[libvirt-users] It takes long time to start kvm virtual machine with nwfilter in docker container.

Daniel P. Berrangé berrange at redhat.com
Mon Nov 4 10:04:09 UTC 2019

On Mon, Nov 04, 2019 at 04:55:07PM +0800, John Y. wrote:
> 1.  It takes minutes to start the virtual machine when I add "filterref" to
> libvirt.xml and run command "virsh start  vm1".
> It also takes minutes to destroy the virtual machine.

You don't mention which version of libvirt you have...

My guess is that your docker container has set an enourmous ulimit
for max files. On a normal host it is 1024, but on docker I've seen
it default to 1 million.

This impacts libvirt when it spawns processes, which is common with
nwfilter in particular, because we must close all open file handles.
In v5.6.0 we  added code to let libvirt use /proc/$PID/fd to close
file handles, which is massively faster when ulimits are high.

|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvirt-users mailing list