On 03/25/2013 03:09 AM, Benoit Friry wrote: > Hello, > > I test libvirt 0.9.12 on Debian. > > I am disappointed by changes made on my host without any notice. The whole point of libvirtd is to make changes on your host; I wouldn't go so far as to say that it was without notice, just that they are changes that you weren't aware that libvirtd was capable of exposing. > > Examples: > - editing interfaces with virsh or virt-manager modifies my > /etc/network/interfaces. It's not clear at first glance that I can even > cut myself from the host when editing remotely. The initial file is not > even saved. The initial file _is_ saved if you properly use the 'virsh iface-begin' command before making any changes, then 'virsh iface-commit' if you are happy with the changes. 'virsh iface-rollback' will revert you to a previous saved state, and since we know that an improper change can cut off connectivity, we also set things up so that a host reboot will do an implicit 'virsh iface-rollback' on any uncommitted changes. > - starting default network (nat) adds rules in netfilter. I have not > seen how to create another network nat conf without calling > clean-traffic nwfilter (it is not explicit in network XML file). Is it > hardcoded ? What distro are you using? The clean-traffic nwfilter is not installed by default on Fedora, so I'm wondering if you are hitting a distro-specific add-on, or something that is added by a higher layer of the virt stack than just libvirt. Libvirt's own NAT netfilter rules are required for out-of-the-box NAT to a guest, but no one says you are forced to use NAT; you can design your own bridge and take over the netfilter rules yourself if you don't want libvirt messing with iptables. > > I think it would be nice: > - to be alerted before any host modification, What did you have in mind? Patches are welcome if you can come up with a proposal. > - to be able to change the templates, for instance: > - not including any nwfilter when creating a network, > - script called when adding a file in a dir pool, > - and so on. > > Did I miss something? > Am I alone to disappointed by such behavior? > -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
