OK, I do not like control group very much for now.
Comment device section in control group config, sorry for my laziness…
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
# devices = /cgroup/devices;
freezer = /cgroup/freezer;
# net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
Enable ip forward
net.ipv4.ip_forward = 1
Reboot the host
Connect to virsh to enable libvirt’s default virbr0(NAT)
If you don’t know the password for your account, just use command below to create one.
# saslpasswd2 -a libvirt root
Create a nat network.
nat b42e377d-e849-4c36-bd98-3d090def5ecc
# virsh net-create /etc/libvirt/qemu/networks/nat.xml # virsh net-autostart nat # virsh net-start nat
Create tun device and add it to virbr0
UPDATE: This could be ignored if you use extnet.py
# tunctl -t nat0 -u qemu # brctl addif virbr1 nat0
Add hook file to vdsm
UPDATE: use extnet from github with a little modification (Only the first vNIC will be NAT, the second one still keeps its way).
#!/usr/bin/python
import os
import sys
import traceback
import xml.dom
import hooking
def replaceSource(interface, newnet):
source, = interface.getElementsByTagName('source')
source.removeAttribute('bridge')
source.setAttribute('network', newnet)
interface.setAttribute('type', 'network')
def main():
params = "default"
os.environ.__setitem__("extnet",params)
newnet = os.environ.get('extnet')
if newnet is not None:
doc = hooking.read_domxml()
interface = doc.getElementsByTagName('interface')[0]
replaceSource(interface, newnet)
hooking.write_domxml(doc)
def test():
interface = xml.dom.minidom.parseString("""
""").getElementsByTagName('interface')[0]
print "Interface before forcing network: %s" % \
interface.toxml(encoding='UTF-8')
replaceSource(interface, 'yipee')
print "Interface after forcing network: %s" % \
interface.toxml(encoding='UTF-8')
if __name__ == '__main__':
try:
if '--test' in sys.argv:
test()
else:
main()
except:
hooking.exit_hook('extnet hook: [unexpected error]: %s\n' %
traceback.format_exc())
QEMU-CMD way:
import os
import sys
import hooking
import traceback
import json
import shutil
def addQemuNs(domXML):
domain = domXML.getElementsByTagName('domain')[0]
domain.setAttribute('xmlns:qemu',
'http://libvirt.org/schemas/domain/qemu/1.0')
def injectQemuCmdLine(domXML, qc):
domain = domXML.getElementsByTagName('domain')[0]
qctag = domXML.createElement('qemu:commandline')
for cmd in qc:
qatag = domXML.createElement('qemu:arg')
qatag.setAttribute('value', cmd)
qctag.appendChild(qatag)
domain.appendChild(qctag)
domxml = hooking.read_domxml()
# Get vm uuid, just in case
cur_vm_uuid = domxml.getElementsByTagName('uuid')[0].firstChild.nodeValue
macaddr = "94:de:80:ea:30:f5"
natname = "nat0"
params = '["-netdev","tap,ifname=%s,script=no,id=hostnet0,downscript=no","-device","virtio-net-pci,mac=%s,netdev=hostnet0,bus=pci.0,addr=0x10"]' % (natname, macaddr)
os.environ.__setitem__("qemu_cmdline",params)
# Modify Qemu Parameter
if 'qemu_cmdline' in os.environ:
try:
domxml = hooking.read_domxml()
qemu_cmdline = json.loads(os.environ['qemu_cmdline'])
addQemuNs(domxml)
injectQemuCmdLine(domxml, qemu_cmdline)
hooking.write_domxml(domxml)
except:
sys.stderr.write('qemu_cmdline: [unexpected error]: %s\n'
% traceback.format_exc())
sys.exit(2)
Then you should start the vm WITHOUT ANY NIC if you are using nat.py.