"Virtualising" the rest of the Internet before moving the virtual machine to the physical machine?
by Philip Rhoades
People,
I am building an upgraded server by using a new physical hard disk
(/dev/sdb and leaving the current drive [/dev/sda] untouched) and using
qemu-kvm to virtualise the server using the virtual version of the whole
hard disk (/dev/vda). This allows me to do most of the upgrade from
Fedora 14-64 to Fedora 16-64 in the virtual mode before rebooting on the
new disk and going live with the new server. This is very convenient
and will save a lot of down time for the server but there are some
limitations. I host a number of different domains and their web sites
and there are Ruby on Rails upgrade issues to sort out going from F14 o
F16 but in the virtual mode I can't check if the Apache VirtualHosts are
working or not - so I was wondering if there is some way - maybe using a
dodgy virtual DNS setup or something - that will allow the virtual
machine to "see" the rest of the "virtual" Internet so I can test browse
to each of the different domains' web sites and sort out problems
instead of having to do it after taking the new hard disk live.
I am probably not explaining this very well - do people see what I am
getting at?
Thanks,
Phil.
--
Philip Rhoades
GPO Box 3411
Sydney NSW 2001
Australia
E-mail: phil(a)pricom.com.au
12 years, 2 months
Re: [fedora-virt] Routing to guests
by Robert Thiem
> From: Philip Rhoades
> I can ssh from/to the host/guest OK but how do I set up a route (or
> whatever is necessary) so that another machine:
> eth0: 192.168.0.12
> can ssh to the guest? - "ssh 192.168.122.68" gives "no route to host" -
> http://docs.fedoraproject.org/virtualization-guide/f12/en-US/html/ but
> the problem does not seem to be covered there.
Alexander is correct in saying that bridging would allow you to do that.
There are two networking discussed in the guide.
The first is a NAT (network address translation), in which the guests are
given "private" ip addresses and any outbound traffic appears to be coming
from the host machine's IP address. This is the same as the setup on your
ADSL router where the internal network machines get addresses of
192.168.x.x but the internet sees your requests as coming from the IP
address of your router.
There should be lots of documentation in linux firewalling guides under
sections on NAT (or possibly called IP Masquerading in some). Have a look
at these for information on port forwarding to reveal services
inside the virtual (such as ssh).
The other option is bridging. This shares the physical network interface
of the host with the guest. In this case the VM acts as though it's a
machine plugged into the same subnet as the host, its services are
accessible like those of the host and it's as vulnerable to attack as the
host.
Robert
12 years, 2 months
F14 virt-manager console VERY slow
by KC8LDO
I haven't got any information on how to fix my problem with virt-manager's
console being VERY slow. The same thing happens when using ssh and port
forwarding to access the VM, it's VERY slow. I can connect to the VM using
tigervnc locally and the speed increase is huge. Until I figure out what is
wrong using any of my VM's remotely is totally unusable.
The packages I have installed are:
qemu-common.x86_64 2:0.13.0-1.fc14
qemu-img.x86_64 2:0.13.0-1.fc14
qemu-kvm.x86_64 2:0.13.0-1.fc14
qemu-system-x86.x86_64 2:0.13.0-1.fc14
vinagre.x86_64 2.31.4-1.fc14
vino.x86_64 2.32.2-1.fc14
virt-manager.noarch 0.8.7-2.fc14
virt-mem.x86_64 0.3.1-9.fc12
virt-v2v.x86_64 0.8.1-2.fc14
libvirt.x86_64 0.8.3-10.fc14
libvirt-client.x86_64 0.8.3-10.fc14
libvirt-python.x86_64 0.8.3-10.fc14
python.x86_64 2.7-8.fc14.1
gtk-vnc.x86_64 0.4.2-4.fc14
gtk-vnc-python.x86_64 0.4.2-4.fc14
So why so slow and what is the difference between accessing the VM using
virt-manger's console display verses using tigervnc?
Regards,
Lee
12 years, 2 months
virtual mashines
by Андрей Сафонов
Hello
Is it possible to manage vitualnymi machines from a text console?
Interested in starting, reboot, shut down. I do not know how to put
Android graphical console for Linux.
--
best regards,
AS
12 years, 2 months
Re: [fedora-virt] VM with access to outside world, but not LAN?
by Gianluca Cecchi
On Tue Jan 3 17:26:33 UTC 2012 Andrew Cathrow wrote:
> >
> > Not only that, I was actually able to make it work :-).
> >
> > http://home.comcast.net/~tomhorsley/wisdom/braindump/isolate.html
>
> on a side note, you don't seem to have delay set in the bridge definition, if you don't care about live migrations then it won't matter of course.
>
Probably useful to elaborate more...
Information taken from linuxfoundation.org web site:
"
Forwarding delay time is the time spent in each of the Listening and
Learning states before the Forwarding state is entered.
This delay is so that when a new bridge comes onto a busy network it
looks at some traffic before participating.
...
One common mistake is that the default bridge forwarding delay setting
is 30 seconds. This means that for the first 30 seconds after an
interface joins a bridge, it won't send anything.
This is because if the bridge is being used in a complex topology, it
needs to discover other bridges and not create loops.
This problem was one of the reasons for the creation of Rapid Spanning
Tree Protocol (RSTP).
"
Is it correct to say that so if we don't explicitly set
DELAY=0
in our bridge configuration, it will default to 30 seconds and during
live migration the vm on target hypervisor will loose 30 seconds when
its virtual nic, if configured on a bridge, will join the bridge
during its power on/paused state?
On linuxfoundation.org page there is also this statement regarding
dhcp client configuration on a bridge:
"
If the bridge is being used standalone (no other bridges near by).
Then it is safe to turn the forwarding delay off (set it to zero),
before adding interface to a bridge.
"
What is the meaning of the "safe" word above? Suppose a KVM
hypervisor with several bridges configured, do we risk anything
putting DELAY=0 to all of them then?
Thanks in advance,
Gianluca
12 years, 2 months
Virtual CD-ROM & floppy problems in F16
by Ian Pilcher
I am trying to set up a (32-bit) Windows 7 guest on Fedora 16, and I've
run into a couple of irritating problems.
1. The guest does not seem to recognize the virtual floppy drive at
all. I've used virt-manager to create a virtual floppy drive (and
controller), confirmed that it appears in the XML, and attached the
VirtIO driver VFD, but the guest is acting as if it doesn't have a
floppy drive at all -- both during installation and after I install
to an emulated IDE disk.
2. I am unable to attach an ISO file to the virtual CD-ROM. Clicking
on the "Attach" button in virt-manager has no effect. The only way
I've been able to achieve this is to shut down the guest and delete
and recreate the CD-ROM.
Is anyone seeing anything like this? Any ideas what could be going on?
Thanks!
--
========================================================================
Ian Pilcher arequipeno(a)gmail.com
"If you're going to shift my paradigm ... at least buy me dinner first."
========================================================================
12 years, 2 months
VM with access to outside world, but not LAN?
by Tom Horsley
I've been trying to figure out how to make a virtual machine
that has network access to the outside world, but not to any
machines on my local LAN.
This seems like something that would be an FAQ, but I can't
find anything quite like it in any examples.
This is sort of a continuation of a thread in the
fedora users list where specific details of my
setup can be found:
http://lists.fedoraproject.org/pipermail/users/2011-December/411283.html
Unfortunately, none of the answers I got there actually
seem to work. I can still ping things on my LAN from
inside the virtual machine I'm trying to isolate. I
figured maybe the virt list might have someone who
has done something like this.
I tried making a new bridge, with no physical interface
attached. I can indeed make the virtual machine connect
to it, and it has absolutely no access to any networking
until I setup NAT in the iptables, at which point it
has access to both the outside world, and my local LAN
via the magic of NAT.
This seems to prove that the host machine can both
prevent networking from operating in the virtual machine
or allow networking, so you'd think there would be
a middle ground somewhere where I could have NAT
working to get to the outside world, but not working
to get to machines on my LAN.
Unfortunately, nothing I've tried with iptables
or ebtables has worked. My only two alternatives
seem to be full network access, or no network access
at all :-(.
I don't insist on using NAT and a bridge, that was
just what I thought of. If there is another way
to achieve this, feel free to point me in a different
direction.
Thanks for any help you can provide (this seemed
like it ought to be so simple :-).
12 years, 2 months