Jean-Pierre Ribeauville
2016-Jan-12 08:56 UTC
Re: [libvirt-users] libvirt-users Digest, Vol 73, Issue 12 ] Failure when attaching a device
Hi,
I think that issue is due to the fact that my Guest is a transient domain.
When shutting down it or migrating to another host , then virsh list --all
doesn't show this Guest anymore.
How may I make this Guest a persistent one ?
( i.e. this Guest has been created via RHEV-M GUI)
Thx for hlep.
Regards,
J.P.
-----Message d'origine-----
De : libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com]
De la part de libvirt-users-request@redhat.com
Envoyé : lundi 11 janvier 2016 21:25
À : libvirt-users@redhat.com
Objet : libvirt-users Digest, Vol 73, Issue 12
Send libvirt-users mailing list submissions to
libvirt-users@redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/libvirt-users
or, via email, send a message with subject or body 'help' to
libvirt-users-request@redhat.com
You can reach the person managing the list at
libvirt-users-owner@redhat.com
When replying, please edit your Subject line so it is more specific than
"Re: Contents of libvirt-users digest..."
Today's Topics:
1. Networking with qemu/kvm+libvirt (Andre Goree)
2. Failure when attaching a device (Jean-Pierre Ribeauville)
3. Re: Networking with qemu/kvm+libvirt (Laine Stump)
4. Unable to validate doc against .... (Jean-Pierre Ribeauville)
----------------------------------------------------------------------
Message: 1
Date: Mon, 11 Jan 2016 14:25:21 -0500
From: Andre Goree <andre@drenet.net>
To: libvirt-users@redhat.com
Subject: [libvirt-users] Networking with qemu/kvm+libvirt
Message-ID: <100725aa681e75449b9da623e7a7cf1a@drenet.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
I have some questions regarding the way that networking is handled via
qemu/kvm+libvirt -- my apologies in advance if this is not the proper mailing
list for such a question.
I am trying to determine how exactly I can manipulate traffic from
a?_guest's_ NIC using iptables on the _host_. On the host, there is a
bridged virtual NIC that corresponds to the guest's NIC. That interface
does not have an IP setup on it on the host, however within the vm itself the IP
is configured and everything works as expected.
During my testing, I've seemingly determined that traffic from the vm does
NOT traverse iptables on the host, but I _can_ in fact see the traffic via
tcpdump on the host. This seems odd to me, unless the traffic is passed on
during interaction with the kernel, and thus never actually reaches iptables.
I've gone as far as trying to log via iptables any and all traffic
traversing the guest's interface on the host, but to no avail (iptables does
not see any traffic from the guest's NIC on the host).
Is this the way it's supposed to work? And if so, is there any way I can do
IP/port redirection silently on the _host_?
Thanks in advance for any insight that anyone can share :)
--
Andre Goree
-=-=-=-=-=-
Email - andre at drenet.net
Website - http://www.drenet.net
PGP key - http://www.drenet.net/pubkey.txt
-=-=-=-=-=-
------------------------------
Message: 2
Date: Mon, 11 Jan 2016 19:35:29 +0000
From: Jean-Pierre Ribeauville <jpribeauville@axway.com>
To: "libvirt-users@redhat.com" <libvirt-users@redhat.com>
Subject: [libvirt-users] Failure when attaching a device
Message-ID:
<1051EFB4D3A1704680C38CCAAC5836D292F0218E@WPTXMAIL2.ptx.axway.int>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I'm facing following issue ( or misunderstanding from my side)
I try to attach a device to a running guest ; I want to do it persistently and
without having to restart the GUEST .
By using options "-live - persistent" , I got following error :
[root@ldc01omv01 data]# virsh attach-device VM_RHEL7-1
"../data/channel_omnivision_to_be_used.xml" --live --persistent
Please enter your authentication name: root@ldc01omv01
Please enter your password:
error: Failed to attach device from ../data/channel_omnivision_to_be_used.xml
error: Requested operation is not valid: cannot modify device on transient
domain
[root@ldc01omv01 data]# virsh -r list --all
Id Name State
----------------------------------------------------
8 VM_RHEL7-2 running
11 W2008R2-2 running
12 VM_RHEL7-1 running
By using options "-live " , I got following error :
[root@ldc01omv01 data]# virsh attach-device VM_RHEL7-1
"../data/channel_omnivision_to_be_used.xml" --live
Please enter your authentication name: root@ldc01omv01
Please enter your password:
error: Failed to attach device from ../data/channel_omnivision_to_be_used.xml
error: Unable to read from monitor: Connection reset by peer
[root@ldc01omv01 data]# virsh -r list --all
Id Name State
----------------------------------------------------
8 VM_RHEL7-2 running
11 W2008R2-2 running
[root@ldc01omv01 data]#
And then the Guest is powered off !!
If I try to attach device when the Guest is off , then :
[root@ldc01omv01 data]# virsh attach-device VM_RHEL7-1
"../data/channel_omnivision_to_be_used_1.xml" --config --persistent
Please enter your authentication name: root@ldc01omv01
Please enter your password:
error: failed to get domain 'VM_RHEL7-1'
error: Domain not found: no domain with matching name 'VM_RHEL7-1'
FYI , xml file contents is :
<channel type='unix'>
<source mode='bind'
path='//var/lib/libvirt/qemu/VM_RHEL7-1_omnivision_1.agent'/>
<target type='virtio' name='omnivision_1.agent'/>
</channel>
I'm using libvirt-1.2.17-13.el7.x86_64
Any help is welcome.
Thanks.
Regards,
J.P. Ribeauville
P: +33.(0).1.47.17.20.49
.
Puteaux 3 Etage 5 Bureau 4
jpribeauville@axway.com<mailto:jpribeauville@axway.com>
http://www.axway.com<http://www.axway.com/>
P Pensez ? l'environnement avant d'imprimer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.redhat.com/archives/libvirt-users/attachments/20160111/45b41da7/attachment.html>
------------------------------
Message: 3
Date: Mon, 11 Jan 2016 15:05:22 -0500
From: Laine Stump <laine@laine.org>
To: libvirt-users@redhat.com
Subject: Re: [libvirt-users] Networking with qemu/kvm+libvirt
Message-ID: <56940B02.9000605@laine.org>
Content-Type: text/plain; charset=utf-8; format=flowed
On 01/11/2016 02:25 PM, Andre Goree wrote:>
> I have some questions regarding the way that networking is handled via
> qemu/kvm+libvirt -- my apologies in advance if this is not the proper
> mailing list for such a question.
>
>
> I am trying to determine how exactly I can manipulate traffic from
> a _guest's_ NIC using iptables on the _host_.
It depends on which type of networking you are using.
1) If your guest is using a macvtap device to connect to the outside,
then iptables processing isn't done on the traffic. I saw something
awhile back about getting that limitation removed from macvtap in the
the kernel, but don't remember what is the current status.
2) If your guest is using a standard tap device that is attached to an
Open vSwitch bridge, then iptables processing isn't done - ovs has it's
own version of packet filtering (that's as much as I know about it).
Note that OpenStack's networking uses OVS, but sets up a separate Linux
host bridge device for each guest device and puts it in between the
guest's tap device and the OVS bridge at least partly so that iptables
filtering can be done on the guest traffic.
3) If your guest is using a standard tap device that is attached to a
Linux host bridge, then all the traffic to/from the guest will be
processed by iptables and ebtables on the host. libvirt has a subsystem
that can help you create filtering rules that will be applied to the
guest interfaces *on the host*:
https://libvirt.org/formatnwfilter.html
> On the host, there is a bridged virtual NIC that corresponds to the
> guest's NIC. That interface does not have an IP setup on it on the
> host, however within the vm itself the IP is configured and everything
> works as expected.
>
> During my testing, I've seemingly determined that traffic from the vm
> does NOT traverse iptables on the host, but I _can_ in fact see the
> traffic via tcpdump on the host. This seems odd to me, unless the
> traffic is passed on during interaction with the kernel, and thus
> never actually reaches iptables. I've gone as far as trying to log
> via iptables any and all traffic traversing the guest's interface on
> the host, but to no avail (iptables does not see any traffic from the
> guest's NIC on the host).
>
> Is this the way it's supposed to work? And if so, is there any way I
> can do IP/port redirection silently on the _host_?
libvirt's "default" network does that for traffic outbound from
the
guest. For traffic inbound to a guest connected to libvirt's default
network (or any other Linux host bridge), you can add a DNAT rule. Here
is an example:
http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
You may also find this article useful:
https://libvirt.org/firewall.html
------------------------------
Message: 4
Date: Mon, 11 Jan 2016 20:25:01 +0000
From: Jean-Pierre Ribeauville <jpribeauville@axway.com>
To: "libvirt-users@redhat.com" <libvirt-users@redhat.com>
Subject: [libvirt-users] Unable to validate doc against ....
Message-ID:
<1051EFB4D3A1704680C38CCAAC5836D292F021BB@WPTXMAIL2.ptx.axway.int>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
By trying to add this device :
<channel type='unix'>
<source mode='bind'
path='//var/lib/libvirt/qemu/VM_RHEL7-1_omnivision_1.agent'/>
<target type='virtio' name='omnivision_1.agent'/>
</channel>
Within config file by issuing virsh edit , I got following error when to saving
the config file :
Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
I'm using libvirt-1.2.17-13.el7.x86_64
Is there my mistake or a known issue ( quite sure it was working with former
release)
Thx for help.
Regards,
J.P. Ribeauville
P: +33.(0).1.47.17.20.49
.
Puteaux 3 Etage 5 Bureau 4
jpribeauville@axway.com<mailto:jpribeauville@axway.com>
http://www.axway.com<http://www.axway.com/>
P Pensez ? l'environnement avant d'imprimer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.redhat.com/archives/libvirt-users/attachments/20160111/54cf15db/attachment.html>
------------------------------
_______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
End of libvirt-users Digest, Vol 73, Issue 12
*********************************************
Michal Privoznik
2016-Jan-12 13:19 UTC
Re: [libvirt-users] libvirt-users Digest, Vol 73, Issue 12 ] Failure when attaching a device
On 12.01.2016 09:56, Jean-Pierre Ribeauville wrote:> Hi, > > I think that issue is due to the fact that my Guest is a transient domain. > > When shutting down it or migrating to another host , then virsh list --all doesn't show this Guest anymore. > > How may I make this Guest a persistent one ?virsh define ... http://wiki.libvirt.org/page/VM_lifecycle Michal
Jean-Pierre Ribeauville
2016-Jan-12 13:36 UTC
Re: [libvirt-users] libvirt-users Digest, Vol 73, Issue 12 ] Failure when attaching a device
Hi, It seems that issue is the following : Since these hosts and Guests are now hosted in a RHEV Cluster, RHEV-M deals only with transient domains . (.xml config files are downloaded from RHEV-M when Guest is started.) So, from my understanding, only way to add my channel device is to use a VDSM hook. Hope to find some examples of vdsm hooks. Thanks for your help. Regards, J.P. -----Message d'origine----- De : Michal Privoznik [mailto:mprivozn@redhat.com] Envoyé : mardi 12 janvier 2016 14:20 À : Jean-Pierre Ribeauville; libvirt-users@redhat.com Objet : Re: [libvirt-users] libvirt-users Digest, Vol 73, Issue 12 ] Failure when attaching a device On 12.01.2016 09:56, Jean-Pierre Ribeauville wrote:> Hi, > > I think that issue is due to the fact that my Guest is a transient domain. > > When shutting down it or migrating to another host , then virsh list --all doesn't show this Guest anymore. > > How may I make this Guest a persistent one ?virsh define ... http://wiki.libvirt.org/page/VM_lifecycle Michal