[libvirt] how do I stop libvirt futzing with my network configuration?

Nix nix at esperi.org.uk
Sat Nov 28 21:10:28 UTC 2009

On 26 Nov 2009, Daniel P. Berrange spake thusly:

> On Thu, Nov 26, 2009 at 06:25:07PM +0000, Nix wrote:
>> However, there appears to be no way to say 'this is what the network is
>> already like'. That network is considered 'inactive' and can't be used by
>> any guests, and if I try to make it active, I get this:
>> virsh # net-start default
>> error: Failed to start network default
>> error: cannot create bridge 'vm-net': File exists
>> Of course it bloody can't create that bridge: it's already there, has an
>> IP address on the host, and has the host routing packets to it. There
>> appears to be no option to allow libvirt to assign IPs on the host...
>> ... should I fix that, 'net-start' tries to update iptables rules!
>> How should I put this: I do not *not not* want libvirt pissing with the
>> firewall in any way at all. If I want firewall rules, I'll create them.
>> But there's no way to tell it 'hands off! This network is already active,
>> don't try to *make* it active!'
> If you don't want libvirt to create the bridge + setup IPtables rules
> then don't use the  net-XXX  commands / XML. That functionality is 
> not there for pointing libvirt to existing bridge devices.
> If you already have a bridge configured, then just point the guest 
> directly at that bridge by name.

OK, I still can't make this work: it worked briefly but then stopped.
As far as I can tell tools like virt-manager are unwilling to *let* you
connect to a network considered 'inactive', and networks are only
considered active if they have a configuration file under
/var/run/libvirt/network. These files are only created if libvirt has
created the bridge itself as well. If no networks are considerd active,
virt-manager won't let you create a guest at all: it insists on trying
to start the sodding network, and when that fails doesn't let you get
any further.

So as far as I can tell, if you don't want libvirt creating all your
bridges for you, you may as well give up hope of using virt-manager, or
start hacking all this stuff out of the source.

I hoped I could use libvirt in conjunction with raw qemu. So much for
that, it seems :( it *really* wants to take over the world...

(aside: ideally I should not have to spend half an hour crawling around
the source to figure this out. The only other program I've ever seen
that was this hard to set up was Oracle! Whole *Linux distros* take less
work than this. I have half a dozen patches I'll send your way, but I
wasn't going to send any of them until I'd actually managed to get a VM
working. I got one up last night, somehow -- I no longer have any idea
how, obviously one network had somehow got marked active -- whereupon
KVM fell over. *sigh*)

