fixed tap device

[diaolin]

Does anyone know wowto pass the ifname parameter into machine.conf???

I need to have always the same device for each VM

I mean a thing like this:

in the normal situation i have a command line generated by the proxmox admin

/usr/bin/kvm -monitor unix:/var/run/qemu-server/102.mon,server,nowait
-vnc unix:/var/run/qemu-server/102.vnc,password
-pidfile /var/run/qemu-server/102.pid
-daemonize
-usbdevice tablet
-name oltrefersina
-id 102
-cpuunits 1000
-tdf
-k en-us
-drive file=/var/lib/vz/images/102/vm-102-default.qcow2,if=ide,index=0,boot=on
-drive file=,if=ide,index=2,media=cdrom
-m 512
-net tap,vlan=0,script=/var/lib/qemu-server/bridge-vlan0
-net nic,vlan=0,model=e1000,macaddr=52:54:00:12:34:60

if i add ifname as parameter it creates the right tap

/usr/bin/kvm -monitor unix:/var/run/qemu-server/102.mon,server,nowait
-vnc unix:/var/run/qemu-server/102.vnc,password
-pidfile /var/run/qemu-server/102.pid
-daemonize
-usbdevice tablet
-name oltrefersina
-id 102
-cpuunits 1000
-tdf
-k en-us
-drive file=/var/lib/vz/images/102/vm-102-default.qcow2,if=ide,index=0,boot=on
-drive file=,if=ide,index=2,media=cdrom
-m 512
-net tap,vlan=0,ifname=tap9,script=/var/lib/qemu-server/bridge-vlan0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-net nic,vlan=0,model=e1000,macaddr=52:54:00:12:34:60

How can i add this parameter into conf file?

Tx, Diaolin

 

[dietmar]

Passing ifname is currently not implemented. Please can you tell me whats the reasoning behing that - why do you need it?

 

[dietmar]

Directly setting ifname would make it impossible to migrate VMs, because it can produce device name conflicts?

 

[diaolin]

ifname

Passing ifname is currently not implemented. Please can you tell me whats the reasoning behing that - why do you need it?

The reason is that i have the firewall on proxmox and i will that each machine
receives always the same tap.

Anyway done this:

ostype: l26
vlan0: e1000=52:54:00:12:34:61,rtl8139=B6:CF:60:BD:2B8,rtl8139=1E:BB:27:B3:9A:FE
tap0: tap9
^^^^^^^^^^^^^
memory: 512
onboot: 1
ide2: none,media=cdrom
name: Posta
ide0: vm-101-default.qcow2
bootdisk: ide0
smp: 4
vlan1: rtl8139=6E:62:F5:6C:73:85,e1000=52:EE:32:B4:05:90
tap1: tap13
^^^^^^^^^^^^^^^
scsi0: vm-101-disk.qcow2
ide1: vm-101-disk-1.qcow2


My solution is like this
adding foreach vlan? a tap? with the tap value

into QemuServer.pm
at line 1246
for (my $i = 0; $i < 10; $i++) {

if ($conf->{"vlan$i"} && (my $vlan = parse_vlan ($conf->{"vlan$i"}))) {

$foundnet = 1;
if ($conf->{"tap$i"}) {
push @$cmd, '-net', "tap,vlan=$i,ifname=".$conf->{"tap$i"}.",script=/var/lib/qemu-server/bridge-vlan$i";
} else {

push @$cmd, '-net', "tap,vlan=$i,script=/var/lib/qemu-server/bridge-vlan$i";
}
foreach my $nic (@{$vlan->{nics}}) {
push @$cmd, '-net', "nic,vlan=$i,model=$nic->{model},macaddr=$nic->{macaddr}";
}

}



This is only a manual addon but it can be useful assign the name directly from interface....

Ciao, Diaolin

 

[diaolin]

conflicts

Directly setting ifname would make it impossible to migrate VMs, because it can produce device name conflicts?

Why? If i use always the same taps?

Diaolin

 

[diaolin]

and....

Directly setting ifname would make it impossible to migrate VMs, because it can produce device name conflicts?

i i have a VM with name oltrefersina
i can add a
tap0: oltrefersina0
tap1: oltrefersina1

just changing line 1251 orf QemuServer.pm

push @$cmd, '-net', "tap,vlan=$i,ifname=".$vmname.$i.",script=/var/lib/qemu-server/bridge-vlan$i";

no changes on interface and no changes in conf
and it works

 

[dietmar]

Why? If i use always the same taps?
Diaolin

What if the device is already used by someone else?

 

[dietmar]

My plan wit firewall was that the setup is trigger in:

/var/lib/qemu-server/bridge-vlanXX

There you know the used tap device.

 

[diaolin]

already used?

What if the device is already used by someone else?

with my latest "patch"
it's impossible
the name of the machines are all unique

and you don't need to change anything in the code except the line 1251 of QemuServer.pm

push @$cmd, '-net', "tap,vlan=$i,ifname=".$vmname.$i.",script=/var/lib/qemu-server/bridge-vlan$i";

diaolin

 

[dietmar]

with my latest "patch"
it's impossible
the name of the machines are all unique

Any program is free to use and create tun/tap devices. So above is only true if nobody else uses tun/tap devices.

For many reasons, the firewall rules should be started in the network start script - I would really prefer that approach.

What firewall do you use?

- Dietmar

 

[dietmar]

Any program is free to use and create tun/tap devices. So above is only true if nobody else uses tun/tap devices.

ignore me, you are right - you can use unique names.

 

[dietmar]

push @$cmd, '-net', "tap,vlan=$i,ifname=".$vmname.$i.",script=/var/lib/qemu-server/bridge-vlan$i";

".$vmname.$i" is not unique, because 2 vms can have the same name.

What about using "vmtab$vmid.$i"?

 

[diaolin]

what????

".$vmname.$i" is not unique, because 2 vms can have the same name.

What about using "vmtab$vmid.$i"?

I use Shorewall for the proxmox...
yes can be but
ip sh addr
says vmtab1010 vmtab1011
as interfaces and i think that can be a problem
then better
.$vmid.$vmname.$i.

in this case i have even the vmnames in the intervaces

 

[diaolin]

".$vmname.$i" is not unique, because 2 vms can have the same name.

What about using "vmtab$vmid.$i"?

Better of all:
".$vmname.$vmid.$i."

i hope vmname could not contain spaces

What do you think about?



Diaolin

 

[dietmar]

Better of all:
".$vmname.$vmid.$i."

i hope vmname could not contain spaces

What do you think about?

It should not contain the name, because you can change that name dynamically (qm set XXX -name ABC)

 

[dietmar]

Well, seems tah '.' and ':' are special characters, so its best to avoid them:

"vmtab${vmid}i$i";

That generates names like: vmtab101i0 vmtab101i1 vmtab102i0

Would that for for you?

 

[diaolin]

Well, seems tah '.' and ':' are special characters, so its best to avoid them:

"vmtab${vmid}i$i";

That generates names like: vmtab101i0 vmtab101i1 vmtab102i0

Would that for for you?

more confortable

why not ${vmname}${vmtab}i$i

diaolin

 

[dietmar]

why not ${vmname}${vmtab}i$i

What is ${vmtab} ?

And I thought you want to use that name in your firewall config?

For example, you set up the firewall for a VM with name 'abc'. Then you create FW rules for interface 'abcXXXXX'.

Everything OK so far. But you can now change the name of the VM on the web interface. After that your FW is misconfigured, because the tap names changed.

- Dietmar

 

[dietmar]

I am curious. Would you mind to send me your shorewall configuration - just to get an idea on how you use/configure it (to dietmar@proxmox.com)

- Dietmar

 

[diaolin]

What is ${vmtab} ?

And I thought you want to use that name in your firewall config?

For example, you set up the firewall for a VM with name 'abc'. Then you create FW rules for interface 'abcXXXXX'.

Everything OK so far. But you can now change the name of the VM on the web interface. After that your FW is misconfigured, because the tap names changed.

- Dietmar

Perfect, this is great.

For me if you change the QemuServer in this manner is ok.

I will help you with the firewall.
If possible i can post what i intend do with shorewall and a simple
templates system. I will not touch the interface, i'm not a good
programmer. Can we speak about this?

Diaolin