[libvirt] how do I stop libvirt futzing with my network configuration?

Sat Nov 28 22:25:45 UTC 2009

On Sat, Nov 28, 2009 at 5:06 PM, Nix <nix at esperi.org.uk> wrote:
> On 28 Nov 2009, Ian Woodstock spake thusly:
>> I've been running with this configuration for many months on dozens of hosts.
>>
>> - Created a bridge (the old fashion way) in /etc/sysconfig/network-scripts
>> Bridge called br0 with one device eth1.
>>
>> - Created a VM in virt manager (or edit existing)
>> Picked "Shared Physical Device"  Device "eth1 (Bridge br0)"  in the GUI.
>
> That's the mystery. I did it (directly via brctl, as it happens, 'cos I'm
> making several with particular properties and want to enforce them):
>
> spindle:/etc/libvirt/qemu# brctl show
> bridge name     bridge id               STP enabled     interfaces
> linux-net               8000.06eb4e4985df       no              dummy0
> [...]
>
> 52: linux-net: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
>    link/ether 06:eb:4e:49:85:df brd ff:ff:ff:ff:ff:ff
>    inet 192.168.20.1/32 scope global linux-net
>
> (hm, the state UNKNOWN is sort of bizarre. It's up...)

It's unknown because you're using the dummy device (which will just
send all bits to a deep dark hole) and we can't do things like check
the status of the interface/link etc.
I suspect that's why libvirt won't let you connect to it, since
libvirt is looking for a "shared physical device" and there's not a
device in the bridge.

>
> (dummy0 is a member of this bridge because I've previously noted that a
> bridge with no members at all isn't picked up by the GUI).
>
> It appears in the GUI, all right: as 'host device linux-net (not bridged)',
> greyed out and unselectable. Calling a bridge 'not bridged' is more than
> slightly bizarre.
>

Actually I think this is correct. It's not bridged to a physical
device, it's plumbed to nothing.

> Perhaps the netcf thing means I'm *required* to stick stuff in
> /etc/sysconfig/network-scripts even though I'm not using RH so it would
> never otherwise be used? From my reading of the source, that's not so...

No, it's not required, it just must be up some how (brctl works fine)
>
> I suppose I should just have it check for the bridge and rip out all this
> other stuff, but it seems bizarre that I have to do it.
>
>> Or just add it to the VMs XML
>
> That's too late to run the installer if it needs to access the network :/
> I suppose I could continue doing the VM installation qemu run by hand...

>
>> Works like a charm and there's certainly no configuration in libvirt
>> for this interface, ie. nothing in /var/run/libvirt/network, and
>> *nothing* set up in Virt Manager under "Host Details->Virtual networks
>>
>> You do need to make sure that you disable netfilter on the bridge or
>> setup the appropriate iptables rules ( see
>> http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29)
>
> There's no iptables at all on this particular box (at least not yet,
> although it may turn up later on when I put Windows guests on here: I'm
> not having *them* running around free).
>

So it sounds like the root of your issue now is that you're using
dummy network device.
Is that being done temporarily now because you don't have a network
plumbed in or is there some other use case?