Я уже некоторое время пытаюсь настроить брандмауэр PfSense на моем сервере Debian XEN, это работает нормально, пока я не попытаюсь добавить пятый (с четырьмя, он работает) интерфейс к виртуальной машине "hvm", тогда виртуальная машина победила ' t start и доходит до ошибок, описанных ниже. Но если я теперь добавлю точно такие же интерфейсы к обычной паравиртуализированной виртуальной машине Debian, это сработает.
Версия системы:
Linux xxx 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux
Конфигурация ВМ:
builder = "hvm"
memory = 4096
vcpus = 2
name = "fw-XXXX"
vif = [ 'ip=X.X.X.X,mac=X:X:X:X:X:66,bridge=xenbr0',
'ip=X.X.X.X,mac=X:X:X:X:X:67,script=vif-openvswitch,bridge=vlanX4',
'ip=X.X.X.X,mac=X:X:X:X:X:68,script=vif-openvswitch,bridge=vlanX3',
'ip=X.X.X.X,mac=X:X:X:X:X:69,script=vif-openvswitch,bridge=vlanX2',
'ip=X.X.X.X,mac=X:X:X:X:X:70,script=vif-openvswitch,bridge=vlanX1'
]
disk = [
'phy:/dev/redundant_slow_01/fw-XXXX-root,xvda,rw',
'file:/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso,xvdb:cdrom,r'
]
boot = "dc"
vga = "stdvga"
videoram = 64
vnc = 1
vnclisten = "X.X.X.5"
vncdisplay = 0
vncpasswd = "****"
Вывод ошибки:
xen -vvvv создать fw-XXXX.cfg
Parsing config from fw-XXXX.cfg
libxl: debug: libxl_create.c:1614:do_domain_create: ao 0x55f7b6690880: create: how=(nil) callback=(nil) poller=0x55f7b66909d0
libxl: debug: libxl_device.c:361:libxl__device_disk_set_backend: Disk vdev=xvda spec.backend=unknown
libxl: debug: libxl_device.c:396:libxl__device_disk_set_backend: Disk vdev=xvda, using backend phy
libxl: debug: libxl_device.c:361:libxl__device_disk_set_backend: Disk vdev=xvdb spec.backend=qdisk
libxl: debug: libxl_create.c:970:initiate_domain_create: running bootloader
libxl: debug: libxl_bootloader.c:324:libxl__bootloader_run: not a PV domain, skipping bootloader
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b6691c70: deregister unregistered
libxl: debug: libxl_numa.c:502:libxl__get_numa_candidate: New best NUMA placement candidate found: nr_nodes=1, nr_cpus=16, nr_vcpus=34, free_memkb=30236
libxl: detail: libxl_dom.c:182:numa_place_domain: NUMA placement candidate with 1 nodes, 16 cpus and 30236 KB free selected
domainbuilder: detail: xc_dom_allocate: cmdline="(null)", features="(null)"
domainbuilder: detail: xc_dom_kernel_file: filename="/usr/lib/xen-4.8/boot/hvmloader"
domainbuilder: detail: xc_dom_malloc_filemap : 173 kB
libxl: debug: libxl_dom.c:884:libxl__load_hvm_firmware_module: Loading BIOS: /usr/share/seabios/bios-256k.bin
domainbuilder: detail: xc_dom_boot_xen_init: ver 4.8, caps xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64
domainbuilder: detail: xc_dom_parse_image: called
domainbuilder: detail: xc_dom_find_loader: trying multiboot-binary loader ...
domainbuilder: detail: loader probe failed
domainbuilder: detail: xc_dom_find_loader: trying HVM-generic loader ...
domainbuilder: detail: loader probe OK
xc: detail: ELF: phdr: paddr=0x100000 memsz=0x34ca4
xc: detail: ELF: memory: 0x100000 -> 0x134ca4
domainbuilder: detail: xc_dom_mem_init: mem 4032 MB, pages 0xfc000 pages, 4k each
domainbuilder: detail: xc_dom_mem_init: 0xfc000 pages
domainbuilder: detail: xc_dom_boot_mem_init: called
domainbuilder: detail: xc_dom_malloc : 8576 kB
xc: detail: PHYSICAL MEMORY ALLOCATION:
xc: detail: 4KB PAGES: 0x0000000000000200
xc: detail: 2MB PAGES: 0x00000000000003df
xc: detail: 1GB PAGES: 0x0000000000000002
domainbuilder: detail: xc_dom_build_image: called
domainbuilder: detail: xc_dom_pfn_to_ptr_retcount: domU mapping: pfn 0x100+0x35 at 0x7f7161a7a000
domainbuilder: detail: xc_dom_alloc_segment: kernel : 0x100000 -> 0x135000 (pfn 0x100 + 0x35 pages)
xc: detail: ELF: phdr 0 at 0x7f7161a45000 -> 0x7f7161a70220
domainbuilder: detail: xc_dom_pfn_to_ptr_retcount: domU mapping: pfn 0x135+0x40 at 0x7f7161a3a000
domainbuilder: detail: xc_dom_alloc_segment: System Firmware module : 0x135000 -> 0x175000 (pfn 0x135 + 0x40 pages)
domainbuilder: detail: xc_dom_pfn_to_ptr_retcount: domU mapping: pfn 0x175+0x1 at 0x7f7161b29000
domainbuilder: detail: xc_dom_alloc_segment: HVM start info : 0x175000 -> 0x176000 (pfn 0x175 + 0x1 pages)
domainbuilder: detail: alloc_pgtables_hvm: doing nothing
domainbuilder: detail: xc_dom_build_image : virt_alloc_end : 0x176000
domainbuilder: detail: xc_dom_build_image : virt_pgtab_end : 0x0
domainbuilder: detail: xc_dom_boot_image: called
domainbuilder: detail: bootearly: doing nothing
domainbuilder: detail: xc_dom_compat_check: supported guest type: xen-3.0-x86_64
domainbuilder: detail: xc_dom_compat_check: supported guest type: xen-3.0-x86_32p
domainbuilder: detail: xc_dom_compat_check: supported guest type: hvm-3.0-x86_32 <= matches
domainbuilder: detail: xc_dom_compat_check: supported guest type: hvm-3.0-x86_32p
domainbuilder: detail: xc_dom_compat_check: supported guest type: hvm-3.0-x86_64
domainbuilder: detail: clear_page: pfn 0xfefff, mfn 0xfefff
domainbuilder: detail: clear_page: pfn 0xfeffc, mfn 0xfeffc
domainbuilder: detail: domain builder memory footprint
domainbuilder: detail: allocated
domainbuilder: detail: malloc : 8581 kB
domainbuilder: detail: anon mmap : 0 bytes
domainbuilder: detail: mapped
domainbuilder: detail: file mmap : 173 kB
domainbuilder: detail: domU mmap : 472 kB
domainbuilder: detail: vcpu_hvm: called
domainbuilder: detail: xc_dom_gnttab_hvm_seed: called, pfn=0x10c000
domainbuilder: detail: xc_dom_gnttab_hvm_seed: called, pfn=0x10c001
domainbuilder: detail: xc_dom_release: called
libxl: debug: libxl_device.c:361:libxl__device_disk_set_backend: Disk vdev=xvda spec.backend=phy
libxl: debug: libxl_event.c:636:libxl__ev_xswatch_register: watch w=0x55f7b6694220 wpath=/local/domain/0/backend/vbd/25/51712/state token=3/0: register slotnum=3
libxl: debug: libxl_device.c:361:libxl__device_disk_set_backend: Disk vdev=xvdb spec.backend=qdisk
libxl: debug: libxl_device.c:361:libxl__device_disk_set_backend: Disk vdev=xvdb spec.backend=qdisk
libxl: debug: libxl_linux.c:221:libxl__get_hotplug_script_info: backend_kind 3, no need to execute scripts
libxl: debug: libxl_device.c:1155:device_hotplug: No hotplug script to execute
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b6695580: deregister unregistered
libxl: debug: libxl_create.c:1640:do_domain_create: ao 0x55f7b6690880: inprogress: poller=0x55f7b66909d0, flags=i
libxl: debug: libxl_event.c:573:watchfd_callback: watch w=0x55f7b6694220 wpath=/local/domain/0/backend/vbd/25/51712/state token=3/0: event epath=/local/domain/0/backend/vbd/25/51712/state
libxl: debug: libxl_event.c:874:devstate_callback: backend /local/domain/0/backend/vbd/25/51712/state wanted state 2 ok
libxl: debug: libxl_event.c:673:libxl__ev_xswatch_deregister: watch w=0x55f7b6694220 wpath=/local/domain/0/backend/vbd/25/51712/state token=3/0: deregister slotnum=3
libxl: debug: libxl_device.c:1071:device_backend_callback: calling device_backend_cleanup
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b6694220: deregister unregistered
libxl: debug: libxl_linux.c:183:libxl__hotplug_disk: Args and environment ready
libxl: debug: libxl_device.c:1169:device_hotplug: calling hotplug script: /etc/xen/scripts/block add
libxl: debug: libxl_device.c:1170:device_hotplug: extra args:
libxl: debug: libxl_device.c:1178:device_hotplug: env:
libxl: debug: libxl_device.c:1185:device_hotplug: script: /etc/xen/scripts/block
libxl: debug: libxl_device.c:1185:device_hotplug: XENBUS_TYPE: vbd
libxl: debug: libxl_device.c:1185:device_hotplug: XENBUS_PATH: backend/vbd/25/51712
libxl: debug: libxl_device.c:1185:device_hotplug: XENBUS_BASE_PATH: backend
libxl: debug: libxl_aoutils.c:593:libxl__async_exec_start: forking to execute: /etc/xen/scripts/block add
libxl: debug: libxl_event.c:542:watchfd_callback: watch epath=/local/domain/0/backend/vbd/25/51712/state token=3/0: empty slot
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b6694320: deregister unregistered
libxl: debug: libxl_linux.c:200:libxl__get_hotplug_script_info: num_exec 1, not running hotplug scripts
libxl: debug: libxl_device.c:1155:device_hotplug: No hotplug script to execute
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b6694320: deregister unregistered
libxl: debug: libxl.c:2889:libxl__device_disk_find_local_path: Directly accessing local RAW disk /dev/redundant_slow_01/fw-XXXX-root
libxl: debug: libxl.c:2889:libxl__device_disk_find_local_path: Directly accessing local RAW disk /pfSense-CE-2.4.4-RELEASE-p1-amd64.iso
libxl: debug: libxl_dm.c:1493:libxl__build_device_model_args_new: Could not find user xen-qemuuser-shared, starting QEMU as root
libxl: debug: libxl_dm.c:2087:libxl__spawn_local_dm: Spawning device-model /usr/bin/qemu-system-i386 with arguments:
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: /usr/bin/qemu-system-i386
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -xen-domid
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: 25
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -chardev
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-25,server,nowait
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -no-shutdown
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -mon
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: chardev=libxl-cmd,mode=control
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -chardev
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: socket,id=libxenstat-cmd,path=/var/run/xen/qmp-libxenstat-25,server,nowait
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -mon
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: chardev=libxenstat-cmd,mode=control
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -nodefaults
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -no-user-config
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -name
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: fw-XXXX
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -vnc
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: XXXXX:0,password,to=99
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -display
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: none
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -device
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: VGA,vgamem_mb=64
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -boot
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: order=dc
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -smp
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: 2,maxcpus=2
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -device
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: rtl8139,id=nic0,netdev=net0,mac=00:16:3e:95:55:66
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -netdev
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: type=tap,id=net0,ifname=vif25.0-emu,script=no,downscript=no
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -device
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: rtl8139,id=nic1,netdev=net1,mac=00:16:3e:95:55:67
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -netdev
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: type=tap,id=net1,ifname=vif25.1-emu,script=no,downscript=no
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -device
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: rtl8139,id=nic2,netdev=net2,mac=00:16:3e:95:55:68
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -netdev
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: type=tap,id=net2,ifname=vif25.2-emu,script=no,downscript=no
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -device
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: rtl8139,id=nic3,netdev=net3,mac=00:16:3e:95:55:69
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -netdev
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: type=tap,id=net3,ifname=vif25.3-emu,script=no,downscript=no
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -device
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: rtl8139,id=nic4,netdev=net4,mac=00:16:3e:95:55:70
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -netdev
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: type=tap,id=net4,ifname=vif25.4-emu,script=no,downscript=no
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -machine
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: xenfv
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -m
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: 4032
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -drive
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: file=/dev/redundant_slow_01/fw-XXXX-root,if=ide,index=0,media=disk,format=raw,cache=writeback
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: -drive
libxl: debug: libxl_dm.c:2089:libxl__spawn_local_dm: if=ide,index=1,readonly=on,media=cdrom,id=ide-51728,file=/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso,format=raw
libxl: debug: libxl_dm.c:2091:libxl__spawn_local_dm: Spawning device-model /usr/bin/qemu-system-i386 with additional environment:
libxl: debug: libxl_dm.c:2093:libxl__spawn_local_dm: XEN_QEMU_CONSOLE_LIMIT=1048576
libxl: debug: libxl_event.c:636:libxl__ev_xswatch_register: watch w=0x55f7b6691f68 wpath=/local/domain/0/device-model/25/state token=3/1: register slotnum=3
libxl: debug: libxl_event.c:573:watchfd_callback: watch w=0x55f7b6691f68 wpath=/local/domain/0/device-model/25/state token=3/1: event epath=/local/domain/0/device-model/25/state
libxl: debug: libxl_exec.c:398:spawn_watch_event: domain 25 device model: spawn watch p=(null)
libxl: debug: libxl_event.c:673:libxl__ev_xswatch_deregister: watch w=0x55f7b6691f68 wpath=/local/domain/0/device-model/25/state token=3/1: deregister slotnum=3
libxl: error: libxl_dm.c:2182:device_model_spawn_outcome: domain 25 device model: spawn failed (rc=-3)
libxl: error: libxl_create.c:1504:domcreate_devmodel_started: device model did not start: -3
libxl: error: libxl_dm.c:2296:kill_device_model: Device Model already exited
libxl: debug: libxl_event.c:636:libxl__ev_xswatch_register: watch w=0x55f7b669d9c0 wpath=/local/domain/0/backend/vbd/25/51712/state token=3/2: register slotnum=3
libxl: debug: libxl_event.c:573:watchfd_callback: watch w=0x55f7b669d9c0 wpath=/local/domain/0/backend/vbd/25/51712/state token=3/2: event epath=/local/domain/0/backend/vbd/25/51712/state
libxl: debug: libxl_event.c:874:devstate_callback: backend /local/domain/0/backend/vbd/25/51712/state wanted state 6 ok
libxl: debug: libxl_event.c:673:libxl__ev_xswatch_deregister: watch w=0x55f7b669d9c0 wpath=/local/domain/0/backend/vbd/25/51712/state token=3/2: deregister slotnum=3
libxl: debug: libxl_device.c:1071:device_backend_callback: calling device_backend_cleanup
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b669d9c0: deregister unregistered
libxl: debug: libxl_linux.c:183:libxl__hotplug_disk: Args and environment ready
libxl: debug: libxl_device.c:1169:device_hotplug: calling hotplug script: /etc/xen/scripts/block remove
libxl: debug: libxl_device.c:1170:device_hotplug: extra args:
libxl: debug: libxl_device.c:1178:device_hotplug: env:
libxl: debug: libxl_device.c:1185:device_hotplug: script: /etc/xen/scripts/block
libxl: debug: libxl_device.c:1185:device_hotplug: XENBUS_TYPE: vbd
libxl: debug: libxl_device.c:1185:device_hotplug: XENBUS_PATH: backend/vbd/25/51712
libxl: debug: libxl_device.c:1185:device_hotplug: XENBUS_BASE_PATH: backend
libxl: debug: libxl_aoutils.c:593:libxl__async_exec_start: forking to execute: /etc/xen/scripts/block remove
libxl: debug: libxl_event.c:542:watchfd_callback: watch epath=/local/domain/0/backend/vbd/25/51712/state token=3/2: empty slot
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b669dac0: deregister unregistered
libxl: debug: libxl_linux.c:200:libxl__get_hotplug_script_info: num_exec 1, not running hotplug scripts
libxl: debug: libxl_device.c:1155:device_hotplug: No hotplug script to execute
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b669dac0: deregister unregistered
libxl: debug: libxl_linux.c:221:libxl__get_hotplug_script_info: backend_kind 3, no need to execute scripts
libxl: debug: libxl_device.c:1155:device_hotplug: No hotplug script to execute
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b669ddb0: deregister unregistered
libxl: debug: libxl_linux.c:221:libxl__get_hotplug_script_info: backend_kind 6, no need to execute scripts
libxl: debug: libxl_device.c:1155:device_hotplug: No hotplug script to execute
libxl: debug: libxl_event.c:686:libxl__ev_xswatch_deregister: watch w=0x55f7b669e0a0: deregister unregistered
libxl: debug: libxl.c:1712:devices_destroy_cb: forked pid 10249 for destroy of domain 25
libxl: debug: libxl_event.c:1869:libxl__ao_complete: ao 0x55f7b6690880: complete, rc=-3
libxl: debug: libxl_event.c:1838:libxl__ao__destroy: ao 0x55f7b6690880: destroy
libxl: debug: libxl.c:1445:libxl_domain_destroy: ao 0x55f7b6692f00: create: how=(nil) callback=(nil) poller=0x55f7b66909d0
libxl: error: libxl.c:1575:libxl__destroy_domid: non-existant domain 25
libxl: error: libxl.c:1534:domain_destroy_callback: unable to destroy guest with domid 25
libxl: error: libxl.c:1463:domain_destroy_cb: destruction of domain 25 failed
libxl: debug: libxl_event.c:1869:libxl__ao_complete: ao 0x55f7b6692f00: complete, rc=-21
libxl: debug: libxl.c:1454:libxl_domain_destroy: ao 0x55f7b6692f00: inprogress: poller=0x55f7b66909d0, flags=ic
libxl: debug: libxl_event.c:1838:libxl__ao__destroy: ao 0x55f7b6692f00: destroy
xencall:buffer: debug: total allocations:852 total releases:852
xencall:buffer: debug: current allocations:0 maximum allocations:3
xencall:buffer: debug: cache current size:3
xencall:buffer: debug: cache hits:830 misses:3 toobig:19
Буду очень благодарен за помощь, если вам потребуется дополнительная информация, я с радостью ее предоставлю.
Спасибо большое за помощь. Элиас
Есть ограничение на 4 эмулируемых интерфейса. Используйте type = 'ioemu' для первых 4 и type = 'vif' для последующих интерфейсов. type = 'vif' означает использование интерфейса PV, ioemu означает использование полностью виртуализированного интерфейса.