[Top Page][Edit History][All Pages][Recent Changes][->Japanese]

KVM:trial:bridge:log

KVM > Trial > Bridge KVM Bridged Network setup

You can add a bridged network on top of Ubuntu's standard KVM installation, written in KVM:trial:log.



info

Follogins are done following Atasa's Guide (the part for bridged networking) : basedon above "Commnity Doc."


Creating a bridged network

This setting is independent to KVM

setting

  • backup old config
    setu@osho:~$ sudo cp /etc/network/interfaces /etc/network/interfaces-2011-1012
    
  • old contents of network config
    setu@osho:~$ cat /etc/network/interfaces
    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    # The loopback network interface
    auto lo
    iface lo inet loopback
    
    # The primary network interface
    auto eth0
    #iface eth0 inet dhcp
    
  • add bridged network as br0 (replaces eth0)
    • sudo -s
      cat >>/etc/network/interfaces <<EOF
      
      auto br0
       iface br0 inet dhcp
       bridge_ports eth0
       bridge_stp off
       bridge_fd 0
       bridge_maxwait 0
      
      EOF
      
    • LOG:
      setu@osho:~$ sudo -s
      root@osho:~# cat >>/etc/network/interfaces
      
      auto br0
       iface br0 inet dhcp
       bridge_ports eth0
       bridge_stp off
       bridge_fd 0
       bridge_maxwait 0
      root@osho:~# exit
      
  • contents of new network config.
    setu@osho:~$ cat /etc/network/interfaces
    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    # The loopback network interface
    auto lo
    iface lo inet loopback
    
    # The primary network interface
    auto eth0
    #iface eth0 inet dhcp
    
    auto br0
     iface br0 inet dhcp
     bridge_ports eth0
     bridge_stp off
     bridge_fd 0
     bridge_maxwait 0
    
  • restart networking with briged network
    setu@osho:~$ sudo service networking --full-restart
     * Deconfiguring network interfaces...                                   [ OK ] 
    Rather than invoking init scripts through /etc/init.d, use the service(8)
    utility, e.g. service networking start
    
    Since the script you are attempting to invoke has been converted to an
    Upstart job, you may also use the start(8) utility, e.g. start networking
    networking stop/waiting
    
  • I did not do this: but above restarting has error. but it was working.
    ## Not quite sure if i have to also do
    $ invoke-rc.d networking stop
    ## if yes then need to relogin from ssh
    

Checking

  • check if normal networking is still working by pinging gateway, and internet.
    setu@osho:~$ ping gw
    PING gw.s.ohah.net (192.168.1.254) 56(84) bytes of data.
    64 bytes from gw.s.ohah.net (192.168.1.254): icmp_req=1 ttl=255 time=0.823 ms
    64 bytes from gw.s.ohah.net (192.168.1.254): icmp_req=2 ttl=255 time=0.731 ms
    64 bytes from gw.s.ohah.net (192.168.1.254): icmp_req=3 ttl=255 time=0.765 ms
    ^C
    --- gw.s.ohah.net ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2000ms
    rtt min/avg/max/mdev = 0.731/0.773/0.823/0.037 ms
    
  • new network interface configrations:
    setu@osho:~$ sudo ifconfig 
    br0       Link encap:Ethernet  HWaddr b8:ac:6f:59:ee:cc  
              inet addr:192.168.1.152  Bcast:192.168.1.255  Mask:255.255.255.0
              inet6 addr: fe80::baac:6fff:fe59:eecc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:129 errors:0 dropped:0 overruns:0 frame:0
              TX packets:548 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:16376 (16.3 KB)  TX bytes:48285 (48.2 KB)
    
    eth0      Link encap:Ethernet  HWaddr b8:ac:6f:59:ee:cc  
              inet6 addr: fe80::baac:6fff:fe59:eecc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:200094 errors:0 dropped:0 overruns:0 frame:0
              TX packets:197743 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:107081282 (107.0 MB)  TX bytes:49193494 (49.1 MB)
              Interrupt:17 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:4921 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4921 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:171091 (171.0 KB)  TX bytes:171091 (171.0 KB)
    
    virbr0    Link encap:Ethernet  HWaddr 3e:da:f4:56:3c:05  
              inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:441 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:0 (0.0 B)  TX bytes:24427 (24.4 KB)
    
    setu@osho:~$ 
    
  • route. It replaced by br0 where eth0 was.
    setu@osho:~$ sudo route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.1.0     *               255.255.255.0   U     0      0        0 br0
    192.168.122.0   *               255.255.255.0   U     0      0        0 virbr0
    link-local      *               255.255.0.0     U     1000   0        0 br0
    default         gw.s.ohah.net   0.0.0.0         UG    100    0        0 br0
    setu@osho:~$ 
    
  • check it ping KVM's normal network, router of virtual private network.
    setu@osho:~$ ping 192.168.122.1
    PING 192.168.122.1 (192.168.122.1) 56(84) bytes of data.
    64 bytes from 192.168.122.1: icmp_req=1 ttl=64 time=0.068 ms
    64 bytes from 192.168.122.1: icmp_req=2 ttl=64 time=0.052 ms
    64 bytes from 192.168.122.1: icmp_req=3 ttl=64 time=0.048 ms
    ^C
    --- 192.168.122.1 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2000ms
    rtt min/avg/max/mdev = 0.048/0.056/0.068/0.008 ms
    setu@osho:~$ 
    

check if standard KVM is still working.

  • starting normal vm (in virtual private network)
    setu@osho:~$ virsh ubuntu start
    error: unknown command: 'ubuntu'
    setu@osho:~$ virsh start ubuntu
    Domain ubuntu started
    
  • you can connect via vnc by
    • vncviewer localhost:5901
  • ssh to vm
    setu@osho:~$ ssh ubuntu@192.168.122.117
    ubuntu@192.168.122.117's password: 
    Linux ubuntu 2.6.32-34-generic-pae #77-Ubuntu SMP Tue Sep 13 21:16:18 UTC 2011 i686 GNU/Linux
    Ubuntu 10.04.3 LTS
    
    Welcome to Ubuntu!
     * Documentation:  https://help.ubuntu.com/
    Last login: Tue Oct 11 20:20:30 2011
    ubuntu@ubuntu:~$ 
    
  • check it can ping to gw
    ubuntu@ubuntu:~$ ping gw
    PING gw (192.168.1.254) 56(84) bytes of data.
    64 bytes from gw.s.ohah.net (192.168.1.254): icmp_seq=1 ttl=254 time=1.14 ms
    64 bytes from gw.s.ohah.net (192.168.1.254): icmp_seq=2 ttl=254 time=1.57 ms
    64 bytes from gw.s.ohah.net (192.168.1.254): icmp_seq=3 ttl=254 time=4.96 ms
    64 bytes from gw.s.ohah.net (192.168.1.254): icmp_seq=4 ttl=254 time=1.56 ms
    ^C
    --- gw ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3006ms
    rtt min/avg/max/mdev = 1.145/2.310/4.965/1.543 ms
    
  • stop vm on private network.
    ubuntu@ubuntu:~$ 
    setu@osho:~$ virsh suspend ubuntu
    Domain ubuntu suspended
    
    setu@osho:~$ virsh list --all    
     Id Name                 State
    ----------------------------------
      1 ubuntu               paused
    setu@osho:~$ ping 192.168.122.117
    PING 192.168.122.117 (192.168.122.117) 56(84) bytes of data.
    ^C
    --- 192.168.122.117 ping statistics ---
    3 packets transmitted, 0 received, 100% packet loss, time 2007ms
    

Create new vm on the bridged network

setu@osho:~/kvm$ sudo vmbuilder kvm ubuntu --suite=lucid --flavour=virtual --arch=i386 -o --libvirt=qemu:///system --hostname=vm1 --bridge=br0
[sudo] password for setu: 
2011-10-12 11:33:44,920 INFO    : Calling hook: preflight_check
2011-10-12 11:33:44,961 INFO    : Calling hook: set_defaults
2011-10-12 11:33:44,962 INFO    : Calling hook: bootstrap
2011-10-12 11:49:52,220 INFO    : Calling hook: configure_os
2011-10-12 11:52:29,108 INFO    : 
2011-10-12 11:52:29,108 INFO    : Current default time zone: 'Etc/UTC'
2011-10-12 11:52:29,110 INFO    : Local time is now:      Wed Oct 12 06:22:29 UTC 2011.
2011-10-12 11:52:29,110 INFO    : Universal Time is now:  Wed Oct 12 06:22:29 UTC 2011.
2011-10-12 11:52:29,111 INFO    : 
Extracting templates from packages: 100%
2011-10-12 11:54:41,816 INFO    : 
2011-10-12 11:54:41,816 INFO    : Current default time zone: 'Etc/UTC'
2011-10-12 11:54:41,818 INFO    : Local time is now:      Wed Oct 12 06:24:41 UTC 2011.
2011-10-12 11:54:41,819 INFO    : Universal Time is now:  Wed Oct 12 06:24:41 UTC 2011.
2011-10-12 11:54:41,819 INFO    : Run 'dpkg-reconfigure tzdata' if you wish to change it.
2011-10-12 11:54:41,819 INFO    : 
2011-10-12 11:55:42,349 INFO    : Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate brasil.gov.br.pem
2011-10-12 11:55:42,356 INFO    : 0 added, 1 removed; done.
2011-10-12 11:55:42,357 INFO    : Running hooks in /etc/ca-certificates/update.d....done.
2011-10-12 11:55:49,728 INFO    : restart: Unknown instance: 
2011-10-12 11:55:50,483 INFO    : start: Unknown parameter: JOB
2011-10-12 11:55:52,908 INFO    : Calling hook: post_install
2011-10-12 11:55:52,909 INFO    : Cleaning up
2011-10-12 11:55:52,910 INFO    : Calling hook: preflight_check
2011-10-12 11:55:54,508 INFO    : Calling hook: configure_networking
2011-10-12 11:55:54,534 INFO    : Calling hook: configure_mounting
2011-10-12 11:55:54,554 INFO    : Calling hook: mount_partitions
2011-10-12 11:55:54,554 INFO    : Mounting target filesystems
2011-10-12 11:55:54,555 INFO    : Creating disk image: "/tmp/tmp9WyBEg" of size: 5120MB
2011-10-12 11:55:54,576 INFO    : Adding partition table to disk image: /tmp/tmp9WyBEg
2011-10-12 11:55:54,762 INFO    : Adding type 4 partition to disk image: /tmp/tmp9WyBEg
2011-10-12 11:55:54,763 INFO    : Partition at beginning of disk - reserving first cylinder
2011-10-12 11:55:54,815 INFO    : Adding type 3 partition to disk image: /tmp/tmp9WyBEg
2011-10-12 11:55:54,822 INFO    : [0] ../../libparted/filesys.c:148 (ped_file_system_type_get): File system alias linux-swap(new) is deprecated
2011-10-12 11:55:54,865 INFO    : Creating loop devices corresponding to the created partitions
2011-10-12 11:55:54,885 INFO    : Creating file systems
2011-10-12 11:55:54,949 INFO    : mke2fs 1.41.14 (22-Dec-2010)
2011-10-12 11:55:56,227 INFO    : mkswap: /dev/mapper/loop0p2: warning: don't erase bootbits sectors
2011-10-12 11:55:56,228 INFO    :         on whole disk. Use -f to force.
2011-10-12 11:56:06,305 INFO    : Calling hook: install_bootloader
2011-10-12 11:56:29,969 INFO    : Searching for GRUB installation directory ... found: /boot/grub
2011-10-12 11:56:30,229 INFO    : Searching for default file ... Generating /boot/grub/default file and setting the default boot entry to 0
2011-10-12 11:56:30,231 INFO    : Searching for GRUB installation directory ... found: /boot/grub
2011-10-12 11:56:30,241 INFO    : Testing for an existing GRUB menu.lst file ... 
2011-10-12 11:56:30,241 INFO    : 
2011-10-12 11:56:30,242 INFO    : Could not find /boot/grub/menu.lst file. 
2011-10-12 11:56:30,242 INFO    : Generating /boot/grub/menu.lst
2011-10-12 11:56:30,347 INFO    : Searching for splash image ... none found, skipping ...
2011-10-12 11:56:30,653 INFO    : grep: /boot/config*: No such file or directory
2011-10-12 11:56:30,772 INFO    : Updating /boot/grub/menu.lst ... done
2011-10-12 11:56:30,772 INFO    : 
2011-10-12 11:56:31,098 INFO    : Searching for GRUB installation directory ... found: /boot/grub
2011-10-12 11:56:31,164 INFO    : Searching for default file ... found: /boot/grub/default
2011-10-12 11:56:31,174 INFO    : Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
2011-10-12 11:56:31,333 INFO    : Searching for splash image ... none found, skipping ...
2011-10-12 11:56:31,361 INFO    : grep: /boot/config*: No such file or directory
2011-10-12 11:56:31,439 INFO    : Updating /boot/grub/menu.lst ... done
2011-10-12 11:56:31,439 INFO    : 
2011-10-12 11:56:31,593 INFO    : Searching for GRUB installation directory ... found: /boot/grub
2011-10-12 11:56:31,618 INFO    : Calling hook: install_kernel
2011-10-12 11:59:39,955 INFO    : Done.
2011-10-12 11:59:44,982 INFO    : Running depmod.
2011-10-12 11:59:45,100 INFO    : update-initramfs: Generating /boot/initrd.img-2.6.32-34-generic-pae
2011-10-12 11:59:47,259 INFO    : Running postinst hook script /usr/sbin/update-grub.
2011-10-12 11:59:47,375 INFO    : Searching for GRUB installation directory ... found: /boot/grub
2011-10-12 11:59:47,419 INFO    : Searching for default file ... found: /boot/grub/default
2011-10-12 11:59:47,424 INFO    : Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
2011-10-12 11:59:47,514 INFO    : Searching for splash image ... none found, skipping ...
2011-10-12 11:59:47,548 INFO    : Found kernel: /boot/vmlinuz-2.6.32-34-generic-pae
2011-10-12 11:59:47,639 INFO    : Replacing config file /var/run/grub/menu.lst with new version
2011-10-12 11:59:47,658 INFO    : Updating /boot/grub/menu.lst ... done
2011-10-12 11:59:47,658 INFO    : 
2011-10-12 11:59:48,591 INFO    : Calling hook: unmount_partitions
2011-10-12 11:59:48,591 INFO    : Unmounting target filesystem
2011-10-12 11:59:52,825 INFO    : Calling hook: convert
2011-10-12 11:59:52,827 INFO    : Converting /tmp/tmp9WyBEg to qcow2, format ubuntu-kvm/tmp9WyBEg.qcow2
2011-10-12 12:00:11,159 INFO    : Calling hook: fix_ownership
2011-10-12 12:00:11,161 INFO    : Calling hook: deploy
setu@osho:~/kvm$ 

Test as user (It can ping inside of gateway, but not outside)

  • starting vm then connect to console by vnc
    setu@osho:~/kvm$ virsh start vm1; vncviewer localhost:5901
    ドメイン vm1 が起動されました
    
    Connected to RFB server, using protocol version 3.8
    No authentication needed
    Authentication successful
    Desktop name "QEMU (vm1)"
    VNC server default format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Using default colormap which is TrueColor.  Pixel format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Same machine: preferring raw encoding
    Rect too large: 640x480 at (0, 0)
    
  • vnc disconnected after bootup.
  • connect again
    setu@osho:~/kvm$ vncviewer localhost:5901
    Connected to RFB server, using protocol version 3.8
    No authentication needed
    Authentication successful
    Desktop name "QEMU (vm1)"
    VNC server default format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Using default colormap which is TrueColor.  Pixel format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Same machine: preferring raw encoding
    vncviewer: VNC server closed connection
    
  • It was pinging to my local network and gateway.
  • But it does not ping to the internet.
    • It needs certain priviledge for it.

Test as root (It can ping Internet via gateway)

  • Simply, I tried to boot again as root with "sudo" after shutdown vm1.
    setu@osho:~/kvm$ sudo virsh start vm1; vncviewer localhost:5901
    [sudo] password for setu: 
    ドメイン vm1 が起動されました
    
    Connected to RFB server, using protocol version 3.8
    No authentication needed
    Authentication successful
    Desktop name "QEMU (vm1)"
    VNC server default format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Using default colormap which is TrueColor.  Pixel format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Same machine: preferring raw encoding
    vncviewer: VNC server closed connection
    setu@osho:~/kvm$ 
    
  • This time, it did not disconnect vns after bootup.
  • I have confirmed it can ping to Internet. :)

Give special networking priviledge to kvm programs.

Install the Linux capabilities tools This is to give special permission to the program.

setu@osho:~$ sudo aptitude install libcap2-bin
[sudo] password for setu: 
以下の新規パッケージがインストールされます:
  libcap2-bin 
0 個のパッケージを更新、 1 個を新たにインストール、 0 個を削除予定、6 個が更新されていない。
23.2 kB のアーカイブを取得する必要があります。 展開後に 168 kB のディスク領域が新たに消費されます。
取得:1 http://jp.archive.ubuntu.com/ubuntu/ natty/universe libcap2-bin amd64 1:2.20-1 [23.2 kB]
23.2 kB を 0秒 秒でダウンロードしました (24.9 kB/s)
未選択パッケージ libcap2-bin を選択しています。
(データベースを読み込んでいます ... 現在 437566 個のファイルとディレクトリがインストールされています。)
(.../libcap2-bin_1%3a2.20-1_amd64.deb から) libcap2-bin を展開しています...
man-db のトリガを処理しています ...
libcap2-bin (1:2.20-1) を設定しています ...
                                         
setu@osho:~$ 

  • Give qemu the inheritable CAP_NET_ADMIN capability, for 32-bit: sudo setcap cap_net_admin=ei /usr/bin/qemu
    setu@osho:~$ sudo setcap cap_net_admin=ei /usr/bin/qemu             
    setu@osho:~$ 
    
  • Give qemu the inheritable CAP_NET_ADMIN capability, for 64-bit: sudo setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64
    setu@osho:~$ sudo setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64
    setu@osho:~$ 
    

Test as normal user: vm on the bridge can ping Internet

  • run vm on the bridge
    setu@osho:~$ virsh list --all
     Id Name                 State
    ----------------------------------
      - ubuntu               shut off
      - vm1                  shut off
    
    setu@osho:~$ virsh start vm1;vncviewer localhost:5901
    Domain vm1 started
    Connected to RFB server, using protocol version 3.8
    No authentication needed
    Authentication successful
    Desktop name "QEMU (vm1)"
    VNC server default format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Using default colormap which is TrueColor.  Pixel format:
      32 bits per pixel.
      Least significant byte first in each pixel.
      True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    Same machine: preferring raw encoding
    
  • I have confirmed from vnc: It can ping Internet.
  • '''I did not do this. This is written in KVM/Networking > Assign CAP_NET_ADMIN Capability.
  • Allow specific users to gain the inheritable CAP_NET_ADMIN capability by editing /etc/security/capability.conf: cap_net_admin USER-NAME-HERE
  • Configuring ubuntu-vm-builder to create bridged guests by default

ToDo

IP Aliases

This look interesting for our server in ISP.