[libvirt] how do I stop libvirt futzing with my network configuration?

Daniel P. Berrange berrange at redhat.com
Thu Nov 26 18:42:24 UTC 2009 

On Thu, Nov 26, 2009 at 06:25:07PM +0000, Nix wrote:
> I thought it was easy to teach libvirt about this:
> 
> spindle:/etc/libvirt/qemu/networks# cat /etc/libvirt/qemu/networks/default.xml
> <network>
>   <name>default</name>
>   <uuid>ee573497-1d74-473b-a2cb-9916229209b8</uuid>
>   <forward mode='route'/>
>   <bridge name='vm-net' stp='on' delay='0' />
>   <ip address='192.168.20.1' netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.20.1' end='192.168.20.254' />
>     </dhcp>
>   </ip>
> </network>
> 
> However, there appears to be no way to say 'this is what the network is
> already like'. That network is considered 'inactive' and can't be used by
> any guests, and if I try to make it active, I get this:
> 
> virsh # net-start default
> error: Failed to start network default
> error: cannot create bridge 'vm-net': File exists
> 
> Of course it bloody can't create that bridge: it's already there, has an
> IP address on the host, and has the host routing packets to it. There
> appears to be no option to allow libvirt to assign IPs on the host...
> 
> ... should I fix that, 'net-start' tries to update iptables rules!
> How should I put this: I do not *not not* want libvirt pissing with the
> firewall in any way at all. If I want firewall rules, I'll create them.
> But there's no way to tell it 'hands off! This network is already active,
> don't try to *make* it active!'

If you don't want libvirt to create the bridge + setup IPtables rules
then don't use the  net-XXX  commands / XML. That functionality is 
not there for pointing libvirt to existing bridge devices.

If you already have a bridge configured, then just point the guest 
directly at that bridge by name.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list