[libvirt] how do I stop libvirt futzing with my network configuration?

Daniel P. Berrange berrange at redhat.com
Mon Nov 30 09:56:26 UTC 2009 

On Sat, Nov 28, 2009 at 09:10:28PM +0000, Nix wrote:
> On 26 Nov 2009, Daniel P. Berrange spake thusly:
> 
> > On Thu, Nov 26, 2009 at 06:25:07PM +0000, Nix wrote:
> >> However, there appears to be no way to say 'this is what the network is
> >> already like'. That network is considered 'inactive' and can't be used by
> >> any guests, and if I try to make it active, I get this:
> >> 
> >> virsh # net-start default
> >> error: Failed to start network default
> >> error: cannot create bridge 'vm-net': File exists
> >> 
> >> Of course it bloody can't create that bridge: it's already there, has an
> >> IP address on the host, and has the host routing packets to it. There
> >> appears to be no option to allow libvirt to assign IPs on the host...
> >> 
> >> ... should I fix that, 'net-start' tries to update iptables rules!
> >> How should I put this: I do not *not not* want libvirt pissing with the
> >> firewall in any way at all. If I want firewall rules, I'll create them.
> >> But there's no way to tell it 'hands off! This network is already active,
> >> don't try to *make* it active!'
> >
> > If you don't want libvirt to create the bridge + setup IPtables rules
> > then don't use the  net-XXX  commands / XML. That functionality is 
> > not there for pointing libvirt to existing bridge devices.
> >
> > If you already have a bridge configured, then just point the guest 
> > directly at that bridge by name.
> 
> OK, I still can't make this work: it worked briefly but then stopped.
> As far as I can tell tools like virt-manager are unwilling to *let* you
> connect to a network considered 'inactive', and networks are only
> considered active if they have a configuration file under
> /var/run/libvirt/network. These files are only created if libvirt has
> created the bridge itself as well. If no networks are considerd active,
> virt-manager won't let you create a guest at all: it insists on trying
> to start the sodding network, and when that fails doesn't let you get
> any further.

These files are all related to the libvirt net-XXX commands, so not
things that are relevant to what you are trying todo.

> So as far as I can tell, if you don't want libvirt creating all your
> bridges for you, you may as well give up hope of using virt-manager, or
> start hacking all this stuff out of the source.

virt-manager supports two primary networking modes described here:

  http://wiki.libvirt.org/page/Networking

The first is the NAT based networking as managed by the net-XXX commands
that you don't want to use. The second is bridging of a physical ethXX
device to share it with a guest

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list