Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] libvirt guest vnc or spice ports closed
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 12:41 pm    Post subject: [solved] libvirt guest vnc or spice ports closed Reply with quote

Hi folks!

I have a strange problem. I'm can't open new guest (just started by virt-install) in vnc or spice client. Telnet says that autoport 5900 is closed at each attempt with --graphics spice,listen=0.0.0.0 and with --graphics vnc,listen=0.0.0.0,keymap=ru,password=1234, but icmp is working at guest i can ping it.
Network is bridge through br>tap>second eth card. It was worked 2 years ago and after long delay can't repeat this approch because this strange problem.
--network=bridge:br1,model=virtio \

Code:

virt-install --connect qemu:///system --name ds1-local1 --ram 4096 --arch=x86_64 \
--vcpus=1 --cpu host --check-cpu  --virt-type kvm \
--os-type=linux --os-variant=ubuntu18.04 --boot cdrom,hd,menu=on \
--disk vol=nvme-pool/ds1-local1,bus=virtio,cache=none \
--network=bridge:br1,model=virtio \
--graphics spice,listen=0.0.0.0 \
--noautoconsole --watchdog default,action=reset --virt-type=kvm \
--accelerate --hvm --autostart --boot=cdrom,hd,menu=on --disk /var/lib/libvirt/qemu/ubuntu-18.04.5-live-server-amd64.iso,device=cdrom \


Code:

HOST ~ # ./install_ubuntu.sh

Starting install...
Domain creation completed.


Ping and telnet of guest
Code:

ping  192.168.7.16

Обмен пакетами с 192.168.7.16 по с 32 байтами данных:
Ответ от 192.168.7.16: число байт=32 время=1мс TTL=63
Ответ от 192.168.7.16: число байт=32 время=2мс TTL=63
Ответ от 192.168.7.16: число байт=32 время=2мс TTL=63
Ответ от 192.168.7.16: число байт=32 время=2мс TTL=63

Статистика Ping для 192.168.7.16:
    Пакетов: отправлено = 4, получено = 4, потеряно = 0
    (0% потерь)
Приблизительное время приема-передачи в мс:
    Минимальное = 1мсек, Максимальное = 2 мсек, Среднее = 1 мсек


virsh vncdisplay  ds1-local1
:0


telnet 192.168.7.16 5900


Connecting to 192.168.7.16:5900...
Could not connect to '192.168.7.16' (port 5900): Connection failed.



Do you have ideas that is wrong?
What i need to show you for faster and better diagnostics?


Last edited by Messire on Sun Sep 06, 2020 3:10 pm; edited 1 time in total
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 551

PostPosted: Sun Sep 06, 2020 1:24 pm    Post subject: Reply with quote

Hi
Is qemu built with USE="vnc spice"?
You mentioned something about
Code:

br>tap>eth

Maybe it should be
Code:

br>eth

Can you please post your /etc/conf.d/net
:D


Last edited by alamahant on Sun Sep 06, 2020 1:29 pm; edited 1 time in total
Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 1:26 pm    Post subject: Reply with quote

sure
Code:

cat  /etc/portage/package.use/app-emulation   

app-emulation/libvirt fuse virt-network lvm                                               
app-emulation/qemu qemu_user_targets_x86_64 vnc vde python spice usb usbredir


HOST ~ # equery uses qemu
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for app-emulation/qemu-5.0.0-r2:
 U I
 + + aio                               : Enables support for Linux's Async IO
 + + bzip2                             : Use the bzlib compression library
 + + caps                              : Use Linux capabilities library to control privilege
 + + curl                              : Support ISOs / -cdrom directives vis HTTP or HTTPS.
 + + fdt                               : Enables firmware device tree support
 + + filecaps                          : Use Linux file capabilities to control privilege rather than set*id (this is orthogonal to USE=caps which uses capabilities at
                                         runtime e.g. libcap)
 + + jpeg                              : Enable jpeg image support for the VNC console server
 + + ncurses                           : Enable the ncurses-based console
 + + nls                               : Add Native Language Support (using gettext - GNU locale utilities)
 + + oss                               : Add support for OSS (Open Sound System)
 + + pin-upstream-blobs                : Pin the versions of BIOS firmware to the version included in the upstream release. This is needed to sanely support
                                         migration/suspend/resume/snapshotting/etc... of instances. When the blobs are different, random corruption/bugs/crashes/etc...
                                         may be observed.
 + + png                               : Enable png image support for the VNC console server
 + + python                            : Add optional support/bindings for the Python language
 + + python_targets_python3_7          : Build with Python 3.7
 + + qemu_softmmu_targets_x86_64       : system emulation target
 + + qemu_user_targets_x86_64          : userspace emulation target
 + + seccomp                           : Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs
 + + slirp                             : Enable TCP/IP in hypervisor via net-libs/libslirp
 + + spice                             : Enable Spice protocol support via app-emulation/spice
 + + usb                               : Enable USB passthrough via dev-libs/libusb
 + + usbredir                          : Use sys-apps/usbredir to redirect USB devices to another machine over TCP
 + + vde                               : Enable VDE-based networking
 + + vhost-net                         : Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet
 + + vnc                               : Enable VNC (remote desktop viewer) support
 + + xattr                             : Add support for getting and setting POSIX extended attributes, through sys-apps/attr. Requisite for the virtfs backend.
 + + xkb                               : Depend on x11-libs/libxkbcommon to build qemu-keymap tool for converting xkb keymaps

Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 1:40 pm    Post subject: Reply with quote

/etc/conf.d/net
Code:

config_enp8s0="192.168.0.2/24"
routes_enp8s0="default via 192.168.0.1 dev enp8s0 metric 1"
dns_servers_enp8s0="192.168.0.1 8.8.8.8"

config_enp7s0="192.168.1.2/24"
routes_enp7s0="default via 192.168.1.1 dev enp7s0 metric 2"
dns_servers_enp7s0="192.168.1.1 8.8.8.8"

config_enp5s0=null
tuntap_tap1="tap"
config_tap1=null
rc_net_br1_need="net.enp5s0 net.tap1"
bridge_br1="enp5s0 tap1"
config_br1="null"
bridge_forward_delay_br1=1500
bridge_hello_time_br1=200
bridge_stp_state_br1=1


It's working (2years ago) scheme.
I think problem may be in kernel settings, because of i can ping guest and it can recieve ip by dhcp, but port within is closed.
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 551

PostPosted: Sun Sep 06, 2020 1:44 pm    Post subject: Reply with quote

Hi
Please loose all tun/tap things from your net file
Bridge directly your iface.
You dont need two.
One is enough
Something like
Code:

config_eth0="null"
bridge_br0="eth0"
config_br0="192.168.2.3/24"
routes_br0="default via 192.168.2.1"
dns_servers_br0="127.0.0.1 192.168.2.1"
bridge_forward_delay_br0=0
bridge_hello_time_br0=1000


Also regarding spice..
Do you have
Code:

net-misc/spice-gtk

With USE="gtk3"
installed in the host?
Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 1:57 pm    Post subject: Reply with quote

i have no net-misc/spice-gtk with use gtlk3, but may be we ll start with vnc? i need it only to install OS to guest and don't want tinstall gtlk3 deps of net-misc/spice-gtk for it. Have you ideas why vns port is closed is i install with --graphics vnc ? I need few minutes to try eth>br scheme
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 551

PostPosted: Sun Sep 06, 2020 2:01 pm    Post subject: Reply with quote

Hi maybe ADD
Code:

--video qxl \
--graphics spice,listen=0.0.0.0,password=pass \

in your VM virt-install command.
Or maybe modify existing xml
Code:


<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>


Last edited by alamahant on Sun Sep 06, 2020 2:07 pm; edited 1 time in total
Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 2:06 pm    Post subject: Reply with quote

Code:

emerge libvirt

These are the packages that would be merged, in order:

Calculating dependencies |

!!! Problem resolving dependencies for app-emulation/libvirt                                                                                                             ... done!

!!! The ebuild selected to satisfy "libvirt" has unmet requirements.
- app-emulation/libvirt-6.2.0-r2::gentoo USE="caps dbus fuse libvirtd lvm nls qemu udev vepa virt-network -apparmor -audit -dtrace -firewalld -glusterfs -iscsi -iscsi-direct -libssh -lxc -macvtap -nfs -numa (-openvz) -parted -pcap -policykit -rbd -sasl (-selinux) -virtualbox -wireshark-plugins -xen -zfs"

  The following REQUIRED_USE flag constraints are unsatisfied:
    vepa? ( macvtap )

  The above constraints are a subset of the following complete expression:
    firewalld? ( virt-network ) libvirtd? ( any-of ( lxc openvz qemu virtualbox xen ) ) lxc? ( caps libvirtd ) openvz? ( libvirtd ) policykit? ( dbus ) qemu? ( libvirtd ) vepa? ( macvtap ) virt-network? ( libvirtd ) virtualbox? ( libvirtd ) xen? ( libvirtd )


i try to diasble
- + macvtap : Support for MAC-based TAP (macvlan/macvtap). For networking instead of the normal TUN/TAP.
and don't know how to pass this warning.

Looks like i need to disable it because of
Code:

HOST /usr/src/linux # /etc/init.d/libvirtd start
 * Bringing up interface enp5s0                                                                                                                                      [ ok ]
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * ERROR: cannot start net.br1 as net.tap1 would not start
 * ERROR: cannot start libvirtd as net.tap1 would not start



with net
Code:

#config_enp5s0=null
#tuntap_tap1="tap"
#config_tap1=null
#rc_net_br1_need="net.enp5s0 net.tap1"
#bridge_br1="enp5s0 tap1"
#config_br1="null"
#bridge_forward_delay_br1=1500
#bridge_hello_time_br1=200
#bridge_stp_state_br1=1

config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="null"
bridge_forward_delay_br1=0
bridge_hello_time_br1=100
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 551

PostPosted: Sun Sep 06, 2020 2:09 pm    Post subject: Reply with quote

Do not mess with libvirt's "macvtap" USE
Just in your /etc/conf.d/net...
You dont need all these references to tap in net file....
This has nothing to do with your spice issue.
Just why to complicate things if they can be made simple?

You have now:
Code:


config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="null"
bridge_forward_delay_br1=0
bridge_hello_time_br1=100

Please delete
Code:

config_br1="null"[/quote]

And either use static ip for the bridge as i showed you above OR use dhcp..


Last edited by alamahant on Sun Sep 06, 2020 2:17 pm; edited 1 time in total
Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 2:17 pm    Post subject: Reply with quote

alamahant wrote:
Hi maybe ADD
Code:

--video qxl \
--graphics spice,listen=0.0.0.0,password=pass \

in your VM virt-install command.
Or maybe modify existing xml
Code:


<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='password'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>


Nothing changed( port 5900 still closed, but guest still ansver icmp reqests
Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 2:20 pm    Post subject: Reply with quote

alamahant wrote:
Do not mess with libvirt's "macvtap" USE
Just in your /etc/conf.d/net...
You dont need all these references to tap in net file....
This has nothing to do with your spice issue.
Just why to complicate things if they can be made simple?

You have now:
Code:


config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="null"
bridge_forward_delay_br1=0
bridge_hello_time_br1=100

Please delete
Code:

config_br1="null"[/quote]

And either use static ip for the bridge as i showed you above OR use dhcp..


Code:

config_enp5s0="null"
bridge_br1="enp5s0"
config_br1="dhcp"
bridge_forward_delay_br1=0
bridge_hello_time_br1=1000

but

HOST ~ # /etc/init.d/libvirt-guests start
 * Bringing up interface enp5s0                                                                                                                                      [ ok ]
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * ERROR: cannot start net.br1 as net.tap1 would not start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * Bringing up interface tap1
 *   ERROR: interface tap1 does not exist
 *   Ensure that you have loaded the correct kernel module for your hardware
 * ERROR: net.tap1 failed to start
 * ERROR: cannot start net.br1 as net.tap1 would not start
 * ERROR: cannot start libvirtd as net.tap1 would not start
 * Starting libvirt networks ...                                                                                                                                     [ ok ]
 * Starting libvirt domains ...


by the way i need to get few IPs thorough this bridge by few guests same time. Is it still working with eth>br sheme?


Last edited by Messire on Sun Sep 06, 2020 2:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 551

PostPosted: Sun Sep 06, 2020 2:25 pm    Post subject: Reply with quote

Have enabled br1?
Code:

cd /etc/init.d/
ln -s net.lo net.br1
rc-update add net.br1 boot

Is br1 up and running after reboot?
Code:

ip a

Also for spice please check if you have "spice-vdagent" installed in the guest...
:D
Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 2:41 pm    Post subject: Reply with quote

I've successfilly run guest by eth>br scheme thanks for advice.

But lets return to vnc problem. I still ping VM but 5900 still clised

forget about spice plz - vnc will enough, but not working.
Guest is absolutely empty. And i need vnc to install ubuntu into VM. I did it a lot of times in the past, but now this approach not working.
Back to top
View user's profile Send private message
Messire
n00b
n00b


Joined: 11 Nov 2017
Posts: 29

PostPosted: Sun Sep 06, 2020 3:09 pm    Post subject: Reply with quote

sorry for wasted time... i found!
i tryed to connect into guest, but not host. Sure empty guest have no vnc-server, but host with hypervisor have.
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 551

PostPosted: Sun Sep 06, 2020 5:40 pm    Post subject: Reply with quote

Just a last thing.....
Dont you hate all these enp0sfjirf95t5ji5 iface names?
You can switch to "eth" by entering
Code:

net.ifnames=0 biosdevname=0

in kernel cmd line in /etc/default/grub.
Then run
grub-mkconfig -o /boot/grub/grub.cfg
edit your
/etc/conf.d/net
file replacing the enp0jfirjg58t8 with eth0 eth1 etc.........
Same in /etc/init.d/net.eth0 etc
And reboot.
:D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum