New openmediavault-kvm plugin

Zitat von ryecoaaron

Here are a couple of things to try:

https://serverfault.com/questi…ks-libvirt-bridge-network

http://blog.shahada.abubakar.n…r-breaks-kvm-bridge-fixed

But I like this one the best from https://bbs.archlinux.org/viewtopic.php?id=233727:

Code

EDITOR=vim sudo -E systemctl edit docker

Code

[Service]
ExecStartPre=/usr/bin/iptables -A FORWARD -p all -i bridge0 -j ACCEPT
#ExecStopPost=/usr/bin/iptables -D FORWARD -p all -i bridge0 -j ACCEPT

And restart docker using:

Code

sudo systemctl daemon-reload
sudo systemctl stop docker
sudo systemctl start docker

Alles anzeigen

Hi i

this will create an /etc/systemd/system/docker.service.d/override.conf

and remove all firwall rules

if i do iptables -L i get this

iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

i reboot the system kvm is working but docker not anymore

Zitat von ryecoaaron

The delete is commented out. So, it is only adding an append. How does that delete all rules?

My mistake

override.conf

[Service]

ExecStopPost=/usr/bin/iptables -A FORWARD -p all -i br0 -j ACCEPT

now the iptables are good again

but i don't see the rule for br0 (kvm still not working)

iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT udp -- anywhere anywhere udp dpt:domain

ACCEPT tcp -- anywhere anywhere tcp dpt:domain

ACCEPT udp -- anywhere anywhere udp dpt:bootps

ACCEPT tcp -- anywhere anywhere tcp dpt:67

Chain FORWARD (policy DROP)

target prot opt source destination

ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED

ACCEPT all -- 192.168.122.0/24 anywhere

ACCEPT all -- anywhere anywhere

REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

DOCKER-USER all -- anywhere anywhere

DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere

ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED

DOCKER all -- anywhere anywhere

ACCEPT all -- anywhere anywhere

ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

ACCEPT udp -- anywhere anywhere udp dpt:bootpc

Chain DOCKER (1 references)

target prot opt source destination

ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:9090

ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:8082

ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http-alt

Chain DOCKER-ISOLATION-STAGE-1 (1 references)

target prot opt source destination

DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere

RETURN all -- anywhere anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references)

target prot opt source destination

DROP all -- anywhere anywhere

RETURN all -- anywhere anywhere

Chain DOCKER-USER (1 references)

target prot opt source destination

RETURN all -- anywhere anywhere

Zitat von ryecoaaron

iptables is not my specialty. Maybe docker is deleting all rules and adding its own? You could add a dependency to libvirtd that docker is started.

i think i solved it

when i reboot

get this

iptables -x -v --line-numbers -L FORWARD

Chain FORWARD (policy DROP 0 packets, 0 bytes)

num pkts bytes target prot opt in out source destination

1 0 0 ACCEPT all -- any virbr0 anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED

2 0 0 ACCEPT all -- virbr0 any 192.168.122.0/24 anywhere

3 0 0 ACCEPT all -- virbr0 virbr0 anywhere anywhere

4 0 0 REJECT all -- any virbr0 anywhere anywhere reject-with icmp-port-unreachable

5 0 0 REJECT all -- virbr0 any anywhere anywhere reject-with icmp-port-unreachable

6 38 10811 DOCKER-USER all -- any any anywhere anywhere

7 38 10811 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere

8 17 7925 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED

9 2 662 DOCKER all -- any docker0 anywhere anywhere

10 19 2224 ACCEPT all -- docker0 !docker0 anywhere anywhere

11 2 662 ACCEPT all -- docker0 docker0 anywhere anywhere

when a add i by hand

like this

iptables -A FORWARD -p all -i br0 -j ACCEPT

then it works

look at rule 12 (the overide.conf is probably not working )

iptables -x -v --line-numbers -L FORWARD

Chain FORWARD (policy DROP 0 packets, 0 bytes)

num pkts bytes target prot opt in out source destination

1 0 0 ACCEPT all -- any virbr0 anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED

2 0 0 ACCEPT all -- virbr0 any 192.168.122.0/24 anywhere

3 0 0 ACCEPT all -- virbr0 virbr0 anywhere anywhere

4 0 0 REJECT all -- any virbr0 anywhere anywhere reject-with icmp-port-unreachable

5 0 0 REJECT all -- virbr0 any anywhere anywhere reject-with icmp-port-unreachable

6 40 11473 DOCKER-USER all -- any any anywhere anywhere

7 40 11473 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere

8 17 7925 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED

9 4 1324 DOCKER all -- any docker0 anywhere anywhere

10 19 2224 ACCEPT all -- docker0 !docker0 anywhere anywhere

11 4 1324 ACCEPT all -- docker0 docker0 anywhere anywhere

12 0 0 ACCEPT all -- br0 any anywhere anywhere

now only how to make it persistent ?????

Zitat von ryecoaaron

There is no file chooser in OMV. So, it would have to be a manually specified path.

Manually specifying the path is workable.

Would the Backup function be placing the storage and xml files in the same path?

Zitat von ryecoaaron

Maybe. I haven't really thought about where the files would go. Just how to make them. Why?

I guess I was just curious!

When we create a VM using this plugin its VNC port listens on 0.0.0.0 and is accessible everywhere and we have to manually remove it from XML or set it to 127.0.0.1 so its only accessible from noVNC if enabled.

Can there be a option to quickly do this from the GUI ? and can there be a security mechanism such as authentication for accessing websockify by using the JWT or another plugin that it supports. ?

Please help ! Stuck in...

Don't ask me why but I discovered this thread just a few days ago 🙄

My OMV is running under Proxmox so it already is a virtualization (not a solution I'm too satisfied with but too much trouble reinstalling OMV atm).

With this setup: I there a chance I can use KVM in my OMV (probably not, right)?

Is it possible to run a test OMV with KVM in Virtualbox or KVM?

I do like the idea of having OMV with KVM but would like to try it first on a test system.

I cannot delete a previous KVM and on the one working got no internet connection?

Zitat von ryecoaaron

Your default network is inactive. Mark it active in the network tab.

Did you add the ISO to the VM to boot from it?

Everything is fine, it turned out to fully launch the virtual machine via Bridge (macvtap). However, I ran into a problem that I can't solve. The host and the guest do not see each other on the network. How can this error be fixed in the plugin, or what configuration in the plugin should be done so that the host and guests can mutually see each other(since there are SMBs on the host that guest systems need access to). Thanks.

And he also noticed the oddity. Installed on KVM Win7, mounted the Virtio driver disk in the Guest system, installed. But all the same, the Win7 GUI slows down and stutters, there is not enough fluidity. All drivers are installed from here https://fedorapeople.org/group…-1/virtio-win-0.1.196.iso
However, the smoothness of the GUI is poor.
Thanks.