[libvirt] how do I stop libvirt futzing with my network configuration?

Ian Woodstock ian.woodstock at gmail.com
Sat Nov 28 21:44:19 UTC 2009 

----- "Nix" <nix at esperi.org.uk> wrote:
> From: "Nix" <nix at esperi.org.uk>
> To: "Daniel P. Berrange" <berrange at redhat.com>
> Cc: libvir-list at redhat.com
> Sent: Saturday, November 28, 2009 4:10:28 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [libvirt] how do I stop libvirt futzing with my network configuration?
>
> On 26 Nov 2009, Daniel P. Berrange spake thusly:
>
> > On Thu, Nov 26, 2009 at 06:25:07PM +0000, Nix wrote:
> >> However, there appears to be no way to say 'this is what the network is
> >> already like'. That network is considered 'inactive' and can't be used by
> >> any guests, and if I try to make it active, I get this:
> >>
> >> virsh # net-start default
> >> error: Failed to start network default
> >> error: cannot create bridge 'vm-net': File exists
> >>
> >> Of course it bloody can't create that bridge: it's already there, has an
> >> IP address on the host, and has the host routing packets to it. There
> >> appears to be no option to allow libvirt to assign IPs on the host...
> >>
> >> ... should I fix that, 'net-start' tries to update iptables rules!
> >> How should I put this: I do not *not not* want libvirt pissing with the
> >> firewall in any way at all. If I want firewall rules, I'll create them.
> >> But there's no way to tell it 'hands off! This network is already active,
> >> don't try to *make* it active!'
> >
> > If you don't want libvirt to create the bridge + setup IPtables rules
> > then don't use the  net-XXX  commands / XML. That functionality is
> > not there for pointing libvirt to existing bridge devices.
> >
> > If you already have a bridge configured, then just point the guest
> > directly at that bridge by name.
>
> OK, I still can't make this work: it worked briefly but then stopped.
> As far as I can tell tools like virt-manager are unwilling to *let* you
> connect to a network considered 'inactive', and networks are only
> considered active if they have a configuration file under
> /var/run/libvirt/network. These files are only created if libvirt has
> created the bridge itself as well. If no networks are considerd active,
> virt-manager won't let you create a guest at all: it insists on trying
> to start the sodding network, and when that fails doesn't let you get
> any further.
>

I've been running with this configuration for many months on dozens of hosts.

- Created a bridge (the old fashion way) in /etc/sysconfig/network-scripts
Bridge called br0 with one device eth1.

- Created a VM in virt manager (or edit existing)
Picked "Shared Physical Device"  Device "eth1 (Bridge br0)"  in the GUI.

Or just add it to the VMs XML

    <interface type='bridge'>
      <mac address='52:54:00:4f:0a:76'/>
      <source bridge='br0'/>
    </interface>

Works like a charm and there's certainly no configuration in libvirt
for this interface, ie. nothing in /var/run/libvirt/network, and
*nothing* set up in Virt Manager under "Host Details->Virtual networks

You do need to make sure that you disable netfilter on the bridge or
setup the appropriate iptables rules ( see
http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29)



> So as far as I can tell, if you don't want libvirt creating all your
> bridges for you, you may as well give up hope of using virt-manager, or
> start hacking all this stuff out of the source.
>
> I hoped I could use libvirt in conjunction with raw qemu. So much for
> that, it seems :( it *really* wants to take over the world...
>
>
> (aside: ideally I should not have to spend half an hour crawling around
> the source to figure this out. The only other program I've ever seen
> that was this hard to set up was Oracle! Whole *Linux distros* take less
> work than this. I have half a dozen patches I'll send your way, but I
> wasn't going to send any of them until I'd actually managed to get a VM
> working. I got one up last night, somehow -- I no longer have any idea
> how, obviously one network had somehow got marked active -- whereupon
> KVM fell over. *sigh*)
>
> --
> Libvir-list mailing list
> Libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>

More information about the libvir-list mailing list