[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KVM networking

On Tue, Jan 05, 2010 at 11:30:46PM +0000, T o n g wrote:
> I want all users in the kvm group can start kvm and have
> network access.  Does this require different setting than
> your previous answer?

I believe so, see below.

> If I config my box with static address before, say:
> what should my '/etc/network/interfaces' file be now?
> (please give full file, not just some segments)

auto lo
iface lo inet loopback
iface eth0 inet manual

auto br0
iface br0 inet static
   pre-up /usr/sbin/tunctl -u jon -t tap0
   pre-up ifconfig tap0 up
   bridge_ports all tap0
   post-down ifconfig tap0 down
   post-down tunctl -d tap0

> Having restarted networking, do I now need to use br0
> instead of eth0 for all primary network interface?
(snip example)
> know not to use eth0 as the primary network interface any
> more automatically?

I believe you can continue to refer to eth0 as you wish
(certainly I do in the case of wireshark, for instance)

> In this case, can other people in the kvm group use br0 as
> well?

What tunctl does is configure a tap device and give user jon
access to it. The tap device is plumbed into the br0 bridge
(the user jon does not need to manipulate the bridge
directly). This would not give other users access to that
tap device.

Looking at the source code for tunctl, it seems to support a
'-g' argument to specify a group for the tap device, in a
similar way to the -u argument. This is missing from the man
page, however.

Having said all that, I don't think you want each VM to
write to the same tap device: you want one per VM. So, to
have a second VM, you would need to:

 * add 'tap1' to the end of the 'bridge_ports' line
 * copy all other lines with 'tap0', changing to 'tap1'

If you wanted a more flexible, dynamic scheme, I think you
would need to use another approach.

Jon Dowland

Attachment: signature.asc
Description: Digital signature

Reply to: