Enabling libvirt channels by adding virtio_console to the openSUSE installation

libvirt supports the concept of so-called channels that represent private communication channels between a libvirt guest and its host.
Continue reading “Enabling libvirt channels by adding virtio_console to the openSUSE installation”

Connecting to libvirtd as non-root user on openSUSE 13.1

As a revisit to my previous post on connecting to libvirtd as a non-root user on openSUSE 12.2, the way to do it on openSUSE 13.1 is the same that worked for Marek Goldmann on Fedora 18 (although he used the wheel group).

Create /etc/polkit-1/rules.d/80-libvirt-manage.rules with the following content:

polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" &&
        subject.active == true && subject.local == true &&
        subject.isInGroup("libvirt")) {
            return polkit.Result.YES;
    }
});

And add the user accounts that should be allowed access to the libvirt group.

Patching VirtualBox guest additions for SLES12/RHEL7 guests

This may not be relevant to most of you, yet, as the SLES12 and RHEL7 beta programs are not quite open to the public, but similar problems may happen to you with other distributions that do backports of patches as well.

If you see error messages such as the following when compiling VirtualBox guest additions for your Linux guest:

/tmp/vbox.0/r0drv/linux/memobj-r0drv-linux.c: In function ‘rtR0MemObjNativeMapUser’:
/tmp/vbox.0/r0drv/linux/memobj-r0drv-linux.c:1542:26: error: ‘struct mm_struct’ has no member named ‘numa_next_reset’
                 pTask->mm->numa_next_reset = jiffies + 0x7fffffffffffffffUL;
                          ^
make[2]: *** [/tmp/vbox.0/r0drv/linux/memobj-r0drv-linux.o] Error 1
make[1]: *** [_module_/tmp/vbox.0] Error 2
make: *** [vboxguest] Error 2

You should take a look at VirtualBox ticket #12638 which deals with the removal of the numa_balancing_scan_period_reset sysctl and related data structures. I just submitted a patch there that tries to address the issue of distro vendor backports of patches in a less expensive way than grepping header files.

If you want to try it out, also have a look at How to recreate / build VirtualBox guest additions ISO image VBoxGuestAdditions.iso.

How to recreate / build VirtualBox guest additions ISO image VBoxGuestAdditions.iso

As Linux kernel development progresses, so do interfaces change from time to time and kernel modules outside of the Linux kernel such as VirtualBox’s guest additions need more or less updating. Having done some patching in the VirtualBox sources, you might want to rebuild the guest additions ISO image, VBoxGuestAdditions.iso, so you can try out the patched code in your VMs more easily.

Googling for “building VBoxGuestAdditions.iso” you might find this vbox-dev mailing list thread from 2011 which suggests that the ISO could not be easily rebuilt as a special build setup would be needed. However, it turns out this is not quite true:


pief@e6400:~/vbox/src/VBox/Additions> kmk additions-iso
kBuild: copydbg /home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxControl - /home/pief/vbox/out/linux.amd64/release/obj/Additions/Installer/linux/debug/bin/VBoxControl
[...]
kBuild: Installing /home/pief/vbox/out/linux.amd64/release/obj/Additions/Installer/linux/lib/VBoxGuestAdditions/mount.vboxsf
kBuild: Packing /home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxGuestAdditions-amd64.tar.bz2
Header is 404 lines long

About to compress 5440 KB of data...
Adding files to archive named "/home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxLinuxAdditions.run"...
./
./install.sh
./VBoxGuestAdditions-amd64.tar.bz2
./do_dkms
./vboxadd
./vboxadd-x11
./deffiles
./routines.sh
./vboxadd-service
CRC: 1167516186
MD5: eb794c6b2981e2042a81f475f060be18

Self-extractible archive "/home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxLinuxAdditions.run" successfully created.
kBuild: mkisofs - /home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxGuestAdditions.iso
/usr/bin/genisoimage -rational-rock -joliet -iso-level 3 \
-volid "VBOXADDITIONS_4.3.53_50574" -l -graft-points -o /home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxGuestAdditions.iso \
[...]
VBoxLinuxAdditions-amd64.run=/home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxLinuxAdditions.run \
[...]

I: -input-charset not specified, using utf-8 (detected in locale settings)
Total translation table size: 0
Total rockridge attributes bytes: 269
Total directory bytes: 0
Path table size(bytes): 10
Max brk space used 0
2906 extents written (5 MB)
kBuild: Zipping image /home/pief/vbox/out/linux.amd64/release/bin/additions/VBoxGuestAdditions.zip
adding: VBoxGuestAdditions.iso (deflated 8%)
pief@e6400:~/vbox/src/VBox/Additions> dir

In my case, I found the new ISO image in ~/vbox/src/out/linux.amd64/release/bin/additions/VBoxGuestAdditions.iso. Copying that file to /usr/share/virtualbox should make it available to your VMs.

Fixing VirtualBox Guest Additions’ vboxvideo_drm.c for SUSE Linux Enterprise Server (SLES) 11 SP3

Trying to install VirtualBox‘s Linux Guest Additions under SUSE Linux Enterprise Server (SLES) 11 SP3 currently fails even with the newest VirtualBox version (4.2.16):

sles11sp3:/tmp/vbox.0.orig # make
make KBUILD_VERBOSE=1 CONFIG_MODULE_SIG= -C /lib/modules/3.0.76-0.11-default/build SUBDIRS=/tmp/vbox.0.orig SRCROOT=/tmp/vbox.0.orig modules
make[1]: Entering directory `/usr/src/linux-3.0.76-0.11-obj/x86_64/default'
make -C ../../../linux-3.0.76-0.11 O=/usr/src/linux-3.0.76-0.11-obj/x86_64/default/. modules
make -C /usr/src/linux-3.0.76-0.11-obj/x86_64/default \
	KBUILD_SRC=/usr/src/linux-3.0.76-0.11 \
	KBUILD_EXTMOD="/tmp/vbox.0.orig" -f /usr/src/linux-3.0.76-0.11/Makefile \
	modules
test -e include/generated/autoconf.h -a -e include/config/auto.conf || (		\
	echo;								\
	echo "  ERROR: Kernel configuration is invalid.";		\
	echo "         include/generated/autoconf.h or include/config/auto.conf are missing.";\
	echo "         Run 'make oldconfig && make prepare' on kernel src to fix it.";	\
	echo;								\
	/bin/false)
mkdir -p /tmp/vbox.0.orig/.tmp_versions ; rm -f /tmp/vbox.0.orig/.tmp_versions/*
make -f /usr/src/linux-3.0.76-0.11/scripts/Makefile.build obj=/tmp/vbox.0.orig
  gcc -Wp,-MD,/tmp/vbox.0.orig/.vboxvideo_drm.o.d  -nostdinc -isystem /usr/lib64/gcc/x86_64-suse-linux/4.3/include -I/usr/src/linux-3.0.76-0.11/arch/x86/include -Iarch/x86/include/generated -Iinclude  -I/usr/src/linux-3.0.76-0.11/include -include include/generated/autoconf.h   -I/tmp/vbox.0.orig -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -O2 -m64 -mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time -maccumulate-outgoing-args -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_AVX=1 -pipe -Wno-sign-compare -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fomit-frame-pointer -fasynchronous-unwind-tables -g -fno-inline-functions-called-once -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -fshort-wchar -include /tmp/vbox.0.orig/include/VBox/VBoxGuestMangling.h   -I/lib/modules/3.0.76-0.11-default/build/include   -I/tmp/vbox.0.orig/   -I/tmp/vbox.0.orig/include   -I/tmp/vbox.0.orig/r0drv/linux   -I/tmp/vbox.0.orig/vboxvideo/   -I/tmp/vbox.0.orig/vboxvideo/include   -I/tmp/vbox.0.orig/vboxvideo/r0drv/linux -D__KERNEL__ -DMODULE -DRT_OS_LINUX -DIN_RING0 -DIN_RT_R0 -DIN_SUP_R0 -DVBOX -DVBOX_WITH_HGCM -DLOG_TO_BACKDOOR -DIN_MODULE -DIN_GUEST_R0 -DRT_NO_EXPORT_SYMBOL -DRT_ARCH_AMD64 -DVBOX_WITH_64_BITS_GUESTS  -DMODULE  -D"KBUILD_STR(s)=#s" -D"KBUILD_BASENAME=KBUILD_STR(vboxvideo_drm)"  -D"KBUILD_MODNAME=KBUILD_STR(vboxvideo)" -c -o /tmp/vbox.0.orig/.tmp_vboxvideo_drm.o /tmp/vbox.0.orig/vboxvideo_drm.c
/tmp/vbox.0.orig/vboxvideo_drm.c:121: error: unknown field ‘reclaim_buffers’ specified in initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:121: warning: initialization from incompatible pointer type
/tmp/vbox.0.orig/vboxvideo_drm.c:130: warning: braces around scalar initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:130: warning: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:131: error: field name not in record or union initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:131: error: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:131: warning: initialization from incompatible pointer type
/tmp/vbox.0.orig/vboxvideo_drm.c:132: error: field name not in record or union initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:132: error: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:132: warning: excess elements in scalar initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:132: warning: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:133: error: field name not in record or union initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:133: error: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:133: warning: excess elements in scalar initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:133: warning: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:137: error: field name not in record or union initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:137: error: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:137: warning: excess elements in scalar initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:137: warning: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:141: error: field name not in record or union initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:141: error: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:141: warning: excess elements in scalar initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:141: warning: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:142: error: field name not in record or union initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:142: error: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:142: warning: excess elements in scalar initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:142: warning: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:143: error: field name not in record or union initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:143: error: (near initialization for ‘driver.fops’)
/tmp/vbox.0.orig/vboxvideo_drm.c:143: warning: excess elements in scalar initializer
/tmp/vbox.0.orig/vboxvideo_drm.c:143: warning: (near initialization for ‘driver.fops’)
make[4]: *** [/tmp/vbox.0.orig/vboxvideo_drm.o] Error 1
make[3]: *** [_module_/tmp/vbox.0.orig] Error 2
make[2]: *** [sub-make] Error 2
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/src/linux-3.0.76-0.11-obj/x86_64/default'
make: *** [vboxvideo] Error 2

This error happens for the same reason that was reported in virtualbox.org bug #11586: Red Hat is obviously not the only company to back-port DRM code from newer Linux versions to their enterprise kernels, SUSE did so, too.

Thus, vboxvideo_drm.c needs additional logic as implemented in this patch:

Because SUSE, unlike Red Hat, for some reason no longer provides SLE_VERSION and SLE_VERSION_CODE macros in SLES11, we need to retrofit them ourselves. I stole the appropriate code from the “igb” network driver.

I filed a bug report as virtualbox.org bug #11984. Until the VirtualBox folks have come around to look at the issue and incorporate a fix (hopefully mine :), you may use a patched version of VBoxLinuxAdditions.run that I created using the makeself utility for your convenience:

Run this instead of the original and installation should work smoothly even under SLES11 SP3.

Adding support for user-configurable DHCP options to libvirt

When using libvirt, you define virtual networks to facilitate interactions between different virtual machines and/or the outside world. Regardless whether you use virsh or virt-manager, the result will always be a piece of XML code defining the network. Continue reading “Adding support for user-configurable DHCP options to libvirt”

Coexistance of SuSEfirewall and libvirt – restoring libvirt’s firewall rules automatically

Running libvirtd on openSUSE, you might eventually run into the situation that your KVM guests sooner or later lose network connectivity to the outside world, if some interface on the KVM host goes up or down or SuSEfirewall is run for some other reason, eg. manual restart. Continue reading “Coexistance of SuSEfirewall and libvirt – restoring libvirt’s firewall rules automatically”

Connecting to libvirtd as non-root user on openSUSE 12.2

An old bug still bites one trying to connect to libvirtd/, eg. when starting virt-manager. By default, a password prompt asking for the root password appears. You might think that virt-manager would behave like VirtualBox and adding yourself to the libvirt group would suffice but to no avail. While that group exists, in the default configuration adding yourself to it is not sufficient. The reason most probably being that one does not want to dictate a default authorization policy. So far, so bad.

The polkit-auth command referenced in the “official” openSUSE 12.2 documentation is no longer available. But even if you create the /etc/polkit-1/localauthority/50-local.d/50-libvirt-nonroot.pkla file with the contents


[libvirt non-root access]
Identity=unix-group:libvirt
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

this won’t work, because the openSUSE-supplied file /var/lib/polkit-1/localauthority/10-vendor.d/org.libvirt.unix.manage.pkla always seems to take precendence. The fix is to make the latter file empty.

This was reported as BNC #544579, but still seems to apply to openSUSE 12.2 as well.

PXE booting inside VirtualBox and KVM virtual machines stopwatched (2/2)

As a followup to my earlier post, I also did some tests with iPXE‘s bin/undionly.kpxe and bin/undionly.kkpxe targets.
Continue reading “PXE booting inside VirtualBox and KVM virtual machines stopwatched (2/2)”