[SOLVED] How to verify the IP address of vm

[huky]

I want to associate vm with its IP addr，but there is some troubles：
I use openvswitch create bond, bridge and vlan

when I run "ip addr", I can see only the card name such as "tap100i0" but no the ip address:

    tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether 16:f2:bd:6d:fa:66 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::14f2:bdff:fe6d:fa66/64 scope link
       valid_lft forever preferred_lft forever

I try to use fping and mac address，but as above，the card is 'tap100i0' and it's mac address is '16:f2:bd:6d:fa:66'
but the mac address in qemu-server/100.conf is not the same string

net0: virtio=32:62:39:33:34:37,bridge=vmbr1,tag=63

at last, I login the guest vm to run 'ip addr', the mac address is correctly as qemu-server/100.conf

If I could not login guest vm, How to verify the IP address of vm in the proxmox .

 

[t.lamprecht]

when I run "ip addr", I can see only the card name such as "tap100i0" but no the ip address:

That's expected, we create a tap interface per VM, a VM acts like an independent "real" computer after all, so the network settings are made in the VM.

If I could not login guest vm, How to verify the IP address of vm in the proxmox .

You can allow a set of specific IPs for the VM, that way you ensure that it can use just those, practical if you provide VMs to third party and want them to behave.
If you are on one the latest Proxmox VE version see: https://PVE-IP:8006/pve-docs/chapter-pve-firewall.html#ipfilter-section
else also: https://pve.proxmox.com/wiki/Proxmox_VE_Firewall

I'd enabled the firewall in the Datacenter and the VMs respective interfaces and then generate an IPSet with the allowed IPs in the VM->Firewall Tab and apply that to the VM.

If you want to know the IP from outside you could use tcpdum on that interface and look which IP is in the respective source/target, e.g.:

tcpdump -i tap501i0 tcp

This would need the VM to send traffic, not the best option but quickest/easiest I can immagine for checking which traffic/IP comes actually from a VM.

 

[LnxBil]

Solving #532 could help very much with this problem.

I helped myself by adding the IP and DNS name in the description of the VM - in all VMs - so that it is easier to get "manage" with a lot of machines. I have it always in the second line and wrote some CLI tools to manage and retrieve this information.

 

[huky]

thnaks.
I use IP and application as name of vm, but some vm has two or more nic and ip. I want statistics.

I find a command 'arp-scan ' , it show all mac address and IP
and then 'egrep -i --color '(mac address)' /etc/pve/nodes/*/qemu-server/*.conf' to show vmid.conf and the net in it

arp-scan --interface=vlan50 192.168.10.0/24

root@node001:~# arp-scan --interface=vlan50 192.168.10.0/24
Interface: vlan50, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)

192.168.10.64    32:34:61:39:39:63    (Unknown)
192.168.10.69    3a:65:63:62:36:64    (Unknown)
192.168.10.71    de:8c:86:17:bb:e6    (Unknown)
192.168.10.72    ee:db:53:bc:2d:04    (Unknown)
192.168.10.73    ee:eb:92:1d:c4:ea    (Unknown)
192.168.10.74    66:65:64:30:39:35    (Unknown)
192.168.10.75    36:63:63:35:34:65    (Unknown)
192.168.10.81    62:32:36:61:38:62    (Unknown)
192.168.10.82    3a:36:62:63:33:34    (Unknown)
192.168.10.83    92:9b:2e:1c:c9:15    (Unknown)
192.168.10.94    a2:d8:80:14:6f:b4    (Unknown)



root@node001:~# egrep -i --color '(ee:eb:92:1d:c4:ea|62:32:36:61:38:62)' /etc/pve/nodes/*/qemu-server/*.conf
/etc/pve/nodes/node001/qemu-server/171.conf:net0: virtio=62:32:36:61:38:62,bridge=vmbr1,tag=50
/etc/pve/nodes/node005/qemu-server/168.conf:net0: virtio=EE:EB:92:1D:C4:EA,bridge=vmbr1,tag=50

now, I plan a scripts to filter the result

 

[huky]

there is a simple scripts

#coding=utf-8
#!/usr/bin/python

import re

#use 'arp-scan' and 'egrep' to create file about mac-ip and vms configure
#arp-scan --interface=vlan100 10.205.1.0/24 > vms.addr
#arp-scan --interface=vlan50 192.168.10.0/24 >> vms.addr
#egrep '(name|cores|sockets|memory|-disk-|net)' /etc/pve/nodes/*/qemu-server/*.conf > vms.conf

confList = "vms.conf"
addrList = "vms.addr"

#trun mac-ip file to a dictory with {'mac':'ip}
def mMac(fileName, aDic):
    readFile = open(fileName)
    for aLine in readFile.xreadlines():
        vmLine = re.split('/' , aLine)
        m = re.match(r'(\d{3}).conf:net[0-9]:\s+\w+=(((\w{2}:){5})\w{2})' , vmLine[6])
        if m:
            aDic.update({m.group(2) : m.group(1)})
            #print m.groups()
    return aDic

dicIpMac={}
mMac(confList, dicIpMac)

#get mac for configure and associate the IP and VMID in above dictory 
dicIdMac = {}
readAddr = open(addrList)
for addr in readAddr.xreadlines():
    m = re.match(r'((\d{1,3}.){3}\d{1,3})\s+((\w{2}:){5}\w{2})' , addr)
    if m:
        for mac in dicIpMac.keys():
            if m.group(3) == mac:
                if not dicIdMac.has_key(dicIpMac[mac]):
                    dicIdMac.update( {dicIpMac[mac] : m.group(1) } )
                else:
                    dicIdMac[dicIpMac[mac]] = dicIdMac[dicIpMac[mac]] + " " + m.group(1)

print dicIdMac
print dicIdMac['vmid']

 

[Petr]

Instead of dumping traffic or scanning network, one can install Qemu Guest Agent https://pve.proxmox.com/wiki/Qemu-guest-agent http://wiki.qemu.org/Features/GuestAgent. I guess it's more reliable and correct way. From PVE Host Agent can be requested through socket in /var/run/qemu-server. For instance:

# socat - UNIX-CONNECT:/var/run/qemu-server/8051.qga
{"execute": "guest-exec", "arguments": {"path": "ip", "arg": ["a"], "capture-output": true}}
{"return": {"pid": 1234}}
{"execute": "guest-exec-status", "arguments": {"pid": 1234}}

Last command will return output of "ip addr" in base64 encoding.
guest-exec doesn't work in Windows QEMU Agent currently.

 

[huky]

Instead of dumping traffic or scanning network, one can install Qemu Guest Agent https://pve.proxmox.com/wiki/Qemu-guest-agent http://wiki.qemu.org/Features/GuestAgent. I guess it's more reliable and correct way. From PVE Host Agent can be requested through socket in /var/run/qemu-server. For instance:

# socat - UNIX-CONNECT:/var/run/qemu-server/8051.qga
{"execute": "guest-exec", "arguments": {"path": "ip", "arg": ["a"], "capture-output": true}}
{"return": {"pid": 1234}}
{"execute": "guest-exec-status", "arguments": {"pid": 1234}}

Last command will return output of "ip addr" in base64 encoding.
guest-exec doesn't work in Windows QEMU Agent currently.

thanks, but the command hung on my node.

 

[Petr]

thanks, but the command hung on my node.

You need Guest Agent enabled and running. Check with 'qm agent <VMID> info'.
And of course "pid" must be replaced with return value of your "guest-exec" command.

This is part of my experimental script for populating VM notes with inventory information from OS. It outputs IP address given VM ID. (install jq package before running):

#!/bin/bash

# $1 == VMID
VMID=$1

pid=$( (echo -e '{"execute": "guest-exec", "arguments": {"path": "ip", "arg": ["-o", "-4", "addr", "show", "scope", "global"], "capture-output": true}}'; sleep 0.2 ) \
   | socat - UNIX-CONNECT:/run/qemu-server/$VMID.qga \
   | jq .return.pid )
addrs=$( (echo -e '{"execute": "guest-exec-status", "arguments": {"pid": '$pid'}}'; sleep 0.2 ) \
   | socat - UNIX-CONNECT:/run/qemu-server/$VMID.qga \
   | jq .return.\"out-data\" \
   | base64 -di \
   | awk '{print $4}' \
)
addrs=$( echo IP: $addrs )
echo $addrs

 

[team-alpeinsoft]

Hi!

For example:

#!/usr/bin/env bash

mac=$(qm config "$1" | awk '/net0/ { print tolower($2) }' | sed -r 's/virtio=(.*),.*/\1/g')
ip=$(arp-scan --interface=vmbr0 192.168.1.0/24 | grep "$mac" | awk '{print $1}')

echo $ip

But you need root permissions and install arp-scan.

Via API:
Install qemu agent and use :
HTTP: POST /api2/json/nodes/{node}/qemu/{vmid}/agent
CLI: pvesh create /nodes/{node}/qemu/{vmid}/agent

 

[LnxBil]

I'd really like to have an API call for this and do not have to rely on external tools that might work (consider cluster an environment).