[libvirt] how do I stop libvirt futzing with my network configuration?

Cole Robinson crobinso at redhat.com
Mon Nov 30 13:29:35 UTC 2009 

On 11/28/2009 04:10 PM, Nix wrote:
> On 26 Nov 2009, Daniel P. Berrange spake thusly:
> 
>> On Thu, Nov 26, 2009 at 06:25:07PM +0000, Nix wrote:
>>> However, there appears to be no way to say 'this is what the network is
>>> already like'. That network is considered 'inactive' and can't be used by
>>> any guests, and if I try to make it active, I get this:
>>>
>>> virsh # net-start default
>>> error: Failed to start network default
>>> error: cannot create bridge 'vm-net': File exists
>>>
>>> Of course it bloody can't create that bridge: it's already there, has an
>>> IP address on the host, and has the host routing packets to it. There
>>> appears to be no option to allow libvirt to assign IPs on the host...
>>>
>>> ... should I fix that, 'net-start' tries to update iptables rules!
>>> How should I put this: I do not *not not* want libvirt pissing with the
>>> firewall in any way at all. If I want firewall rules, I'll create them.
>>> But there's no way to tell it 'hands off! This network is already active,
>>> don't try to *make* it active!'
>>
>> If you don't want libvirt to create the bridge + setup IPtables rules
>> then don't use the  net-XXX  commands / XML. That functionality is 
>> not there for pointing libvirt to existing bridge devices.
>>
>> If you already have a bridge configured, then just point the guest 
>> directly at that bridge by name.
> 
> OK, I still can't make this work: it worked briefly but then stopped.
> As far as I can tell tools like virt-manager are unwilling to *let* you
> connect to a network considered 'inactive', and networks are only
> considered active if they have a configuration file under
> /var/run/libvirt/network. These files are only created if libvirt has
> created the bridge itself as well. If no networks are considerd active,
> virt-manager won't let you create a guest at all: it insists on trying
> to start the sodding network, and when that fails doesn't let you get
> any further.
> 

virt-manager should be fixed here, it should offer some fallback (at least 'no
networking') if it can't start the virtual network.

But if you don't want the virtual network at all and it can't be started
without erroring, you want to virsh net-undefine it, or delete it in
virt-manager via:

Edit->Host Details->Networks

> So as far as I can tell, if you don't want libvirt creating all your
> bridges for you, you may as well give up hope of using virt-manager, or
> start hacking all this stuff out of the source.
> 

If you create a manual bridge, virt-manager should see it. However, the
virtinst bug I mentioned in my other email was conspiring to make this not
work for you. Pull from virtinst, and your manually created bridge devices
should show up in virt-manager.

- Cole

More information about the libvir-list mailing list