Re: Regarding location of Libvirt library

[Michal Privoznik]

On 3/31/21 7:38 AM, shafnamol N wrote:

Hi,
I have installed Libvirt 7.1.0.
I configured and built libvirt based on instructions from
https://libvirt.org/compiling.html .
Now I developed a client program to create a VM using an XML file.As the 
API for it is *virDomainCreateXML,* called this API by passing XML file 
.It shows the following error.

undefined reference to `virDomainCreateXML'.
I included the header files containing the said API declaration.But need 
to include the library also.

My question is where do the libvirt library located after building it.


Yes, you need to pass -lvirt when linking. The library is installed 
wherever you told it to install. If you ran plain meson with no extra 
arguments, then 'meson install' installs library under /usr/local/lib/ 
or /usr/local/lib64/. So you will need to pass -L/usr/local/lib or 
-L/usr/local/lib64 too to the linker.


But there is this switch -Dsystem=true which tells meson to install into 
system directories:


  meson -Dsystem=true build
  meson install -C build

with this you will not need to pass any extra -L arguments to the linker.

Michal

Re: virsh dommemstat doesn't update its information

[Michal Privoznik]

On 3/29/21 4:00 PM, Lentes, Bernd wrote:

Hi,

i'm playing a bit around with my domains and the balloon driver.
To get information about ballooning i use virsh dommemstat.
But i only get very few information:

virsh # dommemstat vm_idcc_devel
actual 1044480
last_update 0
rss 1030144

Also configuring "dommemstat --domain vm_idcc_devel --period 5 --live"
or "dommemstat --domain vm_idcc_devel --period 5 --current" does neither update 
nor extend the information.

In vm_idcc_devel virtio_balloon is loaded:
idcc-devel:~ # lsmod|grep balloon
virtio_balloon 22788  0

Guest OS is SLES 10 SP4. Is that too old ?


Yeah, that is ~10 years old and I believe that virtio_balloon module is 
lacking feature that enable QEMU (and subsequently libvirt) report more 
info.


Michal

Re: Packets dropped by virtual NICs

[Michal Privoznik]

On 3/29/21 11:38 AM, Silvia Fichera wrote:

Hi Michal,
these are the steps:
- start the vm with qemu
sudo qemu-system-x86_64-spice -m 2048 -enable-kvm -smp 3 -cdrom 
/home/machine_A/ubuntu.iso -netdev 
tap,ifname=tap0,vhost=on,id=n1,vhostforce=on,queues=3,script=/etc/tap0_ifup.sh,downscript=/etc/tap0_ifdown.sh 
-device virtio-net-pci,netdev=n1,mac=9E:58:00:d2:53:03,mq=on,vectors=8 
-netdev 
tap,ifname=tap1,vhost=on,id=n2,vhostforce=on,queues=3,script=/etc/tap1_ifup.sh,downscript=/etc/tap1_ifdown.sh 
-device virtio-net-pci,netdev=n2,mac=7A:53:00:d1:59:04,mq=on,vectors=8  
-device virtio-net,netdev=network2 -netdev user,id=network2 -hda 
switch_A.img


- attach the tap to the bridges in the host machine (to have the traffic 
coming from the outsider traffic generator injected in the vm)

- in the VM:
     - enable ip_forward
     - enable promiscuous mode for the interface


This sounds fishy. Why is this needed?

     - send the "tc qdisc" command to configure the output NIC with 2 
traffic classes (TC) assigned to 2 different queues
     - add the iptables mangle rules to the POSTROUTING chain to assign 
TC1 to the traffic with dport  and TC0 to the traffic with dport 

I'm sending 2 UDP flows, I have no loss under 3Mbps each.
If I capture traffic with tcpdump on the ingress and on the egress nic 
(of the VM), I see a difference of 50% of packets


When I did a test on the host machine, to check if it has the same 
problem, I've reached an aggregated traffic of 90Mbps with no loss.


That's why I think that there is some misconfiguration on the virtual NIC.


Well, that's fairly easy to test - create those two TAPs, do the setup 
you're doing and instad of spawning qemu, run iperf or spirent and tell 
it to use those TAPs. I think you'll find the problem elsewhere.


Anyway, this problem is not libvirt related really and I guess you can 
find more elaborate replies on a list where TC developers hang out. 
Looks like they're using latrc: https://lartc.org/#mailinglist


Michal

Re: Virtual Network API for QEMU

[Michal Privoznik]

On 3/27/21 1:39 PM, Radek Simko wrote:

Hi,
According to this support matrix 
https://libvirt.org/hvsupport.html#virNetworkDriver 


there is no support for any APIs other than hypervisor ones for qemu.
For example virConnectNumOfNetworks is not supported.

Is there any particular reason this is not supported? Has any 
development in that area been attempted in the past? Would contributions 
adding support be welcomed?


To extend Laine's reply:

Libvirt has two set of drivers: statefull (where libvirt keeps the state 
of resources like domains, networks, ...) and stateless (where libvirt 
merely translates from/to APIs exposed by hypervisor).


QEMU can be an example of a statefull driver, ESX or hyperv are examples 
of stateless drivers. Stateless drivers also implement network APIs 
(again, by translating from/to APIs exposed by the underlying hypervisor 
- ESX or hypverv in this example), whereas statefull drivers use bridge 
driver. Therefore, QEMU doesn't implement any network APIs.



This is even more visible with split daemons (where monolithic libvirtd 
is broken into smaller daemons) - if virnetworkd is not running then 
things like 'virsh net-list' return an error [*].



Is there any particular problem you're facing?

Michal


* - except not really, because these split daemons are socket activated, 
so virnetworkd is stared automatically when needed.

Re: Packets dropped by virtual NICs

[Michal Privoznik]

On 3/27/21 2:53 PM, Silvia Fichera wrote:

Hi all,
I want to use tc qdisc settings in a network coposed of several qemu 
VMs, connected through bridges and tap interfaces.
I generate traffic with a spirent. Everything is fine when the 
scheduling discipline is not installed but when I run the command to set 
taprio queues traffic on the VM's NIC the traffic is dropped, i can send 
max 1mbps.
I think that there is something missing in the virtual NIC configuration 
or setup. With ethtool i can see that queues are configured. I've also 
noticed the BQL equals to 0, that is different than the physical machine 
(BQL=18600) where everything works correctly.

I've read that it could be because NIC drivers do not support that setting.

Do you have any suggestions?


Hey,

I'm not familiar with taprio, but what's implemented in libvirt is htb 
and sfq and that works well. Are you setting qdisc-s yourself or 
modifying libvirt created structure?


Are you setting these qdiscs from the host, right?
I know that when changing QoS settings (when libvirt changes qdics/class 
layout) for a brief moment packets are not transmitted from/to guest. I 
suspect that kernel is freeing up queues or something. But this does not 
look like your case, does it?


Michal

Re: infinite lease time

[Michal Privoznik]

On 3/23/21 1:54 PM, Michal Privoznik wrote:

On 3/22/21 4:01 PM, Francesc Guasch wrote:

Hi. First of all thanks for this great project and specially
for keeping the Perl library.

I need to keep the IP address of the virtual machines the same
as long as possible. dnsmasq provides a setting for lease time.
It can be set to infinite, but not from within libvirt.

I found this patch from 2016.
 > 
https://listman.redhat.com/archives/libvir-list/2016-October/msg00561.html 



But it looks like it never made to libvirt.


That particular patch no, but another approach did:

https://gitlab.com/libvirt/libvirt/-/commit/97a0aa246799c97d0a9ca9ecd6b4fd932ae4756c 



It's part of the v6.3.0 release.


Forgot to point out that there were couple of fixes for infinite leases:

https://gitlab.com/libvirt/libvirt/-/commit/49869e8d57f2dcba44b2cb56aaa27d101efa22ed

https://gitlab.com/libvirt/libvirt/-/commit/c14bd64f3eba9838af8ab1cac369d51abfeb21b9

https://gitlab.com/libvirt/libvirt/-/commit/8e5659ed12d1f181297ed6d4e201bb1d6b6322b6

https://gitlab.com/libvirt/libvirt/-/commit/003fff38e753d2d7cacaa3afd3f942f938408334

https://gitlab.com/libvirt/libvirt/-/commit/6f1ae57129f28444d14bd4b6dbcbf4158b95431b

https://gitlab.com/libvirt/libvirt/-/commit/9c65363a4089bb5a2bf91db45bb9531a20784c5f

https://gitlab.com/libvirt/libvirt/-/commit/ee93656c40467fa614e999a146a56011a9c500e3

https://gitlab.com/libvirt/libvirt/-/commit/5fb6d98c881c42ab41ca72060217b846949a438f

https://gitlab.com/libvirt/libvirt/-/commit/5dd53684e18c9ed3d73ab889e4c24cf8b45fa46c

https://gitlab.com/libvirt/libvirt/-/commit/7f93905e45f0ec3d28082adbcc061f6cc94aa489


They are all part of the v7.0.0 release.

Michal

Re: infinite lease time

[Michal Privoznik]

On 3/22/21 4:01 PM, Francesc Guasch wrote:

Hi. First of all thanks for this great project and specially
for keeping the Perl library.

I need to keep the IP address of the virtual machines the same
as long as possible. dnsmasq provides a setting for lease time.
It can be set to infinite, but not from within libvirt.

I found this patch from 2016.
 > 
https://listman.redhat.com/archives/libvir-list/2016-October/msg00561.html


But it looks like it never made to libvirt.


That particular patch no, but another approach did:

https://gitlab.com/libvirt/libvirt/-/commit/97a0aa246799c97d0a9ca9ecd6b4fd932ae4756c

It's part of the v6.3.0 release.



Some time ago I made it work changing dnsmasq/default.conf.
Then we made it immutable with chattr. This no longer works
because libvirt refuses to start dnsmasq unless it can write
to it. Fair enough.

I've seen I can add manual IP addresses as stated here:

   https://wiki.libvirt.org/page/Networking

This is ok, but it would be a considerable amount of work,
requiring lots of manual labour.

Is there a way to set the lease time from libvirt ?


Well, if you don't really need static IPs but a stable way to address 
guests, then NSS plugin might help:


  https://libvirt.org/nss.html

Michal

Re: virsh capabilities does not include qemu

[Michal Privoznik]

On 3/22/21 5:17 AM, shafnamol N wrote:

Hi,
I am new  to Libvirt and Qemu.I have installed Libvirt 7.1.0 and 
qemu-kvm 4.2.0.

I configured and built libvirt based on instructions from
https://libvirt.org/compiling.html .
But when i tried to create a VM using virsh it shows the following error:
# virsh create /home/abc.xml
error: Failed to create domain from /home/abc.xml
error: invalid argument: could not find capabilities for arch=x86_64 
domaintype=kvm


When i check the hypervisor capabilities ,it doest show qemu in guest 
domain type.

# virsh capabilities

.
  

   
     exe
     
       64
       /usr/local/libexec/libvirt_lxc
       
     
   

   
     exe
     
       32
       /usr/local/libexec/libvirt_lxc


This smells suspicious. Perhaps you did not pass proper prefix (meson 
-Dsystem=true)?


Anyway, libvirt tries to find qemu-system-$arch in $PATH and falls back 
to /usr/libexec/qemu-kvm if no binary was found. So I suspect that maybe 
the directory you installed QEMU into is not in $PATH?


Michal

Re: Using cgroups in QEMU hooks

[Michal Privoznik]

On 3/17/21 5:45 AM, Melissa Nuño wrote:

Hi all,

I'm creating a device during the prepare hook, and would like to add it 
to the device.allow file for the VM. The cgroup doesn't exist during the 
prepare hook or the start hook and will fail with an "Operation not 
permitted" error. I can add the expected path to qemu.conf and restart 
libvirtd, but this isn't very flexible since I'd have to do it for each 
device for each VM I create. All of the other libvirt cgroups seem to 
allow all devices, so I'm not seeing where the VM cgroup is getting its 
initial list.


Is there a way to access the cgroup for a VM before it has started? I 
can't even predict where it should be since it contains the domain ID.




We've already sorted this out through IRC, but for future reference, the 
device in question was /dev/input device that was passed through via 
qemu:arg.


Anything that's under qemu:arg is opaque to libvirt, it's not inspected 
by libvirt in any way and thus if it happens to be a device that needs 
to be allowed in CGroups, well bad luck. What should be used is proper 
XML representation. If there is none, please do open an RFE as 
documented in command line passhtrough:


  https://libvirt.org/drvqemu.html#qemucommand

In this specific case, the following XML can be used:

  

  

However, what might be missing is that currently libvirt does not 
support 'grab_all=on,repeat=on'. But we should file an RFE for that.


Michal

Re: Issue

[Michal Privoznik]

On 3/5/21 11:04 AM, Samuel Thampy wrote:

Is there any additional info anyone who needs?


*From:* Samuel Thampy 
*Sent:* 03 March 2021 22:11
*To:* libvirt-users@redhat.com 
*Subject:* Issue
I have a storage backend san disks, I have five servers which is KVM 
hosted guests.


I am looking to clone an image of a guest machine, so I can use a new VM 
form the image on a different server..


I am not sure what the best way. But when I do that, I get a memory 
error, and need to xfs_repair and damages the original machine.



My steps are

One vm machine on the same server

  * dd create original vm to template.img
  * lvcreate -L 9G -n  
  * dd template.img to /dev//
  * virsh define .xml

another vm machine on the secondary server

  * copy template.img to another server
  * lvcreate -L 9G -n  
  * dd if=template.img  of=/dev//
  * virsh define .xml



Nothing suspicious about these steps. So I'm suspecting that either 
template.img is corrupt, or it does not fit into LV, or maybe it's in 
use? I mean, if template.img is an image that's in use by a running 
domain it doesn't necessarily contain valid state.


Michal

Re: I would like to contribute to libvirt

[Michal Privoznik]

On 1/12/21 7:19 AM, PRAJWAL BENEDICT A wrote:




Hey,

it's nice to see people interested in libvirt. You mention machine 
learning, but libvirt is more about controlling virtual machines.


For GSoC - yes, we do that. I plan to apply this year too on behalf of 
libvirt, but looking at the schedule the org applications are not open yet:


https://summerofcode.withgoogle.com/how-it-works/#timeline

However, if you are still interested then we have some easy enough 
issues for beginners here:


https://gitlab.com/libvirt/libvirt/-/issues?label_name%5B%5D=bitesizedtask

Feel free to pick one. Just mention it in the commit message, e.g. like 
this:


  Resolves: https://gitlab.com/libvirt/libvirt/-/issues/XXX

Here's also something for newbies worth reading:

  https://libvirt.org/contribute.html

Michal

Re: Get Host Capabilities failed: Internal JSON-RPC error: {'reason': 'internal error: Duplicate key'}

[Michal Privoznik]

On 1/13/21 8:48 AM, tommy wrote:

I should upgrade my libvirt from 5.7 to 6.1 to resole this question ?


Yes. You want to upgrade to at least 6.1.0 or newer.

Michal

Re: virt-manager connection fails with 'qemu unexpectedly closed the monitor'

[Michal Privoznik]

On 12/19/20 10:22 PM, John Paul Adrian Glaubitz wrote:

Hi!

I recently ran into a problem when connecting to libvirtd 6.9.0 on Debian 
unstable
and trying to import an existing image with Windows 7.

Upon finishing the wizard and starting the instance, the import process fails
with the following error message:

Unable to complete install: 'internal error: qemu unexpectedly closed the 
monitor'

Traceback (most recent call last):
   File "/usr/share/virt-manager/virtManager/asyncjob.py", line 65, in 
cb_wrapper
 callback(asyncjob, *args, **kwargs)
   File "/usr/share/virt-manager/virtManager/createvm.py", line 2081, in 
_do_async_install
 installer.start_install(guest, meter=meter)
   File "/usr/share/virt-manager/virtinst/install/installer.py", line 731, in 
start_install
 domain = self._create_guest(
   File "/usr/share/virt-manager/virtinst/install/installer.py", line 679, in 
_create_guest
 domain = self.conn.createXML(install_xml or final_xml, 0)
   File "/usr/lib64/python3.8/site-packages/libvirt.py", line 4366, in createXML
 raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: qemu unexpectedly closed the monitor

Since this error message is rather generic, I don't know where to start 
debugging.

Does anyone know how to increase verbosity here to get an error message that 
might be
more helpful?


There should be a more verbose message in /var/log/libvirt/qemu/$domain.log.

Michal

Re: Unexplicable permission error when trying to read a qemu firmware file

[Michal Privoznik]

On 12/29/20 6:09 PM, Emmanuel Kasper wrote:

Hi

I want to create a CoreOS VM following the steps mentioned at
https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started,
using a Debian 11 (bullseye) system.
I am thus creating a VM with the following virt-install command:

virt-install --connect="qemu:///system" --name=coreos \
 --vcpus=2 --memory=2048 \
 --os-variant=fedora29 --import --graphics=none \

--disk="size=10,backing_store=$PWD/fedora-coreos-33.20201201.3.0-qemu.x86_64.qcow2"
\
 --qemu-commandline="-fw_cfg
name=opt/com.coreos/config,file=/tmp/example.ign"


1: this ^^



which spits some warnings and this mysterious error

2020-12-29T16:52:03.858938Z qemu-system-x86_64: warning: host doesn't
support requested feature: MSR(48FH).vmx-exit-load-perf-global-ctrl [bit 12]
2020-12-29T16:52:03.858941Z qemu-system-x86_64: warning: host doesn't
support requested feature: MSR(490H).vmx-entry-load-perf-global-ctrl
[bit 13]


I don't know what are these, sorry.



2020-12-29T16:52:03.864778Z qemu-system-x86_64: -fw_cfg
name=opt/com.coreos/config,file=/tmp/example.ign: can't load
/tmp/example.ign: Failed to open file “/tmp/example.ign”: Permission denied


But this is expected.



the file /tmp/example.ign is perfectly world readable,
-rw-rw-rw- 1 manu manu 1130 Dec 29 17:23 /tmp/example.ign


This doesn't matter. It's SELinux what's giving you the error (as you've 
found out).


The problem here is [1]. If you bypass libvirt and put something right 
onto qemu's command line then libvirt blindly puts it there. No checks, 
no DAC/SELinux relabel, nothing. But I've implemented support for 
ignition files here:


https://gitlab.com/libvirt/libvirt/-/commit/3dda889a4426bb3555b1d8861d8314f82d8e1ef9

So what you need instead is:

  

  

This will make libvirt set correct labels and everything. I'm not sure 
whether virt-install supports that though, sorry.


Michal

Re: Get Host Capabilities failed: Internal JSON-RPC error: {'reason': 'internal error: Duplicate key'}

[Michal Privoznik]

On 12/24/20 4:06 AM, tommy wrote:

Hi,everyone:

  


I got this error in my ovirt env:

  


VDSM ooengh1.tltd.com command Get Host Capabilities failed: Internal
JSON-RPC error: {'reason': 'internal error: Duplicate key'}


I think you're hitting this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1791790

It's fixed in libvirt-6.1.0.

Michal

Re: Libvirt-lxc: iptables not working in containers

[Michal Privoznik]

On 12/14/20 12:05 AM, John Hurnett wrote:

Hi,
I can't get iptables to work in libvirt-lxc containers. "iptables -L"
command shows empty chains. However I tested the same scenario with pure
lxc and iptables works as it should.
Has anyone experienced that? It seems like a bug, but maybe there is some
libvirt xml parameter I am missing?

BR



Libvirt will create a private network NS if:

1) you have an  defined for your container, or
2)  exists under 

This is documented here:

https://libvirt.org/drvlxc.html#securenetworking

And private network NS also means separate firewall and its tables.

Michal

Re: Installing Kali Linux as Guest OS in KVM Hypervisor

[Michal Privoznik]

On 12/4/20 6:26 PM, Kaushal Shriyan wrote:

On Thu, Dec 3, 2020 at 8:54 PM Erik Skultety  wrote:


On Tue, Dec 01, 2020 at 06:15:55PM +0100, Michal Privoznik wrote:

On 12/1/20 5:28 PM, Kaushal Shriyan wrote:

Hi,

I have run the below command to install Kali Linux using
linux-2020.4-installer-amd64.iso from https://www.kali.org/downloads/

#virt-install --name kalilinux --memory 4096 --vcpus=2


--location=/linuxkvmaddgbdisk/kali-linux-2020.4-installer-amd64.iso,kernel=install.amd/gtk/vmlinuz,initrd=install.amd/gtk/initrd.gz

--network=bridge:br0 --os-type=linux --os-variant=debian9

--graphics=none

--extra-args "console=ttyS0" -v --disk
path=/linuxkvmaddgbdisk/kalilinux.img,size=50

I am not able to get the root login prompt when I run the below

command to

set IP and hostname for the guest OS. Am I missing any parameters from

the

above virt-install command to install Kali Linux as Guest OS in KVM
Hypervisor?



Just a hunch, maybe --extra-args work only for installation and are not
persistent? I guess installer doesn't persist kernel cmd line passed in


Exactly, --extra-args is just for convenience of not having to edit the
kernel
cmdline manually when the serial console/GUI window opens with grub.

Erik



Hi Erik,

Thanks for your reply.  I am not sure if I completely understand it. Is
there an issue in the below command? Do I need to remove --extra-args
"console=ttyS0" in the below command to have ssh console access to the KVM
Guest VM? Please suggest.

#virt-install --name kalilinux --memory 4096 --vcpus=2
--location=/linuxkvmaddgbdisk/kali-linux-2020.4-installer-amd64.iso,kernel=install.amd/gtk/vmlinuz,initrd=install.amd/gtk/initrd.gz
--network=bridge:br0 --os-type=linux --os-variant=debian9 --graphics=none
--extra-args "console=ttyS0" -v --disk
path=/linuxkvmaddgbdisk/kalilinux.img,size=50

I look forward to hearing from you. Thanks in Advance.


For accessing your guest via SSH you do not need a serial console. SSH 
works over network, not serial consoles.


And those --extra-args: just take virtualization out of the picture for 
a second. You bought yourself a new desktop and want to install a distro 
onto it. You plug an USB stick in and as the installer boots you change 
the kernel cmd line. Then you proceed with installing the distro. I 
don't think that the installer will copy those extra kernel args you 
added into the freshly installed grub, why would it?


Therefore, when you want to have some extra args after the installation, 
you have to edit the guest. Since at this point you are not booting 
kernel directly, libvirt/qemu can't help you and you need to hand edit 
grub config in the guest. And in this specific case, there is an 
alternative approach - editing /etc/inittab so that the init enables 
serial console.


Then again, you do NOT need serial console for SSH. But what may come 
handy is NSS module: https://libvirt.org/nss.html   so that you can just:


  ssh user@guest

Michal

Re: Installing Kali Linux as Guest OS in KVM Hypervisor

[Michal Privoznik]

On 12/1/20 5:28 PM, Kaushal Shriyan wrote:

Hi,

I have run the below command to install Kali Linux using
linux-2020.4-installer-amd64.iso from https://www.kali.org/downloads/

#virt-install --name kalilinux --memory 4096 --vcpus=2
--location=/linuxkvmaddgbdisk/kali-linux-2020.4-installer-amd64.iso,kernel=install.amd/gtk/vmlinuz,initrd=install.amd/gtk/initrd.gz
--network=bridge:br0 --os-type=linux --os-variant=debian9 --graphics=none
--extra-args "console=ttyS0" -v --disk
path=/linuxkvmaddgbdisk/kalilinux.img,size=50

I am not able to get the root login prompt when I run the below command to
set IP and hostname for the guest OS. Am I missing any parameters from the
above virt-install command to install Kali Linux as Guest OS in KVM
Hypervisor?



Just a hunch, maybe --extra-args work only for installation and are not 
persistent? I guess installer doesn't persist kernel cmd line passed in 
installation phase (why would it anyway?). I guess you need to configure 
grub so that it appends the argument or configure /etc/initttab and 
uncomment line that enables getty for ttyS0 console.


Michal

Re: virsh rights voor normal users

[Michal Privoznik]

On 10/29/20 4:47 PM, Natxo Asenjo wrote:

ah, yes. I try this:

$ virsh -c qemu:///system

But it then I get a prompt:

 AUTHENTICATING FOR org.libvirt.unix.manage =
System policy prevents management of local virtualized systems
Authenticating as:  sudo_user_not_disclosed
Password:
Password:
polikit-agent-helper-1: pam_authenticate failed: Authentication failure

Our allowed groups in the /etc/dbus-1/system.d/org.libvirt.conf are no 
sudo users (this can change, but not as of now). It is a bit strange 
that the get the password prompt for a local sudo user we have in place 
for as systems have no working sssd connection to the idm realm (break 
glass user)


My user can use the system bus in cockpit without a password.

The dbus policy looks like this:


     < allow send_destination="org.libvirt"/>


     < allow send_destination="org.libvirt"/>



This is expected. qemu:///system uses an unix socket to talk to libvirtd 
and not dbus. I don't know what credentials does cockpit set there.
But I'm not sure it's safe to go behind cockpit's back and talk to 
libvirt directly. If you'd change a configuration of a VM it may not be 
reflected in cockpit.


Michal

Re: unable to migrate: virPortAllocatorSetUsed:299 : internal error: Failed to reserve port 49153

[Michal Privoznik]

On 10/26/20 9:39 AM, Michal Privoznik wrote:

On 10/12/20 4:46 AM, Vjaceslavs Klimovs wrote:

On libvirt 6.8.0 and qemu 5.1.0, when trying to live migrate "error:
internal error: Failed to reserve port" error is received and
migration does not succeed:

virsh # migrate cartridge qemu+tls://ratchet.lan/system --live
--persistent --undefinesource --copy-storage-all --verbose
error: internal error: Failed to reserve port 49153

virsh #



Sorry for not replying earlier. But this is a clear libvirt bug and I 
think it's a regression introduced by the following commit:


https://gitlab.com/libvirt/libvirt/-/commit/e74d627bb3b

The problem is, if you have two or more disks that need to be copied 
over to the destination, the @server_started variable is not set after 
the first iteration of the "for (i = 0; i < vm->def->ndisks; i++)" loop. 
I think this should be the fix:




Actually, you will need a second patch too. Here's the series:

https://www.redhat.com/archives/libvir-list/2020-October/msg01358.html

Michal

Re: unable to migrate: virPortAllocatorSetUsed:299 : internal error: Failed to reserve port 49153

[Michal Privoznik]

On 10/12/20 4:46 AM, Vjaceslavs Klimovs wrote:

On libvirt 6.8.0 and qemu 5.1.0, when trying to live migrate "error:
internal error: Failed to reserve port" error is received and
migration does not succeed:

virsh # migrate cartridge qemu+tls://ratchet.lan/system --live
--persistent --undefinesource --copy-storage-all --verbose
error: internal error: Failed to reserve port 49153

virsh #



Sorry for not replying earlier. But this is a clear libvirt bug and I 
think it's a regression introduced by the following commit:


https://gitlab.com/libvirt/libvirt/-/commit/e74d627bb3b

The problem is, if you have two or more disks that need to be copied 
over to the destination, the @server_started variable is not set after 
the first iteration of the "for (i = 0; i < vm->def->ndisks; i++)" loop. 
I think this should be the fix:



diff --git i/src/qemu/qemu_migration.c w/src/qemu/qemu_migration.c
index 2f5d61f8e7..6f764b0c73 100644
--- i/src/qemu/qemu_migration.c
+++ w/src/qemu/qemu_migration.c
@@ -479,9 +479,11 @@ qemuMigrationDstStartNBDServer(virQEMUDriverPtr driver,

QEMU_ASYNC_JOB_MIGRATION_IN) < 0)
 goto cleanup;

-if (!server_started &&
-qemuMonitorNBDServerStart(priv->mon, , tls_alias) < 0)
-goto exit_monitor;
+if (!server_started) {
+if (qemuMonitorNBDServerStart(priv->mon, , 
tls_alias) < 0)

+goto exit_monitor;
+server_started = true;
+}

 if (qemuBlockExportAddNBD(vm, diskAlias, disk->src, diskAlias, 
true, NULL) < 0)

 goto exit_monitor;



Can you please give it a try? If it fixes the issue, I'll post it as a 
patch.


Thanks,
Michal

Re: libivrt client using python on windows

[Michal Privoznik]

On 10/12/20 9:47 PM, Talha Jawaid wrote:

Hello,

I want to run a python script on Windows to remotely control libvirt 
running on a (Linux) server. This was all working fine while prototyping 
stuff on the server but now I am having some trouble installing the 
python module on windows (“pip install� fails). I struggled through 
getting it to COMPILE but then ran into linking issues. Seems like the 
actual libvirt library is needed to run (and even compile) on Windows? 
Is there a prebuilt package somewhere that I could get? Do I really need 
the whole libvirt library or is there a client only package? How could I 
go about accomplishing my goal here?


Hey,

libvirt-python is really just a tiny wrapper over our C APIs so yes, you 
need libvirt library for python bindings. But fear not, libvirt library 
for Windows contains the remote driver you need. I'm not sure if there 
is an official built provided by libvirt upstream community, but Fedora 
does mingw builts from which you can extract the .dll. For instance this 
seems to contain libvirt.dll:


https://koji.fedoraproject.org/koji/buildinfo?buildID=1590426

Michal

Re: unable to find any master var store for loader error

[Michal Privoznik]

On 10/13/20 2:25 PM, daggs wrote:

Greetings Michal,


Sent: Tuesday, October 13, 2020 at 2:51 PM
From: "Michal Privoznik" 
To: "daggs" , libvirt-users@redhat.com
Subject: Re: unable to find any master var store for loader error

Hey,

I'll paste the interesting part of domain XML here so that it doesn't
get lost:


  hvm
  /usr/share/edk2-ovmf/OVMF_CODE.fd
  /var/lib/libvirt/qemu/nvram/vm1_VARS.fd
  


And then in qemu.conf you define the pair:

nvram = [
"/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd",

"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd"
]

But as the comment in qemu.conf (just above your line) says, this is
ignored if FW metadata files exist which is exactly your case and this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1763477

For your convenience you can switch to  (the
 element will be removed automatically) or if you insist on
using the old style then provide @template attribute to :

/var/lib/libvirt/qemu/nvram/vm1_VARS.fd


There is an internal list that is still consulted when finding matching
_VARS fails, but your path is not on it:

https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_conf.c#L98

But it exists mostly to give distros enough time to switch to FW
descriptors.

Michal




thanks for the detailed explanation, I wanted to be sure I understand. the 
following is needed to be done:
1. replace this:

   hvm
   /usr/share/edk2-ovmf/OVMF_CODE.fd
   /var/lib/libvirt/qemu/nvram/vm1_VARS.fd
   

to this:

   hvm
   



Here, nvram will be generated, but if you want some other path than 
libvirt would generate you can provide it under . Yes. But 
you're using the default path anyway.



2. patch qemu_conf.c to include the custom paths of my fd files?



There is a third option. Save the following under 
/etc/qemu/firmware/50-my-ovmf.json:


{
"description": "UEFI firmware for x86_64",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2-ovmf/OVMF_CODE.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2-ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-i440fx-*",
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"verbose-dynamic"
],
"tags": [

]
}



Michal

Re: unable to find any master var store for loader error

[Michal Privoznik]

On 10/12/20 10:52 PM, daggs wrote:

Greetings,

I have the following machine: https://dpaste.com/5BPA3F77F which I'm trying to 
boot in uefi.
/etc/libvirt/qemu.conf looks like this: https://dpaste.com/B3SFHUY6R and the 
ovmf files exists in the path, see:
# ll /usr/share/edk2-ovmf/OVMF_CODE.fd /usr/share/edk2-ovmf/OVMF_VARS.fd 
/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd 
/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
-rw-r--r-- 1 root root 1966080 Aug 21 14:32 /usr/share/edk2-ovmf/OVMF_CODE.fd
-rw-r--r-- 1 root root 1966080 Aug 21 14:32 
/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
-rw-r--r-- 1 root root  131072 Aug 21 14:32 /usr/share/edk2-ovmf/OVMF_VARS.fd
-rw-r--r-- 1 root root  131072 Aug 21 14:32 
/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd

when I try to start the machine, I get this error:
error: Failed to start domain vm1
error: operation failed: unable to find any master var store for loader: 
/usr/share/edk2-ovmf/OVMF_CODE.fd

libvirt version is 6.7.0 and qemu version is 5.1.0

any idea how to fix this issue?


Hey,

I'll paste the interesting part of domain XML here so that it doesn't 
get lost:


  
hvm
type='pflash'>/usr/share/edk2-ovmf/OVMF_CODE.fd

/var/lib/libvirt/qemu/nvram/vm1_VARS.fd

  

And then in qemu.conf you define the pair:

nvram = [
"/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd",

"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd"
]

But as the comment in qemu.conf (just above your line) says, this is 
ignored if FW metadata files exist which is exactly your case and this bug:


https://bugzilla.redhat.com/show_bug.cgi?id=1763477

For your convenience you can switch to  (the 
 element will be removed automatically) or if you insist on 
using the old style then provide @template attribute to :


template="/usr/share/edk2-ovmf/OVMF_CODE.fd">/var/lib/libvirt/qemu/nvram/vm1_VARS.fd



There is an internal list that is still consulted when finding matching 
_VARS fails, but your path is not on it:


https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_conf.c#L98

But it exists mostly to give distros enough time to switch to FW 
descriptors.


Michal

Re: Encrypting boot partition Libvirt not showing the OS booting up

[Michal Privoznik]

On 10/12/20 4:27 PM, john doe wrote:

On 10/12/2020 4:09 PM, Peter Krempa wrote:

On Mon, Oct 12, 2020 at 16:05:43 +0200, Michal Privoznik wrote:

On 10/12/20 2:14 PM, john doe wrote:




I sent privately the requested xml file to 'Peter Krempa
'.
Peter Krempa 's privately answered me back suggesting to add the
following in the domain xml file:


Solving things privately doesn't help the community.


Additionally it doesn't help solving the problem, since it's now opaque
to others what the problem might be.



 under 


I've suggested this as the outputs I've got privately hinted that the
console (as in virsh console) didn't get to asking for the password,
while the manually-started-qemu did.

Thus the problem actually doesn't have to do with encryption or
wahatver, but the console doesn't plainly work.



such as ...

     
       hvm
       
       
     



Try adding:

 /usr/share/seabios/bios.bin


Darn, this should have been sgabios: /usr/share/sgabios/sgabios.bin
but if your seabios is new enough (v1.11.0 and newer) then this is not 
needed as seabios itself is capable of serial interface. And looking at 
earlier e-mails in the thread you have v1.12.0-1 you you're good and 
don't need to add  at all.


But honestly, I don't know why you are not getting the console. Could it 
be that you are getting the console and the qemu is waiting for your 
input, i.e. what happens if you type in the password?


Michal

Re: Encrypting boot partition Libvirt not showing the OS booting up

[Michal Privoznik]

On 10/12/20 2:14 PM, john doe wrote:




I sent privately the requested xml file to 'Peter Krempa
'.
Peter Krempa 's privately answered me back suggesting to add the
following in the domain xml file:


Solving things privately doesn't help the community.




 under 

such as ...

    
  hvm
  
  
    



Try adding:

/usr/share/seabios/bios.bin

to  so that qemu actually uses SGA bios.

Michal

Re: Two questions about NVDIMM devices

[Michal Privoznik]

On 9/10/20 4:56 PM, Daniel P. Berrangé wrote:

On Thu, Sep 10, 2020 at 04:54:08PM +0200, Milan Zamazal wrote:

Daniel P. Berrangé  writes:


On Thu, Sep 10, 2020 at 04:26:40PM +0200, Milan Zamazal wrote:

Daniel P. Berrangé  writes:




On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote:

Hi,




I've met two situations with NVDIMM support in libvirt where I'm not
sure all the parties (libvirt & I) do the things correctly.

The first problem is with memory alignment and size changes.  In
addition to the size changes applied to NVDIMMs by QEMU, libvirt also
makes some NVDIMM size changes for better alignments, in
qemuDomainMemoryDeviceAlignSize.  This can lead to the size being
rounded up, exceeding the size of the backing device and QEMU failing to
start the VM for that reason (I've experienced that actually).  I work
with emulated NVDIMM devices, not a bare metal hardware, so one might
argue that in practice the device sizes should already be aligned, but
I'm not sure it must be always the case considering labels or whatever
else the user decides to set up.  And I still don't feel very
comfortable that I have to count with two internal size adjustments
(libvirt & QEMU) to the `size' value I specify, with the ultimate goal
of getting the VM started and having the NVDIMM aligned properly to make
(non-NVDIMM) memory hot plug working.  Is the size alignment performed
by libvirt, especially rounding up, completely correct for NVDIMMs?


The comment on the function says QEMU aligns to "page size", which
is something that can vary depending not only on architecture, and
also the build config options for the kernel on that architecture.
eg aarch64 has different page size in RHEL than other distros because
of different choice of page size in kernel config.

Libvirt rounds up to 1 MB, essentially so that the size works no matter
what architecture or build options were used. I think this is quite
compelling as I don't think mgmt apps are likely to care enough about
non-x86 architectures to pick the right rounded sizes.

If we're enforcing this 1 MB rounding though, we really should be
documenting it clearly, so that apps can pick the right backing file
size. I think we dropped the ball on docs.


I still can't see it in the documentation, would it be possible to be
clear about it in the docs, please?  For first, it's not very intuitive
to figure out that (if I've figured out it correctly) on POWER one
*must* specify the NVDIMM size S as

   S == aligned_size + label_size

and that size is used for the QEMU device; while on x86_64 one can
specify any size S and

   align_up(S)

will be used for the QEMU device (and label size doesn't influence the
value).  And additional alignment may be required for having any memory
hot plug working.

For second, and more importantly, I'm afraid that without documenting
it, future changes may break the current behavior without warning.  For
example, the recent changes regarding POWER alignment in 6.7.0 are for
good IMHO and one can use the same size with both 6.7 and 6.6 versions,
but they could still cause pre-6.7 sizes stop working.


I don't know what changes you are referring to here, but if they were
in libvirt I'd consider that a bug - we shouldn't break a previously
working configuration by increasing required alignment.


I mean disabling the auto alignment in
https://gitlab.com/libvirt/libvirt/-/commit/07de813924caf37e535855541c0c1183d9d382e2
and replacing it with validation in
https://gitlab.com/libvirt/libvirt/-/commit/0ccceaa57c50e5ee528f7073fa8723afd62b88b7

That change can cause a VM fail to start but after (manually) adjusting
the device size, all should work all right.  Changes that would actually
change sizes would be more dangerous.


Sigh, that second commit even calls out the fact that it breaks
existing guests. This needs to be reverted, as that is not acceptable.


Thing is, on PPC it was never working IIRC. I remember discussing this 
with Andrea. So from my POV, there wasn't really anything to break.


Michal

Re: I want to unsubscribe

[Michal Privoznik]

On 8/31/20 6:16 AM, Bilal Arif wrote:


Block360 PVT Limited

NSTP, Islamabad, Pakistan.

Whatsapp/Mobile: +923457343638

Web: www.block360.io 



The e-mail header suggests sending e-mail to:

mailto:libvirt-users-requ...@redhat.com?subject=unsubscribe

Alternatively, you can use web interface:

https://www.redhat.com/mailman/listinfo/libvirt-users

Michal

Re: support for live migration with PCI passthrough devices

[Michal Privoznik]

On 8/26/20 8:27 AM, Erik Skultety wrote:

On Tue, Aug 25, 2020 at 02:56:49PM +0200, Michal Privoznik wrote:

On 8/25/20 1:40 PM, Henry lol wrote:

Hi guys,

I'm wondering whether libvirt supports live migration for the VM with
PCI passthrough devices.
or it must be assumed before live migration that all passthrough devices
be unplugged?


Unfortunately, this is still not supported. The problem is that PCI devices
themselves are not capable of dumping their internal state and restoring
from it on destination.

There is a long thread started last month that discuss what the interface
should look like, but at this point I guess we are still far away from it:

https://www.redhat.com/archives/libvir-list/2020-July/msg00675.html


Just a little note, even with such an interface in place it will still take
time for vendors of conventional physical devices to adopt it, so realistically
the main focus here are mediated devices and SRIOV-capable devices.


Yeah that. That reminds me that at one of KVM Forums I've seen a demo of 
migration with a PCI device plugged in whole time, but it was all 
experimental. /me goes and tries to find it. à voilà:


https://www.youtube.com/watch?v=ZAzv0c-fdAc

Michal

Re: support for live migration with PCI passthrough devices

[Michal Privoznik]

On 8/25/20 1:40 PM, Henry lol wrote:

Hi guys,

I'm wondering whether libvirt supports live migration for the VM with 
PCI passthrough devices.
or it must be assumed before live migration that all passthrough devices 
be unplugged?


Unfortunately, this is still not supported. The problem is that PCI 
devices themselves are not capable of dumping their internal state and 
restoring from it on destination.


There is a long thread started last month that discuss what the 
interface should look like, but at this point I guess we are still far 
away from it:


https://www.redhat.com/archives/libvir-list/2020-July/msg00675.html



If so, all unplugged devices should be manually hot-plugged to the VM 
after migration??


This is the usual mode of operation, yes.

Michal

Re: python-libvirt domain.destroy() doesn't appear to be working for me

[Michal Privoznik]

On 8/24/20 11:38 AM, Jeremy Markle wrote:
I was simply following the examples in the python-libvirt repo. If those 
methods raise exceptions I'll definitely change to try/catch. Thank you. 
The maintainer of the repo should update the examples and documentation 
if exceptions are raised by those.




Can you be more specific please? A quick git grep shows only a few cases 
which don't compare APIs rather than some integer variables:


libvirt-python.git $ git grep -C 3 -e '< 0' --or -e '== 0' -- examples/

And those try/catch statements - in our basic examples we don't do any 
rollback and simply just let python abort.


Michal

Re: KVM guest VM IP address

[Michal Privoznik]

On 8/18/20 9:10 AM, Kaushal Shriyan wrote:

Hi,

I am trying to find out the IP address of the KVM guest virtual machine.

#virsh dumpxml newsoftlinedrupalpoc | grep "mac address" | awk -F\' '{ 
print $2}'

52:54:00:2c:7e:ff
[root@baseserver1 ~]# arp -an | grep 52:54:00:2c:7e:ff

[root@baseserver1 ~]# virsh domifaddr newsoftlinedrupalpoc
  Name       MAC address          Protocol     Address
---

[root@baseserver1 ~]#

It is not showing anything. I manually configure the IP 
using /etc/sysconfig/network-scripts/ifcfg-eth0


ONBOOT=yes
IPADDR=192.168.0.189
PREFIX=24
GATEWAY=192.168.0.10
DNS1=8.8.8.8
DNS2=8.8.4.4



This is expected. If you use static IP then libvirt spawned dnsmasq is 
not involved in any way and thus libvirt doesn't know what IP address 
the domain has. And by default, virsh will use '--source lease' which 
means libvirt tries to get the info from the dnsmasq (well, some JSON 
that dnsmasq is updating, whatever).


You can try '--source agent' if you have a guest agent configured. And 
if domain has done some traffic maybe it's still in the host's ARP table 
and thus '--source arp' might work too. But I'd say this is the least 
reliable way because entries in the ARP table time out.


Michal

Re: libvirt segfaults with "internal,error: Missing monitor reply object", during block live-migration

[Michal Privoznik]

On 7/30/20 4:13 PM, Alex Walender wrote:

Dear libvirt community,




libvirt-daemon 5.0.0-1ubuntu2.6~cloud0


Also, this is oldish libvirt. Is there a way you could check something 
more recent (if not the current HEAD).


It's likely that the bug is fixed.

Michal

Re: Unable to decode message length

[Michal Privoznik]

On 7/14/20 7:42 PM, Valentin David wrote:

Hello all,

I have been trying to get libvirtd to work but when I connect to it with 
virsh, I get "error : virNetMessageDecodeLength:131 : Unable to decode 
message length"


This happens with libvirt 6.1.0, libtirpc 1.2.6, rpcsvc-proto 1.4.1. I 
have tried with other versions, but I still get the same error.


If anybody has any tip on what to try next, that would be helpful. Thank 
you in advance.


Here is the debug log of libvirtd when I try to connect with virsh:



2020-07-14 16:29:58.220+: 5352: error : 
virNetMessageDecodeLength:131 : Unable to decode message length


This is interesting. The error message is reported when xdr_u_int() 
fails. It is trying to decode first 4 bytes of incoming message to see 
how long it is. I can think of two possible reasons for this:


1) the client did not send 4 bytes
2) the rpcgen generated some wrong code that libtirpc is unable to decode.

I suggest using wireshark to check what data is send (don't forget to 
use plain TCP transport in URI, for instance 'virsh -c 
qemu+tcp://localhost/system'). The first call that virsh does is 
AUTH_LIST procedure and it should look like this:


   00 00 00 00 00 00 00 00 00 00 00 00 86 dd 60 04
0010   52 cc 00 3c 06 40 00 00 00 00 00 00 00 00 00 00
0020   00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00
0030   00 00 00 00 00 01 df 6c 40 7d fd e7 38 94 09 92
0040   bf 48 80 18 02 00 00 44 00 00 01 01 08 0a c9 4f
0050   f4 f2 c9 4f f4 f2 00 00 00 1c 20 00 80 86 00 00
0060   00 01 00 00 00 42 00 00 00 00 00 00 00 00 00 00
0070   00 00

bytes 0x56-0x59 contain 0x1c (= 28) which is the length of the packet 
(28 bytes). This is how our dissector decodes it:


Libvirt
length: 28
program: REMOTE (0x20008086)
version: 1
procedure: AUTH_LIST (66)
type: CALL (0)
serial: 0
status: OK (0)


Michal

Re: qemu hook: event for source host too

[Michal Privoznik]

On 6/19/20 8:24 AM, Guy Godfroy wrote:

Hello,

Is there any news about this feature ?


Unfortunately no news. Sorry.

Michal

Re: libvirt-defined network vs/and openvswitch bridge

[Michal Privoznik]

On 5/31/20 6:33 AM, Po Dragonwarrior wrote:

Hi all,

Can you please explain to me what is the difference (or maybe the 
relation?)  between a libvirt defined network and an openvswitch bridge?


Hey,

it's the same relationship as is between domain and QEMU.
A libvirt network is front, user facing end. Depending on the 
configuration, different back ends can be used. OpenVSwitch is just one 
of such back ends. Traditional virtual linux bridge is another one.


Perhaps, if you'd share more context then I could answer more appropriately.

Michal

Re: Firmware auto-select limitation

[Michal Privoznik]

On 5/15/20 4:40 PM, GUOQING LI wrote:

Hi everyone and Martin

I would like to confirm the conversation we had in regard the possible 
limitation of firmware auto-select feature that’s been released since 
v5.20.  I recall you saying that there were a lot of issues with auto 
select and later they shipped it into a Json file , it  still didn’t 
solve all the problems, did it?


I'm not aware of any pending fw autoselection bug/problem.



Is it better to explicitly specify the loader and nvram path than using 
auto-select ?


No.



Just today, I encountered the issue of using firmware=“efi” on libvirt 
5.4.0


If you specify the FW and NVRAM explicitly in the domain XML does this 
not reproduce?




I am running Ubuntu eoan 19.10, I am wondering how did it happen.

*Detailed error *
Error starting domain: internal error: process exited while connecting 
to monitor: 2020-05-15T14:19:06.033267Z qemu-system-x86_64: -drive 
file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on: 
Failed to lock byte 100




This error message comes from QEMU. Unfortunately, it doesn't say why 
locking the file failed. Is there perhaps some additional info in the 
audit log?


I don't think this is related to FW autoselection (those bugs 
demonstrate in libvirt picking wrong FW image) and what you are facing 
is different.


Michal

Re: DNSMASQ Libvirt

[Michal Privoznik]

On 5/15/20 1:23 AM, Santhosh Kumar Gunturu wrote:

Hi,

Net-dump xml File.



Hey,

I've just tried with slightly different base IP (192.168.122.1/28) but 
my guest did get the /28 subnet. What is the content of 
/var/lib/libvirt/dnsmasq/data-2.conf ? Also, have you restarted the 
network after you made the change (virsh net-destroy data-2 && virsh 
net-start data-2)?


What is your libvirt version btw? I'm using 6.3.0 and it works for me.

Michal

Re: What is expiry time represents in this format

[Michal Privoznik]

On 5/15/20 1:07 AM, Santhosh Kumar Gunturu wrote:

I see the output.

root@X10SDV-8C-TLN4F:/mnt/config# cat 
/var/lib/libvirt/dnsmasq/mgmt-1br1.status

[
   {
     "ip-address": "192.168.27.8",
     "mac-address": "52:54:00:42:21:14",
     "hostname": "vyatta",
     "expiry-time": 1589500228
   }
]



I will just add to Peter's reply that this file is considered internal 
implementation and therefore its format can change at any point without 
warning. Is there an app that you are building on the top of it, or are 
you just asking out of curiosity?


This file is used by NSS plugin though. So for instance if you enable 
'libvirt' NSS plugin, you can 'ssh vyatta' or 'ping vyatta' directly.


https://libvirt.org/nss.html

Michal

Re: Unit libvirtd.service could not be found. on VM

[Michal Privoznik]

On 5/13/20 12:59 PM, Dana Elfassy wrote:

Thanks, Michal,
On my laptop I do have libguestfs and libvirt-daemon-qemu. both 
libvirtd.service and libvirtd.socket are running ok on my laptop
I just realized I haven't mentioned - my vms intend to serve as hosts 
themselves, and that's why they, too, need to have libvirtd.service 
running on them.
up to recently I didn't have such a problem when I installed a vm on my 
laptop - libvirtd.service was found on it. I don't know exactly what 
caused this to change. Maybe it has something to do with configurations/ 
permissions of libvirt/ kvm?
Earlier, I'm not sure how, I managed to have libvirtd.service on a vm I 
created. it wasn't running, but at least it was there. I'm not sure what 
I have changed, but now I'm getting the message that the service could 
not be found again



That sounds like a kickstart/distro problem. Libvirt itself does not 
guarantee it is installed by default on a distribution. Either you need 
to specify the correct group to install, or install packages yourself 
after the installation is done. Configuring what SW is installed inside 
guest is out of libvirt's scope, sorry.


Michal

Re: Unit libvirtd.service could not be found. on VM

[Michal Privoznik]

On 5/12/20 1:41 PM, Dana Elfassy wrote:
if I understand correctly then I shouldn't have installed libvirt-daemon 
on the guests VMs?





Just a little background to Daniel's response. Libvirt and QEMU treat 
guests as black boxes, to some extent. There are some exceptions to this 
rule, when it comes to para-virtualization (that is when the guest knows 
it is running virtualized and therefore can optimize some things). The 
perfect example is virtio (which are para-virtualized devices like NIC, 
disk, etc.). Depending on the guest the virtio drivers are either 
already installed (majority of Linux distributions including CentOS, if 
not all of them) or they have to be installed separately (Windows is 
typical example).


Then, some tasks can be performed only if there is a small program 
running inside the guest (so called guest agent), which listens for 
incoming commands, executes them and sends the result back to libvirt. 
In CentOS this is qemu-guest-agent RPM. As mentioned, guest agent needs 
a channel to talk to libvirt which can be configured through virsh 
directly [1], or in virt-manager (if not already present, but I guess 
virt-install adds it automatically): Add hardware -> Channel -> Name: 
org.qemu.guest_agent.0 -> Finish.


Some management applications have their own guest agents (e.g. 
libguestfs), but I wouldn't worry about them - the management 
application will configure them automatically; and you are not using 
them anyway.



However, on the host the set of packages needed is different (note, you 
don't need any virtio drivers - they are contained in qemu already; nor 
you need the guest agent). libvirt-daemon-driver-qemu is the package 
containing qemu driver for libvirt. However, in order to use other 
features libvirt provides I suggest installing 'libvirt-daemon-kvm' 
which drags in the rest of packages (e.g. storage driver, network 
driver, etc.)


The host is also where you need libvirtd running (systemctl enable 
libvirtd.service  or if you want to use socket activation then: 
systemctl enable libvirtd.socket)


Michal


1: https://wiki.libvirt.org/page/Qemu_guest_agent

Re: Set hostname of guest during installation time

[Michal Privoznik]

On 5/5/20 11:25 AM, john doe wrote:

On 5/5/2020 10:41 AM, Michal Privoznik wrote:

On 5/5/20 9:26 AM, john doe wrote:

On 5/5/2020 8:29 AM, Michal Privoznik wrote:
Because interface type='bridge' and type='network' are not the same. 
The

libvirt_guest plugin needs a list of MAC addresses because it tries to
find a match across libvirt domain name -> list of domain's MAC
addresses -> list of leases. And whenever a domain is started, all its
interfaces with type='network' will notify the corresponding network 
and

the code that handles libvirt networks will dump the MAC address into a
file for the NSS plugin to use. But, if plain type='bridge' is used 
then

all that is done is that the TAP is plugged into the bridge (which
ensures the connectivity), but does not notify the network which in 
turn

means that the MAC dumping code is not run and hence the NSS plugin
won't find a match.



I don't understand why the network can not be notified, could it be a
feature request?


No. interface type='bridge' exists exactly for the reasons that users
want libvirt just to plug TAP device into a bridge they manage. And they
don't want libvirt to touch the bridge in any other way.




Is there a reason why you are using interface type='bridge' with the
default network?



I'm just starting with libvirt, so I could be missing something.

Yes, I don't need libvirt touching iptables at all.

In other words, is there a way to be able to use libvirt_guest without
having libvirt interacting with iptables.


I'm not quite sure how to achieve NAT then - do you insert the NAT rules
yourself?


Yes, my frontent to iptables will do that.



If it is so, then what you may do is to change the type of the
default network to 'open' and then use interface type='network' from the
domain.



Thank you, I'll need to look into that.

Is there a way to do that with virt-install?


Let me check the man page for you.

--network network=my_libvirt_virtual_net









Also, from (1):

"virsh net-dhcp-leases $network
where $network iterates through
all running network..."

If I understand correctly, the below should list all running network:

$ virsh net-dhcp-leases $network
error: command 'net-dhcp-leases' requires  option


This lists DHCP leases for given network. To list all running networks
you can use 'virsh net-list'.



I would suggest rephrasing the above to something along the lines of:

"virsh net-dhcp-leases $network, where '$network' is to be supstituted
by the desired network (E.G, 'default') or use virsh net-list to list
all available network."


Actually, the whole statement (copied verbatim from the webpage) is:

   The NSS module then merely consults the list trying to find the match.
   Users can view the list themselves:

   virsh net-dhcp-leases $network

   where $network iterates through all running networks.


'$network iterates through all running networks.' I don't understand
what 'all networks' refers to?


Just like there can be multiple domains running there can be multiple 
networks.





Maybe I'm assuming too much, but this doesn't say that net-dhcp-leases
will print all running networks. The way I read this is: The NSS module
then merely does equivalent of iterating over every running network and
executing 'net-dhcp-leases' and trying to find the match.

I thought that using shell variables in a documentation for an UNIX-like
command is well understood, but maybe I am wrong.



That is the first time that I see this syntax being used, simply adding
somewhere that when an example for a command is shown like so, this
should be substituted.


Our docs are kept in a repository. In this specific example it is 
docs/nss.html.in:


https://gitlab.com/libvirt/libvirt/-/blob/master/docs/nss.html.in

If you feel like our docs are misleading, please post a patch.

Michal

Re: Set hostname of guest during installation time

[Michal Privoznik]

On 5/5/20 9:26 AM, john doe wrote:

On 5/5/2020 8:29 AM, Michal Privoznik wrote:

Because interface type='bridge' and type='network' are not the same. The
libvirt_guest plugin needs a list of MAC addresses because it tries to
find a match across libvirt domain name -> list of domain's MAC
addresses -> list of leases. And whenever a domain is started, all its
interfaces with type='network' will notify the corresponding network and
the code that handles libvirt networks will dump the MAC address into a
file for the NSS plugin to use. But, if plain type='bridge' is used then
all that is done is that the TAP is plugged into the bridge (which
ensures the connectivity), but does not notify the network which in turn
means that the MAC dumping code is not run and hence the NSS plugin
won't find a match.



I don't understand why the network can not be notified, could it be a
feature request?


No. interface type='bridge' exists exactly for the reasons that users 
want libvirt just to plug TAP device into a bridge they manage. And they 
don't want libvirt to touch the bridge in any other way.





Is there a reason why you are using interface type='bridge' with the
default network?



I'm just starting with libvirt, so I could be missing something.

Yes, I don't need libvirt touching iptables at all.

In other words, is there a way to be able to use libvirt_guest without
having libvirt interacting with iptables.


I'm not quite sure how to achieve NAT then - do you insert the NAT rules 
yourself? If it is so, then what you may do is to change the type of the 
default network to 'open' and then use interface type='network' from the 
domain.








Also, from (1):

"virsh net-dhcp-leases $network
where $network iterates through
all running network..."

If I understand correctly, the below should list all running network:

$ virsh net-dhcp-leases $network
error: command 'net-dhcp-leases' requires  option


This lists DHCP leases for given network. To list all running networks
you can use 'virsh net-list'.



I would suggest rephrasing the above to something along the lines of:

"virsh net-dhcp-leases $network, where '$network' is to be supstituted
by the desired network (E.G, 'default') or use virsh net-list to list
all available network."


Actually, the whole statement (copied verbatim from the webpage) is:

  The NSS module then merely consults the list trying to find the match.
  Users can view the list themselves:

  virsh net-dhcp-leases $network

  where $network iterates through all running networks.

Maybe I'm assuming too much, but this doesn't say that net-dhcp-leases 
will print all running networks. The way I read this is: The NSS module 
then merely does equivalent of iterating over every running network and 
executing 'net-dhcp-leases' and trying to find the match.


I thought that using shell variables in a documentation for an UNIX-like 
command is well understood, but maybe I am wrong.


Michal

Re: Set hostname of guest during installation time

[Michal Privoznik]

On 5/5/20 8:11 AM, john doe wrote:

On 3/30/2020 4:10 PM, Michal Prívozník wrote:

On 30. 3. 2020 15:26, john doe wrote:

On 3/30/2020 1:20 PM, Andrea Bolognani wrote:

On Mon, 2020-03-30 at 12:04 +0200, Michal Prívozník wrote:

On 27. 3. 2020 20:49, john doe wrote:
If my understanding is correct, using 'try06' or 'debian' should 
do the

same thing?


Yes, that is the idea. However, these plugins were not introduced 
at the

same time. I think that especially Debian has delayed libvirt_guest
plugin. You can check if both plugins exist:

ls /usr/lib64/libnss_libvirt*

/usr/lib64/libnss_libvirt_guest.so.2
/usr/lib64/libnss_libvirt.so.2


Note that paths are different in Debian-based distros, so the correct
ones in this case are actually

   /lib/x86_64-linux-gnu/libnss_libvirt.so.2
   /lib/x86_64-linux-gnu/libnss_libvirt_guest.so.2



I have upgraded that Buster host to Bullseye, so I have now a 6... 
version.

I have also the above two modules.

I'm still not able to use 'libvirt_guest' though:

--- Guest output (try06):

root@try06:~# cat /etc/hostname
try06

--- Host output (host):

root@host:# grep hosts: /etc/ns*
hosts: libvirt_guest
root@host:# virsh net-dhcp-leases default
  Expiry Time   MAC address Protocol   IP address
    Hostname   Client ID or DUID
- 

  2020-03-30 16:03:41   52:54:00:d4:e6:f0   ipv4   
192.168.122.137/24

   -  -


root@host:# getent hosts try06; echo $?
2


What am I missing?


Hold on. 'libvirt_guest' NSS plugin is supposed to translate libvirt
names to IP addresses. For instance:

   virsh start myDomain; ssh myDomain

The 'libvirt' NSS plugin is supposed to translate hostnames as sent by
guests to IP addresses. These two can be viewed as the following:

libvirt_guest: virsh domifaddr --source lease $dom
   libvirt: virsh net-dhcp-leases $net | grep $hostname

And this is where it gets interesting. In your previous e-mails,
net-dhcp-leases (aka 'libvirt' plugin) worked because the guest did send
hostname when doing DHCP. Now it doesn't (see '-' under 'Hostname' in
the output). Therefore, the 'libvirt' NSS plugin won't work.

And 'libvirt_guest' translates names of guests as seen by libvirt, i.e.
names you pass to virsh commands. These are unrelated to '/etc/hostname'
within guest. But hopefully, you haven't renamed your guest since then
and it is still named 'try06', that is virsh list --all produces 'try06'
in the list. If this is all true, can you share the output of:

   strace $(which getent) hosts try06




Thanks to the friendly feedback/support from Michal Privoznik and Andrea
Bolognani, I managed to get it working with the below command:

virt-install --name=try06 --pxe --os-variant=debian10 --network
network=default

What I think I mist while trying to implement the recommendation given
in here is that, if you change the network by doing 'virsh edit default'
the name of the interface in the guest might also change.

I don't understand why libvirt_guest won't work if a network bridge is 
used?


Because interface type='bridge' and type='network' are not the same. The 
libvirt_guest plugin needs a list of MAC addresses because it tries to 
find a match across libvirt domain name -> list of domain's MAC 
addresses -> list of leases. And whenever a domain is started, all its 
interfaces with type='network' will notify the corresponding network and 
the code that handles libvirt networks will dump the MAC address into a 
file for the NSS plugin to use. But, if plain type='bridge' is used then 
all that is done is that the TAP is plugged into the bridge (which 
ensures the connectivity), but does not notify the network which in turn 
means that the MAC dumping code is not run and hence the NSS plugin 
won't find a match.


Is there a reason why you are using interface type='bridge' with the 
default network?






Also, from (1):

"virsh net-dhcp-leases $network
where $network iterates through
all running network..."

If I understand correctly, the below should list all running network:

$ virsh net-dhcp-leases $network
error: command 'net-dhcp-leases' requires  option


This lists DHCP leases for given network. To list all running networks 
you can use 'virsh net-list'.





In my case, I substituted '$network' by 'default'.


It doesn't look like you did, otherwise you would either get leases or 
an error that there is no network named "default".


# virsh net-dhcp-leases
error: command 'net-dhcp-leases' requires  option
# virsh net-dhcp-leases ""
error: Failed to get option 'network': Option argument is empty

# virsh net-dhcp-leases default
 Expiry Time   MAC address Protocol   IP address 
 Hostname   Client ID or DUID

--
 2020-05-05 09:01:11   52:54:00:a4:6f:91   ipv4   19

Re: [Query] Facing issue in build libvirt6.0 on ubuntu 1804

[Michal Privoznik]

On 4/30/20 2:26 PM, Ramesh B wrote:

Hi Michel,

Thanks for quick update.

   Weird. I have slightly older version and it works for me. Maybe
configure is picking something else, some weird binary/python script?

*=>* I have python 3.6 version, is it required latest version e.g Python 
3.8 ?


No. I meant that perhaps configure was picking the script from say 
/usr/local/bin, e.g. some local, self installed version which is broken.





  Ideally, you would construct the domain XML to match the command line
and then use 'virsh define' to store the XML in libvirt. From that point
on, libvirt will know about the domain and you can use all libvirt APIs
to control it.

*=>*   could you please share sample xml & commands for reference to try 
above procedure.

            Few Qemu parameters are as follows,
           -m 2048 -smp 2 -M q35
           -enable-kvm
           --cpu host


2
  2
  
hvm
  
  

  
  
/usr/bin/qemu-system-x86_64
  


Michal

Re: [Query] Facing issue in build libvirt6.0 on ubuntu 1804

[Michal Privoznik]

On 4/30/20 12:53 PM, Ramesh B wrote:

Hi Michal,

Please find the details below,
rst2html5 1.10.6 (Docutils 0.16 [release], Python 3.6.9, on linux)



Weird. I have slightly older version and it works for me. Maybe 
configure is picking something else, some weird binary/python script?




is there any other way to access/control the guest os running on top QEMU ?



Ideally, you would construct the domain XML to match the command line 
and then use 'virsh define' to store the XML in libvirt. From that point 
on, libvirt will know about the domain and you can use all libvirt APIs 
to control it.
Unless your cmd line is super complicated then usually virt-install 
--import in combination with --print-xml allows you to converge into the 
current config.


Michal

Re: [Query] Facing issue in build libvirt6.0 on ubuntu 1804

[Michal Privoznik]

[Please keep the list CCed]

On 4/30/20 12:02 PM, Ramesh B wrote:

Hi Michal,

Thanks for quick response.

Ubuntu: 18.04.3 LTS
QEMU emulator version 4.2.0
libvirtd (libvirt) 4.0.0

I have lunched the guest os using QEMU.
I would like to use the virsh commands to get the status / control of 
guest OS.

when i run any virsh commands not getting any response from QEMU.
When i tried to explore, found the solution saying use of QEMU monitor 
will help.

added the below command while lunch,
-chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-freebsd11.0/monitor.sock,server,nowait 
-mon chardev=charmonitor,id=monitor,mode=control


but result in below mentioed error:
Failed to bind socket to 
/var/lib/libvirt/qemu/domain-freebsd11.0/monitor.sock


Then thought of building libvirt 6.0 version, will help to solve the 
problem.


Ah, so you wanted to use 'virsh qemu-attach' to attach libvirt to a 
running qemu. Yeah, it needs a monitor. However, the functionality was 
not maintained and probably not functional anyway so we've removed in 
the 5.5.0 release.




Please guide me to solve this problem.

Regards,
Babu B




But what's interesting is that you are unable to build. Which package is 
providing the rst2* binaries? Are their up to date?


Michal

Re: why libvirtd can not list the running domain?

[Michal Privoznik]

On 4/30/20 11:31 AM, 崔涛的个人邮箱 wrote:

1.I run a user domain like this:

[root@kvm1 ~]# qemu-system-x86_64 -enable-kvm -m 1G -smp 4 /images/test1.img



Libvirt lists only those virtual machines (or domains as we call them) 
that were started through it. It doesn't list nor can manage qemu 
processes started aside.


For painless domain creation I suggest virt-install or virt-manager 
(which is a GUI for it and libvirt).


Michal

Re: [Query] Facing issue in build libvirt6.0 on ubuntu 1804

[Michal Privoznik]

On 4/30/20 10:05 AM, Ramesh B wrote:

Hi all,

I am trying to build libvirt 6.0 on ubuntu OS 18.04.
Facing one issue libvirt source compilation.


:215: (ERROR/3) Error in "code-block" directive:
1 argument(s) required, 0 supplied.

.. code-block::

    help [command-or-group]


:229: (ERROR/3) Error in "code-block" directive:
1 argument(s) required, 0 supplied.

.. code-block::
===


More context would be helpful, but this looks like rst2man or rst2html 
failed. Again, context would be helpful to know which one and whether 
it's caused by a problem in our released code or rst2*.


Michal

Re: domain: how long is new xml in saved file

[Michal Privoznik]

On 4/24/20 6:38 AM, Vincent Wu wrote:
>

The save format is fragile. At the beginning there is a header which 
describes the file, then there is libvirt section (which contains the 
domain XML and a cookie) and then there is QEMU section (where QEMU 
saved the guest memory). Because of this, we have to have the check you 
are hitting in place so that we don't accidentally overwrite the QEMU 
section.


But, what you can do is provide the changed XML not in 
virDomainSaveImageDefineXML() but provide it to virDomainRestoreFlags() 
which doesn't check for XML length.


Michal

Re: php libvirt show active snapshot

[Michal Privoznik]

On 4/21/20 1:36 AM, Todd Lewis wrote:

Works perfectly thank you.
I did get an issue when trying to compile an rpm

The autobuild did run into an error when trying to create the rpm.
Not a big deal. I can make my own spec file.

EXTRA_RELEASE=""


1: ^^^


if [ -x /usr/bin/rpmbuild ]
then
   rpmbuild --nodeps \
  --define "extra_release $EXTRA_RELEASE" \
  --define "_sourcedir `pwd`" \
  -ba --clean libvirt-php.spec
fi
pwd
error: Macro %extra_release has empty body
error: Macro %extra_release has empty body
error: Macro %extra_release has empty body


D'oh. The line [1] shouldn't be there. But actually, whole autobuild 
script is a bit misleading. The way I build RPMs is autogen.sh + make 
rpm. Would you mind if I remove the autobuild script?


Michal

Re: My VMs don't get IP with libvirt and dnsmasq

[Michal Privoznik]

On 4/17/20 1:01 PM, Computers Issues wrote:

Hi,

That was right. I mean, I've tried it at the same time in both machines 
I have (the one where it works and the other), and using tcpdump -i 
virbr2 in both ones, after creating the domain with virsh, showed that 
the right one is getting DHCP traffic, but there's no DHCP request or 
anything about DHCP in the one that is not working.


There you go. Maybe the guest has a static IP address configured? Or it 
is missing drivers for the virtio NIC (which I guess it has, because the 
disk is virtio too)? Or something else is going on.


Michal

Re: My VMs don't get IP with libvirt and dnsmasq

[Michal Privoznik]

On 4/17/20 12:44 PM, Computers Issues wrote:

Hello!

Thanks for your answer.

Well, I think it has to ask for an IP as I have the same configuration 
in a different machine (with the same OS) and it works, there I see the 
DHCP packets and so on, but not here.


Well, do you actually see DHCP traffic on the virbr2 bridge? Because if 
not then the guest configuration is probably not correct.


And yeah, that pepito.conf file 
exists, this is its content:

##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
##    virsh net-edit pepito
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
user=libvirt-dnsmasq
pid-file=/var/run/libvirt/network/pepito.pid
except-interface=lo
bind-dynamic
interface=virbr2
dhcp-range=192.168.150.2,192.168.150.254
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=253
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/pepito.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/pepito.addnhosts


This looks good. I suspect it is the guest not asking for DHCP. If it 
did, this configuration would assign an IP address.


Michal

Re: My VMs don't get IP with libvirt and dnsmasq

[Michal Privoznik]

On 4/17/20 1:31 AM, Computers Issues wrote:

Hello there,



There is nothing obviously wrong with XMLs. Couple of things to try:

1) are you sure that the guest actually ask for an IP address? What 
happens when you 'dhclient eth0' from inside the guest (or whatever the 
equivalent is)?


2) is dnsmasq running on the host? If so, there should be 
/var/lib/libvirt/dnsmasq/pepito.conf file, can you share its content?


3) Firewall. A lot of times when something network related doesn't work 
I shut the firewall down and retry. It helps me rule one possible source 
out.



Michal

Re: php libvirt show active snapshot

[Michal Privoznik]

On 4/14/20 6:49 PM, Todd Lewis wrote:

I was looking for a  virDomainSnapshotCurrent
I wish I had time to learn to properly Code in C, haven't touch it
since that late 90's
I'm only only coding in php out of necessity.



I've just pushed the implementation upstream:

https://gitlab.com/libvirt/libvirt-php/-/commit/19be5d2b5b2d3b82d719fe310ad519cb3b5d7ebf

Michal

Re: php libvirt show active snapshot

[Michal Privoznik]

On 4/13/20 9:22 PM, Todd Lewis wrote:

Is  php libvirt able to list the active snapshot for the vm?

I can easily take snapshots and restore snapshots, but I can't figure
out how to display the currently active snapshot using php libvirt.



Yeah, libvirt-php is not very well maintained and certainly not around 
snapshot area. Can you point which C APIs are you missing? I will try to 
implement them, or if you want to have an upstream contribution, be my 
guest :-)


Michal

Re: Connections Driver VirtualBox

[Michal Privoznik]

On 4/8/20 5:07 AM, claudia freitas wrote:

Good Morning!

My name is Cláudia, I'm trying to use the Connections to VirtualBox 
driver from libvirt.org  on Pacemaker to start a 
virtual machine created with the VirtualBox hypervisor, so far I haven't 
been successful.
Could you send me a practical example of how to use the driver with the 
VirtualDomain feature in Pacemaker? The examples I found only 
demonstrate the use with Xen and Qemu.


Thanks,


Hey,

I'm not familiar with Pacemaker, but note that libvirt supports only in 
VirtualBox 5.x version. There is no support for 6.x version, although it 
was brought up recently. I still haven't gotten around adding it.


Michal

Re: No DHCP on default network when guest has multiple interfaces

[Michal Privoznik]

On 2/7/20 11:47 AM, Patrick O'Neill wrote:

Hello,



I'm not sure, but I recall that some of the distros I played with asked 
DHCP to configure just one interface. Maybe you need to configure your 
guest to do DHCP for both interfaces?


Michal

Re: qemu hook: event for source host too

[Michal Privoznik]

On 1/24/20 4:34 PM, Guy Godfroy wrote:

I don't really understand what new hook this would be.


Libvirt's migration happens in phases [1]. The last one is 'Confirm' 
where either the domain is either killed (because it's running on the 
destination successfully), or resumed (because there was an error).


If you make a lock shared at the beginning of the migration, but 
migration doesn't succeed you want to make it exclusive again in the 
Confirm phase. Or release it, because the domain is being killed (in 
which case we already run a hook script, so might get away with this 
specific case). Basically, in the hook called from the confirm phase you 
want to undo everything that the hook script called at the beginning of 
the migration has done.


BTW: I might have some time to work on this during weekend, but no 
promises. If you want to write patches though, I can give you some 
pointers and review them ;-)


Michal

1: 
https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/libvirt-domain.c;h=4074397b30c3bba8b57d2058b3608234dd7a20ec;hb=HEAD#l2933

Re: qemu hook: event for source host too

[Michal Privoznik]

On 1/23/20 1:43 PM, Guy Godfroy wrote:
So, how likely is it possible to get this feature (two new events for 
the qemu hook)?


I've started writing it, but then I realized we might need third hook - 
in confirm phase - which would be run on the source when quemu switches 
control over to the destination, or when migration failed. And this is 
what I need to figure out, how to differentiate these two states on the 
hook script level.


Michal

Re: virsh vol-download uses a lot of memory

[Michal Privoznik]

On 1/22/20 1:18 PM, Daniel P. Berrangé wrote:

On Wed, Jan 22, 2020 at 01:01:42PM +0100, Michal Privoznik wrote:

On 1/22/20 11:11 AM, Michal Privoznik wrote:

On 1/22/20 10:03 AM, R. Diez wrote:

Hi all:

I am using the libvirt version that comes with Ubuntu 18.04.3 LTS.


I'm sorry, I don't have Ubuntu installed anywhere to look the version
up. Can you run 'virsh version' to find it out for me please?


Nevermind, I've managed to reproduce with the latest libvirt anyway.





I have written a script that backs up my virtual machines every
night. I want to limit the amount of memory that this backup
operation consumes, mainly to prevent page cache thrashing. I have
described the Linux page cache thrashing issue in detail here:

http://rdiez.shoutwiki.com/wiki/Today%27s_Operating_Systems_are_still_incredibly_brittle#The_Linux_Filesystem_Cache_is_Braindead


The VM virtual disk weighs 140 GB at the moment. I thought 500 MiB
of RAM should be more than enough to back it up, so I added the
following options to the systemd service file associated to the
systemd timer I am using:

    MemoryLimit=500M

However, the OOM is killing "virsh vol-download":

Jan 21 23:40:00 GS-CEL-L kernel: [55535.913525] [  pid  ]   uid
tgid total_vm  rss pgtables_bytes swapents oom_score_adj name
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913527] [  13232]  1000
13232 5030  786    77824  103 0
BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913528] [  13267]  1000
13267 5063  567    73728  132 0
BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913529] [  13421]  1000
13421 5063  458    73728  132 0
BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913530] [  13428]  1000
13428 712847   124686  5586944   523997 0 virsh
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913532] 
oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/system.slice/VmBackup.service,task_memcg=/system.slice/VmBackup.service,task=virsh,pid=13428,uid=1000

Jan 21 23:40:00 GS-CEL-L kernel: [55535.913538] Memory cgroup out of
memory: Killed process 13428 (virsh) total-vm:2851388kB,
anon-rss:486180kB, file-rss:12564kB, shmem-rss:0kB

I wonder why "virsh vol-download" needs so much RAM. It does not get
killed straight away, it takes a few minutes to get killed. It
starts using a VMSIZE of around 295 MiB, which is not really frugal
for a file download operation, but then it grows and grows.


This is very likely a memory leak somewhere.


Actually, it is not. It's caused by our design of the client event loop. If
there are any incoming data, read as much as possible placing them at the
end of linked list of incoming stream data (stream is a way that libvirt
uses to transfer binary data). Problem is that instead of returning NULL to
our malloc()-s once the limit is reached, kernel decides to kill us.

For anybody with libvirt insight: virNetClientIOHandleInput() ->
virNetClientCallDispatch() -> virNetClientCallDispatchStream() ->
virNetClientStreamQueuePacket().


The obvious fix would be to stop processing incoming packets if stream has
"too much" data cached (define "too much"). But this may lead to
unresponsive client event loop - if the client doesn't pull data from
incoming stream fast enough they won't be able to make any other RPC.


IMHO if they're not pulling stream data and still expecting to make
other RPC calls in a timely manner, then their code is broken.


This is virsh that we are talking about. It's not some random application.

And I am able to limit virsh mem usage to "just" 100MiB with one well 
placed usleep() - to slow down putting incoming stram packets onto the 
queue:


diff --git i/src/rpc/virnetclientstream.c w/src/rpc/virnetclientstream.c
index f904eaba31..cfb3f225f2 100644
--- i/src/rpc/virnetclientstream.c
+++ w/src/rpc/virnetclientstream.c
@@ -358,6 +358,7 @@ int 
virNetClientStreamQueuePacket(virNetClientStreamPtr st,

 virNetClientStreamEventTimerUpdate(st);

 virObjectUnlock(st);
+usleep(1000);
 return 0;
 }


But any attempt I've made to ignore POLLIN if stream queue is longer 
than say 8 packets was unsuccessful (the code still read incoming 
packets and placed them into the queue). I blame passing the bucket 
algorithm for that (rather than my poor skills :-P).




Having said that, in retrospect I rather regret ever implementing our
stream APIs as we did. We really should have just exposed an API which
lets you spawn an NBD server associated with a storage volume, or
tunnelled NBD over libvirtd. The former is probably our best strategy
these days, now that NBD has native TLS support.


Yeah, but IIRC NBD wasn't a thing back then, was it?

Michal

Re: virsh vol-download uses a lot of memory

[Michal Privoznik]

On 1/22/20 11:11 AM, Michal Privoznik wrote:

On 1/22/20 10:03 AM, R. Diez wrote:

Hi all:

I am using the libvirt version that comes with Ubuntu 18.04.3 LTS.


I'm sorry, I don't have Ubuntu installed anywhere to look the version 
up. Can you run 'virsh version' to find it out for me please?


Nevermind, I've managed to reproduce with the latest libvirt anyway.





I have written a script that backs up my virtual machines every night. 
I want to limit the amount of memory that this backup operation 
consumes, mainly to prevent page cache thrashing. I have described the 
Linux page cache thrashing issue in detail here:


http://rdiez.shoutwiki.com/wiki/Today%27s_Operating_Systems_are_still_incredibly_brittle#The_Linux_Filesystem_Cache_is_Braindead 



The VM virtual disk weighs 140 GB at the moment. I thought 500 MiB of 
RAM should be more than enough to back it up, so I added the following 
options to the systemd service file associated to the systemd timer I 
am using:


   MemoryLimit=500M

However, the OOM is killing "virsh vol-download":

Jan 21 23:40:00 GS-CEL-L kernel: [55535.913525] [  pid  ]   uid  tgid 
total_vm  rss pgtables_bytes swapents oom_score_adj name
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913527] [  13232]  1000 
13232 5030  786    77824  103 0 BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913528] [  13267]  1000 
13267 5063  567    73728  132 0 BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913529] [  13421]  1000 
13421 5063  458    73728  132 0 BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913530] [  13428]  1000 13428 
712847   124686  5586944   523997 0 virsh
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913532] 
oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/system.slice/VmBackup.service,task_memcg=/system.slice/VmBackup.service,task=virsh,pid=13428,uid=1000 

Jan 21 23:40:00 GS-CEL-L kernel: [55535.913538] Memory cgroup out of 
memory: Killed process 13428 (virsh) total-vm:2851388kB, 
anon-rss:486180kB, file-rss:12564kB, shmem-rss:0kB


I wonder why "virsh vol-download" needs so much RAM. It does not get 
killed straight away, it takes a few minutes to get killed. It starts 
using a VMSIZE of around 295 MiB, which is not really frugal for a 
file download operation, but then it grows and grows.


This is very likely a memory leak somewhere. 


Actually, it is not. It's caused by our design of the client event loop. 
If there are any incoming data, read as much as possible placing them at 
the end of linked list of incoming stream data (stream is a way that 
libvirt uses to transfer binary data). Problem is that instead of 
returning NULL to our malloc()-s once the limit is reached, kernel 
decides to kill us.


For anybody with libvirt insight: virNetClientIOHandleInput() -> 
virNetClientCallDispatch() -> virNetClientCallDispatchStream() -> 
virNetClientStreamQueuePacket().



The obvious fix would be to stop processing incoming packets if stream 
has "too much" data cached (define "too much"). But this may lead to 
unresponsive client event loop - if the client doesn't pull data from 
incoming stream fast enough they won't be able to make any other RPC.


Anybody got any ideas?

Michal

Re: virsh vol-download uses a lot of memory

[Michal Privoznik]

On 1/22/20 10:03 AM, R. Diez wrote:

Hi all:

I am using the libvirt version that comes with Ubuntu 18.04.3 LTS.


I'm sorry, I don't have Ubuntu installed anywhere to look the version 
up. Can you run 'virsh version' to find it out for me please?




I have written a script that backs up my virtual machines every night. I 
want to limit the amount of memory that this backup operation consumes, 
mainly to prevent page cache thrashing. I have described the Linux page 
cache thrashing issue in detail here:


http://rdiez.shoutwiki.com/wiki/Today%27s_Operating_Systems_are_still_incredibly_brittle#The_Linux_Filesystem_Cache_is_Braindead 



The VM virtual disk weighs 140 GB at the moment. I thought 500 MiB of 
RAM should be more than enough to back it up, so I added the following 
options to the systemd service file associated to the systemd timer I am 
using:


   MemoryLimit=500M

However, the OOM is killing "virsh vol-download":

Jan 21 23:40:00 GS-CEL-L kernel: [55535.913525] [  pid  ]   uid  tgid 
total_vm  rss pgtables_bytes swapents oom_score_adj name
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913527] [  13232]  1000 
13232 5030  786    77824  103 0 BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913528] [  13267]  1000 
13267 5063  567    73728  132 0 BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913529] [  13421]  1000 
13421 5063  458    73728  132 0 BackupWindows10
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913530] [  13428]  1000 13428   
712847   124686  5586944   523997 0 virsh
Jan 21 23:40:00 GS-CEL-L kernel: [55535.913532] 
oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/system.slice/VmBackup.service,task_memcg=/system.slice/VmBackup.service,task=virsh,pid=13428,uid=1000 

Jan 21 23:40:00 GS-CEL-L kernel: [55535.913538] Memory cgroup out of 
memory: Killed process 13428 (virsh) total-vm:2851388kB, 
anon-rss:486180kB, file-rss:12564kB, shmem-rss:0kB


I wonder why "virsh vol-download" needs so much RAM. It does not get 
killed straight away, it takes a few minutes to get killed. It starts 
using a VMSIZE of around 295 MiB, which is not really frugal for a file 
download operation, but then it grows and grows.


This is very likely a memory leak somewhere. Can you try to run virsh 
under valgrind and download a small disk? valgrind could help us 
identify the leak. For instance:


valgrind --leak-check=full virsh vol-download /path/to/small/volume 
/tmp/blah; rm /tmp/blah


However, I am unable to reproduce with the current git master so looks 
like the leak was fixed - question is, which commit fixed it so that 
your distro maintainers can backport it.


Michal

Re: qemu hook: event for source host too

[Michal Privoznik]

On 1/22/20 9:23 AM, Guy Godfroy wrote:
I could launch `lvchange -asy` on the source host manually, but the aim 
of hooks is to automatically execute such commands and avoid human errors.


Agreed. However, you would need two hooks actually. One that is called 
on the source when the migration is started, and the other that is 
called on the destination when the migration is finished (so that you 
can promote the shared lock to the exclusive again). Just out of 
curiosity - how do you handle the lock promoting?


Michal

Re: qemu hook: event for source host too

[Michal Privoznik]

On 1/21/20 9:10 AM, Guy Godfroy wrote:

Hello, this is my first time posting on this mailing list.

I wanted to suggest a addition to the qemu hook. I will explain it 
through my own use case.


I use a shared LVM storage as a volume pool between my nodes. I use 
lvmlockd in sanlock mode to protect both LVM metadata corruption and 
concurrent volume mounting.


When I run a VM on a node, I activate the desired LV with exclusive lock 
(lvchange -aey). When I stop the VM, I deactivate the LV, effectively 
releasing the exclusive lock (lvchange -an).


When I migrate a VM (both live and offline), the LV has to be activated 
on both source and target nodes, so I have to use a shared lock 
(lvchange -asy). That's why I need a hook event on the source host too 
(as far as I know after my tests, the migration event is only triggered 
on the target host).


Is such a feature a possibility?


In theory yes. But since you are the one initiating migration, can't you 
also issue the lvchange command?
On the other hand, we already have startup hooks so the argument is only 
partially valid - anybody starting up a domain can run the hook too.


Michal

Re: How to detect completion of a paused VM migration on the destination?

[Michal Privoznik]

On 1/21/20 3:28 PM, Milan Zamazal wrote:

Hi,

when a normally running VM is migrated, libvirt sends
VIR_DOMAIN_EVENT_RESUMED_MIGRATED event on the destination once the
migration completes.  I can see that when a paused VM is migrated,
libvirt sends VIR_DOMAIN_EVENT_SUSPENDED_PAUSED instead.

Since there seems to be nothing migration specific about
VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event, my question is: Is it safe to
assume on the destination that this event signals completion of the
incoming migration (unless VIR_DOMAIN_EVENT_RESUMED_MIGRATED is received
before)?


Yes. This is the code that handles the finish phase of migration:

https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/qemu/qemu_migration.c;h=29d228a8d9345ec8e2853571444614008a95e914;hb=HEAD#l5105

which can be read as the following pseudo code:

if (postCopy)
  sendEvent(VIR_DOMAIN_EVENT_RESUMED_MIGRATED);

if (domain.paused)
  sendEvent(VIR_DOMAIN_EVENT_SUSPENDED_PAUSED);


Michal

Re: [libvirt-users] Request to be allotted a project or a feature in pipeline

[Michal Privoznik]

On 12/15/19 5:22 PM, Utsav Parmar wrote:

To whom it may concern,


I'm Utsav Parmar, pursuing my B. Tech in Computer Engineering. I like to 
work on new technologies and am currently looking for open-source 
projects to contribute to.



As it may turn out, I've got a college project in my curriculum this 
semester under “Software Development Practice”, and I'd like to work 
upon a project and/or a feature in pipeline spanning over 3 months in 
Libvirt organization as a part of the same college project. My mentor 
cum professor has already agreed for the same, given that I get approval 
from one of the maintainers. So, if possible, will you please allot me 
something to work upon?


Hi,

it's always nice to see people interested in open source. Usually, 
people chose what they want to work on, it's very rare to tell others 
what to do, but since you are seeking some mentoring I am willing to 
guide you.


Firstly, you need to set your development environment. I don't know what 
distribution you are using, but on Fedora it is sufficient to 'dnf 
build-dep libvirt' plus you might need to install some missing packages 
like git. Once you're done you should be able to clone and build from 
our repo:


  git clone git://libvirt.org/libvirt.git libvirt.git
  cd libvirt.git
  mkdir _build && cd _build && ../autogen.sh --system
  make -j10 all syntax-check check

The autogen.sh script will run configure which will error out if you're 
missing anything crucial.


Now, I don't know how strong your C skills are, but you can start by 
picking a task from our list of beginner projects:


  https://wiki.libvirt.org/page/BiteSizedTasks

We can discuss this further off the list. There is also a document which 
covers first steps:


  https://libvirt.org/hacking.html

Please reply off the list what is it that you are interested in and I 
will try to come up with a task suitable for you. Or catch me on IRC 
channel (nick is mprivozn):


  https://libvirt.org/contact.html#irc

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] nvme, spdk and host linux version

[Michal Privoznik]

On 12/12/19 3:51 PM, Mauricio Tavares wrote:

On Thu, Dec 12, 2019 at 5:40 AM Michal Privoznik  wrote:


On 11/27/19 4:12 PM, Mauricio Tavares wrote:

I have been following the patches on nvme support on the list and was
wondering: If I wanted to build a vm host to be on the bleeding edge
for nvme and spdk fun in libvirt, which linux distro --
fedora/ubuntu/centos/etc -- should I pick?



For NVMe itself it probably doesn't matter as it doesn't require any
special library. However, I'm not so sure about SPDK, esp. whether my
NVMe patches is what you really need? My patches enable the only missing
combination:

host kernel storage stack + qemu storage stack =  
This has disadvantage of latency added by both stacks, but allows
migration.

neither host kernel nor qemu storage stack =  (aka PCI assignment)
This offers near bare metal latencies, but prohibits migration.

qemu storage stack only = 
This is what my patches implement and should combine the above two:
small latencies and ability to migrate.


   That is actually my question: is handing the hard drive through
PCI assignment faster or slowe than disk type='nvme'?


According to:

https://www.linux-kvm.org/images/4/4c/Userspace_NVMe_driver_in_QEMU_-_Fam_Zheng.pdf 
(slide 25)


the fastest is the host, followed by PCI assignment (in qemu it's called 
VFIO), then disk type='nvme' and the last one is disk type='block' with 
/dev/nvme0 (referred to as linux-aio).


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] nvme, spdk and host linux version

[Michal Privoznik]

On 11/27/19 4:12 PM, Mauricio Tavares wrote:

I have been following the patches on nvme support on the list and was
wondering: If I wanted to build a vm host to be on the bleeding edge
for nvme and spdk fun in libvirt, which linux distro --
fedora/ubuntu/centos/etc -- should I pick?



For NVMe itself it probably doesn't matter as it doesn't require any 
special library. However, I'm not so sure about SPDK, esp. whether my 
NVMe patches is what you really need? My patches enable the only missing 
combination:


host kernel storage stack + qemu storage stack =  
  This has disadvantage of latency added by both stacks, but allows 
migration.


neither host kernel nor qemu storage stack =  (aka PCI assignment)
  This offers near bare metal latencies, but prohibits migration.

qemu storage stack only = 
  This is what my patches implement and should combine the above two: 
small latencies and ability to migrate.



Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Getting "Unable to set XATTR" on libvirt 5.6.0 inside containers

[Michal Privoznik]

On 11/21/19 3:08 PM, Roman Mohr wrote:

Hi,

We are updating KubeVirt to libvirt 5.6.0. Before that we were running 
on 5.0.0. It seems like something regarding setting xattrs on files has 
changed, because with libvirt 5.6.0 we are getting the following error:


```
Unable to set XATTR trusted.libvirt.security.dac on 
/var/lib/libvirt/qemu/domain-410-default_vmi-fedora: Operation not 
permitted')

```

The main problem is for us is that container filesystems don't 
necessarily support setting xattrs.


My questions would therfore be:

  * Does anyone know what has changed, and why?
  * Can it be disabled?



I've seen the bug you filled so I'll continue discussion there so that 
we don't have two places where we discuss this issue.


https://bugzilla.redhat.com/show_bug.cgi?id=1774373

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Starting VM fails with: "Setting different DAC user or group on /path... which is already in use" after upgrading to libvirt 5.6.0-1

[Michal Privoznik]

On 8/19/19 9:53 PM, Nir Soffer wrote:

Hi,

I upgraded to a Fedora 29 host using virt-preview repo to
libvirt-daemon-5.6.0-1.fc29.x86_64
The host was using plain Fedora 29 without virt-preview before that.

After the upgrade, starting some vms that were running fine fail now with
this error:

Error starting domain: internal error: child reported (status=125):
Requested operation is not valid: Setting different DAC user or group on
/home/libvirt/images/voodoo4-os.img which is already in use

Traceback (most recent call last):
   File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in
cb_wrapper
 callback(asyncjob, *args, **kwargs)
   File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in tmpcb
 callback(*args, **kwargs)
   File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line
66, in newfn
 ret = fn(self, *args, **kwargs)
   File "/usr/share/virt-manager/virtManager/object/domain.py", line 1279,
in startup
 self._backend.create()
   File "/usr/lib64/python3.7/site-packages/libvirt.py", line 1089, in create
 if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirt.libvirtError: internal error: child reported (status=125):
Requested operation is not valid: Setting different DAC user or group on
/home/libvirt/images/voodoo4-os.img which is already in use

These vms we created by creating one vm, and the cloning the vms.

I tried to delete the disks and add them back in one of the vms, but the vm
still fail with the
same error.

I hope that someone have a clue what is the issue, and how it can be fixed.


How do you clone the vms? The error message suggests that the image is 
in use - is it possible that you're trying to start two domains over the 
same disk?


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Detach disk from VM - virsh (working) vs. PHP (not working)

[Michal Privoznik]

On 8/1/19 10:12 AM, Jan Horak wrote:

Hi all,

i created a script in PHP for create a virtual server with two QCOW2 discs … 
one is our system for installation and second is target system.

After successfully instalation (create a blank Debian system, prepare all files 
and grub partitions) i need a restart virtual without a installation disk.

If i use Virsh:

detach-disk --domain debian-test2 --persistent --target vda
reset debian-test2

everything works well.

If i use a PHP, there is „complicated“ way and „simple“ way:

1, complicated:

libvirt_domain_destroy($domain);
libvirt_domain_undefine($domain);

$xml = domain_create_xml($name,$uuid,$memory,$cpu,$vnc,$mac);
$domain = libvirt_domain_define_xml($server->conn, $xml);
libvirt_domain_disk_add($domain, "/users/".$name.".img", "vdb", "virtio", 
"qcow2", NULL);
libvirt_domain_create($domain);

(or instead libvirt_domain_disk_add i can define disk directly in XML)

But in this case, the server will not boot (GRUB error)


Question is, how GRUB refers to the disk where kernel is to be found. 
Also, I suspect it is not GRUB that is complaining, but SeaBIOS which 
hasn't found any bootable device. It's only an assumption becasue I 
don't know how domain_create_xml() works - it's not a libvirt-php 
function. There are two possibilities here:


1) make sure domain_create_xml() sets boot devices
2) construct disk XML yourself, and put "" into it



2, simple:

libvirt_domain_disk_remove($domain,“vda“);
libvirt_domain_reboot($domain);

The problem of this solution is thats not working. The remove disk is failing 
with error „Unable attach disk“ - i looks to source code, and yes, there is a 
mystake with „attach“/„detach“, but main problem i see in log from libvirt:


Oh, that's only typo in the error message. In fact the detach API is 
called. And it fails.




Aug  1 02:57:05 ry libvirtd[19051]: missing source information for device vda

I try to put source detail to xml in source of PHP module

libvirt-domain.c:

   822  if (asprintf(,
   823   "\n"
   824   "  \n"
   825   "", dev) < 0) {
   826  set_error("Out of memory" TSRMLS_CC);
   827  goto error;
   828  }

but my attempts was unsuccesfull (i’m not C programmer).


Yes, this minimalistic XML is not good as detach API requires full 
device XML. I'll fix this soon.




Questions:

A, why complicated way is not working and system dont want boot (GRUB error) if 
virsh works fine
B, why libvirt_domain_disk_remove is not work ? I use libvirt and libvirt-php 
latest from git.


I've pushed fixes here:


Please give it a try.

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] libvirt/dnsmasq is not adhering to static DHCP assignments

[Michal Privoznik]

On 8/1/19 4:21 AM, Christian Kujau wrote:

This is basically a continuation of an older posting[0] I found, but
apparently no solution has been posted. So, I'm trying to setup static
DHCP leases with dnsmasq that is being started by libvirtd:


---
$ sudo virsh net-dumpxml --network default

   [...]
   
   
 
   
   


This is clearly a misconfiguration. 192.168.56.139 is not from 
192.168.122.130/24 subnet. Libvirt should report an error in this case 
but it doesn't (tested right now with the current git HEAD), which is a 
bug. I believe if you'd s/56/122/ in the  you'll find it working 
again.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Researching why different cache modes result in 'some' guest filesystem corruption..

[Michal Privoznik]

On 7/30/19 10:40 PM, vinc...@cojot.name wrote:


Does anyone have any idea what's going on or what I may be doing wrong?


I don't think it is you doing something wrong. The way shutdown works is 
that libvirt tells qemu to shut down (or in case of guest initiated 
shutdown it is guest OS who says that), and then qemu starts flushing 
its own internal caches (note that these are on the top of host kernel 
FS caches). And once done, qemu sends libvirt an event to which libvirt 
reacts by killing the process.
However, if there is a bug in qemu so that the event is sent before all 
cahces were flushed it may lead to disk corruption. This also 
corresponds to your experience where cache='none' makes the bug go away 
because in that case qemu doesn't add any of its caches into the picture 
and thus no disk corruption is possible.
Unfortunatelly, I don't know enough about qemu to suggest where the bug 
might be, sorry.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] OVS / KVM / libvirt / MTU

[Michal Privoznik]

On 7/29/19 9:23 PM, Sven Vogel wrote:

Hi Michal,

Thanks for your answer.

I don’t understand why an interface created without mtu gets only 1500 visible 
in the virtual machine but if I create an interface with mtu higher than 1500 
e.g. 2000 the bridge will change too. Before the bridge was e.g. by 9000.
I ask because you wrote if I don’t set an mtu of the interface I will get the 
mtu of the bridge. But it seems so.

Can you clarify it a little better for me?


I don't know enough about OVS internals to answer that, sorry. Maybe we 
should ask OVS developers why OVS bridge behaves this way.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Why librbd disallow VM live migration if the disk cache mode is not none or directsync

[Michal Privoznik]

On 7/29/19 3:51 AM, Ming-Hung Tsai wrote:

I'm curious that why librbd sets this limitation? The rule first
appeared in librbd.git commit d57485f73ab. Theoretically, a
write-through cache is also safe for VM migration, if the cache
implementation guarantees that cache invalidation and disk write are
synchronous operations.

For example, I'm using Ceph RBD images as VM storage backend. The Ceph
librbd supports synchronous write-through cache, by setting
rbd_cache_max_dirty to zero, and setting
rbd_cache_block_writes_upfront to true, thus it would be safe for VM
migration. Is that true? Any suggestion would be appreciated. Thanks.


The commit you refer to is very old and my hunch is that things looked 
different in 2012. Things might have changed since then and if 
write-through wasn't safe ~7 years ago, it might be safe now (with some 
tuning).


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] OVS / KVM / libvirt / MTU

[Michal Privoznik]

On 7/23/19 8:00 PM, Sven Vogel wrote:

Hey there,

I hope anyone can bring some light in the following problem.













we have an base bridge for example and cloudbr0. After we add an mtu to the vm 
bridge here it seems the base bridge gets the same mtu like the vnet adapter.

Is this normal behaviour of libvirt together with OVS?


I wouldn't say it is 'normal', but this behaviour is not specific to 
libvirt. I mean, if you create a tap device yourself by hand and then 
plug it into an ovs bridge the same thing will happen. If you don't want 
to change MTU of the bridge then just don't set it for  and 
libvirt will copy whatever MTU the bridge has over to the new TAP device.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] filesharing file owner problem

[Michal Privoznik]

On 7/16/19 8:08 AM, Vojto Ľach wrote:

Hello,
  I'm having an issue with usage of libvirt driven qemu where I'm sharing
directory with guest machine.
virsh domain filesharing configuration:
 
   
   
   
   
 

/etc/libvirt/qemu.conf :
user = "root"
group = "root"
dynamic_ownership = 0
clear_emulator_capabilities = 0


So this configuration means that qemu is run under root:root. Libvirt 
does not interfere with the files a guest is creating. Libvirt does not 
get any event or anything. It's up to qemu to chown() the files.


I've just tested this with qemu from git and looks like labels are 
applied correctly. So maybe try upgrading your qemu?


even with this unsecure configuration I wasn't able to achieve that newly
created files/dirs in guest machine have ownership of guest machine user
but they are still created under root user id. Also strange is that group
of those files/dirs are correct.
Can somebody help me with this?

Thank you.



You're welcome :-)

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Question regarding using multiple physical functions inside a network pool.

[Michal Privoznik]

On 7/12/19 3:44 PM, Mohamed, Faris wrote:

Hello,

I was planning on adding multiple physical functions using the built in SR-IOV 
features offered by libvirt to a create a bigger pool of virtual functions 
using the

 heading

(I want to be able to use more virtual machines then there are virtual 
functions available on an ethernet port).

As soon as I try to define multiple physical functions in a pool, I get this 
error:


error: Failed to define network from biggernetwork.xml
error: XML error: Only one  element is allowed in  of network 
bigger network


when using this command:

sudo virsh net-define biggernetwork.xml


on the following XML document:


bigger network

 
 




You need to define only the PF and libvirt will handle the rest:

https://wiki.libvirt.org/page/Networking#Assignment_with_.3Cinterface_type.3D.27hostdev.27.3E_.28SRIOV_devices_only.29

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] logging of domains

[Michal Privoznik]

On 5/29/19 4:59 PM, Lentes, Bernd wrote:

Hi,

recently i had some domains stopped without any obvious reason for me. 
Unfortunately i didn't find the cause.
I'd like to log information about the domains that i have more information the 
next time this will happen.
In /etc/libvirt/libvirtd.conf i have:
log_level = 3
log_outputs="3:file:/var/log/libvirt/libvirtd.log"
which creates enormous log files, but with logrotate and xz i can manage that. 
But i think this is just
related to libvirtd.
The logs for the domains under /var/log/libvirt/qemu are poor and very small, 
nearly no information.
Is there a way to be more verbose with the domains so that i may find helpful 
information in these logs when the domains stop for the next time ?


Domain logs usually contain only command line and a very few info. It's 
the daemon logs where all the interesting bits are logged. This is 
almost by design because qemu's stdout/stderr is logged in domain log 
file and daemon logs go then into that enormous file.


Anyway, what's the issue you're trying to debug?

If your machine stops for no obvious reason try 'virsh domstate 
--reason'. It might give you an idea.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Cannot get interface MTU - qemu quest fails to start off OpenVswitch

[Michal Privoznik]

On 5/10/19 6:23 PM, lejeczek wrote:

On 10/05/2019 14:44, Michal Privoznik wrote:

On 5/10/19 3:26 PM, lejeczek wrote:

hi guys

I have a qemu guest and openvswitch bridge and the guest fails to start:

$ virsh start work8
error: Failed to start domain work8-vm-win2016
error: Cannot get interface MTU on 'ovsbr0': No such device


Well, this means that 'ovsbr0' doesn't exist. Is that so? Can you
share your  configuration and the network XML?

Michal


so if your libvirt's net is like this:


   ovs-br0
   e5129e76-1576-4866-97e1-42f14263cfc2
   
   
   


then you need extra(extra for ovs tools create both for us at bridge
creation time and nmcli(you) need to create those explicitly) port+iface
so this:

$ ovs-vsctl show

output will contain this:

...

Port "ovsbr0"
     Interface "ovsbr0"
     type: internal


That is expected.  is document like so:

https://libvirt.org/formatnetwork.html#elementsConnect

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Cannot get interface MTU - qemu quest fails to start off OpenVswitch

[Michal Privoznik]

On 5/10/19 3:26 PM, lejeczek wrote:

hi guys

I have a qemu guest and openvswitch bridge and the guest fails to start:

$ virsh start work8
error: Failed to start domain work8-vm-win2016
error: Cannot get interface MTU on 'ovsbr0': No such device


Well, this means that 'ovsbr0' doesn't exist. Is that so? Can you share 
your  configuration and the network XML?


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] disable libvirt-nwfilter

[Michal Privoznik]

[Please keep the list CC-ed as it may help somebody from future when 
searching for solution to the same problem]

On 5/6/19 6:08 PM, nak...@geekpit.org wrote:

Am 2019-05-06 16:26, schrieb Michal Privoznik:

On 5/6/19 3:44 PM, nak...@geekpit.org wrote:

Hi,

i want to disable the nwfilter functionality of libvirt.
It's surely nice for some people, nevertheless i don't want libvirt 
to alter any netfilter rules, neither i want the according 
functionality even available.


It's not only NWFilter that will inject firewall rules. Depending on
configuration it might also be the default network.

I know about nwfilter-undefine, but what i'm looking for is an option 
to globally disable this functionality at all. Some config flag or 
similar.

How can i achieve that?


Unless you have a domain  defined so that it uses a
nwfilter then no firwall rules are added by nwfilter code.

If you still want to remove nwfilter module then just uninstall it, 
e.g. via:


dnf remove libvirt-daemon-driver-nwfilter libvirt-daemon-config-nwfilter

Michal


Hi,

me again.
Another question libvirt is adding chains. Where do i disable these:

chains are LIBVIRT-{FWO,FWX,FWI, INP, OUT}

These are absolutely and explicit unwanted.
Adding new rich features for folks is a fine thing, but i need an opt out.
Please, how do i get rid of it?


As I've said, there are two sources which cause libvirt to insert FW 
rules. By uninstalling nwfilter module you've eliminated one. But since 
you're still able to run the domain this step was useless because your 
domain doesn't have nwfilter configured for any of its -s 
and thus nwfilter module did nothing but sit there.


The other module that is inserting FW rules is network module.
Currently, when libvirtd is starting it reads all the configs of defined 
networks. If a NATed network is found then it creates those LIBVIRT-* 
chains and when the network is started then all the rules will be placed 
into those chains to not contaminate config set by sysadmin.
There is patch to postpone creating the chains unitl network actually is 
starting:


https://www.redhat.com/archives/libvir-list/2019-April/msg01547.html

So your options here are:

a) undefine all NATed networks (typically there's 'default' network)
b) uninstall network module (but this will render all domains using 
 unable to start).


As an extension to a) you can have a network with  
which preserves all the advantages of having a libvirt network but does 
not install any FW rules.


Of course, any comments to aforementioned patch are welcome too.

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] disable libvirt-nwfilter

[Michal Privoznik]

On 5/6/19 3:44 PM, nak...@geekpit.org wrote:

Hi,

i want to disable the nwfilter functionality of libvirt.
It's surely nice for some people, nevertheless i don't want libvirt to 
alter any netfilter rules, neither i want the according functionality 
even available.


It's not only NWFilter that will inject firewall rules. Depending on 
configuration it might also be the default network.


I know about nwfilter-undefine, but what i'm looking for is an option to 
globally disable this functionality at all. Some config flag or similar.

How can i achieve that?


Unless you have a domain  defined so that it uses a nwfilter 
then no firwall rules are added by nwfilter code.


If you still want to remove nwfilter module then just uninstall it, e.g. 
via:


dnf remove libvirt-daemon-driver-nwfilter libvirt-daemon-config-nwfilter

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] VM: Unable to enable scatter-gather / tx-checksumming / tcp-segmentation offload

[Michal Privoznik]

On 5/3/19 10:19 AM, Harsh Gondaliya wrote:

In my Linux VM, I am unable to change scatter-gather / tx-checksumming /
TCP-segmentation offload features by ethtool command. I am using virtio nic
with vhostuser port backend.
It shows me an error:
Cannot change tx-checksumming
Cannot change scatter-gather
Cannot change tcp-segmentation offload
Could not change any device features


You need to enable those in domain XML:

https://libvirt.org/formatdomain.html#elementsDriverBackendOptions



Ony running command ethtool -k ens3, I get the following:
[image: image.png]


Oh¸ it's way better to post this as a text rather than image. Some of us 
use text clients to read e-mails.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] libvirtd not starting

[Michal Privoznik]

On 5/2/19 12:08 PM, Lothar Schilling wrote:


I turned logging up to maximum. That's all I get:

May  2 11:02:06 hl308-3 systemd: Starting Virtualization daemon...
May  2 11:02:06 hl308-3 libvirtd: 472: info : libvirt version: 4.5.0, package: 
10.el7_6.7 (CentOS BuildSystem , 2019-04-24-14:04:12, 
x86-01.bsys.centos.org)
May  2 11:02:06 hl308-3 libvirtd: 472: info : hostname: my.server.net
May  2 11:02:06 hl308-3 libvirtd: 472: info : virEventPollAddHandle:140 : 
EVENT_POLL_ADD_HANDLE: watch=1 fd=6 events=1 cb=0x7eff3bbde300 opaque=(nil) 
ff=(nil)
May  2 11:02:06 hl308-3 libvirtd: 472: info : virEventPollAddHandle:140 : 
EVENT_POLL_ADD_HANDLE: watch=2 fd=8 events=1 cb=0x7eff3bd06760 
opaque=0x558f9db485a0 ff=(nil)
May  2 11:02:06 hl308-3 systemd: Started Virtualization daemon.
May  2 11:02:06 hl308-3 libvirtd: 472: info : virEventPollAddHandle:140 : 
EVENT_POLL_ADD_HANDLE: watch=3 fd=11 events=0 cb=0x7eff3bcfb420 
opaque=0x558f9db69520 ff=0x7eff3bcfb3d0
May  2 11:02:06 hl308-3 libvirtd: 472: info : virEventPollAddHandle:140 : 
EVENT_POLL_ADD_HANDLE: watch=4 fd=12 events=0 cb=0x7eff3bcfb420 
opaque=0x558f9db69700 ff=0x7eff3bcfb3d0
May  2 11:02:06 hl308-3 libvirtd: process 472: arguments to 
dbus_message_iter_append_basic() were incorrect, assertion 
"_dbus_check_is_valid_utf8 (*string_p)" failed in file 
../../dbus/dbus-message.c line 2754.
May  2 11:02:06 hl308-3 libvirtd: This is normally a bug in some application 
using the D-Bus library.
May  2 11:02:06 hl308-3 libvirtd: D-Bus not built with -rdynamic so unable to 
print a backtrace
May  2 11:02:06 hl308-3 systemd: libvirtd.service: main process exited, 
code=killed, status=6/ABRT


This is not the maximum loggin. We'll need to see debug logs:

https://wiki.libvirt.org/page/DebugLogs

and perhaps running libvirtd under gdb and getting a stack trace (with 
all strings expanded) might help too.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] libvirtd via unix socket using system uri

[Michal Privoznik]

On 4/30/19 3:15 PM, Peter Crowther wrote:

On Tue, 30 Apr 2019 at 10:48, Daniel P. Berrangé 
wrote:


On Tue, Apr 30, 2019 at 10:45:03AM +0100, Peter Crowther wrote:

On Tue, 30 Apr 2019 at 10:40, Michal Privoznik 

wrote:



Is there any problem running libvirtd as root?

Yes, in the regulated environment in which I work!  I have to do far

more

thorough threat analysis than I would do if I knew which capabilities it
had.  So far, we've accepted the extra work; but it would be wonderful to
be able to run a locked-down virtualisation environment.


Libvirtd system mode will want cap_net_admin in order to setup TAP devices
and cap_sys_admin to manage disk permissions to grant QEMU access, at which
point you've lost any security benefit of running it unprivileged with
selective capabilities.

Would it fail hard without these, even if using (for example) pre-created

Ceph block storage, which is our use case?  Or would it only fail when it
tried to make use of a capability that wasn't present?  My reading of
capabilities is that behaviour is indistinguishable until you get an EPERM?

I agree that CAP_DAC_OVERRIDE (per your later mail) is game over for any


CAP_DAC_OVERRIDE won't be required if you don't need libvirt to 
chown()/setfilecon() disk images (dynamic_ownership in qemu.conf).
CAP_SYS_ADMIN is going to be required if you want libvirt to mount some 
nfs based storage pools/create namespaces (note that libvirt creates a 
small namespace for qemu to run in - might need CAP_MKNOD then).


Long story short, why bother with /system if you can't use it and not 
use /session instead?


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] libvirtd via unix socket using system uri

[Michal Privoznik]

On 4/29/19 5:42 PM, lameventa...@gmail.com wrote:



On 29/04/2019 22.01, Michal Privoznik wrote:

On 4/29/19 1:06 PM, lameventa...@gmail.com wrote:

I want to run libvirtd as a special user, and allowing users that belong
to a special group to connect via qemu+unix:///system (eg: unix socket).

I did everything necessary to do so: created a libvirt user and group,
added the libvirt user to the kvm group, added my normal user to the
libvirt group, and made sure the socket is owned by libvirt:libvirt with
permissions set to 770.

libvirtd starts successfully, but when I try to connect as the normal
user I get this error:

bash$ virsh --connect qemu+unix://system
error: failed to connect to the hypervisor
error: invalid argument: using unix socket and remote server 'system' is
not supported.


This is not valid URI.

https://libvirt.org/uri.html

You may want to use 'qemu+unix:///system' or simply 'qemu:///system'
which is the same because libvirt connects via unix socket by default.


Thanks, I missed that.

Now I get this:

$ virsh --connect qemu:///system
error: failed to connect to the hypervisor
error: internal error: unexpected QEMU URI path '/system', try
qemu:///session

But now I see virsh opening the socket, writing, etc.

The server log shows this:

2019-04-29 15:32:07.306+: 20863: info : libvirt version: 5.2.0
2019-04-29 15:32:07.306+: 20863: info : hostname: koji
2019-04-29 15:32:07.306+: 20863: error : virDBusGetSessionBus:169 :
internal error: Unable to get DBus session bus connection: Unable to
autolaunch a dbus-daemon without a $DISPLAY for X11
2019-04-29 15:32:24.534+: 20852: error : qemuConnectOpen:1127 :
internal error: unexpected QEMU URI path '/system', try qemu:///session
2019-04-29 15:32:24.534+: 20851: error : virNetSocketReadWire:1803 :
End of file while reading data: Input/output error

I also wonder if dbus is important, and if so, how to fix it.


This happened because qemu driver for /system doesn't initialize unless 
libvirtd's EUID == 0.






Anyway, you'll need to run libvirtd privileged, otherwise it'll get
EPERM when trying to do almost anything.


I'm aware of that, I want to try and see the limitations, and maybe get
around them by using capabilities?



Is there any problem running libvirtd as root?

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Error connecting to hypervisor

[Michal Privoznik]

On 4/29/19 2:48 PM, Sukrit Bhatnagar wrote:

On Sat, 27 Apr 2019 at 12:53, Michal Prívozník  wrote:


On 4/23/19 11:56 PM, Sukrit Bhatnagar wrote:

Hi,

I have compiled and installed libvirt from git checkout
and started libvirtd service. The version is 5.3.0 and
I have done system-wide installation.

When I do a `virsh list`, I get the following error:
error: failed to connect to the hypervisor
error: Unable to encode message header


This is very suspicious. The error is reported because the function that
is generated by rpcgen and supposed to encode messages failed. Looks
like rpcgen generated some unusable code? What's your rpcgen? I have

glibc-rpcgen-2.26.9000-41.fc28.x86_64

and everything's working for me. BTW if you try compiling from 5.2.0
tarball the error should go away because we ship generated sources in there.


I am using Fedora 29 and glibc-rpcgen is not available.
I have these packages installed for rpc:
rpcgen-1.4-1.fc29.x86_64 (rpcsvc-proto)
libtirpc-1.1.4-2.rc2.fc29.x86_64
libtirpc-devel-1.1.4-2.rc2.fc29.x86_64


Ah, looks like libtirpc bug then. Can you please get a stack trace and 
open a bug?


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] libvirtd via unix socket using system uri

[Michal Privoznik]

On 4/29/19 1:06 PM, lameventa...@gmail.com wrote:

I want to run libvirtd as a special user, and allowing users that belong
to a special group to connect via qemu+unix:///system (eg: unix socket).

I did everything necessary to do so: created a libvirt user and group,
added the libvirt user to the kvm group, added my normal user to the
libvirt group, and made sure the socket is owned by libvirt:libvirt with
permissions set to 770.

libvirtd starts successfully, but when I try to connect as the normal
user I get this error:

bash$ virsh --connect qemu+unix://system
error: failed to connect to the hypervisor
error: invalid argument: using unix socket and remote server 'system' is
not supported.


This is not valid URI.

https://libvirt.org/uri.html

You may want to use 'qemu+unix:///system' or simply 'qemu:///system' 
which is the same because libvirt connects via unix socket by default.


Anyway, you'll need to run libvirtd privileged, otherwise it'll get 
EPERM when trying to do almost anything.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Libvirt pool cannot see or create rbd clones

[Michal Privoznik]

On 4/26/19 11:53 AM, Weller, Lennart wrote:
> Hello everyone,
> 
> To increase my odds of finding an answer I also wanted to ask here.
> This is my post from serverfault[1] in verbatim:
> 
> While trying to get a cloned disk running from my OS snapshot I run
> into the problem that Libvirt cannot see existing images cloned from a
> snapshot. Created via:
> 
> # rbd -p vmdisks clone vmdisks/coreos_2023@base vmdisks/coreos00.disk
> 
> The base image has the one snapshot 'base' and is protected. The cloned
> disk is created just fine:
> 
> # rbd -p vmdisks info coreos00.disk
> rbd image 'coreos00.disk':
>  size 8.49GiB in 2174 objects
>  order 22 (4MiB objects)
>  block_name_prefix: rbd_data.48a99c6b8b4567
>  format: 2
>  features: layering
>  flags:
>  create_timestamp: Thu Apr 25 14:46:52 2019
>  parent: vmdisks/coreos_2023@base
>  overlap: 8.49GiB
> 
> I temporarily have Libvirt configured with a rbd pool that uses the
> ceph admin user. But I cannot see the cloned disk. Just the parent:
> 
> virsh # vol-list --pool rbd_image_root
>   Name Path
> -
> -
>   coreos_2023 vmdisks/coreos_2023
> 
> If I try to create the cloned image from within virsh I run into the
> following issue:
> 
> virsh # vol-clone --pool rbd_image_root coreos_2023 coreos00.disk
> error: Failed to clone vol from coreos_2023
> error: failed to iterate RBD snapshot coreos_2023@base: Operation not
> permitted
> 
> Note that this pool uses the Ceph admin user which makes the Operation
> not permitted a tad odd.
> 
> Am I missing a configuration option here that would allow for the pool
> to use clones? I can't find any information on this in the
> documentation so far. And the source code of libvirt looks like it
> should support both features.
> 
> Versions:
> 
> Libvirt Machine: Ubuntu 18.04
> Compiled against library: libvirt 4.0.0
> Using library: libvirt 4.0.0
> Using API: QEMU 4.0.0
> Running hypervisor: QEMU 2.11.1
> 
> Ceph Machine: openSUSE Leap 42.3
> Ceph 12.2.5
> 

I wonder if this is a libvirt bug. Looks like it. The error comes from 
rbd_diff_iterate() (or rbd_diff_iterate2 if compiled against newer 
librbd). Anyway, a callback is passed to the itreate() function and from 
librbd code it looks like if the callback returns a negative value then 
an error is signalized from the iterate() function. Well, we're passing 
a callback that does nothing but return an error. This might be a 
possible fix then:

diff --git i/src/storage/storage_backend_rbd.c 
w/src/storage/storage_backend_rbd.c
index f8c968e682..08f8123678 100644
--- i/src/storage/storage_backend_rbd.c
+++ w/src/storage/storage_backend_rbd.c
@@ -1038,7 +1038,7 @@ virStorageBackendRBDIterateCb(uint64_t offset 
ATTRIBUTE_UNUSED,
  * searching any further.
  */
 *(int*) arg = 1;
-return -1;
+return 0;
 }
 
 static int



Can you please give it a try?

Thanks,
Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] how to use Libvirt create bridge for vm on Mac OS

[Michal Privoznik]

On 4/23/19 3:59 PM, llilulu wrote:

Hi
Recently, I install Libvirt and Qemu in my Mac book, I find I can't create 
a bridge like linux bridge use for my vm, I want to know how to create a bridge 
on Mac for vm.


I don't think OS X has anything like 'software bridge' built in. Perhaps 
some third party app might have it?


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Failed to probe capabilities on libvirt v5.1.0

[Michal Privoznik]

On 4/11/19 6:20 PM, Vladik Romanovsky wrote:

Hi everyone,

Unfortunately, I'm facing an issue with libvirt 5.1.0 when probing capabilities.

Failed to probe capabilities for /usr/bin/qemu-system-x86_64: internal
error: Failed to start QEMU binary /usr/bin/qemu-system-x86_64 for
probing: qemu-system-x86_64: cannot create PID file: Cannot open pid
file: Permission denied

I see that the qmp directory is being created, however, it belongs to
root instead of qemu:

/var/lib/libvirt/qemu/qmp-U1w6o6:
0 drwx--. 2 root root   6 Apr 11 14:46 qmp-U1w6o6

The user and group are set to "qemu" in /etc/libvirt/qemu.conf


Yep, this is a libvirt bug. There's a fix here:

https://www.redhat.com/archives/libvir-list/2019-April/msg00876.html

BTW: are you running libvirt inside a container perhaps? Or without capng?

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Network hooks for ethernet interfaces

[Michal Privoznik]

On 4/9/19 4:38 PM, Ruben Kerkhof wrote:

Hi all,

I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to
be called when I attach an interface with type 'ethernet' with this
xml snippet:


 
 
 
 


https://www.libvirt.org/hooks.html#intro says
"A network is started or stopped or an interface is plugged/unplugged
to/from the network (since 1.2.2)".

While I don't have a network defined in xml, I'd expect this to work
just as well for 'ethernet' type interfaces. Am I wrong?



Hotplugging an 'ethernet' type of interface doesn't really relate to any 
libvirt network. Hence libvirt doesn't call 'network' hook script. If 
you'd continue reading you'll see what is the 'network' hook fed with 
(on stdin): info on domain in question AND network where the event 
ocurred. But there is no network, is it?


But maybe you can work around this by waiting for 
DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve?


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Error creating virtual network: failed to run '/usr/sbin/dnsmasq --version': : Success

[Michal Privoznik]

On 4/1/19 2:16 PM, Harsh Gondaliya wrote:

I deleted my port virbr0 using brctl command and now when I want to create
a virtual network, it gives me this error:

Error creating virtual network: failed to run '/usr/sbin/dnsmasq
--version': : Success
Here is my systemlog: https://pastebin.com/xjuVnsyL

How to rectify this?


Oh, we are overwritting the actual error with something useless. The 
real error is:


Apr  1 17:41:05 dpdk-OptiPlex-5040 libvirtd.service: 1506: error : 
virCommandWait:2553 : internal error: Child process (LC_ALL=C 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
/usr/sbin/dnsmasq --version) unexpected exit status 126: libvirt:  error 
: cannot execute binary /usr/sbin/dnsmasq: Permission denied


I suggest reviewing and possibly fixing permissions on dnsmasq binary 
(assuming libvirtd is ran as root). Or maybe there's some more info in 
audit.log if this is caused by SELinux.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Error Starting domain: Failed to page size of file

[Michal Privoznik]

On 3/28/19 2:25 PM, Harsh Gondaliya wrote:

I am trying to connect a KVM-QEMU VM to OVS-DPDK vhostuser port. But, I am
encountering a few errors. Since I am very new to libvrt and Linux I am not
able to sort them out. Any guidance in this regard would be a great help.

These are my System Logs:


For future reference, it may be better to use some sharing service (e.g. 
pastebin) rather than pasting huge logs into an e-mail.



*Mar 28 18:03:05 dpdk-OptiPlex-5040 libvirtd.service: 1351: error :
qemuProcessReportLogError:1709 : internal error: early end of file from
monitor, possible problem: 2019-03-28T12:33:05.007674Z qemu-system-x86_64:
-chardev socket,id=charnet0,path=/var/run/openvswitch/vhost-user1: Failed
to connect socket: Permission denied*


This says that your openvswitch is not allowing qemu to connect. You 
need to fix your permissions.



*Mar 28 18:03:05 dpdk-OptiPlex-5040 virtlogd[6704]: Cannot open log file:
'/var/log/libvirt/qemu/VM1.log': Device or resource busy*


This is suspicious, but if I recall correctly, this was fixed a while 
ago. You might want to test the latest libvirt. BTW what is your libvirt 
version?




*Mar 28 18:35:58 dpdk-OptiPlex-5040 libvirtd.service: 1530: error :
qemuProcessReportLogError:1709 : internal error: process exited while
connecting to monitor: 2019-03-28T13:05:58.059732Z qemu-system-x86_64:
-object
memory-backend-file,id=ram-node0,prealloc=yes,mem-path=/dev/hugepages/libvirt/qemu,share=yes,size=2147483648:
failed to get page size of file /dev/hugepages/libvirt/qemu: No such file
or directory*


Interesting. Libvirt detected /dev/hugepages as a hugetlbfs mount but 
failed to create the directory structure there? Or perhaps it did but 
somebody/something has removed it. Or maybe, after libvirtd was started 
then /dev/hugepages was mounted over, e.g.:


# mount none /dev/hugepages -t hugetlbfs -o pagesize=1GB

which replaces /dev/hugepages mount point with a new filesystem masking 
the old one (with the directory structure) out.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Virt-Lightning: a cloud-like CLI for libvirt

[Michal Privoznik]

On 3/26/19 11:27 PM, Gonéri Le Bouder wrote:

Hi all,

Tl;dr: Virt-Lightning uses libvirt, cloud-init and libguestfs to allow
anyone to quickly start new VM. Very much like a container CLI interface,
but locally.

-> https://github.com/virt-lightning/virt-lightning

To validate my Ansible roles, I was looking for a way to quickly start
and stop my test environments. I was looking for an experience similar
to what we have with the containers. Virt-lightning takes a distribution
name as main input. The output is the IP address of a freshly deployed
VM on which I can run my tests.

Virt-Lightning uses master QCOW2 images with backing file and avoid the
use of DHCP, this to speedup up the first boot. The configuration is
done by cloud-init. The whole deployment is rather fast. For instance, I
can deploy 3 VM in 25s (Lenovo T580).


Impressive.



cloud-init is used to create the user account, inject the SSH keys,
prepare the network configuration and resize the file system.

Regards,



Cool. Do you want to add it to https://libvirt.org/apps.html ?
If so, you can just send a patch against libvirt.git/docs/apps.html.in 
(or I can do that if you don't feel like it).


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] Obtaining the PID of a domain's QEMU process from C

[Michal Privoznik]

On 3/11/19 9:02 AM, Erik Skultety wrote:

On Sat, Mar 09, 2019 at 04:32:00PM +0100, Michal Prívozník wrote:

On 3/1/19 2:31 AM, Shawn Anastasio wrote:

Hello all,

I'm currently writing a C program that uses the libvirt API and I need a
way to obtain the pid of a given domain's QEMU process.

Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get
the pid of clients that connect to it, and I would like to use that pid
to look up the domain in libvirt to determine the proper domain ID to
return to the client.

As far as I can tell, libvirt doesn't expose this information in an easy
to access manner. Of course it is possible to call `ps` and grep for the
information I'm looking for, but I was hoping for a cleaner solution.

If anybody knows how to do this, advice would be greatly appreciated.


There isn't an API for that as we don't want users to fiddle with qemu


That's right, and it should stay that way. On the other hand, the same way we
can't prevent anyone from editing /etc/libvirt/qemu/.xml or
/var/run/libvirt/qemu/.xml or run the 'ps' command or whatever we might
as well report the PID as part of virConnectListAllDomains data. I don't have
a problem with reporting PIDs in principle, provided it's used for informatory
purposes.
Having said that, there's the question of why libvirt should report something
that it doesn't need to consume, IOW we report machine ID which we can use to
control the machine, we also report UUID which we can consume, but we'd do
absolutely nothing with the PID besides reporting it.
Another thing is that reporting PIDs of machines running on a remote host is
quite useless for locally running clients.


Alternatively, we may do what LXC driver already does -> domain ID is 
PID of init running within the container. In QEMU driver, the domain ID 
can be PID of qemu then.


Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] VM running with storage image file deleted

[Michal Privoznik]

On 1/10/19 11:19 AM, Roosen, Nicolas wrote:
> Hello, I have a strange issue I'd like to have some insights on.
> 
> 
> We have 2 running VM, the storage pool is over NFS. Unfortunately, the 
> backend storage folder has been deleted (so the image file in it as well, 
> obviously) ...
> 
> 
> Yet, the 2 VM are still up and running, with their root filesystem being 
> mounted "rw".
> 
> 
> - how does that work? I was expecting that with the file image being deleted, 
> the VM would not work at all.
> 
> - since the VM is still running, is there a way to create a snapshot of it in 
> order to re-create the image file on another storage pool ? I'm currently 
> exploring "virsh snapshot-create-as ...", but if access to the image file is 
> needed, it will fail.
> 

On Linux a file is not deleted right away if there's a process that has
the file opened, which is your case. The deletion is deferred until the
last process closed the file.

In order to rescue the file you could get the PID of qemu that still has
the disk open, and then find the FD corresponding to the file and with
some magic you should be able to recover the file:

# pgrep qemu
221472

# ls -l /proc/221472/fd/ | grep deleted
lr-x-- 1 root root 64 Jan 10 11:31 29 ->
/var/lib/libvirt/images/fd.img (deleted)

(Here, 29 is the FD we're looking for)

# dd if=/proc/221472/fd/29 of=blah.img

snapshot-create-* won't work because that will instruct qemu to open the
file again which will fail because the filename is gone.

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users

Re: [libvirt-users] "virsh list --all" is intermittently causing a shutdown client to boot?

[Michal Privoznik]

On 12/11/18 3:39 PM, Peter Kukla wrote:
> Hello,
> 

Could it be that the domain is set as "autostart"? The session daemon is
slightly different to system daemon. The former come and go if there is
no activity for (by default) 30 seconds. And if the domain would be
marked as 'autostart' (meaning start the domain automatically when the
daemon is being started) the I could imagine this happening.

`virsh dominfo $domain' should tell you that.

Michal

___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users