0 90a48d77-dccc-4b59-98f5-09f8cbd62458 ethernet -- > > # nmcli dev > DEVICE TYPE STATE CONNECTION > br0 bridgeconnected br0 > ... > vnet0 tun unmanaged -- > > 6. hotplug a bridge type interface and compare the tap devices: > # virsh attach-interface rh bridge br0 --model virtio > Interface attached successfully > > # nmcli con > NAMEUUID TYPE DEVICE > br0 f68f73c7-10ee-40c1-bb09-3366d11ac896 bridgebr0 > vnet1 07c2a1f8-396f-4d5f-b61f-ef2ddb42ed93 tun vnet1--->the > hot-plugged one > ... > vnet0 90a48d77-dccc-4b59-98f5-09f8cbd62458 ethernet -- > the > ethernet one > > # nmcli dev > DEVICE TYPE STATE CONNECTION > vnet1 tun connected (externally) vnet1 --->the > hot-plugged one > vnet0 tun unmanaged -- > the ethernet one > ... > > 7. from the outputs above, the back-end tun device for ethernet type > interface is unmanaged. > I don't know how to update the script to fix it. Could you please help? > > > --- > Best Regards, > Yalan Zhang > IRC: yalzhang >
Re: relation between "virbr0" / "virbr0-nic" network interfaces
ok, thanks for the explainer. On 04.01.21 12:20, Daniel P. Berrangé wrote: > On Fri, Jan 01, 2021 at 10:24:41AM +0100, vrms wrote: >> I am trying to understand KVM networking a little better and have noted >> that the "virbr0" network interface (the default KVM bridge) comes with >> another device named "virbr0-nic". >> The same kind of pair comes with each new bridge you may create via the >> "virtual machine manager" (and assumingly other KVM tools alike) >> Like "virbr1" comes in a pair with "virbr1-nic" (the *-nic interface is >> being created automatically (and I assume will disapear automatically if >> you remove the parent interface) >> >> Can anybody kindly explain how these pairs are related to each other >> and/or work together? > The "$FOO-nic" device is a tap device created as a hack to force a > stable MAC address on the main bridge device due to bad kernel impl > of bridge device MAC address assignment. > > We stopped creating the "$FOO-nic" device in libvirt 6.8.0 since the > kernel was long ago fixed. > > Regards, > Daniel
Re: virt-manager connection fails with 'qemu unexpectedly closed the monitor'
On 12/19/20 10:22 PM, John Paul Adrian Glaubitz wrote:
Hi!
I recently ran into a problem when connecting to libvirtd 6.9.0 on Debian
unstable
and trying to import an existing image with Windows 7.
Upon finishing the wizard and starting the instance, the import process fails
with the following error message:
Unable to complete install: 'internal error: qemu unexpectedly closed the
monitor'
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 65, in
cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/createvm.py", line 2081, in
_do_async_install
installer.start_install(guest, meter=meter)
File "/usr/share/virt-manager/virtinst/install/installer.py", line 731, in
start_install
domain = self._create_guest(
File "/usr/share/virt-manager/virtinst/install/installer.py", line 679, in
_create_guest
domain = self.conn.createXML(install_xml or final_xml, 0)
File "/usr/lib64/python3.8/site-packages/libvirt.py", line 4366, in createXML
raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: qemu unexpectedly closed the monitor
Since this error message is rather generic, I don't know where to start
debugging.
Does anyone know how to increase verbosity here to get an error message that
might be
more helpful?
There should be a more verbose message in /var/log/libvirt/qemu/$domain.log.
Michal
Re: Unexplicable permission error when trying to read a qemu firmware file
On 12/29/20 6:09 PM, Emmanuel Kasper wrote: Hi I want to create a CoreOS VM following the steps mentioned at https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started, using a Debian 11 (bullseye) system. I am thus creating a VM with the following virt-install command: virt-install --connect="qemu:///system" --name=coreos \ --vcpus=2 --memory=2048 \ --os-variant=fedora29 --import --graphics=none \ --disk="size=10,backing_store=$PWD/fedora-coreos-33.20201201.3.0-qemu.x86_64.qcow2" \ --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/tmp/example.ign" 1: this ^^ which spits some warnings and this mysterious error 2020-12-29T16:52:03.858938Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-load-perf-global-ctrl [bit 12] 2020-12-29T16:52:03.858941Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-load-perf-global-ctrl [bit 13] I don't know what are these, sorry. 2020-12-29T16:52:03.864778Z qemu-system-x86_64: -fw_cfg name=opt/com.coreos/config,file=/tmp/example.ign: can't load /tmp/example.ign: Failed to open file “/tmp/example.ign”: Permission denied But this is expected. the file /tmp/example.ign is perfectly world readable, -rw-rw-rw- 1 manu manu 1130 Dec 29 17:23 /tmp/example.ign This doesn't matter. It's SELinux what's giving you the error (as you've found out). The problem here is [1]. If you bypass libvirt and put something right onto qemu's command line then libvirt blindly puts it there. No checks, no DAC/SELinux relabel, nothing. But I've implemented support for ignition files here: https://gitlab.com/libvirt/libvirt/-/commit/3dda889a4426bb3555b1d8861d8314f82d8e1ef9 So what you need instead is: This will make libvirt set correct labels and everything. I'm not sure whether virt-install supports that though, sorry. Michal
Re: relation between "virbr0" / "virbr0-nic" network interfaces
On Fri, Jan 01, 2021 at 10:24:41AM +0100, vrms wrote: > I am trying to understand KVM networking a little better and have noted > that the "virbr0" network interface (the default KVM bridge) comes with > another device named "virbr0-nic". > The same kind of pair comes with each new bridge you may create via the > "virtual machine manager" (and assumingly other KVM tools alike) > Like "virbr1" comes in a pair with "virbr1-nic" (the *-nic interface is > being created automatically (and I assume will disapear automatically if > you remove the parent interface) > > Can anybody kindly explain how these pairs are related to each other > and/or work together? The "$FOO-nic" device is a tap device created as a hack to force a stable MAC address on the main bridge device due to bad kernel impl of bridge device MAC address assignment. We stopped creating the "$FOO-nic" device in libvirt 6.8.0 since the kernel was long ago fixed. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
Manage libvirt actions through netgroups and PolKit
Hello!We are trying to implement a solution to let users see status of their virtual machines (domains), reboot or stop (destroy) them when needed. So far we managed to write plenty of rules for PolKit to associate usernames with their virtual machines. However this becomes quite complicated as the list of users and their virtual
Unexplicable permission error when trying to read a qemu firmware file
Hi I want to create a CoreOS VM following the steps mentioned at https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started, using a Debian 11 (bullseye) system. I am thus creating a VM with the following virt-install command: virt-install --connect="qemu:///system" --name=coreos \ --vcpus=2 --memory=2048 \ --os-variant=fedora29 --import --graphics=none \ --disk="size=10,backing_store=$PWD/fedora-coreos-33.20201201.3.0-qemu.x86_64.qcow2" \ --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/tmp/example.ign" which spits some warnings and this mysterious error 2020-12-29T16:52:03.858938Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-load-perf-global-ctrl [bit 12] 2020-12-29T16:52:03.858941Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-load-perf-global-ctrl [bit 13] 2020-12-29T16:52:03.864778Z qemu-system-x86_64: -fw_cfg name=opt/com.coreos/config,file=/tmp/example.ign: can't load /tmp/example.ign: Failed to open file “/tmp/example.ign”: Permission denied the file /tmp/example.ign is perfectly world readable, -rw-rw-rw- 1 manu manu 1130 Dec 29 17:23 /tmp/example.ign so I am puzzled at what could cause this permission error. on a RHEL8 system, I had the same error, and was able to fix by setting a security context on the firmware file: sudo semanage fcontext --add --type virt_content_t /tmp/example.ign restorecon /tmp/example.ign now this Debian system does not selinux installed at all. ls -dZ / ? / I could also read the qemu firmware file when using the qemu:///session connection any pointers where to look for ? Emmanuel
virt-manager connection fails with 'qemu unexpectedly closed the monitor'
Hi!
I recently ran into a problem when connecting to libvirtd 6.9.0 on Debian
unstable
and trying to import an existing image with Windows 7.
Upon finishing the wizard and starting the instance, the import process fails
with the following error message:
Unable to complete install: 'internal error: qemu unexpectedly closed the
monitor'
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 65, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/createvm.py", line 2081, in
_do_async_install
installer.start_install(guest, meter=meter)
File "/usr/share/virt-manager/virtinst/install/installer.py", line 731, in
start_install
domain = self._create_guest(
File "/usr/share/virt-manager/virtinst/install/installer.py", line 679, in
_create_guest
domain = self.conn.createXML(install_xml or final_xml, 0)
File "/usr/lib64/python3.8/site-packages/libvirt.py", line 4366, in createXML
raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: qemu unexpectedly closed the monitor
Since this error message is rather generic, I don't know where to start
debugging.
Does anyone know how to increase verbosity here to get an error message that
might be
more helpful?
Thanks,
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaub...@debian.org
`. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
`-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Re: How to open listener of Libvirt ?
On Mon, 2021-01-04 at 17:22 +0800, tommy wrote:
> Andrea Bolognani wrote:
> > On Thu, 2020-12-24 at 13:38 +0800, tommy wrote:
> > > But, on my system, there are no such service like libvirtd-tls.socket or
> > > libvirtd-tcp.socket.
> > >
> > > root@ubts1:~# systemctl | grep libvirt
> > > libvirt-guests.service
> > > loaded active exitedSuspend/Resume Running
> > > libvirt Guests
> > > libvirtd.service
> > > loaded active running Virtualization daemon
> > >
> > > libvirtd-admin.socket
> > > loaded active running Libvirt admin socket
> > >
> > > libvirtd-ro.socket
> > > loaded active running Libvirt local read-only
> > > socket
> > > libvirtd.socket
> > > loaded active running Libvirt local socket
> > >
> > >
> > > How can I open the listener ?
> >
> > On my machine:
> >
> > $ systemctl list-unit-files | grep libvirt
> > libvirt-guests.serviceenabled enabled
> > libvirtd.service enabled enabled
> > libvirtd-admin.socket enabled enabled
> > libvirtd-ro.socketenabled enabled
> > libvirtd-tcp.socket disabledenabled
> > libvirtd-tls.socket disabledenabled
> > libvirtd.socket enabled enabled
> >
> > This is Debian, but the Ubuntu package is pretty much identical, so I don't
> > expect it to behave differently.
> >
> > So the unit exists on you system, you just need to enable it :)
> But there are not such services:
>
> libvirtd-tcp.socket
> libvirtd-tls.socket
>
> I really not understand how to enable them.:)
>
> Should I reinstall libvirtd on my Ubuntu OS, or should I only need install
> the missing packages about the two services ?
Please don't top post on libvirt mailing lists.
libvirtd.socket exists on your system, and libvirtd-{tcp,tls}.socket
are part of the same package (libvirt-daemon-system):
https://packages.ubuntu.com/focal/amd64/libvirt-daemon-system/filelist
So, unless you've gone out of your way to delete the corresponding
files, they will be there.
What does
$ systemctl status libvirtd-{tcp,tls}.socket
tell you? And what the output of
$ ls -l /lib/systemd/system/libvirtd-{tcp,tls}.socket
look like?
--
Andrea Bolognani / Red Hat / Virtualization
RE: Get Host Capabilities failed: Internal JSON-RPC error: {'reason': 'internal error: Duplicate key'}
Thank you!
I reinstalled it, now it's fine.
-Original Message-
From: Michal Privoznik
Sent: Monday, January 4, 2021 5:31 PM
To: tommy ; libvirt-users@redhat.com
Subject: Re: Get Host Capabilities failed: Internal JSON-RPC error:
{'reason': 'internal error: Duplicate key'}
On 12/24/20 4:06 AM, tommy wrote:
> Hi,everyone:
>
>
>
> I got this error in my ovirt env:
>
>
>
> VDSM ooengh1.tltd.com command Get Host Capabilities failed: Internal
> JSON-RPC error: {'reason': 'internal error: Duplicate key'}
I think you're hitting this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1791790
It's fixed in libvirt-6.1.0.
Michal
Re: Get Host Capabilities failed: Internal JSON-RPC error: {'reason': 'internal error: Duplicate key'}
On 12/24/20 4:06 AM, tommy wrote:
Hi,everyone:
I got this error in my ovirt env:
VDSM ooengh1.tltd.com command Get Host Capabilities failed: Internal
JSON-RPC error: {'reason': 'internal error: Duplicate key'}
I think you're hitting this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1791790
It's fixed in libvirt-6.1.0.
Michal
RE: How to open listener of Libvirt ?
But there are not such services: libvirtd-tcp.socket libvirtd-tls.socket I really not understand how to enable them.:) Should I reinstall libvirtd on my Ubuntu OS, or should I only need install the missing packages about the two services ? Thanks. -Original Message- From: Andrea Bolognani Sent: Monday, January 4, 2021 5:08 PM To: tommy ; libvirt-users@redhat.com Subject: Re: How to open listener of Libvirt ? On Thu, 2020-12-24 at 13:38 +0800, tommy wrote: > Hi,every one: > > My Ubuntu is : 20.04 LTS, and I using libvirtd on it to manage KVM vm, but > now I can not open listener function of the libvirtd. > > > SYSTEM SOCKET ACTIVATION >The libvirtd daemon is capable of starting in two modes. > >In the traditional mode, it will create and listen on UNIX sockets > itself. If the --listen parameter is given, it will also listen on TCP/IP > socket(s), >according to the listen_tcp and listen_tls options in > /etc/libvirt/libvirtd.conf > >In socket activation mode, it will rely on systemd to create and > listen on the UNIX, and optionally TCP/IP, sockets and pass them as > pre-opened file de‐ >scriptors. In this mode, it is not permitted to pass the --listen > parameter, and most of the socket related config options in > /etc/libvirt/libvirtd.conf >will no longer have any effect. To enable TCP or TLS sockets > use either > > $ systemctl start libvirtd-tls.socket > >Or > > $ systemctl start libvirtd-tcp.socket > > > But, on my system, there are no such service like libvirtd-tls.socket or > libvirtd-tcp.socket. > > root@ubts1:~# systemctl | grep libvirt > libvirt-guests.service > loaded active exitedSuspend/Resume Running libvirt Guests > > libvirtd.service > loaded active running Virtualization daemon > > libvirtd-admin.socket > loaded active running Libvirt admin socket > > libvirtd-ro.socket > loaded active running Libvirt local read-only socket > > libvirtd.socket > loaded active running Libvirt local socket > > > How can I open the listener ? On my machine: $ systemctl list-unit-files | grep libvirt libvirt-guests.serviceenabled enabled libvirtd.service enabled enabled libvirtd-admin.socket enabled enabled libvirtd-ro.socketenabled enabled libvirtd-tcp.socket disabledenabled libvirtd-tls.socket disabledenabled libvirtd.socket enabled enabled This is Debian, but the Ubuntu package is pretty much identical, so I don't expect it to behave differently. So the unit exists on you system, you just need to enable it :) -- Andrea Bolognani / Red Hat / Virtualization
Re: How to open listener of Libvirt ?
On Thu, 2020-12-24 at 13:38 +0800, tommy wrote: > Hi,every one: > > My Ubuntu is : 20.04 LTS, and I using libvirtd on it to manage KVM vm, but > now I can not open listener function of the libvirtd. > > > SYSTEM SOCKET ACTIVATION >The libvirtd daemon is capable of starting in two modes. > >In the traditional mode, it will create and listen on UNIX sockets > itself. If the --listen parameter is given, it will also listen on TCP/IP > socket(s), >according to the listen_tcp and listen_tls options in > /etc/libvirt/libvirtd.conf > >In socket activation mode, it will rely on systemd to create and > listen on the UNIX, and optionally TCP/IP, sockets and pass them as > pre-opened file de‐ >scriptors. In this mode, it is not permitted to pass the --listen > parameter, and most of the socket related config options in > /etc/libvirt/libvirtd.conf >will no longer have any effect. To enable TCP or TLS sockets use either > > $ systemctl start libvirtd-tls.socket > >Or > > $ systemctl start libvirtd-tcp.socket > > > But, on my system, there are no such service like libvirtd-tls.socket or > libvirtd-tcp.socket. > > root@ubts1:~# systemctl | grep libvirt > libvirt-guests.service > loaded active exitedSuspend/Resume Running libvirt Guests > > libvirtd.service > loaded active running Virtualization daemon > > libvirtd-admin.socket > loaded active running Libvirt admin socket > > libvirtd-ro.socket > loaded active running Libvirt local read-only socket > > libvirtd.socket > loaded active running Libvirt local socket > > > How can I open the listener ? On my machine: $ systemctl list-unit-files | grep libvirt libvirt-guests.serviceenabled enabled libvirtd.service enabled enabled libvirtd-admin.socket enabled enabled libvirtd-ro.socketenabled enabled libvirtd-tcp.socket disabledenabled libvirtd-tls.socket disabledenabled libvirtd.socket enabled enabled This is Debian, but the Ubuntu package is pretty much identical, so I don't expect it to behave differently. So the unit exists on you system, you just need to enable it :) -- Andrea Bolognani / Red Hat / Virtualization
