Re: Using KVM in user mode with public bridge

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/24/2011 07:44 AM, c.monty@xxxxxx wrote:
Hello!
I have installed KVM/QEMU on my LMDE (Linux Mint Debian Edition) system.

The guest should use a public bridge that I have set up with /etc/network/interfaces. As you can see the bridge is configured to use a static IP:
  s@pc1-lmde ~ $ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth1
iface eth1 inet manual

auto br1
iface br1 inet static
     address 192.168.178.11
     netmask 255.255.255.0
     gateway 192.168.178.1
     bridge_ports eth1
     bridge_stp off
     bridge_fd 0
     bridge_maxwait 0

Starting a VM with kvm command returns this error:
  s@pc1-lmde ~ $ kvm -hda ~/.virtualmachines/aqemu/virtualdisk_converted/vm2-windowsxp-HD01-15G.qcow -boot c -cdrom /dev/cdrom -m 1024 -smp 1 -net nic,macaddr=00:88:4e:ad:2d:61 -net tap
kvm: -net tap: could not configure /dev/net/tun (tap%d): Operation not permitted
kvm: -net tap: Device 'tap' could not be initialized

Checking the permissions of file /dev/net/tun:
  s@pc1-lmde ~ $ ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 21. Mai 09:52 /dev/net/tun
  Starting kvm as root by means of using "sudo" works. Then all processes runs as root.
Can you advice how to troubleshoot this problem? Why do I have to be root for starting KVM?
I thought the group assignment is correct:
  s@pc1-lmde ~ $ groups
sudo kvm libvirt

I would prefer to run kvm in user mode, means not as root.
I assume I have to initiate the TUN/TAP interface before the VM is started.
How can I do this using a script? Is there a Howto available providing instructions?

That's pretty much how I do it and have the following sudo configuration (paths from my environment):

<myuserid> ALL = NOPASSWD: \
        /bin/tunctl -u <myuserid> -t kvmtap*, \
        /bin/tunctl -d kvmtap*, \
        /sbin/ifconfig kvmtap* up 0.0.0.0 promisc, \
        /sbin/ifconfig kvmtap* down, \
        /sbin/brctl addif * kvmtap*, \
        /sbin/brctl delif * kvmtap*, \

Note that there is no qemu option in my sudoers. Then, my order of use is as follows but I use a script to avoid having to come up with the referenced random digits on demand:

sudo /bin/tunctl -u myuserid -t kvmtap<four random digits>
	That creates a tap interface
sudo /sbin/ifconfig kvmtap<same digits as in tunctl> up 0.0.0.0 promisc
	That brings the tap interface up with no configuration
sudo /sbin/brctl addif br1 kvmtap<same digits as in tunctl>
	That adds the tap to the bridge
qemu-system-x86_64 <qemu args> -net nic,vlan=0,model=<your choice>,macaddr=<random mac generated when config was created> -net tap,ifname=kvmtap<same digits as in tunctl>,script=no,vlan=0
	Delay while you use the VM until you shut it down and the
	qemu proc exits, then:
sudo /sbin/brctl delif br1 kvmtap<same digits as in tunctl>
	That removes the tap from the bridge
sudo /sbin/ifconfig kvmtap<same digits as in tunctl> down
	That brings the tap interface down
sudo /bin/tunctl -d kvmtap<same digits as in tunctl>
	That deletes the tap interface

I load the kvm drivers as root but as far as I can tell qemu doesn't run as root. So, a real world example would look like this:

sudo /bin/tunctl -u myuserid -t kvmtap1981
sudo /sbin/ifconfig kvmtap1981 up 0.0.0.0 promisc
sudo /sbin/brctl addif br1 kvmtap1981
qemu-system-x86_64 -smp 1 -m 512 -usb -localtime <etc> -net nic,vlan=0,model=e1000,macaddr=ac:de:48:6c:5c:a3 -net tap,ifname=kvmtap1981,script=no,vlan=0 <more etc>
sudo /sbin/brctl delif br1 kvmtap1981
sudo /sbin/ifconfig kvmtap1981 down
sudo /bin/tunctl -d kvmtap1981

A repeat of the same script might do this the very next time:

sudo /bin/tunctl -u myuserid -t kvmtap8358
sudo /sbin/ifconfig kvmtap8358 up 0.0.0.0 promisc
sudo /sbin/brctl addif br8 kvmtap8358
qemu-system-x86_64 -smp 1 -m 512 -usb -localtime <etc> -net nic,vlan=0,model=e1000,macaddr=ac:de:48:6c:5c:a3 -net tap,ifname=kvmtap8358,script=no,vlan=0 <more etc>
sudo /sbin/brctl delif br8 kvmtap8358
sudo /sbin/ifconfig kvmtap8358 down
sudo /bin/tunctl -d kvmtap8358

Note that the MAC address doesn't change and if you were to check, it should be a legitimate IEEE 802.3 private MAC address, it was generated when the VM was created by the same script and is stored in a configuration file the script uses to launch VMs. My own br1 has no host physical NICs connected and has no routing but I also have a br8 with NAT routing via netfilter/iptables and a br0 that has my physical NIC connected so that I can do VMs that appear on the real network. I run the ISC dhcp server with configuration for br1 and br8. IOW, pretty much a copy of the default VMWare network installation.

Hopefully that saves you repeating some of the effort I had picking out the tunctl/brctl operation. Best of luck.

--
David.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux