[libvirt] Fwd: libvirtd and listen_addr

Daniel P. Berrange berrange at redhat.com
Thu Jan 6 17:58:39 UTC 2011 

On Thu, Jan 06, 2011 at 05:13:41PM +0000, Daniel P. Berrange wrote:
> On Thu, Jan 06, 2011 at 06:00:24PM +0100, Daniel Huhardeaux wrote:
> > Le 06/01/2011 17:24, Justin Clift a écrit :
> > >On 06/01/2011, at 8:26 PM, Daniel Huhardeaux wrote:
> > >>Hello,
> > >>
> > >>got no reaction on this, I try again :-)
> > >
> > >Hmmm, just thought of a workaround if it helps. :)
> > >
> > >You already know that when libvirtd starts, it automatically starts the virtual networks that it has been told to.
> > >
> > >But, if you then shut libvirtd down, they're left running.
> > >
> > >So... my thought of a dodgy workaround is this... after libvirtd starts... and the virtual networks have started... restart libvirtd.
> > >
> > >I *think* that would then let libvirt bind to the new ip addresses.
> > >
> > >Reckon it's worth trying?
> > 
> > That's how I discover the problem ;-)
> > 
> > Everything was running fine until ... I had to reboot the server!
> > VMs are started automatically but libvirtd will not start.
> > 
> > In your doggy workaround ;-) libvirtd will NOT start because of the
> > missing listen_addr.
> > 
> > That's why I was thinking that libvirt start networks *before* it
> > take care of listen_addr or perhaps listen_addr shouldn't cancel the
> > start of libvirt (delay it) until network is up and then check if
> > listen_addr is in error or not.
> 
> In general this approach isn't going to work. In the very near
> future, libvirt itself won't be listen()ing on sockets itself.
> Instead SystemD will do the listening and pass the pre-opened
> server socket to libvirt at startup time.
> 
> In addition, we delibrately listen on all sockets very early
> in startup, so that libvirtd can go into the background quickly.
> This lets system bootup continue without delays, while the
> potentially very slow auto-startup of VMs, networks, etc is
> done in the background by libvirtd. The key is that by listen()
> on the sockets immediately, but not accept()ing connections
> until autostart is complete, clients like virsh can immediately
> connect to libvirt and block on autostart. We can't reverse the
> startup order as you suggest without breaking this key feature.
> 
> An alternative approach without the chicken & egg problem is
> to listen on all addresses, and use the firewall to restrict
> where you can connect from.

Or make libvirtd listen on 127.0.0.1, and then use iptables
to setup a local port forwarding from 10.0.0.1 to 127.0.0.1
on the libvirt port(s).

Daniel

More information about the libvir-list mailing list