-
-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve networking options for libvirtd target #2
Conversation
An update of NixOS/nixops#922 - Replaced `deployment.libvirtd.networks` option with a submodule to allow not only (libvirt) network names, but other networking types as well. - Domain XML was adjusted accordingly to incorporate the parameters from the new `networks` submodule. - Added the qemu guest agent to guests to allow for out-of-band communication (no need for network connectivity) with the hypervisor. - Guest IP (for provisioning after guest has started) is no longer determined by waiting for the guest to get a DHCP lease in the hypervisor libvirt network. If the guest has a static IP, it won't ask for a DHCP lease. Also, for bridged networking, we probably will not have access to the DHCP server. - Instead, the address of the first interface is retrieved from libvirt using the `VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT` method, which can now be done because of the newly added qemu guest agent.
so nix-copy-closure was stuck at
while opening wireshark, I saw the MTU was at 9000 for the libvirtd bridge. (I think TCP_NODELAY might be set, ) and found the related issue NixOS/nix#1988 . I changed the bridge mtu to 1400 and it fixed it. I wonder if that's a kernel issue or something else. |
Already part of the batteries in python3. Useful to distinguish between local/private ips etc.
This seems to break existing deployments ?
Also there is debug statements left and many commented lines, can you make sure to remove those ? |
In order to be backwards compatible, I could check for both values of https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainInterfaceAddressesSource, e.g., to search for IPs seen by the libvirt router or by the agent. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall I like this. I would like to extend the networking configuration more (allowing setting VLAN tags in the interface XML, etc). Adding those changes will be simpler after this is merged.
<group>100</group> | ||
<mode>0744</mode> | ||
<label>virt_image_t</label> | ||
</permissions> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs to be fixed before merge. Is there an upstream libvirt bug about the mismatch in docs and reality mentioned in the comment above?
Explicitly specifying owner, group and SELinux label will break many setups, including mine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it might have become unnecessary with the other PR merged today. I will look into it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so if I understand the doc correctly, the pool is created with the permission of the folder but the volums are created by default with the user/group that libvirtd is running as. Seems like the libvirtd service is running as root without any nix option to change it so this looks a bit more complex than I have time for (for now) so feel free to look into it.
Follow up of NixOS/nixops#922.
The use of qemu-agent and some more configurability for libvirt scenarios
I suppose the ipaddress dependency could be dropped of but:
The only thing I don't understand is why the first deploy fails without:
networking.networkmanager.enable = true;
(nixops ssh seems to work fine, just the
nix-copy-closure
fails )