VirtManager: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Links) |
|||
(17 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
[[Kategorie:ServerApplikation]] | [[Kategorie:ServerApplikation]] | ||
= Links = | |||
* Befehl virsh: | |||
** https://docs.fedoraproject.org/de-DE/Fedora/12/html/Virtualization_Guide/chap-Virtualization_Guide-Managing_guests_with_virsh.html | |||
** https://libvirt.org/sources/virshcmdref/html-single/ | |||
* [[FirewallD]] | |||
= Links = | |||
* virsh Referenz: https://libvirt.org/sources/virshcmdref/html-single | |||
= Beschreibung = | = Beschreibung = | ||
VirtManager ist eine Software, die die Verwaltung von virtuellen Maschinen (mittels KVM) mittels graphischer Oberfläche erlaubt. | VirtManager ist eine Software, die die Verwaltung von virtuellen Maschinen (mittels KVM) mittels graphischer Oberfläche erlaubt. | ||
= Kommandos = | |||
<pre> | |||
# show the guests: | |||
virsh list | |||
# Start the VM: | |||
virsh start alfa | |||
# stop the VM alfa | |||
virsh destroy alfa | |||
# Autostart festlegen / aufheben | |||
virsh autostart alfa [--disable] | |||
virsh net-list | |||
virsh net-dumpxml vmnet | |||
virt-install --name=alfa --vcpus=4 --memory=1024 --cdrom=/opt/iso/debian-10.1.0-amd64-netinst.iso --disk path=/media/vm-images/vm-alfa,size=20 --os-type=Linux --os-variant=debian8 | |||
</pre> | |||
= Netzwerk aufbauen Host und VMs = | = Netzwerk aufbauen Host und VMs = | ||
Zeile 12: | Zeile 38: | ||
<network> | <network> | ||
<name>$NETNAME</name> | <name>$NETNAME</name> | ||
<ip address='10.10.10.1' netmask='255. | <ip address='10.10.10.1' netmask='255.255.255.0'> | ||
<dhcp> | <dhcp> | ||
<range start='10.10.10.20' end='10.10.10.99' /> | <range start='10.10.10.20' end='10.10.10.99' /> | ||
Zeile 22: | Zeile 48: | ||
virsh net-autostart $NETNAME | virsh net-autostart $NETNAME | ||
virsh net-start $NETNAME | virsh net-start $NETNAME | ||
# Alle Netze auflisten: | |||
virsh net-list | |||
# | |||
</pre> | </pre> | ||
<pre> | <pre> | ||
# alle Namen der laufenden virtuellen Maschinen auflisten: | |||
virsh list | |||
# für alle Gäste: | |||
virsh edit $guestname | virsh edit $guestname | ||
</pre> | </pre> | ||
<pre> | <pre> | ||
<interface type=' | <interface type='network'> | ||
<source network=' | <source network='$NETNAME'/> | ||
<model type='virtio'/> <-- This line is optional. | <model type='virtio'/> <-- This line is optional. | ||
</interface> | </interface> | ||
</pre> | |||
== DHCP konfigurieren == | |||
<pre> | |||
virsh net-list | |||
virsh net-edit $NETWORK_NAME | |||
</pre> | |||
<pre> | |||
* folgende Sequenz anpassen: | |||
<dhcp> | |||
<range start='10.10.10.10' end='10.10.10.99'/> | |||
<host mac='52:54:00:6c:3c:01' name='vm100' ip='10.10.10.100'/> | |||
<host mac='52:54:00:6c:3c:02' name='vm101' ip='10.10.10.101'/> | |||
</dhcp> | |||
</pre> | |||
* die Änderungen stehen dann in /etc/libvirt/qemu/networks/$NETWORK_NAME.xml (wird generiert) | |||
<pre> | |||
# DHCP-Dienst informieren (Änderungen aktivieren): | |||
killall -s SIGHUP dnsmasq | |||
# Wenn das nicht reicht: Achtung: alle VMs in diesem Netz werden offline, evt. Neustart notwendig | |||
virsh net-destroy $NETWORK_NAME | |||
virsh net-start $NETWORK_NAME | |||
</pre> | |||
* im laufenden Betrieb hinzufügen, | |||
<pre> | |||
# IP4: --parent-index 0 | |||
virsh net-update $NETWORK_NAME add-last ip-dhcp-host \ | |||
'<host mac="52:54:00:6f:78:f3" ip="10.10.10.101"/>' \ | |||
--live --config --parent-index 0 | |||
</pre> | |||
= Diverses = | |||
== Spice-Zugriff auf VM == | |||
* virsh edit alfa | |||
<pre> | |||
<domain type='kvm'> | |||
<name>fedora25</name> | |||
<uuid>ae4e5582-492a-4292-8da2-48320a7816e6</uuid> | |||
<memory unit='KiB'>4194304</memory> | |||
<currentMemory unit='KiB'>4194304</currentMemory> | |||
<vcpu placement='static'>2</vcpu> | |||
<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'> | |||
<listen type='address' address='0.0.0.0'/> | |||
</graphics> | |||
<sound model='ac97'> | |||
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> | |||
</sound> | |||
<video> | |||
<model type='qxl' ram='65536' vram='32768' heads='1'/> | |||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> | |||
</video> | |||
<memballoon model='virtio'> | |||
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> | |||
</memballoon> | |||
</devices> | |||
</domain> | |||
</pre> | |||
= NAT mit "Routed network" = | |||
<pre> | |||
# MAC generieren: | |||
ADDR=$(hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom) | |||
52:54:00:7e:27:af | |||
# Create a dummy network | |||
BRIDGE=virbr10 | |||
IP_PREFIX=10.10.10 | |||
ip link add $BRIDGE address $ADDR type dummy | |||
# Create a virtual bridge | |||
brctl addbr $BRIDGE | |||
brctl stp $BRIDGE on | |||
ip address add $IP_PREFIX.1/24 dev $BRIDGE broadcast $IP_PREFIX.255 | |||
# Implement NAT with iptables | |||
FN_NAT=/tmp/nat.rules | |||
cat <<EOS >$FN_NAT | |||
# This format is understood by iptables-restore. See `man iptables-restore`. | |||
*nat | |||
:PREROUTING ACCEPT [0:0] | |||
:OUTPUT ACCEPT [0:0] | |||
:POSTROUTING ACCEPT [0:0] | |||
# Do not masquerade to these reserved address blocks. | |||
-A POSTROUTING -s $IP_PREFIX.0/24 -d 224.0.0.0/24 -j RETURN | |||
-A POSTROUTING -s $IP_PREFIX.0/24 -d 255.255.255.255/32 -j RETURN | |||
# Masquerade all packets going from VMs to the LAN/Internet. | |||
-A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 | |||
-A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 | |||
-A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -j MASQUERADE | |||
COMMIT | |||
EOS | |||
FN_FILTER=/tmp/filter.rules | |||
cat <<EOS >$FN_FILTER | |||
# This format is understood by iptables-restore. See `man iptables-restore`. | |||
*filter | |||
:INPUT ACCEPT [0:0] | |||
:FORWARD ACCEPT [0:0] | |||
:OUTPUT ACCEPT [0:0] | |||
#... snipped ... | |||
# Allow established traffic to the private subnet. | |||
-A FORWARD -d $IP_PREFIX.0/24 -o $BRIDGE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |||
# Allow outbound traffic from the private subnet. | |||
-A FORWARD -s $IP_PREFIX.0/24 -i $BRIDGE -j ACCEPT | |||
# Allow traffic between virtual machines. | |||
-A FORWARD -i $BRIDGE -o $BRIDGE -j ACCEPT | |||
# Reject everything else. | |||
-A FORWARD -i $BRIDGE -j REJECT --reject-with icmp-port-unreachable | |||
-A FORWARD -o $BRIDGE -j REJECT --reject-with icmp-port-unreachable | |||
#... snipped ... | |||
COMMIT | |||
EOS | |||
</pre> | </pre> |
Aktuelle Version vom 14. Oktober 2019, 05:59 Uhr
Links[Bearbeiten]
- Befehl virsh:
- FirewallD
Links[Bearbeiten]
- virsh Referenz: https://libvirt.org/sources/virshcmdref/html-single
Beschreibung[Bearbeiten]
VirtManager ist eine Software, die die Verwaltung von virtuellen Maschinen (mittels KVM) mittels graphischer Oberfläche erlaubt.
Kommandos[Bearbeiten]
# show the guests: virsh list # Start the VM: virsh start alfa # stop the VM alfa virsh destroy alfa # Autostart festlegen / aufheben virsh autostart alfa [--disable] virsh net-list virsh net-dumpxml vmnet virt-install --name=alfa --vcpus=4 --memory=1024 --cdrom=/opt/iso/debian-10.1.0-amd64-netinst.iso --disk path=/media/vm-images/vm-alfa,size=20 --os-type=Linux --os-variant=debian8
Netzwerk aufbauen Host und VMs[Bearbeiten]
Problem wird [hier beschrieben]
NETNAME=vmnet cat <<EOS >/tmp/$NETNAME.xml <network> <name>$NETNAME</name> <ip address='10.10.10.1' netmask='255.255.255.0'> <dhcp> <range start='10.10.10.20' end='10.10.10.99' /> </dhcp> </ip> </network> EOS virsh net-define /tmp/$NETNAME.xml virsh net-autostart $NETNAME virsh net-start $NETNAME # Alle Netze auflisten: virsh net-list #
# alle Namen der laufenden virtuellen Maschinen auflisten: virsh list # für alle Gäste: virsh edit $guestname
<interface type='network'> <source network='$NETNAME'/> <model type='virtio'/> <-- This line is optional. </interface>
DHCP konfigurieren[Bearbeiten]
virsh net-list virsh net-edit $NETWORK_NAME
* folgende Sequenz anpassen: <dhcp> <range start='10.10.10.10' end='10.10.10.99'/> <host mac='52:54:00:6c:3c:01' name='vm100' ip='10.10.10.100'/> <host mac='52:54:00:6c:3c:02' name='vm101' ip='10.10.10.101'/> </dhcp>
- die Änderungen stehen dann in /etc/libvirt/qemu/networks/$NETWORK_NAME.xml (wird generiert)
# DHCP-Dienst informieren (Änderungen aktivieren): killall -s SIGHUP dnsmasq # Wenn das nicht reicht: Achtung: alle VMs in diesem Netz werden offline, evt. Neustart notwendig virsh net-destroy $NETWORK_NAME virsh net-start $NETWORK_NAME
- im laufenden Betrieb hinzufügen,
# IP4: --parent-index 0 virsh net-update $NETWORK_NAME add-last ip-dhcp-host \ '<host mac="52:54:00:6f:78:f3" ip="10.10.10.101"/>' \ --live --config --parent-index 0
Diverses[Bearbeiten]
Spice-Zugriff auf VM[Bearbeiten]
- virsh edit alfa
<domain type='kvm'> <name>fedora25</name> <uuid>ae4e5582-492a-4292-8da2-48320a7816e6</uuid> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'> <listen type='address' address='0.0.0.0'/> </graphics> <sound model='ac97'> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </sound> <video> <model type='qxl' ram='65536' vram='32768' heads='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <memballoon model='virtio'> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </memballoon> </devices> </domain>
NAT mit "Routed network"[Bearbeiten]
# MAC generieren: ADDR=$(hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom) 52:54:00:7e:27:af # Create a dummy network BRIDGE=virbr10 IP_PREFIX=10.10.10 ip link add $BRIDGE address $ADDR type dummy # Create a virtual bridge brctl addbr $BRIDGE brctl stp $BRIDGE on ip address add $IP_PREFIX.1/24 dev $BRIDGE broadcast $IP_PREFIX.255 # Implement NAT with iptables FN_NAT=/tmp/nat.rules cat <<EOS >$FN_NAT # This format is understood by iptables-restore. See `man iptables-restore`. *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # Do not masquerade to these reserved address blocks. -A POSTROUTING -s $IP_PREFIX.0/24 -d 224.0.0.0/24 -j RETURN -A POSTROUTING -s $IP_PREFIX.0/24 -d 255.255.255.255/32 -j RETURN # Masquerade all packets going from VMs to the LAN/Internet. -A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -j MASQUERADE COMMIT EOS FN_FILTER=/tmp/filter.rules cat <<EOS >$FN_FILTER # This format is understood by iptables-restore. See `man iptables-restore`. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] #... snipped ... # Allow established traffic to the private subnet. -A FORWARD -d $IP_PREFIX.0/24 -o $BRIDGE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Allow outbound traffic from the private subnet. -A FORWARD -s $IP_PREFIX.0/24 -i $BRIDGE -j ACCEPT # Allow traffic between virtual machines. -A FORWARD -i $BRIDGE -o $BRIDGE -j ACCEPT # Reject everything else. -A FORWARD -i $BRIDGE -j REJECT --reject-with icmp-port-unreachable -A FORWARD -o $BRIDGE -j REJECT --reject-with icmp-port-unreachable #... snipped ... COMMIT EOS