Bearbeiten von „VirtManager“

[[Kategorie:ServerApplikation]]

= Links =
* Befehl virsh: 
** https://docs.fedoraproject.org/de-DE/Fedora/12/html/Virtualization_Guide/chap-Virtualization_Guide-Managing_guests_with_virsh.html
** https://libvirt.org/sources/virshcmdref/html-single/
* [[FirewallD]]

= Links =
* virsh Referenz: https://libvirt.org/sources/virshcmdref/html-single

= Beschreibung =
VirtManager ist eine Software, die die Verwaltung von virtuellen Maschinen (mittels KVM) mittels graphischer Oberfläche erlaubt.

= Kommandos =
<pre>
# show the guests:
virsh list
# Start the VM:
virsh start alfa
# stop the VM alfa
virsh destroy alfa
# Autostart festlegen / aufheben
virsh autostart alfa [--disable]

virsh net-list
virsh net-dumpxml vmnet

virt-install --name=alfa --vcpus=4 --memory=1024 --cdrom=/opt/iso/debian-10.1.0-amd64-netinst.iso --disk path=/media/vm-images/vm-alfa,size=20 --os-type=Linux --os-variant=debian8
</pre>

= Netzwerk aufbauen Host und VMs =
Problem wird [[https://wiki.libvirt.org/page/Guest_can_reach_outside_network,_but_can%27t_reach_host_%28macvtap%29 hier beschrieben]]

<pre>
NETNAME=vmnet
cat <<EOS >/tmp/$NETNAME.xml
<network>
  <name>$NETNAME</name>
  <ip address='10.10.10.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='10.10.10.20' end='10.10.10.99' />
    </dhcp>
  </ip>
</network>
EOS
virsh net-define /tmp/$NETNAME.xml
virsh net-autostart $NETNAME
virsh net-start $NETNAME
# Alle Netze auflisten:
virsh net-list
# 
</pre>

<pre>
# alle Namen der laufenden virtuellen Maschinen auflisten:
virsh list
# für alle Gäste:
virsh edit $guestname
</pre>

<pre>
<interface type='network'>
  <source network='$NETNAME'/>
  <model type='virtio'/> <-- This line is optional.
</interface>
</pre>
== DHCP konfigurieren ==
<pre>
virsh  net-list
virsh  net-edit  $NETWORK_NAME
</pre>
<pre>
* folgende Sequenz anpassen:
<dhcp>
  <range start='10.10.10.10' end='10.10.10.99'/>
  <host mac='52:54:00:6c:3c:01' name='vm100' ip='10.10.10.100'/>
  <host mac='52:54:00:6c:3c:02' name='vm101' ip='10.10.10.101'/>
</dhcp>
</pre>
* die Änderungen stehen dann in /etc/libvirt/qemu/networks/$NETWORK_NAME.xml (wird generiert)
<pre>
# DHCP-Dienst informieren (Änderungen aktivieren):
killall -s SIGHUP dnsmasq
# Wenn das nicht reicht: Achtung: alle VMs in diesem Netz werden offline, evt. Neustart notwendig
virsh net-destroy $NETWORK_NAME
virsh net-start $NETWORK_NAME
</pre>
* im laufenden Betrieb hinzufügen, 
<pre>
# IP4: --parent-index 0
virsh net-update $NETWORK_NAME add-last ip-dhcp-host \
      '<host mac="52:54:00:6f:78:f3" ip="10.10.10.101"/>' \
      --live --config --parent-index 0
</pre>

= Diverses =
== Spice-Zugriff auf VM ==
* virsh edit alfa
<pre>
<domain type='kvm'>
  <name>fedora25</name>
  <uuid>ae4e5582-492a-4292-8da2-48320a7816e6</uuid>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <vcpu placement='static'>2</vcpu>
  <graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'>
     <listen type='address' address='0.0.0.0'/>
   </graphics>
   <sound model='ac97'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
   </sound>
   <video>
      <model type='qxl' ram='65536' vram='32768' heads='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </memballoon>
  </devices>
</domain>
</pre>
@@ Zeile 120: / Zeile 120: @@
    </devices>
 </domain>
-</pre>
-= NAT mit "Routed network" =
-<pre>
-# MAC generieren:
-ADDR=$(hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom)
-:54:00:7e:27:af
-# Create a dummy network
-BRIDGE=virbr10
-IP_PREFIX=10.10.10
-ip link add $BRIDGE address $ADDR type dummy
-# Create a virtual bridge
-brctl addbr $BRIDGE
-brctl stp $BRIDGE on
-ip address add $IP_PREFIX.1/24 dev $BRIDGE broadcast $IP_PREFIX.255
-# Implement NAT with iptables
-FN_NAT=/tmp/nat.rules
-cat <<EOS >$FN_NAT
-# This format is understood by iptables-restore. See `man iptables-restore`.
-*nat
-:PREROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-# Do not masquerade to these reserved address blocks.
--A POSTROUTING -s $IP_PREFIX.0/24 -d 224.0.0.0/24 -j RETURN
--A POSTROUTING -s $IP_PREFIX.0/24 -d 255.255.255.255/32 -j RETURN
-# Masquerade all packets going from VMs to the LAN/Internet.
--A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -j MASQUERADE
-COMMIT
-EOS
-FN_FILTER=/tmp/filter.rules
-cat <<EOS >$FN_FILTER
-# This format is understood by iptables-restore. See `man iptables-restore`.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-#... snipped ...
-# Allow established traffic to the private subnet.
--A FORWARD -d $IP_PREFIX.0/24 -o $BRIDGE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-# Allow outbound traffic from the private subnet.
--A FORWARD -s $IP_PREFIX.0/24 -i $BRIDGE -j ACCEPT
-# Allow traffic between virtual machines.
--A FORWARD -i $BRIDGE -o $BRIDGE -j ACCEPT
-# Reject everything else.
--A FORWARD -i $BRIDGE -j REJECT --reject-with icmp-port-unreachable
--A FORWARD -o $BRIDGE -j REJECT --reject-with icmp-port-unreachable
-#... snipped ...
-COMMIT
-EOS
 </pre>