When using the libvirt backend, don't use the SLIRP. Use qemu-bridge-helper via libvirt to give us a full network connection. One consequence of this is that 'ping' works in 'virt-builder --run-command'. A less useful consequence is that the host firewall will prevent connections on non-standard ports to the host. So you can't (eg) connect to a rsync daemon on the host listening on an arbitrary port, which worked before. The default bridge is 'virbr0', but you can override this by setting LIBGUESTFS_BACKEND_SETTINGS=network_bridge=<some_bridge> Note: this does not fix virt-rescue (since it overrides the default backend and uses 'direct' for various reasons). --- src/guestfs.pod | 10 ++++++++++ src/launch-libvirt.c | 44 +++++++++++++++++++++++--------------------- 2 files changed, 33 insertions(+), 21 deletions(-) diff --git a/src/guestfs.pod b/src/guestfs.pod index e4f9b54..f133fee 100644 --- a/src/guestfs.pod +++ b/src/guestfs.pod @@ -1519,6 +1519,16 @@ On Fedora, install C<kernel-debuginfo> for the C<vmlinux> file (containing symbols). Make sure the symbols precisely match the kernel being used. +=head3 network_bridge + +The libvirt backend supports: + + export LIBGUESTFS_BACKEND_SETTINGS=network_bridge=virbrX + +This allows you to override the bridge that is connected to when the +network is enabled. The default is C<virbr0>. See also +L</guestfs_set_network>. + =head2 ATTACHING TO RUNNING DAEMONS I<Note (1):> This is B<highly experimental> and has a tendency to eat diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c index 706ae38..f8f818a 100644 --- a/src/launch-libvirt.c +++ b/src/launch-libvirt.c @@ -105,6 +105,7 @@ struct backend_libvirt_data { char *selinux_label; char *selinux_imagelabel; bool selinux_norelabel_disks; + char *network_bridge; char name[DOMAIN_NAME_LEN]; /* random name */ bool is_kvm; /* false = qemu, true = kvm (from capabilities)*/ unsigned long qemu_version; /* qemu version (from libvirt) */ @@ -325,6 +326,12 @@ launch_libvirt (guestfs_h *g, void *datav, const char *libvirt_uri) guestfs_get_backend_setting (g, "internal_libvirt_imagelabel"); data->selinux_norelabel_disks = guestfs___get_backend_setting_bool (g, "internal_libvirt_norelabel_disks"); + if (g->enable_network) { + data->network_bridge = + guestfs_get_backend_setting (g, "network_bridge"); + if (!data->network_bridge) + data->network_bridge = safe_strdup (g, "virbr0"); + } guestfs_pop_error_handler (g); /* Locate and/or build the appliance. */ @@ -1236,6 +1243,19 @@ construct_libvirt_xml_devices (guestfs_h *g, } end_element (); } end_element (); + /* Connect to libvirt bridge (see: RHBZ#1148012). */ + if (g->enable_network) { + start_element ("interface") { + attribute ("type", "bridge"); + start_element ("source") { + attribute ("bridge", params->data->network_bridge); + } end_element (); + start_element ("model") { + attribute ("type", "virtio"); + } end_element (); + } end_element (); + } + } end_element (); /* </devices> */ return 0; @@ -1617,27 +1637,6 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g, attribute ("value", tmpdir); } end_element (); - /* Workaround because libvirt user networking cannot specify "net=" - * parameter. - */ - if (g->enable_network) { - start_element ("qemu:arg") { - attribute ("value", "-netdev"); - } end_element (); - - start_element ("qemu:arg") { - attribute ("value", "user,id=usernet,net=169.254.0.0/16"); - } end_element (); - - start_element ("qemu:arg") { - attribute ("value", "-device"); - } end_element (); - - start_element ("qemu:arg") { - attribute ("value", VIRTIO_NET ",netdev=usernet"); - } end_element (); - } - /* The qemu command line arguments requested by the caller. */ for (hp = g->hv_params; hp; hp = hp->next) { start_element ("qemu:arg") { @@ -1707,6 +1706,9 @@ shutdown_libvirt (guestfs_h *g, void *datav, int check_for_errors) free (data->selinux_imagelabel); data->selinux_imagelabel = NULL; + free (data->network_bridge); + data->network_bridge = NULL; + return ret; } -- 2.0.4

It would work, except if you have a host firewall which will block inbound connections on virbr0 to non-standard ports. --- tests/rsync/test-rsync.sh | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/tests/rsync/test-rsync.sh b/tests/rsync/test-rsync.sh index 793d59d..53fcab8 100755 --- a/tests/rsync/test-rsync.sh +++ b/tests/rsync/test-rsync.sh @@ -33,10 +33,33 @@ if ! rsync --help >/dev/null 2>&1; then exit 77 fi -if [ "$(guestfish get-backend)" = "uml" ]; then - echo "$0: skipping test because networking is not available in the UML backend" - exit 77 -fi +# Get host IP address. XXX Bit of a hack. +backend="$(guestfish get-backend)" +case "$backend" in + direct) + ip=169.254.2.2 + listen_address=localhost + ;; + libvirt|libvirt:*) + # This would work, except that the host firewall is effective + # on virbr0, and that is likely to block the non-standard port + # number that we listen on. +# ip="$(ip -4 -o address show virbr0 | +# awk '{print $4}' | +# awk -F/ '{print $1}')" +# listen_address="$ip" + echo "$0: skipping test because host firewall will probably prevent this test from working" + exit 77 + ;; + uml) + echo "$0: skipping test because networking is not available in the UML backend" + exit 77 + ;; + *) + echo "$0: don't know how to get IP address of backend $backend" + exit 77 + ;; +esac # If rsync is not available, bail. if ! guestfish -a /dev/null run : available rsync; then @@ -56,7 +79,7 @@ port="$(awk 'BEGIN{srand(); print 65000+int(500*rand())}' </dev/null)" # Write an rsync daemon config file. cat > rsyncd.conf <<EOF -address = localhost +address = $listen_address port = $port pid file = $pwd/rsyncd.pid [src] @@ -80,8 +103,6 @@ function cleanup () } trap cleanup INT TERM QUIT EXIT -# XXX -ip=169.254.2.2 user="$(id -un)" guestfish --network -N test-rsync.img=fs -m /dev/sda1 <<EOF -- 2.0.4