LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices


Reply
  Search this Thread
Old 01-08-2018, 08:58 AM   #1
atelszewski
Member
 
Registered: Aug 2007
Distribution: Slackware
Posts: 948

Rep: Reputation: Disabled
libvirt: NSS loses track of hostname <-> IP mapping when switching VM between interfaces


Hi,

I have 2 networks defined in the following way:

1. Network with Internet access (virbr0):
Code:
$ virsh net-dumpxml default
<network>
  <name>default</name>
  <uuid>20675303-c4d4-47ff-b48e-7c099b92dc89</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr0' stp='off' delay='0'/>
  <mac address='52:54:00:b9:28:35'/>
  <domain name='kvm' localOnly='yes'/>
  <dns>
    <host ip='192.168.122.1'>
      <hostname>pc-andtel</hostname>
    </host>
  </dns>
  <ip address='192.168.122.1' netmask='255.255.255.240'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.14'/>
    </dhcp>
  </ip>
</network>
2. Isolated network, guests can only access KVM host (virbr1):
Code:
$ virsh net-dumpxml hostonly
<network>
  <name>hostonly</name>
  <uuid>a24cc21a-0b72-4922-b2ab-e0a10a7d372d</uuid>
  <bridge name='virbr1' stp='off' delay='0'/>
  <mac address='52:54:00:67:cf:fa'/>
  <domain name='kvm' localOnly='yes'/>
  <dns>
    <host ip='192.168.122.17'>
      <hostname>pc-andtel</hostname>
    </host>
  </dns>
  <ip address='192.168.122.17' netmask='255.255.255.240'>
    <dhcp>
      <range start='192.168.122.18' end='192.168.122.30'/>
    </dhcp>
  </ip>
</network>
When I want the guest to have Internet access I start it with virbr0 interface, otherwise I start it with virbr1.

I have NSS configured, so that guests are accessible by host names.

Now, say, the VM is configured with virbr0 and started. It works as expected:
Code:
$ virsh net-dhcp-leases default
 Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
-------------------------------------------------------------------------------------------------------------------
 2018-01-08 16:45:02  52:54:00:ae:25:80  ipv4      192.168.122.11/28         slack64-14p2    ff:00:ae:25:80:00:01:00:01:21:e2:c9:a6:52:54:00:ae:25:80

$ ping slack64-14p2
PING slack64-14p2 (192.168.122.11) 56(84) bytes of data.
64 bytes from 192.168.122.11: icmp_seq=1 ttl=64 time=0.146 ms
64 bytes from 192.168.122.11: icmp_seq=2 ttl=64 time=0.367 ms
64 bytes from 192.168.122.11: icmp_seq=3 ttl=64 time=0.260 ms
64 bytes from 192.168.122.11: icmp_seq=4 ttl=64 time=0.232 ms
^C
--- slack64-14p2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3043ms
rtt min/avg/max/mdev = 0.146/0.251/0.367/0.079 ms
And now, say, the VM is configured with virbr1 and started. It works as expected:
Code:
$ virsh net-dhcp-leases hostonly
 Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
-------------------------------------------------------------------------------------------------------------------
 2018-01-08 16:47:34  52:54:00:ae:25:80  ipv4      192.168.122.27/28         slack64-14p2    ff:00:ae:25:80:00:01:00:01:21:e2:c9:a6:52:54:00:ae:25:80

$ ping slack64-14p2             
PING slack64-14p2 (192.168.122.27) 56(84) bytes of data.
64 bytes from 192.168.122.27: icmp_seq=1 ttl=64 time=0.258 ms
64 bytes from 192.168.122.27: icmp_seq=2 ttl=64 time=0.318 ms
64 bytes from 192.168.122.27: icmp_seq=3 ttl=64 time=0.331 ms
64 bytes from 192.168.122.27: icmp_seq=4 ttl=64 time=0.325 ms
^C
--- slack64-14p2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3082ms
rtt min/avg/max/mdev = 0.258/0.308/0.331/0.029 ms

And now, I configure the interface back to virbr0 and start the machine and it does not work:
Code:
$ ping slack64-14p2
PING slack64-14p2 (192.168.122.27) 56(84) bytes of data.
From 192.168.122.17 icmp_seq=10 Destination Host Unreachable
From 192.168.122.17 icmp_seq=11 Destination Host Unreachable
From 192.168.122.17 icmp_seq=12 Destination Host Unreachable
^C
--- slack64-14p2 ping statistics ---
15 packets transmitted, 0 received, +3 errors, 100% packet loss, time 14332ms
The problem is that, NSS returns hostname for virbr1, when I would expect it to return it for virbr0 (both the leases are still active):
Code:
$ virsh net-dhcp-leases default 
 Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
-------------------------------------------------------------------------------------------------------------------
 2018-01-08 16:50:30  52:54:00:ae:25:80  ipv4      192.168.122.11/28         slack64-14p2    ff:00:ae:25:80:00:01:00:01:21:e2:c9:a6:52:54:00:ae:25:80

$ virsh net-dhcp-leases hostonly
 Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
-------------------------------------------------------------------------------------------------------------------
 2018-01-08 16:47:34  52:54:00:ae:25:80  ipv4      192.168.122.27/28         slack64-14p2    ff:00:ae:25:80:00:01:00:01:21:e2:c9:a6:52:54:00:ae:25:80
Is it possible to solve this problem while maintaining the functionality?

Or if not, is there a way to somehow flush the cache?
Preferably something that would take hostname or dom name as an argument.

For the moment, the only solution I have is:
1. Stop virtual networks.
2. Remove /var/lib/libvirt/dnsmasq/virbr*.status
3. Start the network.


Thanks in advance!

--
Best regards,
Andrzej Telszewski
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Red Hat: 2014:1073-01: nss, nss-util, nss-softokn: Low Advisory LXer Syndicated Linux News 0 08-18-2014 09:10 PM
Using pam_pkcs11-0.6.2-11.1 with NSS for certificate mapping to LDAP fails in cert_in breds Linux - Software 1 06-18-2012 07:58 AM
LXer: Track KVM guests with libvirt and the Linux audit subsystem LXer Syndicated Linux News 0 06-18-2012 07:00 AM
nss ldap mapping shadowAccount problem neia Linux - Enterprise 4 06-11-2010 10:29 AM
soundkonverter loses track numbers converting from wma to ogg mbvpixies78 Linux - Software 0 06-09-2008 12:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud

All times are GMT -5. The time now is 09:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration