Web lists-archives.com

Re: Create virtual ethernet devices on Debian 9 stretch ?




	Hi.

On Mon, Aug 28, 2017 at 02:52:48PM +1000, Zenaan Harkness wrote:
> "Right now" my aim is to run virt-manager or qemu, with kvm
> underneath, with a host-only virtual network to which I shall connect
> two virtual machines, and the host machine, and run some nfs or samba
> thing to share folders between all 3.

This is doable. Not 'simple' as libvirt (the thing underneath
virt-manager) is trying to do too much at once, but 'doable'. 


> My requisite is to have a sense of full control over my virtual
> networking - this means setup and tear down primarily via
> /etc/network/interfaces unless some other mechanism were more highly
> recommended
> - this means not relying on say the virt-manager gui

In e/n/i lingua you need something like this (bridge-utils package is
required):

auto br0
iface br0 inet static
	address …
	netmask …
	bridge_ports regex vnet[0-9]+
	bridge_stp off
	bridge_maxwait 0

Meaning that:

1) You setup a conventional Linux brigde interface which *must* include
libvirt-created network interfaces only (provided they exist on upping
the bridge).

2) Said bridge is configured with static IP address for simplicity.

3) The bridge has STP disabled as it's highly unlikely you'll need to
connect two such bridges on two hosts.

4) Finally, there's no need to wait for slave interfaces to appear in
such bridge.

What you *do not* need to do when using libvirt is to muck with iptables
(host-only network does not require it) or create tap/tun interfaces
manually. You only need to explain each 'virtual domain' (aka 'virtual
machine') that they should use br0 as a 'bridge' interface, not a
'network' one.


> However, I'd also like to learn how to use the virt-manager gui to
> create a single "host-only virtual network" instance for a virtual
> machine (or two :)

You'll need to feed libvirt XML that's similar to the following (note
that 'forward' is absent), which I took directly from
libvirt-daemon-system package:

<network>
  <name>default</name>
  <bridge name="virbr0"/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254"/>
    </dhcp>
  </ip>
</network>

Not only libvirt will create a bridge called virbr0, but it also will
start dnsmasq on it (to serve DNS and DHCP requests) and it will throw
in some iptables rules on the top of heap.

While I can easily write how to feed such XML to libvirt by virsh, I'm
feeling difficulty to describe which buttons should be pressed in
virt-manager to achieve the same result ☺.
It should be straightforward and userfriendly, at least that's what
upstream is promising us.


> Here are the examples/ snippets I've gleaned in the last few months:
> 
> ## temporary ssh vpn:
> iface tun0 inet static
> …

Unsuitable for host-only network, neat idea though


> # Simple case; man bridge-utils-interfaces(5)
> # Bridge interface to make VMs bridge to specific networks
> auto br0
> iface br0 inet dhcp
> …

See above.


> # Not so simple; virtual switch with host as gateway
> # See http://debian-handbook.info/browse/stable/sect.virtualization.html
> # Virtual interface
> auto tap0
> iface tap0 inet manual
>   vde2-switch -t tap0
> …

libvirt did not support vde2 last time I checked.


> # Bridge for containers
> auto br0
> iface br0 inet static
>   bridge-ports tap0
>   address 10.0.0.1
>   netmask 255.255.255.0
> …

Almost hit it, but libvirt likes to call network interfaces 'vnet' not
'tap'.


> # See http://wiki.debian.org/QEMU#Host_and_guests_on_same_network
> auto br0
> iface br0 inet dhcp
>    pre-up ip tuntap add dev tap0 mode tap user <username>
> …

Neat, but redundant with libvirt.


> # qemu/kvm host only or private/ internal network:
> #  - it's a form of "bridge" network - apt-get install bridge-utils
> #  - ho0 is the (random) name chosen for this bridge device,
> #    e.g. "hostonly0" might be a better memory jog
> #  - 10.13.13.1 is the (random) host address for this network
> auto ho0
> iface ho0 inet static
>    address     10.13.13.1
>    netmask     255.255.255.0
>    pre-up      brctl addbr ho0
>    post-down   brctl delbr ho0

Ditto.

Reco