qemu-kvm -> vnc listen address OR How to connect to kvm/qemu

[kingfame_147]

Hi,

I read like a thousand kvm/qemu tutorials etc. but kvm/qemu is still like a black book for me :/

What I want to achive: I've a headless server that should run a headless virtual machine. Basically that's all :) I thought it would be easy but it isn't for me.

What I got so far: I want to use a bridge to connect the vm directly to my lan. I created one and added a tun/tap interface to it. This should work. My startup script of the vm looks like this:

Code: Select all

#!/bin/sh
exec qemu-kvm \
        -cpu host \
        -drive file=system.img,if=virtio \
        -device virtio-net,netdev=tunnel \
        -netdev tap,id=tunnel,ifname=tap0,script=no \
        -m 1024 \
        #-monitor stdio \
        -name "owncloud" \
        $@

Using this script like

Code: Select all

./start.sh -boot d -cdrom ../misc/install-amd64-minimal-20130425.iso -vnc 192.168.2.112:0

starts the vm (at least the process is running and not crashing), but the vnc server is still only listening on localhost ("VNC server running on `::1:5900'"). How am I supposed to access the virtual machine and install an os? The best solution would be to connect to the console somehow, but I couldn't find a way to do so.

Thanks in advance!


fame

Edit: I just realized that the vnc server is listening to the ipv6 localhost. So that is sort of a problem too because I'm still on ipv4. I don't get why there isn't a simple way to connect to the console. I would guess that would be a feature request of like 95% of the users?!

[BradN]

That is strange, from a casual look at examples, it seems you're invoking the vnc option properly.

I wonder if you would try using something like virt-manager if it does it properly, and if so, maybe you can scrape the options it's passing to qemu.

I've actually just started some adventures into virtualization - probably I will be looking at this issue myself soon, and if I find anything I'll post back!

Possibly a workaround is using ssh port tunneling (I never tried it on IPV6 but maybe it can make a connection appear to come from localhost and you get encryption for free). An even uglier workaround might be iptables to redirect a connection.

[kingfame_147]

Hi,

thanks for your reply. I haven't tried virt-manager or other tools. Maybe that could point me to the right direction.

To be honest: Because I couldn't made it work I searched for an alternative and found the new linux containers (lxc) that suits my current project even better. So for now I give up the kvm stuff and will take a look the next time I will need it (could be soon as I'm already planing a new project).

If you ran into the same problem and find a soultion it would be great letting me know. Thanks in adavance!

[SlashBeast]

well, as vnc is not encrypted I do use it over ssh and use socat for the 'forward' thing. I start my qemu-kvm machines with vnc on socket instead of tcp port, but you can used either (socket is easy to secure, tcp on loopback not) and a socktunnel script (https://github.com/slashbeast/things/bl ... socktunnel)

example usage

Code: Select all

socktunnel virt01@host01.intra.net /home/virt01/virt01.vnc.socket ~/tmp/virt01.vnc.socket -- -C

This above example prepare a ssh encrypted+compressed tunnel, then, on local machine in another terminal

Code: Select all

ssvncviewer unix=~/tmp/virt01.vnc.socket

the 'socktunnel' is just a easy to use socat wrapper, which alone (socat) is uber powerful tool. For this script you need socat on bot, remote and local end.

[vaxbrat]

Some folk consider use of virt-manager to result in bloated qemu instances, but I've been on it for a few years now. Do something like the following in /etc/conf.d/net (note net0 instead of eth0 due to new udev foolishness):

Code: Select all

bridge_br0="net0"
config_br0="192.168.x.x/24"
routes_br0="default via 192.168.x.y"
dns_domain_br0="example.com"
dns_servers_br0="192.168.x.a 192.168.x.b"
dns_search_br0="example.com"

You won't need to do any tun/tap interfaces there since virt-manager will do that for you when you create the guest. If you want to keep the hypervisor invisible to the net you could do a config_br0="null" instead of the assignment above.

Make sure you have net.br0 and net.net0 softlinked in /etc/init.d and added to the default runlevel. When you run virt-manager to create the guest, you will see an option for the network interface source device to "specify shared device name" and then you can type in br0. It may actually default to that after your first guest is set up. You also have the option to specify a specific MAC address or have it randomize one for it. It will also do that when you want to clone a guest.

[vaxbrat]

I recently switched from vnc to spice in virt-manager and its like night and day difference emulating monitor for the guest. The qxl display isn't quite stable yet but even the cirrus/vga style monitor in the guest wll benefit. You also get clipboard support between the guest and hypervisor.

[BradN]

vaxbrat: maybe I will have to look into running a bridge instead of macvlan on the host due to this I'm running into: https://forums.gentoo.org/viewtopic-t-9 ... ight-.html

When you use a bridge like that does it still use macvtap to hook the VM into the host networking stack?

This is my current approach:

Code: Select all

config_eth0="null" #use macvlan instead

macvlan_macvlan0="eth0" #for libvirtd/qemu guests to be able to talk to host
mode_macvlan0="bridge"  #

VMs are set to use eth0 as source device with macvtap on bridge mode.

[_______0]

bridging has its drawbacks.

the problem with libvirt is that it doesn't show the manual set up.

How should the networking be set up for host/guest networking with macvlan?

thanks

[vaxbrat]

By default, libvirt and virt-manager will plumb up a virbr0 which is the option you can take if you just want to NAT your guest out. virt-manager created the macvtap interface vnet1 for me for this guest.

Code: Select all

bridge name     bridge id               STP enabled     interfaces
br0             8000.00215ae95833       yes             net0
                                                        vnet1

virbr0          8000.000000000000       yes

[vaxbrat]

I'm on 3.8.5 here and do have vhost_net coming along for the ride with the tap. Don't have any kernel problems like you appear to have had in your other thread.

[BradN]

3.8.5 seems to work, but you tried 3.9 and that worked also?

[vaxbrat]

It's sitting on on my unstable boxes but I haven't moved to it yet. The likely suspect for that has been giving me grief lately trying to get kdm to start. That may be due to nvidia-driver, opengl, dbus interaction of some sort that randomly hits people out there. My other boxes are radeon based and not having problems. I have an old HP 8400 workstation at work with an older Quadro card (have to stay back on <305 due to age), but that one's on stable (3.7.10) and works fine.

[ds123]

If you are still having a problem invoking vnc you might try using for example -vnc :5, where the ip address is implied and you are just selecting the display port for vnc. When I use it this way, vnc is available on both localhost and other ip address.

Hope this helps.