XPath for libvirt external snapshop path

The following xmllint XPath query will pull out the name of the backing file for a VM named fedora-server-36 and an external snapshot named fedora-36-post-install,

virsh snapshot-dumpxml fedora-server-36 fedora-server-36-post-install | xmllint --xpath "string(//domainsnapshot/disks/disk[@snapshot='external']/source/@file)" -

The string function extracts the attribute value.

This value can be used in the process of using or deleting the snapshot.

Parsing libvirt xmldump using xpath

In a recent article, I saw yet another example of using grep to pull information out of xml, and then to manually look for a field. However, XML is structured, and with XPath, we can pull out exactly what we need.

virsh dumpxml fedora-server-36 | xmllint --xpath "//domain/devices/disk[@device='disk']"  -

That will produce output like this:

<disk type="file" device="disk">
      <driver name="qemu" type="qcow2" discard="unmap"/>
      <source file="/var/lib/libvirt/images/fedora-server-36.qcow2"/>
      <target dev="vda" bus="virtio"/>
      <address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</disk>

Note that I did more in my XPath than required by the original article. I wanted to show an example of querying based on an attribute inside the selected node.

Update: Here is an example for what is done later in the article: pull the path out of the pool xml.

virsh pool-dumpxml default |  xmllint --xpath "//pool/target/path/text()"  -
/var/lib/libvirt/images

PXE Setup Part the First

PXE is conglomeration of tools used to get a new operating system onto a computer. It is based on two protocols: DHCP and TFPT. I used PXER a long time ago at Penguin and have always wanted to set it up for my home personal use. I’m doing that now for my lab. My goal is to first be able to provision virtual machines, and then to provision physical boxes. I need to do a full install of RHEL 7 and RHEL 8, which means I also need Kickstart to automate the install process. I had it working, but after rebooting the NUC it is running on it broke. Here’s my debugging.

Continue reading

Remotely Provisioning a Virtual Machine using Ansible and Libvirt

Ansible exists to help automate the time consuming repeated tasks that technologist depend upon. One very common jobs is to create and tear down a virtual machine. While cloud technologies have made this possible to perform remotely, there are many times when I’ve needed to setup and tear down virtual machines on systems that were stand alone Linux servers. In this case, the main interfaces to the machine are ssh and libvirt. I recently worked through an Ansible role to setup and tear down an virtual machine via libvirt, and I’d like to walk through it, and record my reasons for some of the decisions I made.
Continue reading

SELinux for Kubevirt on Centos

Without disabling SELinux enforcement, an attempt to deploy a VM generates the following audit message:

type=AVC msg=audit(1504194626.938:877): avc: denied { transition } for pid=9574 comm="libvirtd" path="/usr/local/bin/qemu-system-x86_64" dev="dm-19" ino=31526884 scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:svirt_tcg_t:s0:c408,c741 tclass=process

Running this through audit2allow provides a little more visibility into the problem:

#============= spc_t ==============
 
#!!!! The file '/usr/local/bin/qemu-system-x86_64' is mislabeled on your system.  
#!!!! Fix with $ restorecon -R -v /usr/local/bin/qemu-system-x86_64
allow spc_t svirt_tcg_t:process transition;

This is probably due to running as much of the virtualization machinery in containers. /usr/local/bin/qemu-system-x86_64 comes from inside the libvirt container. It does not exist on the base OS filesystem. Thus, just running restorecon won’t do much.

Continue reading