On 05/24/2011 07:44 AM, c.monty@xxxxxx wrote:
Hello!
I have installed KVM/QEMU on my LMDE (Linux Mint Debian Edition) system.
The guest should use a public bridge that I have set up with /etc/network/interfaces. As you can see the bridge is configured to use a static IP:
s@pc1-lmde ~ $ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet manual
auto br1
iface br1 inet static
address 192.168.178.11
netmask 255.255.255.0
gateway 192.168.178.1
bridge_ports eth1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
Starting a VM with kvm command returns this error:
s@pc1-lmde ~ $ kvm -hda ~/.virtualmachines/aqemu/virtualdisk_converted/vm2-windowsxp-HD01-15G.qcow -boot c -cdrom /dev/cdrom -m 1024 -smp 1 -net nic,macaddr=00:88:4e:ad:2d:61 -net tap
kvm: -net tap: could not configure /dev/net/tun (tap%d): Operation not permitted
kvm: -net tap: Device 'tap' could not be initialized
Checking the permissions of file /dev/net/tun:
s@pc1-lmde ~ $ ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 21. Mai 09:52 /dev/net/tun
Starting kvm as root by means of using "sudo" works. Then all processes runs as root.
Can you advice how to troubleshoot this problem? Why do I have to be root for starting KVM?
I thought the group assignment is correct:
s@pc1-lmde ~ $ groups
sudo kvm libvirt
I would prefer to run kvm in user mode, means not as root.
I assume I have to initiate the TUN/TAP interface before the VM is started.
How can I do this using a script? Is there a Howto available providing instructions?
That's pretty much how I do it and have the following sudo configuration
(paths from my environment):
<myuserid> ALL = NOPASSWD: \
/bin/tunctl -u <myuserid> -t kvmtap*, \
/bin/tunctl -d kvmtap*, \
/sbin/ifconfig kvmtap* up 0.0.0.0 promisc, \
/sbin/ifconfig kvmtap* down, \
/sbin/brctl addif * kvmtap*, \
/sbin/brctl delif * kvmtap*, \
Note that there is no qemu option in my sudoers. Then, my order of use
is as follows but I use a script to avoid having to come up with the
referenced random digits on demand:
sudo /bin/tunctl -u myuserid -t kvmtap<four random digits>
That creates a tap interface
sudo /sbin/ifconfig kvmtap<same digits as in tunctl> up 0.0.0.0 promisc
That brings the tap interface up with no configuration
sudo /sbin/brctl addif br1 kvmtap<same digits as in tunctl>
That adds the tap to the bridge
qemu-system-x86_64 <qemu args> -net nic,vlan=0,model=<your
choice>,macaddr=<random mac generated when config was created> -net
tap,ifname=kvmtap<same digits as in tunctl>,script=no,vlan=0
Delay while you use the VM until you shut it down and the
qemu proc exits, then:
sudo /sbin/brctl delif br1 kvmtap<same digits as in tunctl>
That removes the tap from the bridge
sudo /sbin/ifconfig kvmtap<same digits as in tunctl> down
That brings the tap interface down
sudo /bin/tunctl -d kvmtap<same digits as in tunctl>
That deletes the tap interface
I load the kvm drivers as root but as far as I can tell qemu doesn't run
as root. So, a real world example would look like this:
sudo /bin/tunctl -u myuserid -t kvmtap1981
sudo /sbin/ifconfig kvmtap1981 up 0.0.0.0 promisc
sudo /sbin/brctl addif br1 kvmtap1981
qemu-system-x86_64 -smp 1 -m 512 -usb -localtime <etc> -net
nic,vlan=0,model=e1000,macaddr=ac:de:48:6c:5c:a3 -net
tap,ifname=kvmtap1981,script=no,vlan=0 <more etc>
sudo /sbin/brctl delif br1 kvmtap1981
sudo /sbin/ifconfig kvmtap1981 down
sudo /bin/tunctl -d kvmtap1981
A repeat of the same script might do this the very next time:
sudo /bin/tunctl -u myuserid -t kvmtap8358
sudo /sbin/ifconfig kvmtap8358 up 0.0.0.0 promisc
sudo /sbin/brctl addif br8 kvmtap8358
qemu-system-x86_64 -smp 1 -m 512 -usb -localtime <etc> -net
nic,vlan=0,model=e1000,macaddr=ac:de:48:6c:5c:a3 -net
tap,ifname=kvmtap8358,script=no,vlan=0 <more etc>
sudo /sbin/brctl delif br8 kvmtap8358
sudo /sbin/ifconfig kvmtap8358 down
sudo /bin/tunctl -d kvmtap8358
Note that the MAC address doesn't change and if you were to check, it
should be a legitimate IEEE 802.3 private MAC address, it was generated
when the VM was created by the same script and is stored in a
configuration file the script uses to launch VMs. My own br1 has no host
physical NICs connected and has no routing but I also have a br8 with
NAT routing via netfilter/iptables and a br0 that has my physical NIC
connected so that I can do VMs that appear on the real network. I run
the ISC dhcp server with configuration for br1 and br8. IOW, pretty much
a copy of the default VMWare network installation.
Hopefully that saves you repeating some of the effort I had picking out
the tunctl/brctl operation. Best of luck.
--
David.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
