KVMでTAPインタフェースを設定する方法 - ぽぽぽぽーんのネットワークとOSS

f:id:komeiy:20150215215032p:plain

ポイントは3つです。

/etc/libvirt/qemu.conf変更
XMLファイルのinterface typeの確認
スクリプト実行

1. /etc/libvirt/qemu.conf変更

下記の通り変更・確認してください。

clear_emulator_capabilities = 0
user = "root"
group = "root"
cgroup_device_acl に "/dev/net/tun"を追記

[root@localhost ~]# cat /etc/libvirt/qemu.conf
# The user for QEMU processes run by the system instance. It can be
# specified as a user name or as a user id. The qemu driver will try to
# parse this value first as a name and then, if the name doesn't exist,
# as a user id.
#
# Since a sequence of digits is a valid user name, a leading plus sign
# can be used to ensure that a user id will not be interpreted as a user
# name.
#
# Some examples of valid values are:
#
#       user = "qemu"   # A user named "qemu"
#       user = "+0"     # Super user (uid=0)
#       user = "100"    # A user named "100" or a user with uid=100
#
user = "root"

# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
group = "root"


# If clear_emulator_capabilities is enabled, libvirt will drop all
# privileged capabilities of the QEmu/KVM emulator. This is enabled by
# default.
#
# Warning: Disabling this option means that a compromised guest can
# exploit the privileges and possibly do damage to the host.
#
clear_emulator_capabilities = 0

# This is the basic set of devices allowed / required by
# all virtual machines.
#
# As well as this, any configured block backed disks,
# all sound device, and all PTY devices are allowed.
#
# This will only need setting if newer QEMU suddenly
# wants some device we don't already know about.
#
cgroup_device_acl = [
    "/dev/null", "/dev/full", "/dev/zero",
    "/dev/random", "/dev/urandom",
    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
    "/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
    "/dev/net/tun",
]

2. XMLファイルのinterface typeの確認

interface type='ethernet'となっていることを確認してください

[root@localhost ~]# cat /etc/libvirt/qemu/vm01.xml
    <interface type='ethernet'>
      <mac address='55:55:55:55:55:55'/>
      <script path='/etc/qemu-ifup-vm01'/>
      <target dev='vm01'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </interface>

3. XMLファイルのinterface typeの確認

script path=に記載があるスクリプトファイルを実行

[root@localhost ~]# cat /etc/qemu-ifup-vm01
#!/bin/sh

ip link set dev vm01 up

UPになっていることを確認

[root@localhost ~]# ip a
25: vm01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master midonet state UP qlen 500
    link/ether 66:66:66:66:66:66 brd ff:ff:ff:ff:ff:ff