diff options
| author | Dominique Martinet <asmadeus@codewreck.org> | 2015-11-16 18:54:02 +0100 |
|---|---|---|
| committer | Dominique Martinet <asmadeus@codewreck.org> | 2015-12-04 11:45:54 +0100 |
| commit | aa2c56e7457ece4256cdbc6c17d8d2983f943f5e (patch) | |
| tree | 7effd69708d30c1cd28eabc05ed776cbfff1b057 | |
| parent | 0681a79c6aa62f6b0240b6ac10fc59f3b19114ec (diff) | |
Create tap interface ourselves
Since we no longer run the ifup script, we need to add a parameter for mtu,
which could be abused for other 'ip link' setups... Don't really want an eval here.
This also allows to run qemu as user without much work.
| -rw-r--r-- | kvm-wrapper.conf.default | 6 | ||||
| -rwxr-xr-x | kvm-wrapper.sh | 33 | ||||
| -rw-r--r-- | net/.gitignore | 2 | ||||
| -rwxr-xr-x | net/kvm-ifdown | 13 | ||||
| -rwxr-xr-x | net/kvm-ifup | 13 |
5 files changed, 25 insertions, 42 deletions
diff --git a/kvm-wrapper.conf.default b/kvm-wrapper.conf.default index 9dfadb4..ecd43fc 100644 --- a/kvm-wrapper.conf.default +++ b/kvm-wrapper.conf.default @@ -55,7 +55,8 @@ KVM_MACADDR[0]="`random_mac`" KVM_BR[0]="br0" KVM_NET_OPT[0]="" #KVM_NET_OPT[0]=",vhost=on" -#KVM_{IF,MACADDR,BR,NET_OPT}[n] +#KVM_NET_MTU[0]="9000" +#KVM_{IF,MACADDR,BR,NET_OPT,NET_MTU}[n] KVM_BOOTDEVICE="-boot order=c" #KVM_DISK[0] @@ -70,6 +71,9 @@ KVM_DISK_OPT[0]=",cache=none,aio=native" #KVM_VFIO_DOMAIN[0] # 01:00.0 #KVM_VFIO_ID[0] # "fooidname" (id string, no comma/whitespace/equalsign) +# Setting user requires access to: /dev/kvm, /dev/net/tun, +# /dev/vhost-net, /dev/vfio/vfio and ulimit -l big +#KVM_USER="qemu" KVM_KEYMAP="" #KVM_KEYMAP="-k en-us" KVM_OUTPUT="-curses" diff --git a/kvm-wrapper.sh b/kvm-wrapper.sh index e830220..3198ab5 100755 --- a/kvm-wrapper.sh +++ b/kvm-wrapper.sh @@ -391,6 +391,12 @@ function pci_unstubify() function pci_vfiofy() { pci_bind_driver "vfio-pci" "$1" + + if [[ -n "$KVM_USER" ]]; then + local IOMMU_GROUP=$(readlink "/sys/bus/pci/drivers/vfio-pci/$1/iommu_group") + IOMMU_GROUP=${IOMMU_GROUP##*/} + chown $KVM_USER: /dev/vfio/$IOMMU_GROUP + fi } function pci_unvfiofy() @@ -398,7 +404,7 @@ function pci_unvfiofy() pci_unbind_driver "vfio-pci" "$1" } -# helper for vfio +# helper for sriov function ib_sriov() { local PKEYS="$1" @@ -661,16 +667,7 @@ function kvm_start_vm () } [[ "${KVM_IF[0]}" = "vhost_net" ]] && (KVM_NET_OPT[0]=",vhost=on"; KVM_IF[0]="virtio-net-pci") - # Check for the bridge-specific symlinks an' make them otherwise (no quotes on $KVM_BR* because it would otherwise try to create kvm--ifup) - for BR in "${KVM_BR[@]}"; do - test_exist "$KVM_NET_SCRIPT/kvm-$BR-ifup" || \ - (cd "$KVM_NET_SCRIPT"; ln -s kvm-ifup "kvm-$BR-ifup") - test_exist "$KVM_NET_SCRIPT/kvm-$BR-ifdown" || \ - (cd "$KVM_NET_SCRIPT"; ln -s kvm-ifdown "kvm-$BR-ifdown") - done - - - # Iterately build kvmnet string + # Iterately build kvmnet string and create tuntaps [[ "${#KVM_MACADDR[@]}" != 0 ]] && { # not checking KVM_NET_OPT because it _can_ be empty... others will raise an error [[ -z "${KVM_BR[@]:0:1}" ]] && fail_exit "No KVM_BR defined" @@ -679,7 +676,13 @@ function kvm_start_vm () KVM_BR[$i]="${KVM_BR[i]:-${KVM_BR[@]:0:1}}" KVM_IF[$i]="${KVM_IF[i]:-${KVM_IF[@]:0:1}}" KVM_NET_OPT[$i]="${KVM_NET_OPT[i]-${KVM_NET_OPT[@]:0:1}}" - KVM_NET+="-netdev type=tap,id=guest${i},script=$KVM_NET_SCRIPT/kvm-${KVM_BR[i]}-ifup,downscript=$KVM_NET_SCRIPT/kvm-${KVM_BR[i]}-ifdown${KVM_NET_OPT[i]} -device ${KVM_IF[i]},netdev=guest${i},mac=${KVM_MACADDR[i]} " + KVM_NET_MTU[$i]="${KVM_NET_MTU[i]-${KVM_NET_MTU[@]:0:1}}" + local TAPDEV=tap-${VM_NAME}-${i} + KVM_NET+="-netdev type=tap,id=guest${i},ifname=${TAPDEV},script=no,downscript=no${KVM_NET_OPT[i]} -device ${KVM_IF[i]},netdev=guest${i},mac=${KVM_MACADDR[i]} " + ip tuntap add dev $TAPDEV mode tap ${KVM_USER+user $KVM_USER} + ip link set $TAPDEV ${KVM_NET_MTU[$i]:+mtu ${KVM_NET_MTU[$i]}} up + brctl addif ${KVM_BR[i]} $TAPDEV + CLEANUP+=("ip tuntap del dev $TAPDEV mode tap") done } @@ -716,7 +719,11 @@ function kvm_start_vm () echo $EXEC_STRING echo "" echo "" - eval "$EXEC_STRING" + if [[ -n "$KVM_USER" ]]; then + su $KVM_USER -s /bin/sh -c "$EXEC_STRING" + else + eval "$EXEC_STRING" + fi local KVM_RETURN_VALUE="$?" diff --git a/net/.gitignore b/net/.gitignore deleted file mode 100644 index 7970659..0000000 --- a/net/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -kvm-*-ifup -kvm-*-ifdown
\ No newline at end of file diff --git a/net/kvm-ifdown b/net/kvm-ifdown deleted file mode 100755 index d72e728..0000000 --- a/net/kvm-ifdown +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# -# Script called by kvm on tap interface deletion -# - -KVM_BR=`basename $0 -ifdown|sed -e 's/^[^-]*-\?//'` -KVM_BRIDGE=${KVM_BR:-$KVM_BRIDGE} - -echo "$0:" -echo "Removing $1 from bridge $KVM_BRIDGE" -ip link set "$1" down -brctl delif "$KVM_BRIDGE" "$1" - diff --git a/net/kvm-ifup b/net/kvm-ifup deleted file mode 100755 index 9e425e6..0000000 --- a/net/kvm-ifup +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# -# Script called by kvm on tap interface creation -# - -KVM_BR=`basename $0 -ifup|sed -e 's/^[^-]*-\?//'` -KVM_BRIDGE=${KVM_BR:-$KVM_BRIDGE} - -echo "$0:" -echo "Adding $1 to bridge interface $KVM_BRIDGE" -brctl addif "$KVM_BRIDGE" "$1" -ip link set "$1" up - |