h
у меня на собеседовании диктант пишут
Выводы команд урезал до необходимого, и так слишком много всего.
GRUB_CMDLINE_LINUX="… intel_iommu=on iommu=pt"
Size: a a a
2019 June 05
SS
lspci
…
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev a4)
02:00.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
…
…
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev a4)
02:00.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
…
UD
Motherboard: Asus P8Q77-M (VT-x; VT-d supported and enabled in BIOS)
CPU: Intel Core i7-2600 (VT-x; VT-d supported)
OS: CentOS Linux release 7.6.1810 (Core) with all last updates
NIC (pci): Intel Corporation PRO/1000 MT Desktop Adapter
CPU: Intel Core i7-2600 (VT-x; VT-d supported)
OS: CentOS Linux release 7.6.1810 (Core) with all last updates
NIC (pci): Intel Corporation PRO/1000 MT Desktop Adapter
dmesg | grep DMAR
SS
virsh nodedev-dumpxml pci_0000_02_00_0
<device>
<name>pci_0000_02_00_0</name>
<path>/sys/devices/pci0000:00/0000:00:1e.0/0000:02:00.0</path>
<parent>pci_0000_00_1e_0</parent>
<driver>
<name>e1000</name>
</driver>
<capability type='pci'>
<domain>0</domain>
<bus>2</bus>
<slot>0</slot>
<function>0</function>
<product id='0x100e'>82540EM Gigabit Ethernet Controller</product>
<vendor id='0x8086'>Intel Corporation</vendor>
<iommuGroup number='7'>
<address domain='0x0000' bus='0x00' slot='0x1e' function='0x0'/>
<address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</iommuGroup>
</capability>
</device>
<device>
<name>pci_0000_02_00_0</name>
<path>/sys/devices/pci0000:00/0000:00:1e.0/0000:02:00.0</path>
<parent>pci_0000_00_1e_0</parent>
<driver>
<name>e1000</name>
</driver>
<capability type='pci'>
<domain>0</domain>
<bus>2</bus>
<slot>0</slot>
<function>0</function>
<product id='0x100e'>82540EM Gigabit Ethernet Controller</product>
<vendor id='0x8086'>Intel Corporation</vendor>
<iommuGroup number='7'>
<address domain='0x0000' bus='0x00' slot='0x1e' function='0x0'/>
<address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</iommuGroup>
</capability>
</device>
h
интересно, а зачем такой онанизм?
SS
virsh nodedev-detach pci_0000_02_00_0
lspci -v
02:00.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
Subsystem: Intel Corporation PRO/1000 MT Desktop Adapter
…
Kernel driver in use: vfio-pci
Kernel modules: e1000
lspci -v
02:00.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
Subsystem: Intel Corporation PRO/1000 MT Desktop Adapter
…
Kernel driver in use: vfio-pci
Kernel modules: e1000
h
что мешает просто сбриджевать физ сетяху с виртуальной?
SS
# find /sys/kernel/iommu_groups/ -type l
…
/sys/kernel/iommu_groups/7/devices/0000:00:1e.0
/sys/kernel/iommu_groups/7/devices/0000:02:00.0
…
…
/sys/kernel/iommu_groups/7/devices/0000:00:1e.0
/sys/kernel/iommu_groups/7/devices/0000:02:00.0
…
SS
Вот что добавлялось в готевой xml
<hostdev mode='subsystem' type='pci' managed='yes'>
<source>
<address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</source>
<address type='pci' domain='0x0000' bus='0x08' slot='0x02' function='0x0'/> <= прилетело автоматом
</hostdev>
При старте гостевой ВМ:
error: Failed to start domain test
error: internal error: qemu unexpectedly closed the monitor: 2019-06-03 23:16:49.853+0000: Domain id=1 is tainted: host-cpu
2019-06-03T23:16:50.071319Z qemu-kvm: -device vfio-pci,host=02:00.0,id=hostdev0,bus=pci.8,addr=0x2: vfio error: 0000:02:00.0: failed to setup container for group 7: failed to set iommu for container: Device or resource busy
<hostdev mode='subsystem' type='pci' managed='yes'>
<source>
<address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</source>
<address type='pci' domain='0x0000' bus='0x08' slot='0x02' function='0x0'/> <= прилетело автоматом
</hostdev>
При старте гостевой ВМ:
error: Failed to start domain test
error: internal error: qemu unexpectedly closed the monitor: 2019-06-03 23:16:49.853+0000: Domain id=1 is tainted: host-cpu
2019-06-03T23:16:50.071319Z qemu-kvm: -device vfio-pci,host=02:00.0,id=hostdev0,bus=pci.8,addr=0x2: vfio error: 0000:02:00.0: failed to setup container for group 7: failed to set iommu for container: Device or resource busy
SS
что мешает просто сбриджевать физ сетяху с виртуальной?
Ниего не мешает, захотелось попробовать как оно будет
SS
dmesg | grep DMAR
[ 0.000000] ACPI: DMAR 00000000da8ef3c0 000B8 (v01 INTEL SNB 00000001 INTL 00000001)
[ 0.000000] DMAR: IOMMU enabled
[ 0.039669] DMAR: Host address width 36
[ 0.039723] DMAR: DRHD base: 0x000000fed90000 flags: 0x0
[ 0.039782] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap c0000020e60262 ecap f0101a
[ 0.039866] DMAR: DRHD base: 0x000000fed91000 flags: 0x1
[ 0.039931] DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap c9008020660262 ecap f010da
[ 0.040016] DMAR: RMRR base: 0x000000da861000 end: 0x000000da872fff
[ 0.040072] DMAR: RMRR base: 0x000000dd000000 end: 0x000000df1fffff
[ 0.040128] DMAR-IR: IOAPIC id 2 under DRHD base 0xfed91000 IOMMU 1
[ 0.040183] DMAR-IR: HPET id 0 under DRHD base 0xfed91000
[ 0.040237] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping.
[ 0.040535] DMAR-IR: Enabled IRQ remapping in x2apic mode
[ 0.517619] DMAR: No ATSR found
[ 0.517706] DMAR: dmar0: Using Queued invalidation
[ 0.517762] DMAR: dmar1: Using Queued invalidation
[ 0.659342] DMAR: Software identity mapping for device 0000:00:00.0
[ 0.659399] DMAR: Software identity mapping for device 0000:00:01.0
[ 0.659458] DMAR: Software identity mapping for device 0000:00:02.0
[ 0.659517] DMAR: Software identity mapping for device 0000:00:14.0
[ 0.659573] DMAR: Software identity mapping for device 0000:00:19.0
[ 0.659629] DMAR: Software identity mapping for device 0000:00:1a.0
[ 0.659685] DMAR: Software identity mapping for device 0000:00:1d.0
[ 0.659740] DMAR: Software identity mapping for device 0000:00:1f.0
[ 0.659795] DMAR: Software identity mapping for device 0000:00:1f.2
[ 0.659851] DMAR: Software identity mapping for device 0000:00:1f.3
[ 0.659906] DMAR: Setting RMRR:
[ 0.659957] DMAR: Setting identity map for device 0000:00:02.0 [0xdd000000 - 0xdf1fffff]
[ 0.660190] DMAR: Setting identity map for device 0000:00:14.0 [0xda861000 - 0xda872fff]
[ 0.660279] DMAR: Setting identity map for device 0000:00:1a.0 [0xda861000 - 0xda872fff]
[ 0.660366] DMAR: Setting identity map for device 0000:00:1d.0 [0xda861000 - 0xda872fff]
[ 0.660452] DMAR: Prepare 0-16MiB unity mapping for LPC
[ 0.660510] DMAR: Setting identity map for device 0000:00:1f.0 [0x0 - 0xffffff]
[ 0.660909] DMAR: Intel(R) Virtualization Technology for Directed I/O
[ 0.661013] iommu: Adding device 0000:00:00.0 to group 0
[ 0.661077] iommu: Adding device 0000:00:01.0 to group 1
[ 0.661137] iommu: Adding device 0000:00:02.0 to group 2
[ 0.661197] iommu: Adding device 0000:00:14.0 to group 3
[ 0.661256] iommu: Adding device 0000:00:19.0 to group 4
[ 0.661315] iommu: Adding device 0000:00:1a.0 to group 5
[ 0.661374] iommu: Adding device 0000:00:1d.0 to group 6
[ 0.661433] iommu: Adding device 0000:00:1e.0 to group 7
[ 0.661496] iommu: Adding device 0000:00:1f.0 to group 8
[ 0.661565] iommu: Adding device 0000:00:1f.2 to group 8
[ 0.661623] iommu: Adding device 0000:00:1f.3 to group 8
[ 0.661680] iommu: Adding device 0000:02:00.0 to group 7
[ 0.691635] DMAR: 32bit 0000:00:1a.0 uses non-identity mapping
[ 0.691725] DMAR: Setting identity map for device 0000:00:1a.0 [0xda861000 - 0xda872fff]
[ 0.702493] DMAR: 32bit 0000:00:1d.0 uses non-identity mapping
[ 0.702595] DMAR: Setting identity map for device 0000:00:1d.0 [0xda861000 - 0xda872fff]
[ 1.411392] [drm] DMAR active, disabling use of stolen memory
[ 0.000000] DMAR: IOMMU enabled
[ 0.039669] DMAR: Host address width 36
[ 0.039723] DMAR: DRHD base: 0x000000fed90000 flags: 0x0
[ 0.039782] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap c0000020e60262 ecap f0101a
[ 0.039866] DMAR: DRHD base: 0x000000fed91000 flags: 0x1
[ 0.039931] DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap c9008020660262 ecap f010da
[ 0.040016] DMAR: RMRR base: 0x000000da861000 end: 0x000000da872fff
[ 0.040072] DMAR: RMRR base: 0x000000dd000000 end: 0x000000df1fffff
[ 0.040128] DMAR-IR: IOAPIC id 2 under DRHD base 0xfed91000 IOMMU 1
[ 0.040183] DMAR-IR: HPET id 0 under DRHD base 0xfed91000
[ 0.040237] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping.
[ 0.040535] DMAR-IR: Enabled IRQ remapping in x2apic mode
[ 0.517619] DMAR: No ATSR found
[ 0.517706] DMAR: dmar0: Using Queued invalidation
[ 0.517762] DMAR: dmar1: Using Queued invalidation
[ 0.659342] DMAR: Software identity mapping for device 0000:00:00.0
[ 0.659399] DMAR: Software identity mapping for device 0000:00:01.0
[ 0.659458] DMAR: Software identity mapping for device 0000:00:02.0
[ 0.659517] DMAR: Software identity mapping for device 0000:00:14.0
[ 0.659573] DMAR: Software identity mapping for device 0000:00:19.0
[ 0.659629] DMAR: Software identity mapping for device 0000:00:1a.0
[ 0.659685] DMAR: Software identity mapping for device 0000:00:1d.0
[ 0.659740] DMAR: Software identity mapping for device 0000:00:1f.0
[ 0.659795] DMAR: Software identity mapping for device 0000:00:1f.2
[ 0.659851] DMAR: Software identity mapping for device 0000:00:1f.3
[ 0.659906] DMAR: Setting RMRR:
[ 0.659957] DMAR: Setting identity map for device 0000:00:02.0 [0xdd000000 - 0xdf1fffff]
[ 0.660190] DMAR: Setting identity map for device 0000:00:14.0 [0xda861000 - 0xda872fff]
[ 0.660279] DMAR: Setting identity map for device 0000:00:1a.0 [0xda861000 - 0xda872fff]
[ 0.660366] DMAR: Setting identity map for device 0000:00:1d.0 [0xda861000 - 0xda872fff]
[ 0.660452] DMAR: Prepare 0-16MiB unity mapping for LPC
[ 0.660510] DMAR: Setting identity map for device 0000:00:1f.0 [0x0 - 0xffffff]
[ 0.660909] DMAR: Intel(R) Virtualization Technology for Directed I/O
[ 0.661013] iommu: Adding device 0000:00:00.0 to group 0
[ 0.661077] iommu: Adding device 0000:00:01.0 to group 1
[ 0.661137] iommu: Adding device 0000:00:02.0 to group 2
[ 0.661197] iommu: Adding device 0000:00:14.0 to group 3
[ 0.661256] iommu: Adding device 0000:00:19.0 to group 4
[ 0.661315] iommu: Adding device 0000:00:1a.0 to group 5
[ 0.661374] iommu: Adding device 0000:00:1d.0 to group 6
[ 0.661433] iommu: Adding device 0000:00:1e.0 to group 7
[ 0.661496] iommu: Adding device 0000:00:1f.0 to group 8
[ 0.661565] iommu: Adding device 0000:00:1f.2 to group 8
[ 0.661623] iommu: Adding device 0000:00:1f.3 to group 8
[ 0.661680] iommu: Adding device 0000:02:00.0 to group 7
[ 0.691635] DMAR: 32bit 0000:00:1a.0 uses non-identity mapping
[ 0.691725] DMAR: Setting identity map for device 0000:00:1a.0 [0xda861000 - 0xda872fff]
[ 0.702493] DMAR: 32bit 0000:00:1d.0 uses non-identity mapping
[ 0.702595] DMAR: Setting identity map for device 0000:00:1d.0 [0xda861000 - 0xda872fff]
[ 1.411392] [drm] DMAR active, disabling use of stolen memory
SS
Вроде бы где то видел что если несколько девайсов в одной iommuGroup number то их нужто все отцеплять от ноды. Но nodedev-detuch pci_0000_00_1e_0 никак не помагает
s
А кто нибудь юзает LXC в проксе с VLAN aware , там нужны какие-то доп манипуляции ?
s
На той же ноде машинка с виндой KVM, ставлю в проксе VLAN tag и все работает. А с LXC такое не прокатывает.
TF
synapse
На той же ноде машинка с виндой KVM, ставлю в проксе VLAN tag и все работает. А с LXC такое не прокатывает.
а ты вот глянь форум, и там пишут многие, что проблема
s
synapse
А кто нибудь юзает LXC в проксе с VLAN aware , там нужны какие-то доп манипуляции ?
Все работает кстати, проблема была в моих корявых руках которые настраивали свитчи до этого.
2019 June 06
VR
@kvaps
Привет.
А правильно ли я понимаю что в опеннебуле для на стройки сетей надо вначале руками настроить для нод в кластере бриджи и сети?
Привет.
А правильно ли я понимаю что в опеннебуле для на стройки сетей надо вначале руками настроить для нод в кластере бриджи и сети?
k
@kvaps
Привет.
А правильно ли я понимаю что в опеннебуле для на стройки сетей надо вначале руками настроить для нод в кластере бриджи и сети?
Привет.
А правильно ли я понимаю что в опеннебуле для на стройки сетей надо вначале руками настроить для нод в кластере бриджи и сети?
не обязательно, зависит от типа сети
k
если vlan то не надо