2015年10月26日月曜日

arch linux qemu

石川や 浜の真砂は 尽きるとも
       世に盗人の 種は尽きまじ


qemuでインターネットです
まず バカチョンを 見せます 
 ctrl + alt + G でマウスの焦点を変えます

1) pacman -S qemu bridge-utils libvirt




2)  ifconfig をして下の黄色を変えます

cat /etc/netctl/bridge
Description="Example Bridge connection"
Interface=br0
Connection=bridge
BindsToInterfaces=(enp9s0 tap0)
IP=dhcp



3)
cat /etc/qemu-ifup
#!/bin/sh
echo "Executing /etc/qemu-ifup"
echo "Bringing up $1 for bridged mode..."
sudo /usr/bin/ip link set $1 up promisc on
echo "Adding $1 to br0..."
sudo /usr/bin/brctl addif br0 $1
sleep 2


chmod 750 /etc/qemu-ifup

 
4)
cat /etc/qemu-ifdown
#!/bin/sh

echo "Executing /etc/qemu-ifdown"
sudo /usr/bin/ip link set $1 down
sudo /usr/bin/brctl delif br0 $1
sudo /usr/bin/ip link delete dev $1


chmod 750 /etc/qemu-ifdown


 5)

qemu-img create -f qcow2 Q20.img 20G
 

 qemu-system-x86_64 -m 3072 -hda Q20.img -cdrom ./install60.iso  -boot d

modprobe tun
sysctl net.ipv4.ip_forward=1
systemctl start libvirtd
netctl start bridge


qemu-system-x86_64  -m 3072 -hda Q20.img -net nic,macaddr=52:54:00:12:11:11 -net tap,ifname=tap0,script=/etc/qemu-ifup



以上です。
ただ 上ではkvmは 使ってません。 

bios でkvmができるようにすると
  # modprobe -r kvm_intel 
  # modprobe kvm_intel nested = 1
したあと

qemu-system-x86_64  -m 3072 -enable-kvm  -hda Q20.img -net nic,macaddr=52:54:00:12:11:11 -net tap,ifname=tap0,script=/etc/qemu-ifup
となります


これから 詳しく書きます。
debian系は qemu kvm 簡単だけど archは難しい
GUIの virt-managet , gnome-boxes, qtemu はうまく動かない。

それで
http://lazy-dog.hatenablog.com/entry/2014/07/13/015538
をみたが、
自分のは dhcpcd なので
/etc/netctl/enp2s0_configがない。
それにかなり複雑である。

それで
https://wiki.archlinuxjp.org/index.php/QEMU の以下の部分へ逃げた。
------------------------------------------------------------------------------------------->

ブリッジを手動で作成する
おそらく一番よく使われている設定です。


この設定では、物理的なホストマシンと同一の Ethernet セグメントに、

直接外部ネットワークに仮想マシンが位置するようになります。

通常の Ethernet アダプタをブリッジアダプタで置き換えて、
通常の Ethernet アダプタをブリッジアダプタに bind することにします。

  • ブリッジを制御するための brctl が入っている bridge-utils をインストール。

  • IPv4 フォワーディングを有効にする:

# sysctl net.ipv4.ip_forward=1
変更を永続的にするために、/etc/sysctl.d/99-sysctl.confnet.ipv4.ip_forward = 0net.ipv4.ip_forward = 1 に変えます。

  • tun モジュールをロードして起動時にロードするように設定してください。詳しくはカーネルモジュールを参照。

  • ブリッジを作成します。詳しくは netctl でブリッジ接続を見て下さい。
    ブリッジの名前を br0 にするか、
    下のスクリプトを使用するブリッジの名前に忘れずに変更してください。

  • QEMU 用に root:kvm 750 パーミッションで tap アダプタを立ち上げるスクリプトを作成:

/etc/qemu-ifup

#!/bin/sh
  
echo "Executing /etc/qemu-ifup"
echo "Bringing up $1 for bridged mode..."
sudo /usr/bin/ip link set $1 up promisc on
echo "Adding $1 to br0..."
sudo /usr/bin/brctl addif br0 $1
sleep 2

  • Create the script that QEMU uses to bring down the tap adapter in /etc/qemu-ifdown with root:kvm 750 permissions:

/etc/qemu-ifdown

#!/bin/sh
 
echo "Executing /etc/qemu-ifdown"
sudo /usr/bin/ip link set $1 down
sudo /usr/bin/brctl delif br0 $1
sudo /usr/bin/ip link delete dev $1

----------------------------------------------------------------------<


これを元に始めます。

1)
pacman -S qemu bridge-utils libvirt





2)
qemu-img create -f qcow2 Q10.img 10G







3) install OS (cd is openbsd)
qemu-system-x86_64 -m 2048 -hda Q10.img -cdrom ./install60.iso  -boot d

4)
cat /etc/netctl/bridge
Description="Example Bridge connection"
Interface=br0
Connection=bridge
BindsToInterfaces=(enp9s0 tap0)
IP=dhcp



cat /etc/qemu-ifup
#!/bin/sh
echo "Executing /etc/qemu-ifup"
echo "Bringing up $1 for bridged mode..."
sudo /usr/bin/ip link set $1 up promisc on
echo "Adding $1 to br0..."
sudo /usr/bin/brctl addif br0 $1
sleep 2


chmod 750 /etc/qemu-ifup

cat /etc/qemu-ifdown
#!/bin/sh

echo "Executing /etc/qemu-ifdown"
sudo /usr/bin/ip link set $1 down
sudo /usr/bin/brctl delif br0 $1
sudo /usr/bin/ip link delete dev $1



chmod 750 /etc/qemu-ifdown


5) preparing to start

modprobe tun
sysctl net.ipv4.ip_forward=1
systemctl start libvirtd
netctl start bridge



6) ここは普通ですね
qemu-system-x86_64 -m 2048 -hda Q10.img \

-net nic,macaddr=52:54:00:12:11:11 \ 
-net tap,ifname=tap0,script=/etc/qemu-ifup





then openbsd start and is given address by router(192.168.1.1)
and can ping www.google.com.


 
internet
      |
 router
 192.168.1.1
      |
enp9s0 : dhcp---->br0 :192.168.1.226
|    arch 
|
tap
|
|
em0: 192.168.1.217
qemu:openbsd



7)but sometimes  arch itself cannot ping www.google.com.


this is trouble .
so in arch linux
netctl restart bridge


and then
arch  can ping www.google.com.

i found
(process:689): GLib-WARNING **: gmem.c:482: custom memory allocation vtable not supported
this may be the  necessity of  [ netctl restart bridge ]


どうなってるかというと
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
in arch
ifconfig -a
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.226  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2001:c90:8a71:c0d8:25e7:6897:2eb3:87dc  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::21e:c9ff:fe05:78fc  prefixlen 64  scopeid 0x20<link>
        ether 00:1e:c9:05:78:fc  txqueuelen 0  (Ethernet)
        RX packets 10264  bytes 11209813 (10.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4661  bytes 557618 (544.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


enp9s0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 00:1e:c9:05:78:fc  txqueuelen 1000  (Ethernet)
        RX packets 10360  bytes 11401261 (10.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4703  bytes 580080 (566.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 17 


lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 989  bytes 189431 (184.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 989  bytes 189431 (184.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


tap0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether f2:3a:c6:2d:e7:4c  txqueuelen 500  (Ethernet)
        RX packets 65  bytes 9200 (8.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1257  bytes 392221 (383.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0









in openbsd (the folowing is get by ssh -l XXX 192.168.1.217 on arch)

Last login: Mon Oct 26 18:51:11 2015 from 192.168.1.226
OpenBSD 5.7 (GENERIC) #738: Sun Mar  8 10:59:31 MDT 2015
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
$ su
Password:
# ifconfig -a                                                                                                               
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
        priority: 0
        groups: lo
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
 

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 52:54:00:12:11:11
        priority: 0
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.1.217 netmask 0xffffff00 broadcast 192.168.1.255
 

enc0: flags=0<>
        priority: 0
        groups: enc
        status: active
 

pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33192
        priority: 0
        groups: pflog






最終的提案は



1) cat /etc/resolv.conf.head
nameserver 8.8.8.8




2) cat qemu-Memory-Image.bat

# modprobe kvm_intel nested=1
modprobe tun

sysctl net.ipv4.ip_forward=1
systemctl start libvirtd
netctl start bridge

qemu-system-x86_64 -enable-kvm -m 1024 -hda kvm.img -net nic,macaddr=52:54:00:12:11:11 -net tap,ifname=tap0,script=/etc/qemu-ifup

netctl restart bridge



すぐには host側で ping www.google.com ができず
時間遅れ 15秒位かが発生します

仮想化のネスト https://wiki.archlinuxjp.org/index.php/KVM

Nested Virtualization を使うことで、
元の仮想マシンやネットワークに修正を加えることなく
、既存の仮想マシンを 
別のハイパーバイザーや他のクラウド上で動作させることができるようになります。

ホスト側で、kvm_intel の nested 機能を有効にしてください:
# modprobe -r kvm_intel
# modprobe kvm_intel nested=1

永続化させるには (カーネルモジュール#モジュールオプションを設定するを参照):
/etc/modprobe.d/modprobe.conf
options kvm_intel nested=1

機能が有効になっているか確認:
$ systool -m kvm_intel -v | grep nested
    nested              = "Y"

次のコマンドでゲスト VM を実行してください:
$ qemu-system-x86_64 -enable-kvm -cpu host
VM を起動したら vmx フラグが存在するか確認:

$ grep -E "(vmx|svm)" /proc/cpuinfo




machine  translation












arch linux qemu


i follow  wiki.archlinuxjp.org/index.php/QEMU.
-------------------------------------------------- ----------------------------------------->

You want to create a bridge manually
Probably is the most well-used are set.
In this configuration, the same Ethernet segment and physical host machine,
Direct looks like the external network to a virtual machine is located.

By replacing the normal Ethernet adapter bridge adapter,
We decided to bind the normal Ethernet adapter to the bridge adapter.

  • To control the bridge brctl is in bridge-utils and install.

  • To enable IPv4 forwarding:

  # Sysctl net.ipv4.ip_forward = 1 
 
In order to make permanent changes, /etc/sysctl.d/99-sysctl.conf of net.ipv4.ip_forward = 0 the net.ipv4.ip_forward = 1 to change it to.

  • tun please be configured to load at startup by loading the module. For more kernel modules see.

  • It will create a bridge. For more information bridge connection in netctl see the.
    The name of the bridge br0 Either,
    Please change not forget the name of the bridge to be used under the script.

  • For QEMU root:kvm to create a script to launch the tap adapter at 750 permission:

  / Etc / qemu-ifup 

  #! / Bin / sh 
  
  echo "Executing / etc / qemu-ifup" 
  echo "Bringing up $ 1 for bridged mode ..." 
  sudo / usr / bin / ip link set $ 1 up promisc on 
  echo "Adding $ 1 to br0 ..." 
  sudo / usr / bin / brctl addif br0 $ 1 
  sleep 2 
 

  • Create the script That QEMU the uses to Bring down the tap adapter in /etc/qemu-ifdown with root:kvm 750 Permissions:

  / Etc / qemu-ifdown 

  #! / Bin / sh 
 
  echo "Executing / etc / qemu-ifdown" 
  sudo / usr / bin / ip link set $ 1 down 
  sudo / usr / bin / brctl delif br0 $ 1 
  sudo / usr / bin / ip link delete dev $ 1 
 

-------------------------------------------------- -------------------- <


It will start this to the original.

1)
pacman -S qemu bridge-utils libvirt




2)
qemu-img create -f qcow2 Q5.img 5G






3) install OS (cd is openbsd)
qemu-system-i386 -m 128 -hda Q5.img -cdrom / dev / sr0 -boot d




4)
cat / etc / netctl / bridge
Description = "Example Bridge connection"
Interface = br0
Connection = bridge
BindsToInterfaces = (enp9s0 tap0)
IP = dhcp


cat / etc / qemu-ifup
#! / Bin / sh
echo "Executing / etc / qemu-ifup"
echo "Bringing up $ 1 for bridged mode ..."
sudo / usr / bin / ip link set $ 1 up promisc on
echo "Adding $ 1 to br0 ..."
sudo / usr / bin / brctl addif br0 $ 1
sleep 2


cat / etc / qemu-ifdown
#! / Bin / sh
echo "Executing / etc / qemu-ifdown"
sudo / usr / bin / ip link set $ 1 down
sudo / usr / bin / brctl delif br0 $ 1
sudo / usr / bin / ip link delete dev $ 1





5) preparing to start

modprobe tun
sysctl net.ipv4.ip_forward = 1
systemctl start libvirt d
netctl start bridge



6) where it is the ordinary
qemu-system-i386 -m 128 -hda Q-5.img \
-net nic, macaddr = 52:54: 00: 12: 11: 11 \
-net tap, ifname = tap0, script = / etc / qemu-ifup





then openbsd start and is given address by router (192.168.1.1)
and I CAN ping www.google.com .

 
internet
|
router
  192.168.1.1
|
enp9s0: dhcp ----> br0: 192.168.1.226
|     arch
|
tap
|
|
em0: 192.168.1.217
qemu: openbsd



7) but sometimes arch Itself CAN not ping www.google.com .


this is trouble.
so in arch linux
netctl restart bridge

and then
arch CAN ping www.google.com .

i found
(Process: 689): GLib-WARNING **: gmem.c: 482: custom memory allocation vtable not supported
this may be the necessity of [netctl restart bridge]


If you say it and how are made
  :::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::
in arch
ifconfig -a
br0: flags = 4163 <UP, BROADCAST, RUNNING, MULTICAST> mtu 1500
inet 192.168.1.226 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 2001: c90: 8a71: c0d8: 25e7: 6897: 2eb3: 87dc prefixlen 64 scopeid 0x0 <global>
inet6 fe80 :: 21e: c9ff: fe05: 78fc prefixlen 64 scopeid 0x20 <link>
ether 00: 1e: c9: 05: 78: fc txqueuelen 0 (Ethernet)
RX packets 10264 bytes 11209813 (10.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4661 bytes 557618 (544.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp9s0: flags = 4419 <UP, BROADCAST, RUNNING, PROMISC, MULTICAST> mtu 1500
ether 00: 1e: c9: 05: 78: fc txqueuelen 1000 (Ethernet)
RX packets 10360 bytes 11401261 ​​(10.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4703 bytes 580080 (566.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17

lo: flags = 73 <UP, LOOPBACK, RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 prefixlen 128 scopeid 0x10 <host>
loop txqueuelen 0 (Local Loopback)
RX packets 989 bytes 189431 (184.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 989 bytes 189431 (184.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap0: flags = 4419 <UP, BROADCAST, RUNNING, PROMISC, MULTICAST> mtu 1500
ether f2: 3a: c6: 2d: e7: 4c txqueuelen 500 (Ethernet)
RX packets 65 bytes 9200 (8.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1257 bytes 392221 (383.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

:::::::::::::::::::::::::::::::::::::::::::::::::: ::::::






in openbsd (the folowing is get by ssh -l XXX 192.168.1.217 on arch)

Last login: Mon Oct 26 18:51:11 2015 from 192.168.1.226
OpenBSD 5.7 (GENERIC) # 738: Sun Mar 8 10:59:31 MDT 2015
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug (1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
$ Su
Password:
# Ifconfig -a
lo0: flags = 8049 <UP, LOOPBACK, RUNNING, MULTICAST> mtu 32768
priority: 0
groups: lo
inet6 fe80 :: 1% lo0 prefixlen 64 scopeid 0x3
inet6 :: 1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000

em0: flags = 8843 <UP, BROADCAST, RUNNING, SIMPLEX, MULTICAST> mtu 1500
lladdr 52: 54: 00: 12: 11: 11
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.1.217 netmask 0xffffff00 broadcast 192.168.1.255

enc0: flags = 0 <>
priority: 0
groups: enc
status: active

pflog0: flags = 141 <UP, RUNNING, PROMISC> mtu 33192
priority: 0
groups: pflog

:::::::::::::::::::::::::::::::::::::::::::::::::: :::




When you turn on the various OS
Might be lurking is Toka malicious something virus in it.
In observed in qemu.
impact on the mother ship if this would be unlikely.



The final proposal



1) cat /etc/resolv.conf.head
nameserver 8.8.8.8



2) cat qemu-Memory-Image.bat
# Modprobe kvm_intel nested = 1
modprobe tun
sysctl net.ipv4.ip_forward = 1
systemctl start libvirtd
netctl start bridge
qemu-system-x86_64 -enable-kvm -m 1024 -hda kvm.img -net nic, macaddr = 52: 54: 00: 12: 11: 11 -net tap, ifname = tap0, script = / etc / qemu-ifup
netctl restart bridge

You can not ping www.google.com in the host side immediately
Time delay of 15 seconds position or will occur

Nest of virtualization https://wiki.archlinuxjp.org/index.php/KVM

By using the Nested Virtualization,
Without modification to the original virtual machine and network
, An existing virtual machine  
And it will be able to operate on different hypervisor or other clouds.

On the host side, kvm_intel Please enable nested function of:
  # Modprobe -r kvm_intel 
  # Modprobe kvm_intel nested = 1

To perpetuate ( to set the kernel module # module options see):
  /etc/modprobe.d/modprobe.conf 
  options kvm_intel nested = 1

Check whether the feature is enabled:
  $ Systool -m kvm_intel -v | grep nested 
  nested = "Y"

Please run the guest VM with the following command:
  $ Qemu-system-x86_64 -enable-kvm -cpu host 
 
Check for vmx flag Once you start the VM is present:

  $ Grep -E "(vmx | svm)" / proc / cpuinfo