VM host networking (deb/2.7/CLI)
|Snap||CLI ~ UI||CLI ~ UI||CLI ~ UI||CLI ~ UI|
|Packages||CLI ~ UI||CLI ~ UI||CLI ~ UI||CLI ~ UI|
In order to deploy a VM host in your MAAS network, you first need to set up a bridge to connect between your VM host and MAAS itself. This section explains several ways of accomplishing this.
Four questions you may have:
- How do I set up a VM host bridge with the MAAS CLI/API?
- How do I set up a VM host bridge with netplan?
- How do I set up a VM host bridge with libvirt?
- How do I set up SSH for use by libvirt?
To enable VM host networking features, MAAS must match the VM host IP address of a potential VM host with a known device (a machine or controller). For example, if a machine not known to MAAS is set up as a VM host, enhanced interface selection features will not be available.
It’s essential to enforce usage of IP addresses to avoid domain name conflicts, should different controllers resolve the same domain name with different IP addresses. You should also avoid using 127.0.0.1 when running multiple controllers, as it would confuse MAAS.
You can also use the MAAS CLI/API to configure a VM host bridge, with the following procedure:
Select the interface you wish to configure the bridge on. This example uses the boot interface, since the boot interface must be connected to a MAAS controlled network – but any interface is allowed:
INTERFACE_ID=$(maas $PROFILE machine read $SYSTEM_ID | jq .boot_interface.id)
Create the bridge:
BRIDGE_ID=$(maas $PROFILE interfaces create-bridge $SYSTEM_ID name=br0 parent=$INTERFACE_ID | jq .id)
Select the subnet where you want the bridge (this should be a MAAS controlled subnet):
SUBNET_ID=$(maas $PROFILE subnets read | jq -r '. | select(.cidr == "10.0.0.0/24" and .managed == true).id')
Connect the bridge to the subnet:
maas $PROFILE interface link-subnet $SYSTEM_ID $BRIDGE_ID subnet=$SUBNET_ID mode="STATIC" ip_address="10.0.0.101"
You can also use netplan to configure a VM host bridge:
Open your netplan configuration file. This should be in
/etc/netplan. It could be called
netplan.yaml, or something else. Modify the file to add a bridge, using the example below to guide you:
network: bridges: br0: addresses: - 10.0.0.101/24 gateway4: 10.0.0.1 interfaces: - enp1s0 macaddress: 52:54:00:39:9d:f9 mtu: 1500 nameservers: addresses: - 10.0.0.2 search: - maas parameters: forward-delay: 15 stp: false ethernets: enp1s0: match: macaddress: 52:54:00:39:9d:f9 mtu: 1500 set-name: enp1s0 enp2s0: match: macaddress: 52:54:00:df:87:ac mtu: 1500 set-name: enp2s0 enp3s0: match: macaddress: 52:54:00:a7:ac:46 mtu: 1500 set-name: enp3s0 version: 2
Apply the new configuration with
It is also possible to use libvirt to configure a virtual bridge. This method will also work for LXD VM hosts running on Ubuntu. Be aware that other methods may be required if you are configuring LXD on an OS other than Ubuntu.
By default, libvirt creates a virtual bridge,
virbr0, through which VMs communicate with each other and the Internet. DHCP, supplied by libvirt, automatically assigns an IP address to each VM. However, to enable network booting in MAAS, you’ll need to provide DHCP in MAAS and either:
- Disable DHCP on libvirt’s
- Create a new libvirt network
maaswith DHCP disabled.
You can set up such a
maas network like this:
cat << EOF > maas.xml <network> <name>maas</name> <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> <dns enable="no" /> <bridge name='virbr1' stp='off' delay='0'/> <domain name='testnet'/> <ip address='172.16.99.1' netmask='255.255.255.0'> </ip> </network> EOF virsh net-define maas.xml
Note that this network also has NAT port forwarding enabled to allow VMs to communicate with the Internet at large. Port forwarding is very useful in test environments.
For MAAS to successfully communicate with libvirt on your VM host machine – whether you’re running from snap or package, or running rack controllers in LXD containers or on localhost – this example command must succeed from every rack controller:
virsh -c qemu+ssh://$USER@$VM_HOST_IP/system list --all
$USER is a user on your VM host who is a member of the
libvirtd Unix group on the VM host, and
$VM_HOST_IP is the IP of your VM host. Note that insufficient permissions for
$USER may cause the
virsh command to fail with an error such as
failed to connect to the hypervisor. Check the
$USER group membership to make sure
$USER is a member of the
maas user on your rack controllers will issue all libvirt commands. Therefore, you’ll need to set up SSH public keys on every rack controller for user
maas. First create SSH keys on all rack controllers:
$ sudo -i root@maas:~$ mkdir -p /var/snap/maas/current/root/.ssh root@maas:~$ cd /var/snap/maas/current/root/.ssh root@maas:~$ ssh-keygen -f id_rsa
Next, add the contents of
~maas/.ssh/id_rsa.pub to the VM host user’s
~$USER/.ssh/authorized_keys. To accomplish this, log into your VM host node, via SSH, from a host for which MAAS has a matching public SSH key.