使用 libvirt 为 Linux 桥接虚拟机提供 VLAN 支持

我已经解决了这个问题并找到了解决方案。手动添加 VLAN id 到网桥的从接口是没有问题的，例如：

host ~$ sudo bridge vlan add vid 26 dev vnet13 pvid 26 untagged
host ~$ sudo bridge vlan add vid 30 dev vnet13
host ~$ sudo bridge vlan add vid 50 dev vnet14

host ~$ $ sudo bridge vlan
port              vlan-id
enp1s0            10
                  26
                  30
                  50
vnet13            26 PVID Egress Untagged
                  30
vnet14            50

问题是在虚拟机启动时自动执行此操作。幸运的是libvirt支持libvirt 挂钩脚本。我将使用qemu的钩子脚本并分三步完成。

第 1 步：定义哪个 VLAN-ID 连接到哪个接口

为此，我们为自定义元数据提供了域 XML 格式的额外元素 <metadata>。我们可以简单地将信息添加到域（虚拟机）的静态配置中：

host ~$ virsh edit guest-vm
--- snip ---
<metadata>
  <my:home xmlns:my="http://hoeft-online.de/libvirt">
    <my:iface pvid="26">
      <my:vlan untagged="yes">26</my:vlan>
      <my:vlan>50</my:vlan>
      <my:vlan untagged="no">30</my:vlan>
    </my:iface>
    <my:iface>
      <my:vlan untagged="yes">50</my:vlan>
      <my:vlan>10</my:vlan>
    </my:iface>
  </my:home>
</metadata>
--- snap ---

正如文档所给出的，我必须使用我自己的自定义命名空间<my:home xmlns:my="http://hoeft-online.de/libvirt">。一旦创建，在命名空间中工作就更容易了：

host ~$ virsh metadata guest-vm http://hoeft-online.de/libvirt [--edit --key my]
<home>
  <iface pvid="26">
    <vlan untagged="yes">26</vlan>
    <vlan>50</vlan>
    <vlan untagged="no">30</vlan>
  </iface>
  <iface>
    <vlan untagged="yes">50</vlan>
    <vlan>10</vlan>
  </iface>
</home>

步骤 2：从域的运行时 XML-config 获取启动信息

挂钩脚本获取有关其标准输入的信息。这是正在运行的 VM 的 XML 配置。我们也可以virsh dumpxml guest-vm在虚拟机运行时获取它。我将 XSLT 与xmlstarlet一起使用，以通过 xsl 样式表获取所需的信息。我可以测试：

host ~$ virsh dumpxml guest-vm | xmlstarlet transform /etc/libvirt/hooks/qemu.xsl | xmlstarlet format

这是样式表：

host ~$ cat /etc/libvirt/hooks/qemu.xsl
<?xml version="1.0" encoding="UTF-8"?>
<!-- This stylesheet processes the live XML configuration output from a virtual
     machine managed by libvirt. It transforms the custom metadata information
     together with attached interfaces and returns a normalized XML with VLAN
     ids attached to the interface. For further information look at the
     README file.
     Author: 2021-01-26 - Ingo Höft ([email protected])
     Licence: GPLv3 (https://www.gnu.org/licenses/gpl-3.0.en.html)
-->
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
     xmlns:my="http://hoeft-online.de/libvirt" exclude-result-prefixes="my">
  <xsl:output omit-xml-declaration="yes" indent="no"
       encoding="utf-8" media-type="text/xml"/>
  <xsl:strip-space elements="*"/>
  <xsl:template match="text()|@*"/>


  <xsl:template match="/domain">
    <meta>
      <xsl:apply-templates/>
    </meta>
  </xsl:template>


  <xsl:template match='*'>
    <xsl:for-each select='interface[@type="bridge"]/target'>
    <iface>
      <xsl:variable name="_index" select="position()" />

      <xsl:attribute name="pvid">
        <xsl:choose>
          <xsl:when test="/*/metadata/my:home/my:iface[$_index]/@pvid != ''">
            <xsl:value-of select="/*/metadata/my:home/my:iface[$_index]/@pvid"/>
          </xsl:when>
          <xsl:otherwise>
            <xsl:text>0</xsl:text>
          </xsl:otherwise>
        </xsl:choose>
      </xsl:attribute>

      <xsl:value-of select="@dev"/>

      <xsl:for-each select="/*/metadata/my:home/my:iface[$_index]/my:vlan">
        <vlan>
          <xsl:attribute name="untagged">
            <xsl:choose>
              <xsl:when test="@untagged='yes'">
                <xsl:text>yes</xsl:text>
              </xsl:when>
              <xsl:otherwise>
                <xsl:text>no</xsl:text>
              </xsl:otherwise>
            </xsl:choose>
          </xsl:attribute>

          <xsl:value-of select="."/>
        </vlan>
      </xsl:for-each>

    </iface>
    </xsl:for-each>
  </xsl:template>

<!-- vim: set sts=2 sw=2 et autoindent nowrap: -->
</xsl:stylesheet>

第 3 步：将 VLAN-ID 设置为动态虚拟网络接口 vnet *

使用样式表中的信息，我们现在可以使用挂钩脚本设置网络接口。使其可执行。

harley$ cat /etc/libvirt/hooks/qemu
#!/usr/bin/bash
# /etc/libvirt/hooks/qemu
# Docs: https://www.libvirt.org/hooks.html

# Author: 2021-01-26 - Ingo Höft ([email protected])
# Licence: GPLv3 (https://www.gnu.org/licenses/gpl-3.0.en.html)

# If you save a modified hook script then do 'sudo systemctl restart libvirtd'.

# This script adds VLAN support to interfaces of libvirt guests on start up.
# For more details look at the README file.
# Most work is done with the powerful XML transformation of the XML
# configuration of the guest on stdin with qemu.xsl to get a normalized
# meta information into $META, for example like this
# (we need it to understand the script):
#
# <?xml version="1.0"?>
# <meta>
#   <iface pvid="26">vnet1
#     <vlan untagged="yes">26</vlan>
#     <vlan untagged="no">50</vlan>
#     <vlan untagged="no">30</vlan>
#   </iface>
#   <iface pvid="30">vnet2
#     <vlan untagged="yes">30</vlan>
#     <vlan untagged="no">50</vlan>
#   </iface>
#   <iface pvid="0">vnet3</iface>
# </meta>

# for DEBUG uncomment/comment next three lines
#exec 0< start-vdeb11-base02.xml  # for DEBUG: read testfile to stdin
#BRIDGE="/usr/bin/echo"
BRIDGE="/usr/sbin/bridge"
# and call it with ./qemu "dummy-vm" "start" "begin" "-"

XSLFILE="/etc/libvirt/hooks/qemu.xsl"
XMLPROG="/usr/bin/xmlstarlet"

#GUEST=$1       # name of guest being started
OPERATION=$2
SUB_OPERATION=$3
EXTRA_PARM=$4


#echo 'DEBUG: entering qemu.hook' >&2
case "$OPERATION" in
    prepare)
      ;;
    start)
        if [[ "$SUB_OPERATION" != "begin" ]] || [[ "$EXTRA_PARM" != "-" ]]; then
            echo "Error: Unhandled parameter \$3='$SUB_OPERATION' or \$4='$EXTRA_PARM' to $0 \$1 \$2 \$3 \$4" >&2
            exit 1
        fi
        if [[ ! -x "$XMLPROG" ]]; then
            echo "Error: $XMLPROG is not executable" >&2
            exit 1
        fi

        #cat - >/var/log/libvirt/start-"$1".xml; exit 1   # get live xml for DEBUG
        META=$("$XMLPROG" tr "$XSLFILE" -)
        #echo "DEBUG: using hook start with $META" >&2

        # loop through interfaces
        IFACE_COUNT=0
        while true; do
            ((++IFACE_COUNT))
            IFACE=$(echo "$META" | "$XMLPROG" sel -t -c "/meta/iface[$IFACE_COUNT]/text()")
            if [[ -z "$IFACE" ]]; then
                # finished, no more interfaces available
                exit 0
            fi

            "$BRIDGE" link set dev "$IFACE" flood off

            # loop through vlans on one interface
            VLAN_COUNT=0
            while true; do
                ((++VLAN_COUNT))
                VLAN=$(echo "$META" | "$XMLPROG" sel -t -v "/meta/iface[$IFACE_COUNT]/vlan[$VLAN_COUNT]/text()")
                if [[ -z "$VLAN" ]]; then
                    # finished, no more vlans available, process next interface
                    break
                else
                    UNTAGGED=$(echo "$META" | "$XMLPROG" sel -t -v "/meta/iface[$IFACE_COUNT]/vlan[$VLAN_COUNT]/@untagged")
                    if [[ "$UNTAGGED" == "yes" ]]; then
                        "$BRIDGE" vlan add vid "$VLAN" dev "$IFACE" pvid "$VLAN" untagged
                    else
                        "$BRIDGE" vlan add vid "$VLAN" dev "$IFACE"
                    fi
                fi
            done
        done
        ;;
    started)
        ;;
    stopped)
        ;;
    release)
        ;;
    migrate)
        ;;
    restore)
        ;;
    reconnect)
        ;;
    attach)
        ;;
    *)
        echo "Error: qemu hook called with unexpected options $*" >&2
        exit 1
        ;;
esac

# vim: set sts=4 sw=4 et autoindent nowrap:

感谢@Ingo 的想法，虽然他的（可能）解决方案效果很好，但我真的不想使用 xmlstarlet，因为它不在 Centos Stream 9 的存储库中。

无论如何，我使用了 Ingos 的想法并在 python 中实现了它。唯一需要的是python。

https://github.com/modzilla99/libvirt-vlans