pfSense VM qemu-guest-agent

eoinkim

Member
May 26, 2020
84
10
8
38
Hi all,

I am wondering if anyone found if there is a qemu-guest-agent package for pfSense. I can see there is a GitHub project for that but I am wondering if this has been already packaged instead of requiring compilation. Or, is it okay with running pfSense VM without the agent? Thanks a lot.

Eoin
 
hi,

it seems they're working on getting it ported to freebsd[0]

i also found this[1] but haven't tested it (i guess it's the same thing you found)

so it seems there's no official package at the moment.

[0]: https://redmine.pfsense.org/issues/9877
[1]: https://github.com/aborche/qemu-guest-agent
Hi Oguz,

Thanks for that. If pfSense VM is going to run without the agent, what would be disadvantages? Does that mean I cannot control power states of the VM from Proxmox GUI?

Eoin
 
it will run without the agent. power states can also be controlled if i remember correctly, via ACPI (check in the vm options)
 
Hi Oguz,

Thanks for that. If pfSense VM is going to run without the agent, what would be disadvantages? Does that mean I cannot control power states of the VM from Proxmox GUI?

Eoin
The reporting in the proxmox web UI isnt as accurate, no IP addresses as well, and to cite the Proxmox docs:

"To properly shutdown the guest, instead of relying on ACPI commands or windows policies"
and
"To freeze the guest file system when making a backup (on windows, use the volume shadow copy service VSS)."

https://pve.proxmox.com/wiki/Qemu-guest-agent#Introduction_-_What_is_qemu-guest-agent


The Red Hat docs go a little deeper:

"QEMU guest agent runs inside the guest and allows the host machine to issue commands to the guest operating system using libvirt, helping with functions such as freezing and thawing filesystems. The guest operating system then responds to those commands asynchronously."

"QEMU guest agent can be used to enable and disable virtual CPUs (vCPUs) while the guest is running, thus adjusting the number of vCPUs without using the hot plug and hot unplug features."

I also noticed the following:
"it is only safe to rely on the QEMU guest agent when run by trusted guests. An untrusted guest may maliciously ignore or abuse the guest agent protocol, and although built-in safeguards exist to prevent a denial of service attack on the host, the host requires guest co-operation for operations to run as expected."

I've noticed that as well, since guests can't be shutdown if the QEMU agent is enabled but not installed on the guest - which prevents the Proxmox host from shutting down.

https://access.redhat.com/documenta...nd_administration_guide/chap-qemu_guest_agent

The last note also got mentioned in the libvirt Wiki:

"QEMU Guest Agent
It is a daemon program running inside the domain which is supposed to help management applications with executing functions which need assistance of the guest OS. For example, freezing and thawing filesystems, entering suspend. However, guest agent (GA) is not bullet proof, and hostile guest OS can send spurious replies."

https://wiki.libvirt.org/page/Qemu_guest_agent


I didn't see a option to create an account on the Proxmox Wiki, how do I append this information @oguz ?
 
hi,

it seems they're working on getting it ported to freebsd[0]

i also found this[1] but haven't tested it (i guess it's the same thing you found)

so it seems there's no official package at the moment.

[0]: https://redmine.pfsense.org/issues/9877
[1]: https://github.com/aborche/qemu-guest-agent

@eoinkim and all

Looks like they just released it to the freebsd repository.

https://redmine.pfsense.org/issues/9877#note-3

It's a port:

https://svnweb.freebsd.org/ports/head/emulators/qemu-guest-agent/

Looks to be pure source, so needs compilation? I can't install develop utils on our pfSense to test, and I don't have a test pfSense to build at this time.

Maybe someone can make an official request on the pfSense/netgate forums for them to add this port?
 
I just ran those instructions and update my VM to enable the agent and still not getting any output after a reboot of the VM. Did this work for you?
 
you have to launch manually the service

service qemu-guest-agent start
 
Last edited:
A bit late but you can do this:

Install cron from the package manager and then make a crontab input
Code:
minute: @reboot
user: root
command: service qemu-guest-agent onestart
Works like a charm
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!