Libvirt: Change dhcp-setup without restarting

dhcpkvm-virtualizationlibvirt

I'm using libvirt and kvm to virtualize my server. I configured libvirt to start a dhcp-server on the bridge-network-interface to give the vm's their ips. Every VM's gets always the same ip based on its mac, this is configured like this:

<dhcp>
 <range start='10.1.1.2' end='10.1.1.254' />
 <host mac='54:52:00:21:01:ba' name='virstvm' ip='10.1.1.10' />
 <host mac='00:16:36:2d:71:f9' name='secvm' ip='10.1.1.20' />
</dhcp>

The problem: Whenever I add a new host to the dhcp section I have to restart libvirt-bin which restarts all my vm's. This cant be the solution because it means a downtime every time I add a new Server. Is there a solution?

Best Answer

The added net-update command in virsh should allow an dhcp-host update without restarting the virtual network (I have not tested it yet).

man virsh:

net-update network command section xml [--parent-index index] [[--live] [--config] | [--current]]

Update the given section of an existing network definition, with the changes optionally taking effect immediately, without needing to destroy and re-start the network.

command is one of "add-first", "add-last", "add" (a synonym for add-last), "delete", or "modify".

section is one of "bridge", "domain", "ip", "ip-dhcp-host", "ip-dhcp-range", "forward", "forward-interface", "forward-pf", "portgroup", "dns-host", "dns-txt", or "dns-srv", each section being named by a concatenation of the xml element hierarchy leading to the element being changed. For example, "ip-dhcp-host" will change a <host> element that is contained inside a <dhcp> element inside an <ip> element of the network.

xml is either the text of a complete xml element of the type being changed (e.g. "<host mac="00:11:22:33:44:55' ip='1.2.3.4'/>", or the name of a file that contains a complete xml element. Disambiguation is done by looking at the first character of the provided text - if the first character is "<", it is xml text, if the first character is not "<", it is the name of a file that contains the xml text to be used.

The --parent-index option is used to specify which of several parent elements the requested element is in (0-based). For example, a dhcp <host> element could be in any one of multiple <ip> elements in the network; if a parent-index isn't provided, the "most appropriate" <ip> element will be selected (usually the only one that already has a <dhcp> element), but if --parent-index is given, that particular instance of <ip> will get the modification.

If --live is specified, affect a running network. If --config is specified, affect the next startup of a persistent network. If --current is specified, affect the current network state. Both --live and --config flags may be given, but --current is exclusive. Not specifying any flag is the same as specifying --current.

Related Solutions

Ubuntu – How to create a bridged virtual network for libvirt+KVM+ubuntu-server the easy way

You're not missing anything. It's something that they are working to resolve but at this time you have to manually create your bridge. There are plenty of howto's available for the various distributions on how to create a network bridge.

Here's a good place to start on why and how network bridges work with libvirt.

Ubuntu – Forwarding ports to guests in libvirt / KVM

The latest stable release for libvirt for Ubuntu is version 0.7.5, which doesn't have some newer features (i.e. script hooks and network filters) which make automatic network configuration easier. That said, here's how to enable port forwarding for libvirt 0.7.5 on Ubuntu 10.04 Lucid Lynx.

These iptables rules should do the trick:

iptables -t nat -I PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to-destination 10.0.0.1:80
iptables -t nat -I PREROUTING -p tcp -d 1.2.3.4 --dport 22 -j DNAT --to-destination 10.0.0.2:22
iptables -I FORWARD -m state -d 10.0.0.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

The default KVM NAT config provides a rule similar to the 3rd I gave above, but it omits the NEW state, which is essential for accepting incoming connections.

If you write a startup script to add these rules and you're not careful, libvirt 0.7.5 overrides them by inserting its own. So, in order to make sure these rules are applied properly on startup, you need to make sure libvirt has initialized before you insert your rules.

Add the following lines to /etc/rc.local, before the line exit 0:

(
# Make sure the libvirt has started and has initialized its network.
while [ `ps -e | grep -c libvirtd` -lt 1 ]; do
        sleep 1
done
sleep 10
# Set up custom iptables rules.
iptables -t nat -I PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to-destination 10.0.0.1:80
iptables -t nat -I PREROUTING -p tcp -d 1.2.3.4 --dport 22 -j DNAT --to-destination 10.0.0.2:22
iptables -I FORWARD -m state -d 10.0.0.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
) &

The sleep 10 above is a hack to make sure the libvirt daemon has had a chance to initialize its iptables rules before we add our own. I can't wait until they release libvirt version 0.8.3 for Ubuntu.

Best Answer

Related Solutions

Ubuntu – How to create a bridged virtual network for libvirt+KVM+ubuntu-server the easy way

Ubuntu – Forwarding ports to guests in libvirt / KVM

Related Topic