[solved] libvirt guest vnc or spice ports closed

[Messire]

Hi folks!

I have a strange problem. I'm can't open new guest (just started by virt-install) in vnc or spice client. Telnet says that autoport 5900 is closed at each attempt with --graphics spice,listen=0.0.0.0 and with --graphics vnc,listen=0.0.0.0,keymap=ru,password=1234, but icmp is working at guest i can ping it.
Network is bridge through br>tap>second eth card. It was worked 2 years ago and after long delay can't repeat this approch because this strange problem.
--network=bridge:br1,model=virtio \

Code: Select all

virt-install --connect qemu:///system --name ds1-local1 --ram 4096 --arch=x86_64 \
--vcpus=1 --cpu host --check-cpu  --virt-type kvm \
--os-type=linux --os-variant=ubuntu18.04 --boot cdrom,hd,menu=on \
--disk vol=nvme-pool/ds1-local1,bus=virtio,cache=none \
--network=bridge:br1,model=virtio \
--graphics spice,listen=0.0.0.0 \
--noautoconsole --watchdog default,action=reset --virt-type=kvm \
--accelerate --hvm --autostart --boot=cdrom,hd,menu=on --disk /var/lib/libvirt/qemu/ubuntu-18.04.5-live-server-amd64.iso,device=cdrom \

Code: Select all

HOST ~ # ./install_ubuntu.sh 

Starting install...
Domain creation completed.

Ping and telnet of guest

Code: Select all

ping  192.168.7.16

Обмен пакетами с 192.168.7.16 по с 32 байтами данных:
Ответ от 192.168.7.16: число байт=32 время=1мс TTL=63
Ответ от 192.168.7.16: число байт=32 время=2мс TTL=63
Ответ от 192.168.7.16: число байт=32 время=2мс TTL=63
Ответ от 192.168.7.16: число байт=32 время=2мс TTL=63

Статистика Ping для 192.168.7.16:
    Пакетов: отправлено = 4, получено = 4, потеряно = 0
    (0% потерь)
Приблизительное время приема-передачи в мс:
    Минимальное = 1мсек, Максимальное = 2 мсек, Среднее = 1 мсек


virsh vncdisplay  ds1-local1
:0


telnet 192.168.7.16 5900


Connecting to 192.168.7.16:5900...
Could not connect to '192.168.7.16' (port 5900): Connection failed.

Do you have ideas that is wrong?
What i need to show you for faster and better diagnostics?

[alamahant]

Hi
Is qemu built with USE="vnc spice"?
You mentioned something about

Code: Select all

br>tap>eth

Maybe it should be

Code: Select all

br>eth

Can you please post your /etc/conf.d/net

[Messire]

sure

Code: Select all

cat  /etc/portage/package.use/app-emulation   

app-emulation/libvirt fuse virt-network lvm                                                
app-emulation/qemu qemu_user_targets_x86_64 vnc vde python spice usb usbredir


HOST ~ # equery uses qemu
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for app-emulation/qemu-5.0.0-r2:
 U I
 + + aio                               : Enables support for Linux's Async IO
 + + bzip2                             : Use the bzlib compression library
 + + caps                              : Use Linux capabilities library to control privilege
 + + curl                              : Support ISOs / -cdrom directives vis HTTP or HTTPS.
 + + fdt                               : Enables firmware device tree support
 + + filecaps                          : Use Linux file capabilities to control privilege rather than set*id (this is orthogonal to USE=caps which uses capabilities at
                                         runtime e.g. libcap)
 + + jpeg                              : Enable jpeg image support for the VNC console server
 + + ncurses                           : Enable the ncurses-based console
 + + nls                               : Add Native Language Support (using gettext - GNU locale utilities)
 + + oss                               : Add support for OSS (Open Sound System)
 + + pin-upstream-blobs                : Pin the versions of BIOS firmware to the version included in the upstream release. This is needed to sanely support
                                         migration/suspend/resume/snapshotting/etc... of instances. When the blobs are different, random corruption/bugs/crashes/etc...
                                         may be observed.
 + + png                               : Enable png image support for the VNC console server
 + + python                            : Add optional support/bindings for the Python language
 + + python_targets_python3_7          : Build with Python 3.7
 + + qemu_softmmu_targets_x86_64       : system emulation target
 + + qemu_user_targets_x86_64          : userspace emulation target
 + + seccomp                           : Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs
 + + slirp                             : Enable TCP/IP in hypervisor via net-libs/libslirp
 + + spice                             : Enable Spice protocol support via app-emulation/spice
 + + usb                               : Enable USB passthrough via dev-libs/libusb
 + + usbredir                          : Use sys-apps/usbredir to redirect USB devices to another machine over TCP
 + + vde                               : Enable VDE-based networking
 + + vhost-net                         : Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet
 + + vnc                               : Enable VNC (remote desktop viewer) support
 + + xattr                             : Add support for getting and setting POSIX extended attributes, through sys-apps/attr. Requisite for the virtfs backend.
 + + xkb                               : Depend on x11-libs/libxkbcommon to build qemu-keymap tool for converting xkb keymaps

[Messire]

/etc/conf.d/net

Code: Select all

config_enp8s0="192.168.0.2/24"
routes_enp8s0="default via 192.168.0.1 dev enp8s0 metric 1"
dns_servers_enp8s0="192.168.0.1 8.8.8.8"

config_enp7s0="192.168.1.2/24"
routes_enp7s0="default via 192.168.1.1 dev enp7s0 metric 2"
dns_servers_enp7s0="192.168.1.1 8.8.8.8"

config_enp5s0=null
tuntap_tap1="tap"
config_tap1=null
rc_net_br1_need="net.enp5s0 net.tap1"
bridge_br1="enp5s0 tap1"
config_br1="null"
bridge_forward_delay_br1=1500
bridge_hello_time_br1=200
bridge_stp_state_br1=1

It's working (2years ago) scheme.
I think problem may be in kernel settings, because of i can ping guest and it can recieve ip by dhcp, but port within is closed.

[alamahant]

Hi
Please loose all tun/tap things from your net file
Bridge directly your iface.
You dont need two.
One is enough
Something like

Code: Select all

config_eth0="null"
bridge_br0="eth0"
config_br0="192.168.2.3/24"
routes_br0="default via 192.168.2.1"
dns_servers_br0="127.0.0.1 192.168.2.1"
bridge_forward_delay_br0=0
bridge_hello_time_br0=1000

Also regarding spice..
Do you have

Code: Select all

net-misc/spice-gtk

With USE="gtk3"
installed in the host?

[Messire]

i have no net-misc/spice-gtk with use gtlk3, but may be we ll start with vnc? i need it only to install OS to guest and don't want tinstall gtlk3 deps of net-misc/spice-gtk for it. Have you ideas why vns port is closed is i install with --graphics vnc ? I need few minutes to try eth>br scheme

[alamahant]

Hi maybe ADD

Code: Select all

--video qxl \
--graphics spice,listen=0.0.0.0,password=pass \

in your VM virt-install command.
Or maybe modify existing xml

Code: Select all

<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>

[Messire]

Code: Select all

emerge libvirt

These are the packages that would be merged, in order:

Calculating dependencies |

!!! Problem resolving dependencies for app-emulation/libvirt                                                                                                             ... done!

!!! The ebuild selected to satisfy "libvirt" has unmet requirements.
- app-emulation/libvirt-6.2.0-r2::gentoo USE="caps dbus fuse libvirtd lvm nls qemu udev vepa virt-network -apparmor -audit -dtrace -firewalld -glusterfs -iscsi -iscsi-direct -libssh -lxc -macvtap -nfs -numa (-openvz) -parted -pcap -policykit -rbd -sasl (-selinux) -virtualbox -wireshark-plugins -xen -zfs"

  The following REQUIRED_USE flag constraints are unsatisfied:
    vepa? ( macvtap )

  The above constraints are a subset of the following complete expression:
    firewalld? ( virt-network ) libvirtd? ( any-of ( lxc openvz qemu virtualbox xen ) ) lxc? ( caps libvirtd ) openvz? ( libvirtd ) policykit? ( dbus ) qemu? ( libvirtd ) vepa? ( macvtap ) virt-network? ( libvirtd ) virtualbox? ( libvirtd ) xen? ( libvirtd )

i try to diasble
- + macvtap : Support for MAC-based TAP (macvlan/macvtap). For networking instead of the normal TUN/TAP.
and don't know how to pass this warning.

Looks like i need to disable it because of

Code: Select all

HOST /usr/src/linux # /etc/init.d/libvirtd start
 * Bringing up interface enp5s0                                                                                                                                      [ ok ]
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * ERROR: cannot start net.br1 as net.tap1 would not start
 * ERROR: cannot start libvirtd as net.tap1 would not start

with net

Code: Select all

#config_enp5s0=null
#tuntap_tap1="tap"
#config_tap1=null
#rc_net_br1_need="net.enp5s0 net.tap1"
#bridge_br1="enp5s0 tap1"
#config_br1="null"
#bridge_forward_delay_br1=1500
#bridge_hello_time_br1=200
#bridge_stp_state_br1=1

config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="null"
bridge_forward_delay_br1=0
bridge_hello_time_br1=100

[alamahant]

Do not mess with libvirt's "macvtap" USE
Just in your /etc/conf.d/net...
You dont need all these references to tap in net file....
This has nothing to do with your spice issue.
Just why to complicate things if they can be made simple?

You have now:

Code: Select all

config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="null"
bridge_forward_delay_br1=0
bridge_hello_time_br1=100

Please delete

Code: Select all

config_br1="null"[/quote]

And either use static ip for the bridge as i showed you above OR use dhcp..

[Messire]

Hi maybe ADD

Code: Select all

--video qxl \
--graphics spice,listen=0.0.0.0,password=pass \

in your VM virt-install command.
Or maybe modify existing xml

Code: Select all

<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>

Nothing changed( port 5900 still closed, but guest still ansver icmp reqests

[Messire]

Do not mess with libvirt's "macvtap" USE
Just in your /etc/conf.d/net...
You dont need all these references to tap in net file....
This has nothing to do with your spice issue.
Just why to complicate things if they can be made simple?

You have now:

Code: Select all

config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="null"
bridge_forward_delay_br1=0
bridge_hello_time_br1=100

Please delete

Code: Select all

config_br1="null"[/quote]

And either use static ip for the bridge as i showed you above OR use dhcp..

Code: Select all

config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="dhcp"
bridge_forward_delay_br1=0
bridge_hello_time_br1=1000

but

HOST ~ # /etc/init.d/libvirt-guests start
 * Bringing up interface enp5s0                                                                                                                                      [ ok ]
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * ERROR: cannot start net.br1 as net.tap1 would not start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * ERROR: cannot start net.br1 as net.tap1 would not start
 * ERROR: cannot start libvirtd as net.tap1 would not start
 * Starting libvirt networks ...                                                                                                                                     [ ok ]
 * Starting libvirt domains ... 

by the way i need to get few IPs thorough this bridge by few guests same time. Is it still working with eth>br sheme?

[alamahant]

Have enabled br1?

Code: Select all

cd /etc/init.d/
ln -s net.lo net.br1
rc-update add net.br1 boot

Is br1 up and running after reboot?

Code: Select all

ip a

Also for spice please check if you have "spice-vdagent" installed in the guest...

[Messire]

I've successfilly run guest by eth>br scheme thanks for advice.

But lets return to vnc problem. I still ping VM but 5900 still clised

forget about spice plz - vnc will enough, but not working.
Guest is absolutely empty. And i need vnc to install ubuntu into VM. I did it a lot of times in the past, but now this approach not working.

[Messire]

sorry for wasted time... i found!
i tryed to connect into guest, but not host. Sure empty guest have no vnc-server, but host with hypervisor have.

[alamahant]

Just a last thing.....
Dont you hate all these enp0sfjirf95t5ji5 iface names?
You can switch to "eth" by entering

Code: Select all

net.ifnames=0 biosdevname=0

in kernel cmd line in /etc/default/grub.
Then run
grub-mkconfig -o /boot/grub/grub.cfg
edit your
/etc/conf.d/net
file replacing the enp0jfirjg58t8 with eth0 eth1 etc.........
Same in /etc/init.d/net.eth0 etc
And reboot.