opengl in windows 7 guest?
by Tom Horsley
I'm trying to get a program to run in a Windows 7
guest, and I get the distinct impression that
opengl simply doesn't work (at least with spice/qxl).
Can anything make this work, or should I just give
up for now? :-).
8 years, 8 months
Where do the machine definitions come from?
by Tom Horsley
I'm upgrading a prehistoric fedora13 machine that hosted
a gazillion virtual machines to centos 7.
I find that the old virtual machine xml files make
the new libvirt barf.
I can get a good idea of how to fix all the old xml
by installing a new file and comparing things, but
I wonder where this magic comes from:
<os>
<type arch='x86_64' machine='pc-i440fx-rhel7.0.0'>hvm</type>
<boot dev='hd'/>
</os>
Specifically, the "machine" definitions. Should that just
always be the string above since my host is centos 7?
8 years, 8 months
Curent status of virt-manager Open vSwitch support
by Ian Pilcher
I've been using Open vSwitches bridges with tagged ports for several
years now, and I've been doing the customize config/delete NIC/start
install/force stop/edit XML/... dance for every VM I create all this
time. Is this still necessary?
I still don't seen anything in the GUI that obviously screams Open
vSwitch, but I have a recollection of seeing something posted somewhere
not so long ago that gave me hope. (How's that for specific?)
Anyone have a pointer to a better way to do it?
Thanks!
--
========================================================================
Ian Pilcher arequipeno(a)gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
8 years, 8 months
access denied to /dev/net/tun
by Timothy Redmond
I am running the fedora virtualization preview on fedora 20 and I am
keeping everything up to date. I don't know if any of this version
information helps:
tr@localhost:/mnt/vm/kvm$ uname -a
Linux localhost.localdomain 3.16.2-201.fc20.x86_64 #1 SMP Mon Sep 15 19:57:50 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
tr@localhost:/mnt/vm/kvm$ qemu-system-x86_64 --version
QEMU emulator version 2.1.1, Copyright (c) 2003-2008 Fabrice Bellard
tr@localhost:/mnt/vm/kvm$ virsh --version
1.2.8
tr@localhost:/mnt/vm/kvm$
I am running a copy of the endian firewall (http://www.endian.com/us/)
in one virtual machine (definition attached). The outside network for
the firewall is the libvirt default network and the inside network is a
private libvirt network. I am using the firewall for its web proxy and
anti-virus capabilities.
If I start the firewall and then start another machine accessing the
default network then the /var/log/audit/audit.logs start filling up with
the following errors:
type=AVC msg=audit(1411625370.716:6294):
avc: denied { read }
for pid=1880 comm="qemu-system-x86" path="/dev/net/tun" dev="devtmpfs"
ino=10009
scontext=system_u:system_r:svirt_t:s0:c9,c427
tcontext=system_u:object_r:tun_tap_device_t:s0:c92,c467
tclass=chr_file permissive=0
In this log it appears that the firewall virtual machine is the one that
keeps getting the permission denied. Does anyone know why this is
happening and how I fix it?
My current partial theory is that the categories on /dev/net/tun often
change when I start a new virtual machine and this causes the previous
virtual machine to lose access rights to /dev/net/tun. So when I start
the firewall, the categories of the firewall virtual machine and
/dev/net/tun seem to match:
tr@localhost:~$ ps -C qemu-system-x86_64 --context
PID CONTEXT COMMAND
3882 system_u:system_r:svirt_t:s0:c644,c750 /usr/bin/qemu-system-x86_64 -machine accel=kvm -name Firewall -S -machine pc-i440fx-2
tr@localhost:~$ ls -lZ /dev/net/tun
crw-rw-rw-. root root system_u:object_r:tun_tap_device_t:s0:c644,c750 /dev/net/tun
tr@localhost:~$
Here they both have categories of {c644, c750} and the access is
granted. But when I start the second virtual machine the context of
/dev/net/tun is changed and the access is now denied to the first
virtual machine:
tr@localhost:~$ ps -C qemu-system-x86_64 --context
PID CONTEXT COMMAND
3882 system_u:system_r:svirt_t:s0:c644,c750 /usr/bin/qemu-system-x86_64 -machine accel=kvm -name Firewall -S -machine pc-i440fx-2
3955 system_u:system_r:svirt_t:s0:c88,c878 /usr/bin/qemu-system-x86_64 -machine accel=kvm -name Personal -S -machine pc-i440fx-2.
tr@localhost:~$ ls -lZ /dev/net/tun
crw-rw-rw-. root root system_u:object_r:tun_tap_device_t:s0:c88,c878 /dev/net/tun
tr@localhost:~$
The new context on /dev/net/tun has categories {c88,c878} and this no
longer matches the firewall virtual machines categories {c644,c750}.
Any advice? Have I somehow messed up my configuration or is this
possibly a bug? Is the firewall doing something unexpected?
I also have noticed strange behavior on the inside network (which is why
it tunnels through tcp) but I will write about that later.
Thanks,
-Timothy
8 years, 8 months
Failure to update libvirt-daemon-1.2.8-2.fc20.x86_64
by Gilboa Davara
Hello all,
I'm trying to update a couple of my servers.
Server has Fedora-virt repo enabled.
Following error encountered:
Cleanup : libvirt-daemon-driver-vbox-1.2.8-2.fc20.x86_64 857/880
/var/tmp/rpm-tmp.Lr0G0c: line 8: libvirtd.socket: command not found
error: %preun(libvirt-daemon-1.2.8-2.fc20.x86_64) scriptlet failed,
exit status 127
Error in PREUN scriptlet in rpm package libvirt-daemon
...
/var/tmp/rpm-tmp.4L43lC: line 8: libvirtd.socket: command not found
error: %preun(libvirt-daemon-1.2.8-1.fc20.x86_64) scriptlet failed,
exit status 127
Error in PREUN scriptlet in rpm package libvirt-daemon
error: libvirt-daemon-1.2.8-1.fc20.x86_64: erase failed
Should I file a bugzilla?
- Gilboa
8 years, 8 months
Fedora 21 Virt Test Day is Thu Sep 25!
by Cole Robinson
Hey all,
The Fedora 21 Virt Test Day is this coming Thu Sep 25. Check out the test day
landing page:
https://fedoraproject.org/wiki/Test_Day:2014-09-25_Virtualization
If you're interested in trying out some new virt functionality, there's step
by step instructions for:
* Q35 Chipset
* Import AArch64 image as a VM on x86
* Install VM using OVMF/UEFI
Even if you aren't interested in testing new features, we still need you! The
test day is the perfect time to make sure your virt workflow is working fine
on Fedora 21, as there will be several developers on hand to answer any
questions, help with debugging, provide patches, etc. No requirement to run
through test cases on the wiki, just show up and let us know what works (or
breaks).
And to be clear, while it is preferred that you have a physical machine
running Fedora 21, participating in the test day does NOT require it: you can
test the latest virt bits on the latest Fedora release courtesy of the
virt-preview repo. For more details, as well as easy instructions on updating
to Fedora 21, see:
https://fedoraproject.org/wiki/Test_Day:2014-09-25_Virtualization#What.27...
If you can't make the date of the test day, adding test case results to the
wiki anytime next week is fine as well. Though if you do plan on showing up to
the test day, add your name to the participant list on the wiki, and when the
day arrives, pop into #fedora-test-day on freenode and give us a shout!
Thanks,
Cole
8 years, 8 months
Re: [fedora-virt] [PATCH] ovs-pki: Use SHA-512 instead of MD5 as message digest.
by Robert Strickler
msg digest changes to add Bens (blp) patch get reverted.
utilities/ovs-pki
utilities/ovs-pki.in
openvswitch-2.3.0/tests/pki/controllerca/ca.cnf
openvswitch-2.3.0/tests/pki/switchca/ca.cnf
files where default_md is assigned all revert after:
(cd ~/rpmbuild/BUILD/openvswitch-2.3.0 && make clean && rpmbuild -bb
rhel/openvswitch.spec)
ne1 know what the correct file to change to have it propagate?
revert as well *
On Thu, Sep 18, 2014 at 10:09 PM, Ben Pfaff <blp(a)nicira.com> wrote:
> This fixes numerous testsuite failures of the form "SSL_connect:
> error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message
> digest algorithm" on systems that disable MD5 in OpenSSL. Centos 7 is one
> example. Presumably it increase security as well for anyone who generates
> certificates based on a new configuration created by the new ovs-pki.
>
> Reported-by: Robert Strickler <anomalyst(a)gmail.com>
> Signed-off-by: Ben Pfaff <blp(a)nicira.com>
> ---
> AUTHORS | 1 +
> NEWS | 3 +++
> utilities/ovs-pki.in | 4 ++--
> 3 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/AUTHORS b/AUTHORS
> index e3fe7ba..47bbd82 100644
> --- a/AUTHORS
> +++ b/AUTHORS
> @@ -268,6 +268,7 @@ Ralf Heiringhoff ralf(a)frosty-geek.net
> Ram Jothikumar rjothikumar(a)nicira.com
> Ramana Reddy gtvrreddy(a)gmail.com
> Rob Sherwood rob.sherwood(a)bigswitch.com
> +Robert Strickler anomalyst(a)gmail.com
> Roger Leigh rleigh(a)codelibre.net
> Rogério Vinhal Nunes
> Roman Sokolkov rsokolkov(a)gmail.com
> diff --git a/NEWS b/NEWS
> index 6cbb315..f9ea90f 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -20,6 +20,9 @@ Post-v2.3.0
> * "resubmit" actions may now be included in action sets. The
> resubmit
> is executed last, and only if the action set has no "output" or
> "group"
> action.
> + - ovs-pki: Changed message digest algorithm from MD5 to SHA-512 because
> + MD5 is no longer secure and some operating systems have started to
> disable
> + it in OpenSSL.
> - ovsdb-server: New OVSDB protocol extension allows inequality tests on
> "optional scalar" columns. See ovsdb-server(1) for details.
> - test-controller has been renamed ovs-testcontroller at request of
> users
> diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
> index 6081a5e..8745355 100755
> --- a/utilities/ovs-pki.in
> +++ b/utilities/ovs-pki.in
> @@ -1,6 +1,6 @@
> #! /bin/sh
>
> -# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
> +# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
> #
> # Licensed under the Apache License, Version 2.0 (the "License");
> # you may not use this file except in compliance with the License.
> @@ -274,7 +274,7 @@ private_key = $dir/private/cakey.pem# CA private key
> RANDFILE = $dir/private/.rand # random number file
> default_days = 3650 # how long to certify for
> default_crl_days= 30 # how long before next CRL
> -default_md = md5 # md to use
> +default_md = sha512 # md to use
> policy = policy # default policy
> email_in_dn = no # Don't add the email into cert DN
> name_opt = ca_default # Subject name display option
> --
> 1.9.1
>
>
8 years, 8 months
vanilla bridging network
by Robert Strickler
I am trying to define a network tht just bridges the traffic between the
virtual machine network and the LAN attached to eth0
No dnsmasq/dhcp as it is difficult to impossible to tie dnsmasq to the
master ISC servers on the LAN.
It should forward/receive packets like a standard hardware bridge
The virtual guests should get their addressing from the dhcp server on the
LAN and DNS from the server as well.
with the following I can not get dhcp discover reply from the LAN server,
nor can I manually code the IP/gateway/DNS and ping the hard address
(172.30.2.33) can anyone tell me what I am missing? Vhost and vguest are
both CENTOS7
======================
<networkstatus>
<class_id bitmap='0-2'/>
<floor sum='0'/>
<network>
<name>plain</name>
<uuid>31f78c2c-257d-4c57-82e5-0c53deadbeef</uuid>
<forward mode='bridge'/>
<bridge name='virbr1' />
<mac address='52:54:00:b1:34:77'/>
<domain name='plain'/>
<ip address='172.30.2.1' netmask='255.255.255.0'>
<dhcp relay='yes'/>
<dhcp enable='no' relay='yes'/>
<!--
The relay will not be started if the "enable" property is 'no':
-->
</ip>
</network>
</networkstatus>
===========================
A routed environment would be acceptable, but bridged is better as it
should not be required to change my routing on the gateway router
TIA,
Bob
8 years, 8 months
improving win7 guest sound and video performance
by Daniel Sanabria
Hi,
I wonder if someone can help.
Video performance (youtube) in my win7 guest is decent but the sound
somehow is slow, and I mean slow like playing a record at low rpm (no
chopped sound or jitter).
I'm running an up to date fedora 20 host. My guest definition can be found
here:
http://pastebin.com/YybiPnAp
Any ideas about what settings can be tweaked to get the best possible video
and sound performance out of a win7 guest?
Thanks in advance,
Daniel
8 years, 9 months
