VirtManager: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Links) |
(→Links) |
||
| (6 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 2: | Zeile 2: | ||
= Links = | = Links = | ||
* Befehl virsh: https://docs.fedoraproject.org/de-DE/Fedora/12/html/Virtualization_Guide/chap-Virtualization_Guide-Managing_guests_with_virsh.html | * Befehl virsh: | ||
** https://docs.fedoraproject.org/de-DE/Fedora/12/html/Virtualization_Guide/chap-Virtualization_Guide-Managing_guests_with_virsh.html | |||
** https://libvirt.org/sources/virshcmdref/html-single/ | |||
* [[FirewallD]] | |||
= Links = | = Links = | ||
| Zeile 18: | Zeile 21: | ||
# stop the VM alfa | # stop the VM alfa | ||
virsh destroy alfa | virsh destroy alfa | ||
# Autostart festlegen / aufheben | |||
virsh autostart alfa [--disable] | |||
virsh net-list | virsh net-list | ||
virsh net-dumpxml vmnet | |||
virt-install --name=alfa --vcpus=4 --memory=1024 --cdrom=/opt/iso/debian-10.1.0-amd64-netinst.iso --disk path=/media/vm-images/vm-alfa,size=20 --os-type=Linux --os-variant=debian8 | |||
</pre> | </pre> | ||
| Zeile 30: | Zeile 38: | ||
<network> | <network> | ||
<name>$NETNAME</name> | <name>$NETNAME</name> | ||
<ip address='10.10.10.1' netmask='255. | <ip address='10.10.10.1' netmask='255.255.255.0'> | ||
<dhcp> | <dhcp> | ||
<range start='10.10.10.20' end='10.10.10.99' /> | <range start='10.10.10.20' end='10.10.10.99' /> | ||
| Zeile 42: | Zeile 50: | ||
# Alle Netze auflisten: | # Alle Netze auflisten: | ||
virsh net-list | virsh net-list | ||
# | |||
</pre> | </pre> | ||
| Zeile 84: | Zeile 93: | ||
'<host mac="52:54:00:6f:78:f3" ip="10.10.10.101"/>' \ | '<host mac="52:54:00:6f:78:f3" ip="10.10.10.101"/>' \ | ||
--live --config --parent-index 0 | --live --config --parent-index 0 | ||
</pre> | |||
= Diverses = | |||
== Spice-Zugriff auf VM == | |||
* virsh edit alfa | |||
<pre> | |||
<domain type='kvm'> | |||
<name>fedora25</name> | |||
<uuid>ae4e5582-492a-4292-8da2-48320a7816e6</uuid> | |||
<memory unit='KiB'>4194304</memory> | |||
<currentMemory unit='KiB'>4194304</currentMemory> | |||
<vcpu placement='static'>2</vcpu> | |||
<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'> | |||
<listen type='address' address='0.0.0.0'/> | |||
</graphics> | |||
<sound model='ac97'> | |||
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> | |||
</sound> | |||
<video> | |||
<model type='qxl' ram='65536' vram='32768' heads='1'/> | |||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> | |||
</video> | |||
<memballoon model='virtio'> | |||
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> | |||
</memballoon> | |||
</devices> | |||
</domain> | |||
</pre> | |||
= NAT mit "Routed network" = | |||
<pre> | |||
# MAC generieren: | |||
ADDR=$(hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom) | |||
52:54:00:7e:27:af | |||
# Create a dummy network | |||
BRIDGE=virbr10 | |||
IP_PREFIX=10.10.10 | |||
ip link add $BRIDGE address $ADDR type dummy | |||
# Create a virtual bridge | |||
brctl addbr $BRIDGE | |||
brctl stp $BRIDGE on | |||
ip address add $IP_PREFIX.1/24 dev $BRIDGE broadcast $IP_PREFIX.255 | |||
# Implement NAT with iptables | |||
FN_NAT=/tmp/nat.rules | |||
cat <<EOS >$FN_NAT | |||
# This format is understood by iptables-restore. See `man iptables-restore`. | |||
*nat | |||
:PREROUTING ACCEPT [0:0] | |||
:OUTPUT ACCEPT [0:0] | |||
:POSTROUTING ACCEPT [0:0] | |||
# Do not masquerade to these reserved address blocks. | |||
-A POSTROUTING -s $IP_PREFIX.0/24 -d 224.0.0.0/24 -j RETURN | |||
-A POSTROUTING -s $IP_PREFIX.0/24 -d 255.255.255.255/32 -j RETURN | |||
# Masquerade all packets going from VMs to the LAN/Internet. | |||
-A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 | |||
-A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 | |||
-A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -j MASQUERADE | |||
COMMIT | |||
EOS | |||
FN_FILTER=/tmp/filter.rules | |||
cat <<EOS >$FN_FILTER | |||
# This format is understood by iptables-restore. See `man iptables-restore`. | |||
*filter | |||
:INPUT ACCEPT [0:0] | |||
:FORWARD ACCEPT [0:0] | |||
:OUTPUT ACCEPT [0:0] | |||
#... snipped ... | |||
# Allow established traffic to the private subnet. | |||
-A FORWARD -d $IP_PREFIX.0/24 -o $BRIDGE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |||
# Allow outbound traffic from the private subnet. | |||
-A FORWARD -s $IP_PREFIX.0/24 -i $BRIDGE -j ACCEPT | |||
# Allow traffic between virtual machines. | |||
-A FORWARD -i $BRIDGE -o $BRIDGE -j ACCEPT | |||
# Reject everything else. | |||
-A FORWARD -i $BRIDGE -j REJECT --reject-with icmp-port-unreachable | |||
-A FORWARD -o $BRIDGE -j REJECT --reject-with icmp-port-unreachable | |||
#... snipped ... | |||
COMMIT | |||
EOS | |||
</pre> | </pre> | ||
Aktuelle Version vom 14. Oktober 2019, 07:59 Uhr
Links[Bearbeiten]
- Befehl virsh:
- FirewallD
Links[Bearbeiten]
- virsh Referenz: https://libvirt.org/sources/virshcmdref/html-single
Beschreibung[Bearbeiten]
VirtManager ist eine Software, die die Verwaltung von virtuellen Maschinen (mittels KVM) mittels graphischer Oberfläche erlaubt.
Kommandos[Bearbeiten]
# show the guests: virsh list # Start the VM: virsh start alfa # stop the VM alfa virsh destroy alfa # Autostart festlegen / aufheben virsh autostart alfa [--disable] virsh net-list virsh net-dumpxml vmnet virt-install --name=alfa --vcpus=4 --memory=1024 --cdrom=/opt/iso/debian-10.1.0-amd64-netinst.iso --disk path=/media/vm-images/vm-alfa,size=20 --os-type=Linux --os-variant=debian8
Netzwerk aufbauen Host und VMs[Bearbeiten]
Problem wird [hier beschrieben]
NETNAME=vmnet
cat <<EOS >/tmp/$NETNAME.xml
<network>
<name>$NETNAME</name>
<ip address='10.10.10.1' netmask='255.255.255.0'>
<dhcp>
<range start='10.10.10.20' end='10.10.10.99' />
</dhcp>
</ip>
</network>
EOS
virsh net-define /tmp/$NETNAME.xml
virsh net-autostart $NETNAME
virsh net-start $NETNAME
# Alle Netze auflisten:
virsh net-list
#
# alle Namen der laufenden virtuellen Maschinen auflisten: virsh list # für alle Gäste: virsh edit $guestname
<interface type='network'> <source network='$NETNAME'/> <model type='virtio'/> <-- This line is optional. </interface>
DHCP konfigurieren[Bearbeiten]
virsh net-list virsh net-edit $NETWORK_NAME
* folgende Sequenz anpassen: <dhcp> <range start='10.10.10.10' end='10.10.10.99'/> <host mac='52:54:00:6c:3c:01' name='vm100' ip='10.10.10.100'/> <host mac='52:54:00:6c:3c:02' name='vm101' ip='10.10.10.101'/> </dhcp>
- die Änderungen stehen dann in /etc/libvirt/qemu/networks/$NETWORK_NAME.xml (wird generiert)
# DHCP-Dienst informieren (Änderungen aktivieren): killall -s SIGHUP dnsmasq # Wenn das nicht reicht: Achtung: alle VMs in diesem Netz werden offline, evt. Neustart notwendig virsh net-destroy $NETWORK_NAME virsh net-start $NETWORK_NAME
- im laufenden Betrieb hinzufügen,
# IP4: --parent-index 0
virsh net-update $NETWORK_NAME add-last ip-dhcp-host \
'<host mac="52:54:00:6f:78:f3" ip="10.10.10.101"/>' \
--live --config --parent-index 0
Diverses[Bearbeiten]
Spice-Zugriff auf VM[Bearbeiten]
- virsh edit alfa
<domain type='kvm'>
<name>fedora25</name>
<uuid>ae4e5582-492a-4292-8da2-48320a7816e6</uuid>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>2</vcpu>
<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'>
<listen type='address' address='0.0.0.0'/>
</graphics>
<sound model='ac97'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='32768' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
</domain>
NAT mit "Routed network"[Bearbeiten]
# MAC generieren: ADDR=$(hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom) 52:54:00:7e:27:af # Create a dummy network BRIDGE=virbr10 IP_PREFIX=10.10.10 ip link add $BRIDGE address $ADDR type dummy # Create a virtual bridge brctl addbr $BRIDGE brctl stp $BRIDGE on ip address add $IP_PREFIX.1/24 dev $BRIDGE broadcast $IP_PREFIX.255 # Implement NAT with iptables FN_NAT=/tmp/nat.rules cat <<EOS >$FN_NAT # This format is understood by iptables-restore. See `man iptables-restore`. *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # Do not masquerade to these reserved address blocks. -A POSTROUTING -s $IP_PREFIX.0/24 -d 224.0.0.0/24 -j RETURN -A POSTROUTING -s $IP_PREFIX.0/24 -d 255.255.255.255/32 -j RETURN # Masquerade all packets going from VMs to the LAN/Internet. -A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s $IP_PREFIX.0/24 ! -d $IP_PREFIX.0/24 -j MASQUERADE COMMIT EOS FN_FILTER=/tmp/filter.rules cat <<EOS >$FN_FILTER # This format is understood by iptables-restore. See `man iptables-restore`. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] #... snipped ... # Allow established traffic to the private subnet. -A FORWARD -d $IP_PREFIX.0/24 -o $BRIDGE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Allow outbound traffic from the private subnet. -A FORWARD -s $IP_PREFIX.0/24 -i $BRIDGE -j ACCEPT # Allow traffic between virtual machines. -A FORWARD -i $BRIDGE -o $BRIDGE -j ACCEPT # Reject everything else. -A FORWARD -i $BRIDGE -j REJECT --reject-with icmp-port-unreachable -A FORWARD -o $BRIDGE -j REJECT --reject-with icmp-port-unreachable #... snipped ... COMMIT EOS