On 4/6/20 9:54 AM, Daniel P. Berrangé wrote:
On Mon, Apr 06, 2020 at 03:47:01PM +0200, Miguel Duarte de Mora Barroso wrote:
Hi all,
I'm aware that it is possible to plug pre-created macvtap devices to
libvirt guests - tracked in RFE [0].
My interpretation of the wording in [1] and [2] is that it is also
possible to plug pre-created tap devices into libvirt guests - that
would be a requirement to allow kubevirt to run with less capabilities
in the pods that encapsulate the VMs.
I took a look at the libvirt code ([3] & [4]), and, from my limited
understanding, I got the impression that plugging existing interfaces
via `managed='no' ` is only possible for macvtap interfaces.
No, it works for standard tap devices as well.
The reason the BZs and commit logs talk mostly about macvtap rather than
tap is because 1) that's what kubevirt people had asked for and 2) it
already *mostly* worked for tap devices, so most of the work was related
to macvtap (my memory is already fuzzy, but I think there were a couple
privileged operations we still tried to do for standard tap devices even
if they were precreated (standard disclaimer: I often misremember, so
this memory could be wrong! But definitely precreated tap devices do work).
I think though that when someone from kubevirt actually tried using a
precreated macvtap device, they found that their precreated device
wasn't visible at all to the unprivileged libvirtd in the pod, because
it was in a different network namespace, or something like that. So
there may still be more work to do (or, again, my info might be out of
date and they figured out a proper solution).
Would you be able to shed some light into this ? Is it possible on
libvirt-5.6.0 to plug pre-created tap devices to libvirt guests ?
[0] - https://bugzilla.redhat.com/show_bug.cgi?id=1723367
This links to the following message, which illustrates how to use pre-create
tap and macvtap devices:
https://www.redhat.com/archives/libvir-list/2019-August/msg01256.html
Laine: it would be useful to add something like this short guide to the
knowledge base docs
You mean the wiki? Sure, I can do that.
(BTW - that was admirable reading / searching / responding - 7 minutes
and it wasn't even your patch! How do you do that? :-))
