Bug 805361
| Summary: | RFE: privnet should work well with lxc | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Min Zhan <mzhan> |
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.3 | CC: | acathrow, ajia, berrange, dallan, dyuan, lnovich, lsu, mzhan, rwu |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.10.0-0rc1.el6 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 07:09:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 842979 | ||
| Bug Blocks: | |||
In fact, this is in RHEL for a while (since libvirt-0.9.11-rc1). Hence moving to POST:
commit 10a8b1f9585d7414d6d3a2571fffc5d699c4576b
Author: Daniel P. Berrange <berrange>
AuthorDate: Wed Jan 18 11:38:49 2012 +0000
Commit: Daniel P. Berrange <berrange>
CommitDate: Thu Mar 15 17:00:39 2012 +0000
Add support for forcing a private network namespace for LXC guests
If no <interface> elements are included in an LXC guest XML
description, then the LXC guest will just see the host's
network interfaces. It is desirable to be able to hide the
host interfaces, without having to define any guest interfaces.
This patch introduces a new feature flag <privnet/> to allow
forcing of a private network namespace for LXC. In the future
I also anticipate that we will add <privuser/> to force a
private user ID namespace.
* src/conf/domain_conf.c, src/conf/domain_conf.h: Add support
for <privnet/> feature. Auto-set <privnet> if any <interface>
devices are defined
* src/lxc/lxc_container.c: Honour request for private network
namespace
Because there is another bug 842979 make the lxc can't start normally , so i just add the xml to a shut down lxc and it works . My question is that the steps is enough to verfiy the bug ? Or should we defer the bug until the lxc function works well. 1. #rpm -q libvirt libvirt-0.10.0-0rc1.el6.x86_64 #virsh -c lxc:/// virsh # list --all Id Name State ---------------------------------------------------- - lxc shut off 2. virsh # dumpxml lxc <domain type='lxc'> <name>lxc</name> <uuid>2a0c59a1-519b-3865-582b-5339f5e1b95d</uuid> <memory unit='KiB'>1048576</memory> <currentMemory unit='KiB'>1048576</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64'>exe</type> <init>/bin/sh</init> </os> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <interface type='network'> <mac address='00:16:3e:cb:17:2b'/> <source network='default'/> </interface> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> </domain> 3. add the <privnet/> feature virsh#dumpxml lxc <domain type='lxc'> <name>lxc</name> <uuid>2a0c59a1-519b-3865-582b-5339f5e1b95d</uuid> <memory unit='KiB'>1048576</memory> <currentMemory unit='KiB'>1048576</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64'>exe</type> <init>/bin/sh</init> </os> <features> <privnet/> <----success with no error </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <interface type='network'> <mac address='00:16:3e:cb:17:2b'/> <source network='default'/> </interface> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> </domain> No, I think we should verify this on a running lxc domain. (In reply to comment #7) > No, I think we should verify this on a running lxc domain. OK , i will verify this after the depends on's be fixed verified bug with the steps in comment6 since the depends bugs is fixed. Sorry for forgetting the pkg version libvirt-0.10.2-2.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0276.html |
Description of problem: From libvirt.org: privnet Always create a private network namespace. This is automatically set if any interface devices are defined. This feature is only relevant for container based virtualization drivers, such as LXC. But privnet does not work well with lxc Version-Release number of selected component (if applicable): libvirt-0.9.10-6.el6 How reproducible: Always Steps to Reproduce: 1. Make sure a good lxc guest # virsh --connect lxc:/// Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # list --all Id Name State ---------------------------------------------------- - lxc shut off virsh # dumpxml lxc <domain type='lxc'> <name>lxc</name> <uuid>2a0c59a1-519b-3865-582b-5339f5e1b95d</uuid> <memory unit='KiB'>1048576</memory> <currentMemory unit='KiB'>1048576</currentMemory> <vcpu>1</vcpu> <os> <type arch='x86_64'>exe</type> <init>/bin/sh</init> </os> <features> <pae/> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <interface type='network'> <mac address='00:16:3e:cb:17:2b'/> <source network='default'/> </interface> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> </domain> 2. Edit the guest, add the following to guest xml <features> <privnet/> </features> virsh # edit lxc error: internal error unexpected feature privnet Actual results: as above Expected results: It works well Additional info: ajia has found that Libvirt upstream has supported private network namespace for LXC guests, but related patches haven't been backported into RHEL.