Re: [fedora-virt] Routing to guests
by Robert Thiem
> From: Philip Rhoades
> I can ssh from/to the host/guest OK but how do I set up a route (or
> whatever is necessary) so that another machine:
> eth0: 192.168.0.12
> can ssh to the guest? - "ssh 192.168.122.68" gives "no route to host" -
> http://docs.fedoraproject.org/virtualization-guide/f12/en-US/html/ but
> the problem does not seem to be covered there.
Alexander is correct in saying that bridging would allow you to do that.
There are two networking discussed in the guide.
The first is a NAT (network address translation), in which the guests are
given "private" ip addresses and any outbound traffic appears to be coming
from the host machine's IP address. This is the same as the setup on your
ADSL router where the internal network machines get addresses of
192.168.x.x but the internet sees your requests as coming from the IP
address of your router.
There should be lots of documentation in linux firewalling guides under
sections on NAT (or possibly called IP Masquerading in some). Have a look
at these for information on port forwarding to reveal services
inside the virtual (such as ssh).
The other option is bridging. This shares the physical network interface
of the host with the guest. In this case the VM acts as though it's a
machine plugged into the same subnet as the host, its services are
accessible like those of the host and it's as vulnerable to attack as the
host.
Robert
11 years, 4 months
Fedora 14 KVM - all SMP 2.6.35.x guests are hanging
by Richard Chan
Hi,
Running Fedora 14 Beta x86_64, yum updated, on AMD Phenom X4 CPU.
All KVM SMP 2.6.35 guests are hanging during boot; the odd thing is that the
console echoes characters but the system does not come up.
E.g. I had a Ubuntu 10.04 guest which works ok; after upgrading to 2.6.35
(Ubuntu 10.10) couldn't boot to shell.
Fedora 14 beta install DVD also fails to boot to anaconda
The F14 Beta install DVD boots to
hpet0: at MMIO 0xfed0000, IRQs 2, 8, 0
hpet0: 3 comparators, 64-bit 100.000000 MHz counter
Switching to clocksource kvm-clock
I've tried clocksource=tsc =hpet0 = acpi_pm
Tthe console can echo characters but nothing happens.
I sort of found this obscure thread on 2.6.35-rc1, pvclock, SMP regressions
https://patchwork.kernel.org/patch/226981/
Thanks
12 years, 7 months
Xen dom0 (core) merged to upstream Linux 2.6.37 and other new features
by Pasi Kärkkäinen
Hello,
People here might be interested to know that Xen pvops dom0 core
was merged to upstream Linux kernel during the 2.6.37 merge window!
This has been in the works for a long time, so it's good news.
Note that this is the core/initial merge, there's more upstreaming
needed to get for example the Xen dom0 backend drivers merged
to be able to run other domains using the upstream kernel.
Xen developers are working on upstreaming more of the missing bits
in the next Linux versions.
Recently in addition to the Xen dom0 bits there has been other
upstreamed features aswell:
- Xen PV-on-HVM drivers for fully virtualized (HVM) Linux guests in 2.6.36,
and optimizations for the drivers in 2.6.37.
- Xen PCI front driver in Linux 2.6.37 for PCI passthru to Xen PV guests
(works also with hardware where VT-d/IOMMU is not available).
There will also be a git kernel tree based on 2.6.37 with the backend
drivers and other not-yet-upstreamed patches included.
-- Pasi
12 years, 7 months
Fedora Virt Bits of Note
by Justin Forbes
Fedora 13
- We have 151 open bugs, 8 of which have fixes in awaiting updates.
- With Fedora 14 release so close, Fedora 13 is really in maintenance mode.
- 3 bugs have been closed.
Fedora 14
- Beta has shipped, and the change deadline has past. Any new updates will
now become 0 day updates.
- Qemu-0.13.0 is now available for F14 (and for F13 virt-preview users).
- Test composes are in progress for the release.
- qemu, spice, and libguestfs have seen recent updates.
- We have 34 open bugs, 7 of which have fixes awaiting updates to push.
- 9 Bugs have been closed.
Bugs of importance:
- 601012 vhost-net module should be loaded automatically
This will be fixed in a zero day update for qemu.
- 644973 On an AMD F14 host, running an F14 guest with 2 cores assigned
hangs for "a long time" (several 10's of minutes) at start of boot
It appears the issue is identified, a patch will need to be added to
the next kernel update.
12 years, 7 months
CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
by Richard W.M. Jones
(This bug was found by Matthew Booth during routine code review)
We found a security issue which affects libguestfs programs in some
circumstances. Since we don't pass the disk format through to qemu, a
malicious guest backed by raw-format storage might craft a qcow2
header into its own disk. QEmu would interpret this, and qcow2 offers
a wide range of features such as accessing arbitrary backing files
from the host, allowing the guest to read a host file (under rather
narrow conditions, see below).
All versions of virt-v2v are vulnerable. virt-inspector is vulnerable
for versions <= 1.5.3. Other programs that use libguestfs may be
vulnerable.
You should review the bug below carefully to find out if you could be
affected, particularly the Description and Comment 1:
https://bugzilla.redhat.com/show_bug.cgi?id=643958
A CVE has been allocated to this bug:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2010-3851
No fix is available at present, but we are working on one. In the
meantime, avoid using libguestfs / tools on:
- untrusted, malicious guests that use raw-format storage
- where you are running commands from these guests
(http://libguestfs.org/guestfs.3.html#running_commands)
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
12 years, 7 months
ANNOUNCE: virt-tools.org website
by Richard W.M. Jones
I'm pleased to announce the virt-tools.org website:
http://virt-tools.org/
The "virt tools" are an informal group of system administration tools
for small-scale Linux virtualization, including virt-manager,
virt-install, libvirt, virt-v2v, libguestfs, virt-df, virt-top and
more.
The virt tools website is an umbrella project to provide
documentation, tutorials, online help and roadmaps for these tools.
The website does *not* replace the existing upstream websites, but
hopes to complement those sites by providing documentation that
crosses tool boundaries and help to get started.
The site is open source and we welcome your contributions. Get the
git repository here:
http://git.fedorahosted.org/git/?p=virt-tools.git
and send patches to the mailing list:
http://virt-tools.org/contact/#mailing-list
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
12 years, 7 months
PCI passthrough IDE DVD-ROM shares same PCI device as SATA HDD?
by John Brier
Hi, I'm on F13 x86_64 with KVM. I would like to build a Fedora 13
guest with wine and EAC (Exact Audio Copy) for ripping audio CDs. I
was hoping to use a newly installed DVD-ROM from an old system, but it
looks like it is on the same IDE Bus as one of my SATA drives that is
already in a RAID 5 array.. so I don't think this will work. It seems
odd to me that my motherboard would have a SATA bus and IDE bus share
the same PCI device.. take a look:
[root@trainwreck ~]# virsh nodedev-list --tree
computer
|
+- net_lo_00_00_00_00_00_00
+- net_vnet0_0e_15_40_a9_a4_fb
+- pci_0000_00_00_0
+- pci_0000_00_01_0
| |
| +- pci_0000_01_05_0
| +- pci_0000_01_05_1
|
+- pci_0000_00_05_0
| |
| +- pci_0000_02_00_0
| |
| +- net_eth1_40_61_86_be_7d_d0
|
+- pci_0000_00_11_0
| |
| +- scsi_host0
| | |
| | +- scsi_target0_0_0
| | |
| | +- scsi_0_0_0_0
| | |
| | +- block_sda_WDC_WD2500YS_01SHB1_WD_WCANY3824770
| |
| +- scsi_host1
| | |
| | +- scsi_target1_0_0
| | |
| | +- scsi_1_0_0_0
| | |
| | +- block_sdb_WDC_WD2500YS_01SHB1_WD_WCANY1981711
| |
| +- scsi_host2
| | |
| | +- scsi_target2_0_0
| | |
| | +- scsi_2_0_0_0
| | |
| | +- block_sdc_SAMSUNG_HD203WI_S1UYJ1RZ603028
| |
| +- scsi_host3
| |
| +- scsi_target3_0_0
| |
| +- scsi_3_0_0_0
| |
| +- block_sdd_SAMSUNG_HD203WI_S1UYJ1RZ603027
|
+- pci_0000_00_12_0
| |
| +- usb_usb3
| |
| +- usb_3_0_1_0
| +- usb_3_2
| |
| +- usb_3_2_1_0
| +- usb_3_2_1_1
|
+- pci_0000_00_12_1
| |
| +- usb_usb4
| |
| +- usb_4_0_1_0
|
+- pci_0000_00_12_2
| |
| +- usb_usb1
| |
| +- usb_1_0_1_0
| +- usb_1_3
| |
| +- usb_1_3_1_0
| |
| +- scsi_host6
| |
| +- scsi_target6_0_0
| |
| +- scsi_6_0_0_0
| |
| +-
block_sdf_FANTOM_WD10EACS_00D6B0_57442D574341553430333035_0_0
|
+- pci_0000_00_13_0
| |
| +- usb_usb5
| |
| +- usb_5_0_1_0
|
+- pci_0000_00_13_1
| |
| +- usb_usb6
| |
| +- usb_6_0_1_0
|
+- pci_0000_00_13_2
| |
| +- usb_usb2
| |
| +- usb_2_0_1_0
|
+- pci_0000_00_14_0
+- pci_0000_00_14_1
| |
| +- scsi_host4
| | |
| | +- scsi_target4_0_0
| | |
| | +- scsi_4_0_0_0
| | |
| | +- block_sr0
| |
| +- scsi_host5
| |
| +- scsi_target5_0_0
| |
| +- scsi_5_0_0_0
| |
| +- block_sde_SAMSUNG_HD203WI_S1UYJ1RZ603031
|
+- pci_0000_00_14_2
+- pci_0000_00_14_3
+- pci_0000_00_14_4
| |
| +- pci_0000_03_06_0
| |
| +- net_eth0_00_10_4b_1f_95_71
|
+- pci_0000_00_14_5
| |
| +- usb_usb7
| |
| +- usb_7_0_1_0
|
+- pci_0000_00_18_0
+- pci_0000_00_18_1
+- pci_0000_00_18_2
+- pci_0000_00_18_3
+- pci_0000_00_18_4
The PCI device I'm concerned with is pci_0000_00_14_1 which has
/dev/sr0 on it which is my IDE DVD ROM, but it also has my Samsung 2TB
hard drive on it, which is SATA
[root@trainwreck ~]# virsh nodedev-dumpxml pci_0000_00_14_1
<device>
<name>pci_0000_00_14_1</name>
<parent>computer</parent>
<driver>
<name>pata_atiixp</name>
</driver>
<capability type='pci'>
<domain>0</domain>
<bus>0</bus>
<slot>20</slot>
<function>1</function>
<product id='0x439c'>SB700/SB800 IDE Controller</product>
<vendor id='0x1002'>ATI Technologies Inc</vendor>
</capability>
</device>
It would be better if it were on this which has the rest of my SATA
drives on it:
[root@trainwreck ~]# virsh nodedev-dumpxml pci_0000_00_11_0
<device>
<name>pci_0000_00_11_0</name>
<parent>computer</parent>
<driver>
<name>ahci</name>
</driver>
<capability type='pci'>
<domain>0</domain>
<bus>0</bus>
<slot>17</slot>
<function>0</function>
<product id='0x4390'>SB700/SB800 SATA Controller [IDE mode]</product>
<vendor id='0x1002'>ATI Technologies Inc</vendor>
</capability>
</device>
Previously I had tried using attach-disk to add the device to a guest
but that seems impossible:
[root@trainwreck ~]# virsh attach-disk digweed /dev/sr0 hda --driver
file --type cdrom --mode readonly
error: Failed to attach disk
error: internal error Removable media not supported for cdrom device
It seems that is only usable for iso files? That seems a little
contradictory to the docs:
http://docs.fedoraproject.org/en-US/Fedora/13/html/Virtualization_Guide/s...
What's the best way to achieve this? I suppose I could hook up a USB
IDE DVD ROM as I do have one of those, and it wouldn't share the same
PCI device.
John Brier
12 years, 8 months
