Alexander Graf wrote:
Yeah. Worse than the "run as root" part is the "it's hard" part though. I hate how I feel when I try to explain someone how to use non-slirp networking :-(.

The response to that is then usually "oh whatever, it's too complicated anyways".

I agree and it's a problem I would like to solve too.

And assuming a bridge is defined named qemubr0 and the administrator has setup permissions accordingly, it will Just Work. My hope is that distributions will do this work as part of the qemu packaging process such that for most users,
the out-of-the-box experience will also Just Work.

Yeah, that won't work as easily.

When your customer has 2 NICs this will already break. But let's imagine we only have a single NIC.

So that NIC is a wifi card. When I set up the qemubr0 bridge for that one now, how does network manager configure my wifi access? It can't use the bridge device, as that doesn't have wifi extensions. It also can't use the wifi device, because setting up networking on that will break.

IMHO the only customer friendly choice I see is the ugly way. The way VMware and Vbox do it. To make it a bit less ugly, maybe we could create some way to "glue" a tap device and an eth together, the same way the bridge code does, just without the extra device.

I don't think that helps either. At the end of the day, this is really a policy decision. You want to expose the subset of functionality that the majority of your users require. Inevitably, you'll leave some users who need more complex setups on their own.

For instance, users with one NIC are certainly common. Two or more NICs are also pretty common. But what about people that require guests to be on separate VLANs?

This is where management tools come in. When running qemu by hand, the management tool is the distro more or less as they will be choosing the default policies. What we need to think about is how to make sure we can seamlessly integrate with whatever policies they want to implement.

I think the one thing we could add is a configurable message to print when a user tries to use a bridge that isn't configured yet. For instance, if a user runs qemu without a bridge setup, what would be nice is the following:

$ qemu -net bridge -net nic -hda ~/images/linux.img
qemu: error running bridge helper

You currently do not have 'qemubr0' configured. To setup qemubr0, run (as root):
 zypper install qemu-network-setup
 qemu-network-setup qemubr0

$ sudo qemu-network-setup
Which interface do you want to configure [qemubr0]: qemubr0
Do you want to configure qemubr0 as NAT or Bridge [NAT]: Bridge
Which physical interface do you want to bridge qemubr0 to [eth0]: eth0
qemubr0 is now configured.

I expect that this is going to be different for every distro. netcf my make this easier but for now, I think this is the most realistic approach.


Anthony Liguori

Reply via email to