Difference between revisions of "KVM Kernel Virtualization Machine on Rocky Linux 9"

Wiki.TerraBase.info
Jump to navigation Jump to search
m
m
 
(12 intermediate revisions by the same user not shown)
Line 41: Line 41:
'''Network Connectivity, don't forget that;'''
'''Network Connectivity, don't forget that;'''


...and now comes the part where the above noted references show their true colorsIE, the content in the articles on those websites was not created by the people who own those websitesIt was aggregated from other websites and put into a format that Google likes.  And does it ever show on the Networking aspect of what they documentIn short, ignore it.  You'll hose your system if you do what is writtenGo ahead and try it (no, don't really do that).
Tools to use;
 
*Virtual Machine Manager GUI
*nm-connection-editor: Basic GUI for Network Management (more powerful than the GNOME Network GUI, and in fact the GNOME Network GUI is just plain unreliable and inaccurate, so don't use)
*Terminal (AKA "Command Prompt")
 
Useful Commands;
 
*virsh net-list --all
*nmcli connection show
*ip link show
*ifconfig
*systemctl restart libvirtd.service
*systemct. restart NetworkManager
 
OK, here's what to do for creating what is essentially an Ethernet Switch. IE, this is about as close as it comes to 'typical' reality where computers, servers, and other devices are all connected to each other via Ethernet Cables to an Ethernet Switch.  The below method uses a GUI interface as much as possible in order for one to understand and see what is going on, VS being a 'parrot' that types in commands as suggested by someone else.  It also assumes the reader knows the basics of what they're doing, so for instance when it is noted that something needs to be disabled, the reader knows how to do it (because it's easy) and doesn't need five additional steps stating, "...click here, type this, etc.);
 
*Identify current Ethernet Adapter(s) and Virtual Bridge(s) get oriented by obtaing the names of various Network Adapters or Virtual Devices (eth0, enp1s0of0, virbr0, bridg0, br0, whatever, etc.);
**nmcli connection show (or use the nm-connection-editor)
**brctl show
**ip link show
*Disable the ''existing target'' Ethernet Adapter (this equates to the Physical Network Adapter that is connected to the Subnet / LAN / Network) through a GUI or command line interface.  Don't delete it as most tutorials would have you do (if needed you can always enable it later instead of re-creating it from scratch)Also prevent it from starting by default.
**nmcli connection modify WhatEverConnectionName connection.autoconnect "no"
**ifconfig WhatEverConnectionName down OR ip link set dev WhatEverConnectionName down
*Create the "Virtual Ethernet Switch" (AKA Virtual Bridge)
**nm-connection-editor: Using this GUI makes it easy.
***"Connect / Extend the Ethernet Cable plugged into the Physical Host's Network Jack" to a "Port" on the "Virtual Ethernet Switch"
****Bridge Tab, Add Button, Select the Physical Interface
***Configure IP Information (which should be the same as the Ethernet Adapter disabled above).
***Name the Connections and Interface Name as: bridge0 (although it can be anything, plus keeping the names similar cuts down on Alias Names causing confusion later)
****Another useful naming convention would be a hybrid approach where one could start the name with the old fashion "br", then append the name of the physical adapter, so a "bridge" connected to eno4 (a naming convention for Rocky Linux 9 Ethernet Adapter / Connections) would be breno4
***The end result is the is a Virtual Ethernet Switch with a single Port that has one Cable plugged into it.  Later, if viewed when a Virtual Machine is powered on, the additional Ports for the Virtual Machines will be seen here.
**OR, to do the same as above from the command line (minus adding IP information): mcli connection add type bridge autoconnect yes con-name bridge0 ifname bridge0
*Configure the Virtual Machine's Network Adapter.  There should be one created by default.
**Edit the Virtual Machine in Virtual Machine Editor
***Set the Network Source to: Bridge device
***Set the name to: bridge0 (or whatever it was named)
***Set Device Model to: virtio
 
...doneWell, configure the Virtual Machine's network information as would be done for any other physical machine.
 
The result will be a Virtual Bridge named bridge0 (it can be anything, but bridge0 keeps with the 'suggested' Rocky Linux 9 naming convention, with the equivalent CentOS 7 naming convention being br0)Virtual Machines as they're powered on will have their NICs show up as vnet0, vnet1, etc.
 
And as gone into more detail below, it is simply not within the realm of reality for the libvirtd to automatically create the above "Switch" (AKA Virtual Bridge)
 
'''Power Events (AKA Automatic Start Actions, Automatic Stop Actions, and "WatchDog")'''
 
One would ordinarily ever consider that Microsoft would make sense.  But they do in this instance.  Here's the question: When a QEMU / KVM Host Machine (that's the physical machine) is restarted / rebooted or shut down, what about the Virtual / Guest Machines?  Are they shut down properly / gracefully?  Are they paused / suspended?  Or are they just turned of, as in flip / press the power button to kill it?  In the Microsoft world with Hyper-V it's abundantly clear with Automatic Start Actions and Automatic Stop Actions.  Wow!  Cool!  Gravity can be reversed.  Not so evident with the QEMU / KVM architecture.  Yup, as the title might have given away, look under "WatchDog" for power settingsUmmm, unless it was a couple of years ago, then it would be qemu-guest-agent.service and some settings tucked away in /etc/default/libvirt-guests, no wait, /etc/sysconfig/libvirt-guestsBut that file is gone now with nothing left behind, not even a file by the same name with a note in it explaining why it isn't used anymore, it's just goneBefore that, some custom scripts and 'shutdown service(s)', but those aren't needed anymore, nor will they work the same way they used to because the new QEMU / KVM breaks that paradigm.  Anyway, here's the answer to the above question;
 
*In the Virtual Machine Manager GUI, open the Virtual Machine (AKA "Domain", wait, didn't Microsoft already take that term?), click Settings, err, the Gear Icon, no wait, the Light Bulb Icon, click WatchDog, then under Model select diag288, 16300esb, or ib700, and, no wait, you could also type anything you want, or leave it at the default of itco (which isn't in the drop down menu), then under Action select what you want the Virtual / Guest machine to do when the physical host machine is rebooted, shutdown, etc. (with the default set to Forcefully reset the guest, which is of course the best one for preserving data and the integrity of the guest machine, err, no wait, speeds shut down of the physical host machine by just killing the guest machine, losing data, settings, destroying databases, etc., so naturally Forcefully reset the guest is the default setting).
 
*
 
===Tricks, Tips, and Other Useful Information (all of which applies to Rocky Linux 9, and others based on Red Hat)===
'''Network Configuration (from''' https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/configuring_and_managing_networking/index#configuring-an-ethernet-connection-with-a-static-ip-address-by-using-nmstatectl_configuring-an-ethernet-connection<nowiki/>)''';'''


The first issue is with the destruction of a perfectly network interface.  The second issue is with the creation of a Bridge Interface that was already created as part of the installation process of QEMU / KVM.  Keeping in mind this article here was written based on Rocky Linux 9 and the iteration of QEMU / KVM as of late 2023.  Earlier versions may have required the creation of a Bridge Interface.
*NMCLI ( nmcli ): Command Line Interface
*NMTUI ( nmtui ): Text Based GUI
*NM-CONNETION-EDITOR ( nm-connection-editor ): "Control Panel Version" GUI
*"Control Center" for GNOME: "Windows 11 Version" GUI (IE, less capable than all of the above)
*NMSTATECTL ( nmstatesctl ): nmstatectl show will provide a LOT of information (plus other things, including configuration)


'''Tricks, Tips, and Other Useful Information (all of which applies to Rocky Linux 9, and others based on Red Hat)'''
'''Other Tips and Information;'''


*Rocky Linux 9 Network Configuration Files Directory: /etc/Network/Manager/system-connections (NOT /etc/sysconfig/network-scripts)
*Rocky Linux 9 Network Configuration Files Directory: /etc/Network/Manager/system-connections (NOT /etc/sysconfig/network-scripts)
*Network Configuration for Rocky Linux: nm-connection-editor
*If a Bridged Network Adapter is configured for a Virtual Machine, it will show up in the Host Machine as: vnet1, etc.
*QEMU / KVM Bridges can be configure "within" QEMU / KVM and "externally" using commands like brctl, etc.
*QEMU / KVM Configuration Files: /etc/libvirt/qemu/
*QEMU / KVM Configuration Files: /etc/libvirt/qemu/
**Heed the warning notes on some of these files as they should not be edited directly.  Although a workaround is to edit the files directly, then restart the libvirtd.service (systemctl restart libvirtd.service)
**Heed the warning notes on some of these files as they should not be edited directly.  Although a workaround is to edit the files directly, then restart the libvirtd.service (systemctl restart libvirtd.service)
Line 58: Line 119:
****x = Exit / Quit and Save (AKA Write) (as in<span> </span>:x)
****x = Exit / Quit and Save (AKA Write) (as in<span> </span>:x)
****q = Quit (AKA Exit)
****q = Quit (AKA Exit)
***...and that is not enough, ALL of the following commands need to be run for configuration changes to take effect (the below examples assume ''default'' is the name of the network device)
****virsh net-destroy default (essentially stops the device, and also deletes it, as apparently restarting it alone isn't enough)
****virsh net-define default (in reality, the intent is to 're-define' the interface, but from the VIRTLIBD perspective the interface has been 'destroyed' and isn't there, so it needs to be defined)
*****TOP TIP: When using the virsh net-define command, don't put the 'base' configuration file in /etc/libvirt/qemu/networks
****virsh net-start default
****Note: Hey, I've got an idea for you genzers that are programming this, why not create a virsh net-restart command that intuitively does what a bazillion other past command examples do to complete the above task?  And don't say virsh net-update add / modify, because that is just as convoluted.  Go ahead, read it right here and see if having a virsh net-restart command doesn't make good sense: https://wiki.libvirt.org/Networking.html#:~:text=If%20you%20edit%20the%20network,automatically%20done%20as%20a%20side  Now why would all of this be a big issue?  Well guess what, there's this thing called reality where you can get this error: "failed to get domain" when using the virsh net-destroy and then what?  Reboot MFer.  That's it.  Thanks Genzers!
*QEMU / KVM Additional Bridge Configuration: /etc/qemu-kvm/
*QEMU / KVM Additional Bridge Configuration: /etc/qemu-kvm/
*Documentation from QEMU / KVM on Bridges and Networking: https://libvirt.org/formatnetwork.html
*Documentation from QEMU / KVM on Bridges and Networking: https://libvirt.org/formatnetwork.html
Line 63: Line 130:
*Network Remapping End Result(s) (IE, if you want to see how the "Predictable Network Interface Naming" decided on how things were to be done: /sys/class/net
*Network Remapping End Result(s) (IE, if you want to see how the "Predictable Network Interface Naming" decided on how things were to be done: /sys/class/net
**In short, here's how it goes with Rocky Linux 9 mapping a physical Network Adapter to a configuration file;
**In short, here's how it goes with Rocky Linux 9 mapping a physical Network Adapter to a configuration file;
***Physical Network Adapter (represented by files located in /sys/devices and below / down)  
***Physical Network Adapter (represented by files located in /sys/devices and below / down)
***⇌  
***⇌
***Calculations done in the name of "Predictable Network Interface Naming", whose 'scripts' are located in /lib/udev/rules.d/80-net-setu-link.rules and whose result(s) are located in the Symbolic Links located in /sys/class/net (which in turn point to 'device files' in /sys/devices)
***Calculations done in the name of "Predictable Network Interface Naming", whose 'scripts' are located in /lib/udev/rules.d/80-net-setu-link.rules and whose result(s) are located in the Symbolic Links located in /sys/class/net (which in turn point to 'device files' in /sys/devices)
***⇌  
***⇌
***Configuration File (in /etc/NetworkManger)
***Configuration File (in /etc/NetworkManger)
***
***
***⇌  ⇌  ⇌  ⇌  ⇌  ⇌  
***⇌  ⇌  ⇌  ⇌  ⇌  ⇌
 
 
MAN (Manual) Page, or the closest equivalent to: https://libvirt.org/formatnetwork.html  But watch out on some stuff.  Here's an example
 
*<forward mode="open" /> AND / OR <forward mode="bridge" />
**in the Virtual Machine Management GUI the drop down box and XML only have mode="open", mode="bridge" is not available.  WTF???!
**In the documentation from https://libvirt.org/formatnetwork.html, there is only mention of mode="bridge", there's nothing on that webpage for mode="open".  Now that's not to say they don't mention 'open', it's just never used in an example.  Both bridge and open are documented.
***open is a version of route (IE, something more similar to a router than a bridge)
***bridge is just what is says (IE, it is a bridge)
****BIG NOTE: While it is never explicitly stated, "YOU NEED TO CREATE A BRIDGE OUTSIDE OF LIBVERT, BECAUSE UNLIKE ''NAT'' LIBVERT WILL ''NOT'' CREATE THE INTERFACE AUTOMATICALLY.  YOU HAVE TO DO IT YOURSELF MANUALLY", it '''''SHOULD BE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'''''
**In the book Mastering KVM Virtualization neither mentions mode="open" or mode='open', only mode='bridge' is mentioned (and only one time in the 2020 edition)
 
...and now comes the part where the above noted references show their true colors.  IE, the content in the articles on those websites was not created by the people who own those websites.  It was aggregated from other websites and put into a format that Google likes.  And does it ever show on the Networking aspect of what they document.  In short, ignore it.  You'll hose your system if you do what is written.  Go ahead and try it (no, don't really do that).
 
The first issue is with the destruction of a perfectly network interface.  The second issue is with the creation of a Bridge Interface that was already created as part of the installation process of QEMU / KVM.  Keeping in mind this article here was written based on Rocky Linux 9 and the iteration of QEMU / KVM as of late 2023.  Earlier versions may have required the creation of a Bridge Interface.
 
KEEP THIS IN MIND: In the QEMU / KVM world, here's how the networking thing functions:
 
*After installing QEMU / KVM, it creates a Virtual Bridge Adapter intended to be used with NAT.  Leave this one as is if you want to use it.  But if you just want a simple bridge to connect to the rest of your network, keep reading.  This Virtual Bridge
 
Here's the assumption (unlike all the other tutorials there);
 
*There is an existing Ethernet Adapter on the Host Machine for QEMU / KVM that has been configured with an IP Address, Subnet Mask, IE, everything needed to communicate via a Network.
*During the installation for QEMU / KVM, a Virtual Bridge Adapter was automatically configured
 
 
Other example NMCLI commands;
 
*nmcli connection show
*Modify the /etc/NetworkManager/system-connections File?  Nope!
**nmcli connection modify WhatEverConnectionName ipv4.address "WhatEverIPAddress/SubnetMaskNumber" (192.168.1.1/24)
**nmcli connection up WhatEverConnectionName (essentially restarts the adapter and adopts new configuration information)
**Does NOT work as one might think to 'reload' or restart a Network Adapter after configuration changes are made: nmcli connection reload
**nmcli connection show WhatEverConnectionName (ipv4.address = configured value AND IPV4.ADDRESS = "live / actual value")
*systemctl restart NetworkManager
 
'''ChatGPT to the Rescue'''
 
Why is the UUID for the virbr0 Virtual Bridge Adapter displayed in the QEMU / KVM Host using the IP LINK SHOW command different than the UUID setting configured in the /etc/libvirt/qemu/networks/default.xml File, even though the MAC Address is the same in the Host (using IP LINK SHOW) and the default.xml File?
 
ChatGPT's explanation is below (which is very good considering that Googling an equivalent answer produces nothing but hundreds of stupid forum results that ramble about how something isn't working).  There is also some additional information from https://wiki.libvirt.org/Networking.html.<syntaxhighlight lang="text">
The discrepancy between the UUID in the default.xml file and the one displayed by the ip link show command might be due to the fact that the UUID in the XML configuration file refers to the libvirt network object's UUID, not the actual bridge interface's UUID.
 
Here's a breakdown:
 
UUID in default.xml:
 
The default.xml file typically contains the XML configuration for the default libvirt network (virbr0). The UUID in this file corresponds to the libvirt network's unique identifier. This UUID is associated with the network object managed by libvirt.
UUID displayed by ip link show:
 
When you use ip link show, you are querying information about the actual bridge interface (virbr0). The UUID displayed here refers to the bridge interface itself, not the libvirt network object.
While the libvirt network and the bridge interface are closely related, they are distinct entities with different UUIDs. The libvirt network configuration includes settings for the bridge interface but also encompasses additional configuration options managed by libvirt.
 
If you want to inspect the libvirt network configuration and UUID programmatically, you can use the virsh command:
 
bash
Copy code
virsh net-dumpxml default
This command will display the XML configuration for the default network, including the libvirt network UUID.
 
If you specifically need the UUID of the bridge interface (virbr0), you can extract it using the nmcli command (assuming NetworkManager is used for managing the bridge):
 
bash
Copy code
nmcli connection show virbr0 | grep UUID
This will display the UUID associated with the virbr0 connection managed by NetworkManager.
 
In summary, the libvirt network and the bridge interface have separate UUIDs, and the discrepancy arises from the different contexts in which these UUIDs are used.
</syntaxhighlight>
 
The above can be confirmed using the following commands
 
*virsh net-destroy default (maybe there should be an 'in-between' option like net-stop, but oh well)<span> </span>: "Stops and Destroys" the virbr0 (defined by default.xml, which is not deleted)
*virsh net-start default<span> </span>: Starts the virb0 (defined by the default.xml file)
*
 
'''Rough Notes'''
 
<network>
 
  <name>my-bridge-network</name>
 
  <forward mode='bridge'/>
 
  <bridge name='virbr_bridge'/>
 
</network>
 
sudo virsh net-define bridge-network.xml
 
sudo virsh net-start my-bridge-network
 
sudo virsh net-autostart my-bridge-network
 
 
There is no "anti virsh net-define command", just delete the XML file and systemctl restart libvirtd.service
<syntaxhighlight lang="text">
virsh [options]... [<command_string>]
virsh [options]... <command> [args...]
 
  options:
    -c | --connect=URI      hypervisor connection URI
    -d | --debug=NUM        debug level [0-4]
    -e | --escape <char>    set escape sequence for console
    -h | --help            this help
    -k | --keepalive-interval=NUM
                            keepalive interval in seconds, 0 for disable
    -K | --keepalive-count=NUM
                            number of possible missed keepalive messages
    -l | --log=FILE        output logging to file
    -q | --quiet            quiet mode
    -r | --readonly        connect readonly
    -t | --timing          print timing information
    -v                      short version
    -V                      long version
        --version[=TYPE]  version, TYPE is short or long (default short)
  commands (non interactive mode):
 
Domain Management (help keyword 'domain')
    attach-device                  attach device from an XML file
    attach-disk                    attach disk device
    attach-interface              attach network interface
    autostart                      autostart a domain
    blkdeviotune                  Set or query a block device I/O tuning parameters.
    blkiotune                      Get or set blkio parameters
    blockcommit                    Start a block commit operation.
    blockcopy                      Start a block copy operation.
    blockjob                      Manage active block operations
    blockpull                      Populate a disk from its backing image.
    blockresize                    Resize block device of domain.
    change-media                  Change media of CD or floppy drive
    console                        connect to the guest console
    cpu-stats                      show domain cpu statistics
    create                        create a domain from an XML file
    define                        define (but don't start) a domain from an XML file
    desc                          show or set domain's description or title
    destroy                        destroy (stop) a domain
    detach-device                  detach device from an XML file
    detach-device-alias            detach device from an alias
    detach-disk                    detach disk device
    detach-interface              detach network interface
    domdisplay                    domain display connection URI
    domfsfreeze                    Freeze domain's mounted filesystems.
    domfsthaw                      Thaw domain's mounted filesystems.
    domfsinfo                      Get information of domain's mounted filesystems.
    domfstrim                      Invoke fstrim on domain's mounted filesystems.
    domhostname                    print the domain's hostname
    domid                          convert a domain name or UUID to domain id
    domif-setlink                  set link state of a virtual interface
    domiftune                      get/set parameters of a virtual interface
    domjobabort                    abort active domain job
    domjobinfo                    domain job information
    domlaunchsecinfo              Get domain launch security info
    domsetlaunchsecstate          Set domain launch security state
    domname                        convert a domain id or UUID to domain name
    domrename                      rename a domain
    dompmsuspend                  suspend a domain gracefully using power management functions
    dompmwakeup                    wakeup a domain from pmsuspended state
    domuuid                        convert a domain name or id to domain UUID
    domxml-from-native            Convert native config to domain XML
    domxml-to-native              Convert domain XML to native config
    dump                          dump the core of a domain to a file for analysis
    dumpxml                        domain information in XML
    edit                          edit XML configuration for a domain
    get-user-sshkeys              list authorized SSH keys for given user (via agent)
    inject-nmi                    Inject NMI to the guest
    iothreadinfo                  view domain IOThreads
    iothreadpin                    control domain IOThread affinity
    iothreadadd                    add an IOThread to the guest domain
    iothreadset                    modifies an existing IOThread of the guest domain
    iothreaddel                    delete an IOThread from the guest domain
    send-key                      Send keycodes to the guest
    send-process-signal            Send signals to processes
    lxc-enter-namespace            LXC Guest Enter Namespace
    managedsave                    managed save of a domain state
    managedsave-remove            Remove managed save of a domain
    managedsave-edit              edit XML for a domain's managed save state file
    managedsave-dumpxml            Domain information of managed save state file in XML
    managedsave-define            redefine the XML for a domain's managed save state file
    memtune                        Get or set memory parameters
    perf                          Get or set perf event
    metadata                      show or set domain's custom XML metadata
    migrate                        migrate domain to another host
    migrate-setmaxdowntime        set maximum tolerable downtime
    migrate-getmaxdowntime        get maximum tolerable downtime
    migrate-compcache              get/set compression cache size
    migrate-setspeed              Set the maximum migration bandwidth
    migrate-getspeed              Get the maximum migration bandwidth
    migrate-postcopy              Switch running migration from pre-copy to post-copy
    numatune                      Get or set numa parameters
    qemu-attach                    QEMU Attach
    qemu-monitor-command          QEMU Monitor Command
    qemu-monitor-event            QEMU Monitor Events
    qemu-agent-command            QEMU Guest Agent Command
    guest-agent-timeout            Set the guest agent timeout
    reboot                        reboot a domain
    reset                          reset a domain
    restore                        restore a domain from a saved state in a file
    resume                        resume a domain
    save                          save a domain state to a file
    save-image-define              redefine the XML for a domain's saved state file
    save-image-dumpxml            saved state domain information in XML
    save-image-edit                edit XML for a domain's saved state file
    schedinfo                      show/set scheduler parameters
    screenshot                    take a screenshot of a current domain console and store it into a file
    set-lifecycle-action          change lifecycle actions
    set-user-sshkeys              manipulate authorized SSH keys file for given user (via agent)
    set-user-password              set the user password inside the domain
    setmaxmem                      change maximum memory limit
    setmem                        change memory allocation
    setvcpus                      change number of virtual CPUs
    shutdown                      gracefully shutdown a domain
    start                          start a (previously defined) inactive domain
    suspend                        suspend a domain
    ttyconsole                    tty console
    undefine                      undefine a domain
    update-device                  update device from an XML file
    update-memory-device          update memory device of a domain
    vcpucount                      domain vcpu counts
    vcpuinfo                      detailed domain vcpu information
    vcpupin                        control or query domain vcpu affinity
    emulatorpin                    control or query domain emulator affinity
    vncdisplay                    vnc display
    guestvcpus                    query or modify state of vcpu in the guest (via agent)
    setvcpu                        attach/detach vcpu or groups of threads
    domblkthreshold                set the threshold for block-threshold event for a given block device or it's backing chain element
    guestinfo                      query information about the guest (via agent)
    domdirtyrate-calc              Calculate a vm's memory dirty rate
    dom-fd-associate              associate a FD with a domain
 
Domain Monitoring (help keyword 'monitor')
    domblkerror                    Show errors on block devices
    domblkinfo                    domain block device size information
    domblklist                    list all domain blocks
    domblkstat                    get device block stats for a domain
    domcontrol                    domain control interface state
    domif-getlink                  get link state of a virtual interface
    domifaddr                      Get network interfaces' addresses for a running domain
    domiflist                      list all domain virtual interfaces
    domifstat                      get network interface stats for a domain
    dominfo                        domain information
    dommemstat                    get memory statistics for a domain
    domstate                      domain state
    domstats                      get statistics about one or multiple domains
    domtime                        domain time
    list                          list domains
 
Domain Events (help keyword 'events')
    event                          Domain Events
 
Host and Hypervisor (help keyword 'host')
    allocpages                    Manipulate pages pool size
    capabilities                  capabilities
    cpu-baseline                  compute baseline CPU
    cpu-compare                    compare host CPU with a CPU described by an XML file
    cpu-models                    CPU models
    domcapabilities                domain capabilities
    freecell                      NUMA free memory
    freepages                      NUMA free pages
    hostname                      print the hypervisor hostname
    hypervisor-cpu-baseline        compute baseline CPU usable by a specific hypervisor
    hypervisor-cpu-compare        compare a CPU with the CPU created by a hypervisor on the host
    maxvcpus                      connection vcpu maximum
    node-memory-tune              Get or set node memory parameters
    nodecpumap                    node cpu map
    nodecpustats                  Prints cpu stats of the node.
    nodeinfo                      node information
    nodememstats                  Prints memory stats of the node.
    nodesevinfo                    node SEV information
    nodesuspend                    suspend the host node for a given time duration
    sysinfo                        print the hypervisor sysinfo
    uri                            print the hypervisor canonical URI
    version                        show version
 
Checkpoint (help keyword 'checkpoint')
    checkpoint-create              Create a checkpoint from XML
    checkpoint-create-as          Create a checkpoint from a set of args
    checkpoint-delete              Delete a domain checkpoint
    checkpoint-dumpxml            Dump XML for a domain checkpoint
    checkpoint-edit                edit XML for a checkpoint
    checkpoint-info                checkpoint information
    checkpoint-list                List checkpoints for a domain
    checkpoint-parent              Get the name of the parent of a checkpoint
 
Interface (help keyword 'interface')
    iface-begin                    create a snapshot of current interfaces settings, which can be later committed (iface-commit) or restored (iface-rollback)
    iface-bridge                  create a bridge device and attach an existing network device to it
    iface-commit                  commit changes made since iface-begin and free restore point
    iface-define                  define an inactive persistent physical host interface or modify an existing persistent one from an XML file
    iface-destroy                  destroy a physical host interface (disable it / "if-down")
    iface-dumpxml                  interface information in XML
    iface-edit                    edit XML configuration for a physical host interface
    iface-list                    list physical host interfaces
    iface-mac                      convert an interface name to interface MAC address
    iface-name                    convert an interface MAC address to interface name
    iface-rollback                rollback to previous saved configuration created via iface-begin
    iface-start                    start a physical host interface (enable it / "if-up")
    iface-unbridge                undefine a bridge device after detaching its device(s)
    iface-undefine                undefine a physical host interface (remove it from configuration)
 
Network Filter (help keyword 'filter')
    nwfilter-define                define or update a network filter from an XML file
    nwfilter-dumpxml              network filter information in XML
    nwfilter-edit                  edit XML configuration for a network filter
    nwfilter-list                  list network filters
    nwfilter-undefine              undefine a network filter
    nwfilter-binding-create        create a network filter binding from an XML file
    nwfilter-binding-delete        delete a network filter binding
    nwfilter-binding-dumpxml      network filter information in XML
    nwfilter-binding-list          list network filter bindings
 
Networking (help keyword 'network')
    net-autostart                  autostart a network
    net-create                    create a network from an XML file
    net-define                    define an inactive persistent virtual network or modify an existing persistent one from an XML file
    net-destroy                    destroy (stop) a network
    net-dhcp-leases                print lease info for a given network
    net-dumpxml                    network information in XML
    net-edit                      edit XML configuration for a network
    net-event                      Network Events
    net-info                      network information
    net-list                      list networks
    net-name                      convert a network UUID to network name
    net-start                      start a (previously defined) inactive network
    net-undefine                  undefine a persistent network
    net-update                    update parts of an existing network's configuration
    net-uuid                      convert a network name to network UUID
    net-port-list                  list network ports
    net-port-create                create a network port from an XML file
    net-port-dumpxml              network port information in XML
    net-port-delete                delete the specified network port
 
Node Device (help keyword 'nodedev')
    nodedev-create                create a device defined by an XML file on the node
    nodedev-destroy                destroy (stop) a device on the node
    nodedev-detach                detach node device from its device driver
    nodedev-dumpxml                node device details in XML
    nodedev-list                  enumerate devices on this host
    nodedev-reattach              reattach node device to its device driver
    nodedev-reset                  reset node device
    nodedev-event                  Node Device Events
    nodedev-define                Define a device by an xml file on a node
    nodedev-undefine              Undefine an inactive node device
    nodedev-start                  Start an inactive node device
    nodedev-autostart              autostart a defined node device
    nodedev-info                  node device information
 
Secret (help keyword 'secret')
    secret-define                  define or modify a secret from an XML file
    secret-dumpxml                secret attributes in XML
    secret-event                  Secret Events
    secret-get-value              Output a secret value
    secret-list                    list secrets
    secret-set-value              set a secret value
    secret-undefine                undefine a secret
 
Snapshot (help keyword 'snapshot')
    snapshot-create                Create a snapshot from XML
    snapshot-create-as            Create a snapshot from a set of args
    snapshot-current              Get or set the current snapshot
    snapshot-delete                Delete a domain snapshot
    snapshot-dumpxml              Dump XML for a domain snapshot
    snapshot-edit                  edit XML for a snapshot
    snapshot-info                  snapshot information
    snapshot-list                  List snapshots for a domain
    snapshot-parent                Get the name of the parent of a snapshot
    snapshot-revert                Revert a domain to a snapshot
 
Backup (help keyword 'backup')
    backup-begin                  Start a disk backup of a live domain
    backup-dumpxml                Dump XML for an ongoing domain block backup job
 
Storage Pool (help keyword 'pool')
    find-storage-pool-sources-as  find potential storage pool sources
    find-storage-pool-sources      discover potential storage pool sources
    pool-autostart                autostart a pool
    pool-build                    build a pool
    pool-create-as                create a pool from a set of args
    pool-create                    create a pool from an XML file
    pool-define-as                define a pool from a set of args
    pool-define                    define an inactive persistent storage pool or modify an existing persistent one from an XML file
    pool-delete                    delete a pool
    pool-destroy                  destroy (stop) a pool
    pool-dumpxml                  pool information in XML
    pool-edit                      edit XML configuration for a storage pool
    pool-info                      storage pool information
    pool-list                      list pools
    pool-name                      convert a pool UUID to pool name
    pool-refresh                  refresh a pool
    pool-start                    start a (previously defined) inactive pool
    pool-undefine                  undefine an inactive pool
    pool-uuid                      convert a pool name to pool UUID
    pool-event                    Storage Pool Events
    pool-capabilities              storage pool capabilities


Storage Volume (help keyword 'volume')
    vol-clone                      clone a volume.
    vol-create-as                  create a volume from a set of args
    vol-create                    create a vol from an XML file
    vol-create-from                create a vol, using another volume as input
    vol-delete                    delete a vol
    vol-download                  download volume contents to a file
    vol-dumpxml                    vol information in XML
    vol-info                      storage vol information
    vol-key                        returns the volume key for a given volume name or path
    vol-list                      list vols
    vol-name                      returns the volume name for a given volume key or path
    vol-path                      returns the volume path for a given volume name or key
    vol-pool                      returns the storage pool for a given volume key or path
    vol-resize                    resize a vol
    vol-upload                    upload file contents to a volume
    vol-wipe                      wipe a vol


Virsh itself (help keyword 'virsh')
    cd                            change the current directory
    echo                          echo arguments. Used for internal testing.
    exit                          quit this interactive terminal
    help                          print help
    pwd                            print the current directory
    quit                          quit this interactive terminal
    connect                        (re)connect to hypervisor




  (specify help <group> for details about the commands in the group)


  (specify help <command> for details about the command)
</syntaxhighlight>




===Rants and Temper Tantrums===
Delete a bridge created by using an XML file.  It works most of the time.  But what happens if you get a dreaded "failed to get a 'forking' domain" error message?  What then?  Well, your SOL until you reboot the machine.  NOTHING works!


'''QEMU Guest Agent / qemu-guest-agent.service VS libvirtd "guest" stuff:'''  There are hints that the former has been depricated or isn't needed or something.  Good fucking lucking getting a straight answer on any of this shit.  Here, try this: https://stackshare.io/stackups/libvirt-vs-qemu#:~:text=Hardware%20Emulation%3A%20QEMU%20includes%20its,not%20provide%20direct%20hardware%20emulation.  Yup, now it's all clear. Dear Linux developers.  You're brilliant.  But you can't communicate for shit.  You change things on a minutely basis and leave a wake of documentation destruction behind you.  How is anyone on this planet supposed to understand and keep up with what you're doing?  Part of your job should be to make this open source software available to everyone.  Nope, need a degree in Linuxology to understand stuff, and it shouldn't be that way.  Yes, there needs to be an understanding of fundamentals and expertise, but don't you get it?  There are people out there that have to be skilled in a myriad of technologies to actually make use of your stuff in the real world.  They're really smart and capable, but just don't have the time to understand stuff like you.  There's too much other stuff going on.  Rant over, because I'm tired of typing.





Latest revision as of 09:44, 10 March 2024

...below are just rough notes from three different sources, including ChatGPT. They are ordered in each section as below from the following sources;

Check for VM Support in CPU;

  • cat /proc/cpuinfo | egrep "vmx|svm"
  • lscpu | grep Virtualization
  • No Comment

Install all the Stuff (for the first two sources there were duplicate items on multiple lines that were cleaned up, oops, no proof reading on their part, huh, just a copy and paste);

  • dnf install qemu-kvm virt-manager libvirt virt-install virt-viewer libguestfs-tools bridge-utils virt-top
  • dnf install qemu-kvm virt-manager libvirt virt-install virt-viewer libguestfs-tools bridge-utils virt-top
  • dnf install qemu-kvm libvirt virt-install virt-manager AND apparently installing virt-manager again (just to make sure)

NOTES: And of course there are about a hundred or so other dependencies that are downloaded and installed too.

ISSUES: bridge-utils virt-top might give issues if attempting to install at the same time, so try installing separately.

Check Installation;

  • lsmod | grep kvm
  • lsmod | grep kvm
  • lsmod | grep kvm AND virsh list --all

Start AND Enable Automatic Starting of the "KVM" Services AND see if they're actually running;

  • sudo systemctl start libvirtd AND systemctl enable --now libvirtd AND systemctl status libvirtd
  • sudo systemctl start libvirtd AND sudo systemctl enable libvirtd AND systemctl status libvirtd
  • sudo systemctl start libvirtd AND sudo systemctl enable libvirtd AND No Comment

Permissions and User Related Stuff;

  • No Comment
  • usermod -aG libvirt $USER AND newgrp libvirt
  • usermod -aG libvirt $(whoami)

Network Connectivity, don't forget that;

Tools to use;

  • Virtual Machine Manager GUI
  • nm-connection-editor: Basic GUI for Network Management (more powerful than the GNOME Network GUI, and in fact the GNOME Network GUI is just plain unreliable and inaccurate, so don't use)
  • Terminal (AKA "Command Prompt")

Useful Commands;

  • virsh net-list --all
  • nmcli connection show
  • ip link show
  • ifconfig
  • systemctl restart libvirtd.service
  • systemct. restart NetworkManager

OK, here's what to do for creating what is essentially an Ethernet Switch. IE, this is about as close as it comes to 'typical' reality where computers, servers, and other devices are all connected to each other via Ethernet Cables to an Ethernet Switch. The below method uses a GUI interface as much as possible in order for one to understand and see what is going on, VS being a 'parrot' that types in commands as suggested by someone else. It also assumes the reader knows the basics of what they're doing, so for instance when it is noted that something needs to be disabled, the reader knows how to do it (because it's easy) and doesn't need five additional steps stating, "...click here, type this, etc.);

  • Identify current Ethernet Adapter(s) and Virtual Bridge(s) get oriented by obtaing the names of various Network Adapters or Virtual Devices (eth0, enp1s0of0, virbr0, bridg0, br0, whatever, etc.);
    • nmcli connection show (or use the nm-connection-editor)
    • brctl show
    • ip link show
  • Disable the existing target Ethernet Adapter (this equates to the Physical Network Adapter that is connected to the Subnet / LAN / Network) through a GUI or command line interface. Don't delete it as most tutorials would have you do (if needed you can always enable it later instead of re-creating it from scratch). Also prevent it from starting by default.
    • nmcli connection modify WhatEverConnectionName connection.autoconnect "no"
    • ifconfig WhatEverConnectionName down OR ip link set dev WhatEverConnectionName down
  • Create the "Virtual Ethernet Switch" (AKA Virtual Bridge)
    • nm-connection-editor: Using this GUI makes it easy.
      • "Connect / Extend the Ethernet Cable plugged into the Physical Host's Network Jack" to a "Port" on the "Virtual Ethernet Switch"
        • Bridge Tab, Add Button, Select the Physical Interface
      • Configure IP Information (which should be the same as the Ethernet Adapter disabled above).
      • Name the Connections and Interface Name as: bridge0 (although it can be anything, plus keeping the names similar cuts down on Alias Names causing confusion later)
        • Another useful naming convention would be a hybrid approach where one could start the name with the old fashion "br", then append the name of the physical adapter, so a "bridge" connected to eno4 (a naming convention for Rocky Linux 9 Ethernet Adapter / Connections) would be breno4
      • The end result is the is a Virtual Ethernet Switch with a single Port that has one Cable plugged into it. Later, if viewed when a Virtual Machine is powered on, the additional Ports for the Virtual Machines will be seen here.
    • OR, to do the same as above from the command line (minus adding IP information): mcli connection add type bridge autoconnect yes con-name bridge0 ifname bridge0
  • Configure the Virtual Machine's Network Adapter. There should be one created by default.
    • Edit the Virtual Machine in Virtual Machine Editor
      • Set the Network Source to: Bridge device
      • Set the name to: bridge0 (or whatever it was named)
      • Set Device Model to: virtio

...done. Well, configure the Virtual Machine's network information as would be done for any other physical machine.

The result will be a Virtual Bridge named bridge0 (it can be anything, but bridge0 keeps with the 'suggested' Rocky Linux 9 naming convention, with the equivalent CentOS 7 naming convention being br0). Virtual Machines as they're powered on will have their NICs show up as vnet0, vnet1, etc.

And as gone into more detail below, it is simply not within the realm of reality for the libvirtd to automatically create the above "Switch" (AKA Virtual Bridge)

Power Events (AKA Automatic Start Actions, Automatic Stop Actions, and "WatchDog")

One would ordinarily ever consider that Microsoft would make sense. But they do in this instance. Here's the question: When a QEMU / KVM Host Machine (that's the physical machine) is restarted / rebooted or shut down, what about the Virtual / Guest Machines? Are they shut down properly / gracefully? Are they paused / suspended? Or are they just turned of, as in flip / press the power button to kill it? In the Microsoft world with Hyper-V it's abundantly clear with Automatic Start Actions and Automatic Stop Actions. Wow! Cool! Gravity can be reversed. Not so evident with the QEMU / KVM architecture. Yup, as the title might have given away, look under "WatchDog" for power settings. Ummm, unless it was a couple of years ago, then it would be qemu-guest-agent.service and some settings tucked away in /etc/default/libvirt-guests, no wait, /etc/sysconfig/libvirt-guests. But that file is gone now with nothing left behind, not even a file by the same name with a note in it explaining why it isn't used anymore, it's just gone. Before that, some custom scripts and 'shutdown service(s)', but those aren't needed anymore, nor will they work the same way they used to because the new QEMU / KVM breaks that paradigm. Anyway, here's the answer to the above question;

  • In the Virtual Machine Manager GUI, open the Virtual Machine (AKA "Domain", wait, didn't Microsoft already take that term?), click Settings, err, the Gear Icon, no wait, the Light Bulb Icon, click WatchDog, then under Model select diag288, 16300esb, or ib700, and, no wait, you could also type anything you want, or leave it at the default of itco (which isn't in the drop down menu), then under Action select what you want the Virtual / Guest machine to do when the physical host machine is rebooted, shutdown, etc. (with the default set to Forcefully reset the guest, which is of course the best one for preserving data and the integrity of the guest machine, err, no wait, speeds shut down of the physical host machine by just killing the guest machine, losing data, settings, destroying databases, etc., so naturally Forcefully reset the guest is the default setting).

Tricks, Tips, and Other Useful Information (all of which applies to Rocky Linux 9, and others based on Red Hat)

Network Configuration (from https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/configuring_and_managing_networking/index#configuring-an-ethernet-connection-with-a-static-ip-address-by-using-nmstatectl_configuring-an-ethernet-connection);

  • NMCLI ( nmcli ): Command Line Interface
  • NMTUI ( nmtui ): Text Based GUI
  • NM-CONNETION-EDITOR ( nm-connection-editor ): "Control Panel Version" GUI
  • "Control Center" for GNOME: "Windows 11 Version" GUI (IE, less capable than all of the above)
  • NMSTATECTL ( nmstatesctl ): nmstatectl show will provide a LOT of information (plus other things, including configuration)

Other Tips and Information;

  • Rocky Linux 9 Network Configuration Files Directory: /etc/Network/Manager/system-connections (NOT /etc/sysconfig/network-scripts)
  • Network Configuration for Rocky Linux: nm-connection-editor
  • If a Bridged Network Adapter is configured for a Virtual Machine, it will show up in the Host Machine as: vnet1, etc.
  • QEMU / KVM Bridges can be configure "within" QEMU / KVM and "externally" using commands like brctl, etc.
  • QEMU / KVM Configuration Files: /etc/libvirt/qemu/
    • Heed the warning notes on some of these files as they should not be edited directly. Although a workaround is to edit the files directly, then restart the libvirtd.service (systemctl restart libvirtd.service)
    • virsh net-edit default (it uses the VI editor)
      • VI Editor
        • i = Insert (AKA Edit) Mode
        • ESC = Command Mode
        •  : (Colon) = "Beginning of Command"
        • w = Write (as in :w)
        • x = Exit / Quit and Save (AKA Write) (as in :x)
        • q = Quit (AKA Exit)
      • ...and that is not enough, ALL of the following commands need to be run for configuration changes to take effect (the below examples assume default is the name of the network device)
        • virsh net-destroy default (essentially stops the device, and also deletes it, as apparently restarting it alone isn't enough)
        • virsh net-define default (in reality, the intent is to 're-define' the interface, but from the VIRTLIBD perspective the interface has been 'destroyed' and isn't there, so it needs to be defined)
          • TOP TIP: When using the virsh net-define command, don't put the 'base' configuration file in /etc/libvirt/qemu/networks
        • virsh net-start default
        • Note: Hey, I've got an idea for you genzers that are programming this, why not create a virsh net-restart command that intuitively does what a bazillion other past command examples do to complete the above task? And don't say virsh net-update add / modify, because that is just as convoluted. Go ahead, read it right here and see if having a virsh net-restart command doesn't make good sense: https://wiki.libvirt.org/Networking.html#:~:text=If%20you%20edit%20the%20network,automatically%20done%20as%20a%20side Now why would all of this be a big issue? Well guess what, there's this thing called reality where you can get this error: "failed to get domain" when using the virsh net-destroy and then what? Reboot MFer. That's it. Thanks Genzers!
  • QEMU / KVM Additional Bridge Configuration: /etc/qemu-kvm/
  • Documentation from QEMU / KVM on Bridges and Networking: https://libvirt.org/formatnetwork.html
  • All, or most of the documentation for Rocky Linux 9 that steers one towards /etc/udev/rules.d is now located in /lib/udev/rules.d
  • Network Remapping End Result(s) (IE, if you want to see how the "Predictable Network Interface Naming" decided on how things were to be done: /sys/class/net
    • In short, here's how it goes with Rocky Linux 9 mapping a physical Network Adapter to a configuration file;
      • Physical Network Adapter (represented by files located in /sys/devices and below / down)
      • Calculations done in the name of "Predictable Network Interface Naming", whose 'scripts' are located in /lib/udev/rules.d/80-net-setu-link.rules and whose result(s) are located in the Symbolic Links located in /sys/class/net (which in turn point to 'device files' in /sys/devices)
      • Configuration File (in /etc/NetworkManger)
      • ⇌ ⇌ ⇌ ⇌ ⇌ ⇌


MAN (Manual) Page, or the closest equivalent to: https://libvirt.org/formatnetwork.html But watch out on some stuff. Here's an example

  • <forward mode="open" /> AND / OR <forward mode="bridge" />
    • in the Virtual Machine Management GUI the drop down box and XML only have mode="open", mode="bridge" is not available. WTF???!
    • In the documentation from https://libvirt.org/formatnetwork.html, there is only mention of mode="bridge", there's nothing on that webpage for mode="open". Now that's not to say they don't mention 'open', it's just never used in an example. Both bridge and open are documented.
      • open is a version of route (IE, something more similar to a router than a bridge)
      • bridge is just what is says (IE, it is a bridge)
        • BIG NOTE: While it is never explicitly stated, "YOU NEED TO CREATE A BRIDGE OUTSIDE OF LIBVERT, BECAUSE UNLIKE NAT LIBVERT WILL NOT CREATE THE INTERFACE AUTOMATICALLY. YOU HAVE TO DO IT YOURSELF MANUALLY", it SHOULD BE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    • In the book Mastering KVM Virtualization neither mentions mode="open" or mode='open', only mode='bridge' is mentioned (and only one time in the 2020 edition)

...and now comes the part where the above noted references show their true colors. IE, the content in the articles on those websites was not created by the people who own those websites. It was aggregated from other websites and put into a format that Google likes. And does it ever show on the Networking aspect of what they document. In short, ignore it. You'll hose your system if you do what is written. Go ahead and try it (no, don't really do that).

The first issue is with the destruction of a perfectly network interface. The second issue is with the creation of a Bridge Interface that was already created as part of the installation process of QEMU / KVM. Keeping in mind this article here was written based on Rocky Linux 9 and the iteration of QEMU / KVM as of late 2023. Earlier versions may have required the creation of a Bridge Interface.

KEEP THIS IN MIND: In the QEMU / KVM world, here's how the networking thing functions:

  • After installing QEMU / KVM, it creates a Virtual Bridge Adapter intended to be used with NAT. Leave this one as is if you want to use it. But if you just want a simple bridge to connect to the rest of your network, keep reading. This Virtual Bridge

Here's the assumption (unlike all the other tutorials there);

  • There is an existing Ethernet Adapter on the Host Machine for QEMU / KVM that has been configured with an IP Address, Subnet Mask, IE, everything needed to communicate via a Network.
  • During the installation for QEMU / KVM, a Virtual Bridge Adapter was automatically configured


Other example NMCLI commands;

  • nmcli connection show
  • Modify the /etc/NetworkManager/system-connections File? Nope!
    • nmcli connection modify WhatEverConnectionName ipv4.address "WhatEverIPAddress/SubnetMaskNumber" (192.168.1.1/24)
    • nmcli connection up WhatEverConnectionName (essentially restarts the adapter and adopts new configuration information)
    • Does NOT work as one might think to 'reload' or restart a Network Adapter after configuration changes are made: nmcli connection reload
    • nmcli connection show WhatEverConnectionName (ipv4.address = configured value AND IPV4.ADDRESS = "live / actual value")
  • systemctl restart NetworkManager

ChatGPT to the Rescue

Why is the UUID for the virbr0 Virtual Bridge Adapter displayed in the QEMU / KVM Host using the IP LINK SHOW command different than the UUID setting configured in the /etc/libvirt/qemu/networks/default.xml File, even though the MAC Address is the same in the Host (using IP LINK SHOW) and the default.xml File?

ChatGPT's explanation is below (which is very good considering that Googling an equivalent answer produces nothing but hundreds of stupid forum results that ramble about how something isn't working). There is also some additional information from https://wiki.libvirt.org/Networking.html.

The discrepancy between the UUID in the default.xml file and the one displayed by the ip link show command might be due to the fact that the UUID in the XML configuration file refers to the libvirt network object's UUID, not the actual bridge interface's UUID.

Here's a breakdown:

UUID in default.xml:

The default.xml file typically contains the XML configuration for the default libvirt network (virbr0). The UUID in this file corresponds to the libvirt network's unique identifier. This UUID is associated with the network object managed by libvirt.
UUID displayed by ip link show:

When you use ip link show, you are querying information about the actual bridge interface (virbr0). The UUID displayed here refers to the bridge interface itself, not the libvirt network object.
While the libvirt network and the bridge interface are closely related, they are distinct entities with different UUIDs. The libvirt network configuration includes settings for the bridge interface but also encompasses additional configuration options managed by libvirt.

If you want to inspect the libvirt network configuration and UUID programmatically, you can use the virsh command:

bash
Copy code
virsh net-dumpxml default
This command will display the XML configuration for the default network, including the libvirt network UUID.

If you specifically need the UUID of the bridge interface (virbr0), you can extract it using the nmcli command (assuming NetworkManager is used for managing the bridge):

bash
Copy code
nmcli connection show virbr0 | grep UUID
This will display the UUID associated with the virbr0 connection managed by NetworkManager.

In summary, the libvirt network and the bridge interface have separate UUIDs, and the discrepancy arises from the different contexts in which these UUIDs are used.

The above can be confirmed using the following commands

  • virsh net-destroy default (maybe there should be an 'in-between' option like net-stop, but oh well) : "Stops and Destroys" the virbr0 (defined by default.xml, which is not deleted)
  • virsh net-start default : Starts the virb0 (defined by the default.xml file)

Rough Notes

<network>

  <name>my-bridge-network</name>

  <forward mode='bridge'/>

  <bridge name='virbr_bridge'/>

</network>

sudo virsh net-define bridge-network.xml

sudo virsh net-start my-bridge-network

sudo virsh net-autostart my-bridge-network


There is no "anti virsh net-define command", just delete the XML file and systemctl restart libvirtd.service

virsh [options]... [<command_string>]
virsh [options]... <command> [args...]

  options:
    -c | --connect=URI      hypervisor connection URI
    -d | --debug=NUM        debug level [0-4]
    -e | --escape <char>    set escape sequence for console
    -h | --help             this help
    -k | --keepalive-interval=NUM
                            keepalive interval in seconds, 0 for disable
    -K | --keepalive-count=NUM
                            number of possible missed keepalive messages
    -l | --log=FILE         output logging to file
    -q | --quiet            quiet mode
    -r | --readonly         connect readonly
    -t | --timing           print timing information
    -v                      short version
    -V                      long version
         --version[=TYPE]   version, TYPE is short or long (default short)
  commands (non interactive mode):

 Domain Management (help keyword 'domain')
    attach-device                  attach device from an XML file
    attach-disk                    attach disk device
    attach-interface               attach network interface
    autostart                      autostart a domain
    blkdeviotune                   Set or query a block device I/O tuning parameters.
    blkiotune                      Get or set blkio parameters
    blockcommit                    Start a block commit operation.
    blockcopy                      Start a block copy operation.
    blockjob                       Manage active block operations
    blockpull                      Populate a disk from its backing image.
    blockresize                    Resize block device of domain.
    change-media                   Change media of CD or floppy drive
    console                        connect to the guest console
    cpu-stats                      show domain cpu statistics
    create                         create a domain from an XML file
    define                         define (but don't start) a domain from an XML file
    desc                           show or set domain's description or title
    destroy                        destroy (stop) a domain
    detach-device                  detach device from an XML file
    detach-device-alias            detach device from an alias
    detach-disk                    detach disk device
    detach-interface               detach network interface
    domdisplay                     domain display connection URI
    domfsfreeze                    Freeze domain's mounted filesystems.
    domfsthaw                      Thaw domain's mounted filesystems.
    domfsinfo                      Get information of domain's mounted filesystems.
    domfstrim                      Invoke fstrim on domain's mounted filesystems.
    domhostname                    print the domain's hostname
    domid                          convert a domain name or UUID to domain id
    domif-setlink                  set link state of a virtual interface
    domiftune                      get/set parameters of a virtual interface
    domjobabort                    abort active domain job
    domjobinfo                     domain job information
    domlaunchsecinfo               Get domain launch security info
    domsetlaunchsecstate           Set domain launch security state
    domname                        convert a domain id or UUID to domain name
    domrename                      rename a domain
    dompmsuspend                   suspend a domain gracefully using power management functions
    dompmwakeup                    wakeup a domain from pmsuspended state
    domuuid                        convert a domain name or id to domain UUID
    domxml-from-native             Convert native config to domain XML
    domxml-to-native               Convert domain XML to native config
    dump                           dump the core of a domain to a file for analysis
    dumpxml                        domain information in XML
    edit                           edit XML configuration for a domain
    get-user-sshkeys               list authorized SSH keys for given user (via agent)
    inject-nmi                     Inject NMI to the guest
    iothreadinfo                   view domain IOThreads
    iothreadpin                    control domain IOThread affinity
    iothreadadd                    add an IOThread to the guest domain
    iothreadset                    modifies an existing IOThread of the guest domain
    iothreaddel                    delete an IOThread from the guest domain
    send-key                       Send keycodes to the guest
    send-process-signal            Send signals to processes
    lxc-enter-namespace            LXC Guest Enter Namespace
    managedsave                    managed save of a domain state
    managedsave-remove             Remove managed save of a domain
    managedsave-edit               edit XML for a domain's managed save state file
    managedsave-dumpxml            Domain information of managed save state file in XML
    managedsave-define             redefine the XML for a domain's managed save state file
    memtune                        Get or set memory parameters
    perf                           Get or set perf event
    metadata                       show or set domain's custom XML metadata
    migrate                        migrate domain to another host
    migrate-setmaxdowntime         set maximum tolerable downtime
    migrate-getmaxdowntime         get maximum tolerable downtime
    migrate-compcache              get/set compression cache size
    migrate-setspeed               Set the maximum migration bandwidth
    migrate-getspeed               Get the maximum migration bandwidth
    migrate-postcopy               Switch running migration from pre-copy to post-copy
    numatune                       Get or set numa parameters
    qemu-attach                    QEMU Attach
    qemu-monitor-command           QEMU Monitor Command
    qemu-monitor-event             QEMU Monitor Events
    qemu-agent-command             QEMU Guest Agent Command
    guest-agent-timeout            Set the guest agent timeout
    reboot                         reboot a domain
    reset                          reset a domain
    restore                        restore a domain from a saved state in a file
    resume                         resume a domain
    save                           save a domain state to a file
    save-image-define              redefine the XML for a domain's saved state file
    save-image-dumpxml             saved state domain information in XML
    save-image-edit                edit XML for a domain's saved state file
    schedinfo                      show/set scheduler parameters
    screenshot                     take a screenshot of a current domain console and store it into a file
    set-lifecycle-action           change lifecycle actions
    set-user-sshkeys               manipulate authorized SSH keys file for given user (via agent)
    set-user-password              set the user password inside the domain
    setmaxmem                      change maximum memory limit
    setmem                         change memory allocation
    setvcpus                       change number of virtual CPUs
    shutdown                       gracefully shutdown a domain
    start                          start a (previously defined) inactive domain
    suspend                        suspend a domain
    ttyconsole                     tty console
    undefine                       undefine a domain
    update-device                  update device from an XML file
    update-memory-device           update memory device of a domain
    vcpucount                      domain vcpu counts
    vcpuinfo                       detailed domain vcpu information
    vcpupin                        control or query domain vcpu affinity
    emulatorpin                    control or query domain emulator affinity
    vncdisplay                     vnc display
    guestvcpus                     query or modify state of vcpu in the guest (via agent)
    setvcpu                        attach/detach vcpu or groups of threads
    domblkthreshold                set the threshold for block-threshold event for a given block device or it's backing chain element
    guestinfo                      query information about the guest (via agent)
    domdirtyrate-calc              Calculate a vm's memory dirty rate
    dom-fd-associate               associate a FD with a domain

 Domain Monitoring (help keyword 'monitor')
    domblkerror                    Show errors on block devices
    domblkinfo                     domain block device size information
    domblklist                     list all domain blocks
    domblkstat                     get device block stats for a domain
    domcontrol                     domain control interface state
    domif-getlink                  get link state of a virtual interface
    domifaddr                      Get network interfaces' addresses for a running domain
    domiflist                      list all domain virtual interfaces
    domifstat                      get network interface stats for a domain
    dominfo                        domain information
    dommemstat                     get memory statistics for a domain
    domstate                       domain state
    domstats                       get statistics about one or multiple domains
    domtime                        domain time
    list                           list domains

 Domain Events (help keyword 'events')
    event                          Domain Events

 Host and Hypervisor (help keyword 'host')
    allocpages                     Manipulate pages pool size
    capabilities                   capabilities
    cpu-baseline                   compute baseline CPU
    cpu-compare                    compare host CPU with a CPU described by an XML file
    cpu-models                     CPU models
    domcapabilities                domain capabilities
    freecell                       NUMA free memory
    freepages                      NUMA free pages
    hostname                       print the hypervisor hostname
    hypervisor-cpu-baseline        compute baseline CPU usable by a specific hypervisor
    hypervisor-cpu-compare         compare a CPU with the CPU created by a hypervisor on the host
    maxvcpus                       connection vcpu maximum
    node-memory-tune               Get or set node memory parameters
    nodecpumap                     node cpu map
    nodecpustats                   Prints cpu stats of the node.
    nodeinfo                       node information
    nodememstats                   Prints memory stats of the node.
    nodesevinfo                    node SEV information
    nodesuspend                    suspend the host node for a given time duration
    sysinfo                        print the hypervisor sysinfo
    uri                            print the hypervisor canonical URI
    version                        show version

 Checkpoint (help keyword 'checkpoint')
    checkpoint-create              Create a checkpoint from XML
    checkpoint-create-as           Create a checkpoint from a set of args
    checkpoint-delete              Delete a domain checkpoint
    checkpoint-dumpxml             Dump XML for a domain checkpoint
    checkpoint-edit                edit XML for a checkpoint
    checkpoint-info                checkpoint information
    checkpoint-list                List checkpoints for a domain
    checkpoint-parent              Get the name of the parent of a checkpoint

 Interface (help keyword 'interface')
    iface-begin                    create a snapshot of current interfaces settings, which can be later committed (iface-commit) or restored (iface-rollback)
    iface-bridge                   create a bridge device and attach an existing network device to it
    iface-commit                   commit changes made since iface-begin and free restore point
    iface-define                   define an inactive persistent physical host interface or modify an existing persistent one from an XML file
    iface-destroy                  destroy a physical host interface (disable it / "if-down")
    iface-dumpxml                  interface information in XML
    iface-edit                     edit XML configuration for a physical host interface
    iface-list                     list physical host interfaces
    iface-mac                      convert an interface name to interface MAC address
    iface-name                     convert an interface MAC address to interface name
    iface-rollback                 rollback to previous saved configuration created via iface-begin
    iface-start                    start a physical host interface (enable it / "if-up")
    iface-unbridge                 undefine a bridge device after detaching its device(s)
    iface-undefine                 undefine a physical host interface (remove it from configuration)

 Network Filter (help keyword 'filter')
    nwfilter-define                define or update a network filter from an XML file
    nwfilter-dumpxml               network filter information in XML
    nwfilter-edit                  edit XML configuration for a network filter
    nwfilter-list                  list network filters
    nwfilter-undefine              undefine a network filter
    nwfilter-binding-create        create a network filter binding from an XML file
    nwfilter-binding-delete        delete a network filter binding
    nwfilter-binding-dumpxml       network filter information in XML
    nwfilter-binding-list          list network filter bindings

 Networking (help keyword 'network')
    net-autostart                  autostart a network
    net-create                     create a network from an XML file
    net-define                     define an inactive persistent virtual network or modify an existing persistent one from an XML file
    net-destroy                    destroy (stop) a network
    net-dhcp-leases                print lease info for a given network
    net-dumpxml                    network information in XML
    net-edit                       edit XML configuration for a network
    net-event                      Network Events
    net-info                       network information
    net-list                       list networks
    net-name                       convert a network UUID to network name
    net-start                      start a (previously defined) inactive network
    net-undefine                   undefine a persistent network
    net-update                     update parts of an existing network's configuration
    net-uuid                       convert a network name to network UUID
    net-port-list                  list network ports
    net-port-create                create a network port from an XML file
    net-port-dumpxml               network port information in XML
    net-port-delete                delete the specified network port

 Node Device (help keyword 'nodedev')
    nodedev-create                 create a device defined by an XML file on the node
    nodedev-destroy                destroy (stop) a device on the node
    nodedev-detach                 detach node device from its device driver
    nodedev-dumpxml                node device details in XML
    nodedev-list                   enumerate devices on this host
    nodedev-reattach               reattach node device to its device driver
    nodedev-reset                  reset node device
    nodedev-event                  Node Device Events
    nodedev-define                 Define a device by an xml file on a node
    nodedev-undefine               Undefine an inactive node device
    nodedev-start                  Start an inactive node device
    nodedev-autostart              autostart a defined node device
    nodedev-info                   node device information

 Secret (help keyword 'secret')
    secret-define                  define or modify a secret from an XML file
    secret-dumpxml                 secret attributes in XML
    secret-event                   Secret Events
    secret-get-value               Output a secret value
    secret-list                    list secrets
    secret-set-value               set a secret value
    secret-undefine                undefine a secret

 Snapshot (help keyword 'snapshot')
    snapshot-create                Create a snapshot from XML
    snapshot-create-as             Create a snapshot from a set of args
    snapshot-current               Get or set the current snapshot
    snapshot-delete                Delete a domain snapshot
    snapshot-dumpxml               Dump XML for a domain snapshot
    snapshot-edit                  edit XML for a snapshot
    snapshot-info                  snapshot information
    snapshot-list                  List snapshots for a domain
    snapshot-parent                Get the name of the parent of a snapshot
    snapshot-revert                Revert a domain to a snapshot

 Backup (help keyword 'backup')
    backup-begin                   Start a disk backup of a live domain
    backup-dumpxml                 Dump XML for an ongoing domain block backup job

 Storage Pool (help keyword 'pool')
    find-storage-pool-sources-as   find potential storage pool sources
    find-storage-pool-sources      discover potential storage pool sources
    pool-autostart                 autostart a pool
    pool-build                     build a pool
    pool-create-as                 create a pool from a set of args
    pool-create                    create a pool from an XML file
    pool-define-as                 define a pool from a set of args
    pool-define                    define an inactive persistent storage pool or modify an existing persistent one from an XML file
    pool-delete                    delete a pool
    pool-destroy                   destroy (stop) a pool
    pool-dumpxml                   pool information in XML
    pool-edit                      edit XML configuration for a storage pool
    pool-info                      storage pool information
    pool-list                      list pools
    pool-name                      convert a pool UUID to pool name
    pool-refresh                   refresh a pool
    pool-start                     start a (previously defined) inactive pool
    pool-undefine                  undefine an inactive pool
    pool-uuid                      convert a pool name to pool UUID
    pool-event                     Storage Pool Events
    pool-capabilities              storage pool capabilities

 Storage Volume (help keyword 'volume')
    vol-clone                      clone a volume.
    vol-create-as                  create a volume from a set of args
    vol-create                     create a vol from an XML file
    vol-create-from                create a vol, using another volume as input
    vol-delete                     delete a vol
    vol-download                   download volume contents to a file
    vol-dumpxml                    vol information in XML
    vol-info                       storage vol information
    vol-key                        returns the volume key for a given volume name or path
    vol-list                       list vols
    vol-name                       returns the volume name for a given volume key or path
    vol-path                       returns the volume path for a given volume name or key
    vol-pool                       returns the storage pool for a given volume key or path
    vol-resize                     resize a vol
    vol-upload                     upload file contents to a volume
    vol-wipe                       wipe a vol

 Virsh itself (help keyword 'virsh')
    cd                             change the current directory
    echo                           echo arguments. Used for internal testing.
    exit                           quit this interactive terminal
    help                           print help
    pwd                            print the current directory
    quit                           quit this interactive terminal
    connect                        (re)connect to hypervisor


  (specify help <group> for details about the commands in the group)

  (specify help <command> for details about the command)


Rants and Temper Tantrums

Delete a bridge created by using an XML file. It works most of the time. But what happens if you get a dreaded "failed to get a 'forking' domain" error message? What then? Well, your SOL until you reboot the machine. NOTHING works!

QEMU Guest Agent / qemu-guest-agent.service VS libvirtd "guest" stuff: There are hints that the former has been depricated or isn't needed or something. Good fucking lucking getting a straight answer on any of this shit. Here, try this: https://stackshare.io/stackups/libvirt-vs-qemu#:~:text=Hardware%20Emulation%3A%20QEMU%20includes%20its,not%20provide%20direct%20hardware%20emulation. Yup, now it's all clear. Dear Linux developers. You're brilliant. But you can't communicate for shit. You change things on a minutely basis and leave a wake of documentation destruction behind you. How is anyone on this planet supposed to understand and keep up with what you're doing? Part of your job should be to make this open source software available to everyone. Nope, need a degree in Linuxology to understand stuff, and it shouldn't be that way. Yes, there needs to be an understanding of fundamentals and expertise, but don't you get it? There are people out there that have to be skilled in a myriad of technologies to actually make use of your stuff in the real world. They're really smart and capable, but just don't have the time to understand stuff like you. There's too much other stuff going on. Rant over, because I'm tired of typing.