deploy: dfb1403a8e

2022-02-24 19:59:13 +00:00 · 2022-02-24 19:59:13 +00:00 · 174d25fa66
commit 174d25fa66
parent d72ce93016
14 changed files with 1242 additions and 5 deletions
--- a/index.html
+++ b/index.html
@ -70,6 +70,28 @@
 <div class=homepage-content>
 </div>
 <div class="articles h-feed">
+<article class="post-list h-feed">
+<div class=post-header>
+<header>
+<h1 class="p-name post-title"><a class=u-url href=/post/libvirt-podman-network-mesh/>Libvirt & Podman: network 'mesh'</a></h1>
+</header>
+</div>
+<div class="content post-summary p-summary">
+Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give Netavark a try, too!
+When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment. I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜
+</div>
+<div class=post-info>
+<div class="post-date dt-published">2022-02-24</div>
+<a class="post-hidden-url u-url" href=https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</a>
+<a href=https://www.1533b4dc0.de/ class="p-name p-author post-hidden-author h-card" rel=me>Peter Kurfer</a>
+<div class=post-taxonomies>
+<ul class=post-tags>
+<li><a href=https://www.1533b4dc0.de/tags/podman/>#podman</a></li>
+<li><a href=https://www.1533b4dc0.de/tags/libvirt/>#libvirt</a></li>
+</ul>
+</div>
+</div>
+</article>
 </div>
 </main>
 <footer class=common-footer>
--- a/index.xml
+++ b/index.xml
@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>1533B4dC0.de</title><link>https://www.1533b4dc0.de/</link><description>1533B4dC0.de</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><atom:link href="https://www.1533b4dc0.de/index.xml" rel="self" type="application/rss+xml"/><item><title>About me</title><link>https://www.1533b4dc0.de/about/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/about/</guid><description>&lt;p>My name&amp;rsquo;s Peter. I&amp;rsquo;m a passionate software developer especially interested in all kind of networking stuff but also asynchronous data processing, software architecture, testing and automatic software quality analysis and many more.&lt;/p>
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>1533B4dC0.de</title><link>https://www.1533b4dc0.de/</link><description>1533B4dC0.de</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/index.xml" rel="self" type="application/rss+xml"/><item><title>About me</title><link>https://www.1533b4dc0.de/about/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/about/</guid><description>&lt;p>My name&amp;rsquo;s Peter. I&amp;rsquo;m a passionate software developer especially interested in all kind of networking stuff but also asynchronous data processing, software architecture, testing and automatic software quality analysis and many more.&lt;/p>
 &lt;p>I&amp;rsquo;m the author of &lt;a href="https://gitlab.com/inetmock/inetmock">InetMock&lt;/a> and &lt;a href="https://github.com/baez90/goveal">Goveal&lt;/a> (more on &lt;a href="https://www.1533b4dc0.de/projects">projects&lt;/a>) but I&amp;rsquo;m also trying to contribute to other open source projects.&lt;/p></description></item><item><title>Projects</title><link>https://www.1533b4dc0.de/projects/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/projects/</guid><description>&lt;h2 id="inetmock" >INetMock
 &lt;span>
 &lt;a href="#inetmock">
@ -24,4 +24,172 @@ Originally I used GitPitch but then the author decided to go with a commercial l
 The commercial license made sense when I was working at the university but after that it didn&amp;rsquo;t really make sense any more.
 So I decided to replace it with a small custom CLI rendering the markdown into a static HTML file and serving it as a local web server (basically).&lt;/p>
 &lt;p>Later on I refined it more and more.
-Currently I&amp;rsquo;m working on a rewrite which adds e.g. 1st class support for &lt;a href="https://mermaid-js.github.io">mermaid-js&lt;/a> diagrams in slides.&lt;/p></description></item></channel></rss>
+Currently I&amp;rsquo;m working on a rewrite which adds e.g. 1st class support for &lt;a href="https://mermaid-js.github.io">mermaid-js&lt;/a> diagrams in slides.&lt;/p></description></item><item><title>Libvirt &amp; Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description>&lt;p>&lt;em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&amp;rsquo;ll give &lt;strong>Netavark&lt;/strong> a try, too!&lt;/em>&lt;/p>
+&lt;p>When playing around with containers and VMs one might ask if it&amp;rsquo;s possible to bring VMs and containers into a common network segment.
+I see &amp;lsquo;why the hell would I need a VM anyway when already having containers&amp;rsquo; or something similar I almost see on your face 😜&lt;/p>
+&lt;p>Well 1st of all, not everything can be solved with containers.
+For instance windows applications can be run in Windows containers but I&amp;rsquo;m not aware of how to run a Windows container on my Linux desktop.&lt;/p>
+&lt;p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
+As you might know I&amp;rsquo;m a bit of network 🤓 and I love playing around with &amp;lsquo;weird&amp;rsquo; stuff almost no one else does even think about if not forced to.
+So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &amp;ldquo;why&amp;rsquo;s Netflix on the TV not working?!&amp;rdquo; 😄 or also if you try to implement your own &amp;lsquo;firewall&amp;rsquo; with DNAT support (stay tuned - post&amp;rsquo;s following!).&lt;/p>
+&lt;h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
+&lt;span>
+&lt;a href="#part-1-libvirt-preparation">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>Okay now that I came around with &lt;em>some&lt;/em> arguments - if they&amp;rsquo;re convincing or not is not important - how does this work?&lt;/p>
+&lt;p>Assuming you&amp;rsquo;ve Libvirt and Podman already installed on your system without any modification and you run&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-list
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>you should have at least the &lt;code>default&lt;/code> network already.&lt;/p>
+&lt;p>The definition of all networks (as of every other component of libvirt) is in XML.
+&lt;code>virsh&lt;/code> comes with a &lt;code>net-dumpxml&lt;/code> command to export the configuration of a network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-dumpxml default
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>The output should look (more or less) like in the following snippet:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>default&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>8d2028ed-cc9a-4eae-9883-b59b673d560d&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;forward&lt;/span> &lt;span style="color:#a6e22e">mode=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;nat&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;port&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;1024&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;65535&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/forward&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;virbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;63:b3:d8:75:53:6b&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.1&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.2&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.254&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>So we&amp;rsquo;ve a &lt;code>&amp;lt;network/&amp;gt;&lt;/code> that is defined by:&lt;/p>
+&lt;ul>
+&lt;li>a &lt;code>&amp;lt;name/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;em>optional&lt;/em> &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> node&lt;/li>
+&lt;li>a &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code> interface&lt;/li>
+&lt;li>the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> for the bridge interface (of the host)&lt;/li>
+&lt;li>the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> of the host on the bridge interface
+&lt;ul>
+&lt;li>an &lt;em>optional&lt;/em> &lt;code>&amp;lt;dhcp/&amp;gt;&lt;/code> range definition&lt;/li>
+&lt;/ul>
+&lt;/li>
+&lt;/ul>
+&lt;p>The complete reference for the XML schema can be found &lt;a href="https://libvirt.org/formatnetwork.html">here&lt;/a>.&lt;/p>
+&lt;p>Before we have a closer look how to bring Podman containers into a Libvirt network, let&amp;rsquo;s define a new &lt;code>containers&lt;/code> network.
+The following snippet contains the definition I&amp;rsquo;ll use:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>containers&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>929b7b7d-bd82-452d-96b7-12f0cf1a4b17&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;conbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;af:af:13:ed:c6:41&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.42&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.100&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.150&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>It&amp;rsquo;s quite similar except I made a few adoptions:&lt;/p>
+&lt;ul>
+&lt;li>remove the &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> block&lt;/li>
+&lt;li>change the &lt;code>&amp;lt;name/&amp;gt;&lt;/code> and the &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code> (with the help of &lt;code>uuidgen&lt;/code>)&lt;/li>
+&lt;li>change the &lt;code>name=&amp;quot;&amp;quot;&lt;/code> of the &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> (use any &lt;a href="https://macaddress.io/mac-address-generator">mac address generator&lt;/a>)&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> and &lt;code>start=&amp;quot;&amp;quot;&lt;/code> and &lt;code>end=&amp;quot;&amp;quot;&lt;/code> of the DHCP range accordingly&lt;/li>
+&lt;/ul>
+&lt;p>You may use any private network - as far as I can tell it shouldn&amp;rsquo;t matter if you&amp;rsquo;re using a class B, C or D private network as long as you don&amp;rsquo;t have any conflicts with your LAN or any other virtual interfaces of your environment.&lt;/p>
+&lt;p>When done safe your network definition as &lt;code>.xml&lt;/code> file.
+To import the configuration you can use &lt;code>virsh net-define&lt;/code> like in the following snippet (assuming the network definition is in &lt;code>containers.xml&lt;/code>):&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-define containers.xml
+&amp;gt; Network containers defined from containers.xml
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>&lt;em>Note: this only works because the XML already contains an &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>. Otherwise you&amp;rsquo;d have to use &lt;code>virsh net-create&lt;/code> and a few more extra steps to make the network actually persistent.&lt;/em>&lt;/p>
+&lt;p>If you now check with &lt;code>virsh net-list&lt;/code> you&amp;rsquo;d be disappointed because there&amp;rsquo;s no network!
+Checking again with &lt;code>virsh net-list --all&lt;/code> explains why our &lt;code>containers&lt;/code> network wasn&amp;rsquo;t in the output previously because it is by default &lt;em>inactive&lt;/em>.
+To activate it we&amp;rsquo;ve to start it like so:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-start containers
+&amp;gt; Network containers started
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>If you don&amp;rsquo;t mind the extra adapter and wish to use the network frequently in the future you might consider to autostart it:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-autostart containers
+&amp;gt; Network containers marked as autostarted
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>With our custom Libvirt network in place we&amp;rsquo;re good to go to configure Podman.&lt;/p>
+&lt;h2 id="part-2-podman-cni-network" >Part 2: Podman CNI network
+&lt;span>
+&lt;a href="#part-2-podman-cni-network">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>&lt;em>Note: this only works with &lt;strong>rootfull&lt;/strong> Podman because rootless Podman does not use CNI but another network stack.&lt;/em>&lt;/p>
+&lt;p>A clean Podman installation without any custom network created comes with the default network &lt;code>podman&lt;/code>.
+Rootfull Podman network configs are by default stored in &lt;code>/etc/cni/net.d&lt;/code>.
+You should find the default network as &lt;code>87-podman.conflist&lt;/code> in the aforementioned directory.&lt;/p>
+&lt;p>Every Podman network is defined as JSON file.
+We will define our own &lt;code>libvirt&lt;/code> network to join Podman containers into the previously created Libvirt network.
+You can either use &lt;code>podman network create&lt;/code> to create the network (at least more or less) or you can copy for example the default network and make some adjustments.&lt;/p>
+&lt;p>To create the new network from the CLI you can use the following command:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman network create &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --disable-dns &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --internal &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --gateway 10.10.2.37 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip-range 10.10.2.160/29 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --subnet 10.10.2.0/24 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> libvirt
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Note that I used a different IP range as in the Libvirt network! Otherwise Podman will complain that the IP range is already in use at an adapter.
+You can use this command to create the required file in &lt;code>/etc/cni/net.d/&lt;/code> but you&amp;rsquo;ve to update the &lt;code>ranges&lt;/code> accordingly before creating a container in the network.&lt;/p>
+&lt;p>Because we&amp;rsquo;ve to edit the &lt;code>.conflist&lt;/code> either way copy the default one is also fine.&lt;/p>
+&lt;p>The &lt;code>.conflist&lt;/code> I&amp;rsquo;m using looks like this:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-json" data-lang="json">{
+&lt;span style="color:#f92672">&amp;#34;cniVersion&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.4.0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;name&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;libvirt&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;plugins&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;bridge&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;bridge&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;conbr0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;isGateway&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">false&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;hairpinMode&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;ipam&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;host-local&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;routes&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;dst&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.0.0.0/0&amp;#34;&lt;/span>
+}
+],
+&lt;span style="color:#f92672">&amp;#34;ranges&amp;#34;&lt;/span>: [
+[
+{
+&lt;span style="color:#f92672">&amp;#34;subnet&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.0/24&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeStart&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.151&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeEnd&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.160&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;gateway&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.42&amp;#34;&lt;/span>
+}
+]
+]
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;portmap&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;capabilities&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;portMappings&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;firewall&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;backend&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;&amp;#34;&lt;/span>
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;tuning&amp;#34;&lt;/span>
+}
+]
+}
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Interestingly the &lt;code>rangeStart&lt;/code> and &lt;code>rangeEnd&lt;/code> are actually IP addresses and not tight to some IP networks but unfortunately there&amp;rsquo;s no equivalent for &lt;code>podman network create&lt;/code> hence I update both to a range after the DHCP range of the Libvirt network to make sure that no duplicate IPs are assigned.&lt;/p>
+&lt;p>I tend to declare the network as &lt;code>host-local&lt;/code> but this shouldn&amp;rsquo;t be critical.
+The &lt;strong>most important&lt;/strong> part is to update the &lt;code>bridge&lt;/code> to the same interface like in the Libvirt network definition (in my case &lt;code>conbr0&lt;/code>).&lt;/p>
+&lt;p>After this we&amp;rsquo;re ready to go and you can for instance start a Nginx container in the &lt;code>libvirt&lt;/code> network and you should be able to reach it from a VM in the Libvirt network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman run &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --rm &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> -d &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --name nginx &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --network libvirt &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip 10.10.1.151 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> docker.io/nginx:alpine
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>A nice option for &lt;code>podman run&lt;/code> is &lt;code>--ip&lt;/code>.
+You&amp;rsquo;ve to choose an IP from the previously configured &lt;code>range&lt;/code> but you can skip the &lt;code>podman inspect&lt;/code> or &lt;code>ip a&lt;/code> to get the container IP and the container will have the IP every time you start it, if you like 😉 and speaking of &amp;lsquo;nice&amp;rsquo; &lt;code>podman run&lt;/code> options: you do know &lt;code>--replace&lt;/code>, don&amp;rsquo;t you?&lt;/p></description></item></channel></rss>
--- a/post/index.html
+++ b/post/index.html
@ -70,6 +70,24 @@
 </div>
 <div class="articles h-feed">
 <h1 class=post-title>Posts</h1>
+<div class="post-short-list h-entry">
+<div class=post-header>
+<header>
+<h2 class="p-name post-title"><a class=u-url href=/post/libvirt-podman-network-mesh/>Libvirt & Podman: network 'mesh'</a></h2>
+</header>
+</div>
+<div class=post-info>
+<div class="post-date dt-published">2022-02-24</div>
+<a class="post-hidden-url u-url" href=https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</a>
+<a href=https://www.1533b4dc0.de/ class="p-name p-author post-hidden-author h-card" rel=me>Peter Kurfer</a>
+<div class=post-taxonomies>
+<ul class=post-tags>
+<li><a href=https://www.1533b4dc0.de/tags/podman/>#podman</a></li>
+<li><a href=https://www.1533b4dc0.de/tags/libvirt/>#libvirt</a></li>
+</ul>
+</div>
+</div>
+</div>
 </div>
 </main>
 <footer class=common-footer>
--- a/post/index.xml
+++ b/post/index.xml
@ -1 +1,169 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/post/</link><description>1533B4dC0.de (Posts)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><atom:link href="https://www.1533b4dc0.de/post/index.xml" rel="self" type="application/rss+xml"/></channel></rss>
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/post/</link><description>1533B4dC0.de (Posts)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/post/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt &amp; Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description>&lt;p>&lt;em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&amp;rsquo;ll give &lt;strong>Netavark&lt;/strong> a try, too!&lt;/em>&lt;/p>
+&lt;p>When playing around with containers and VMs one might ask if it&amp;rsquo;s possible to bring VMs and containers into a common network segment.
+I see &amp;lsquo;why the hell would I need a VM anyway when already having containers&amp;rsquo; or something similar I almost see on your face 😜&lt;/p>
+&lt;p>Well 1st of all, not everything can be solved with containers.
+For instance windows applications can be run in Windows containers but I&amp;rsquo;m not aware of how to run a Windows container on my Linux desktop.&lt;/p>
+&lt;p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
+As you might know I&amp;rsquo;m a bit of network 🤓 and I love playing around with &amp;lsquo;weird&amp;rsquo; stuff almost no one else does even think about if not forced to.
+So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &amp;ldquo;why&amp;rsquo;s Netflix on the TV not working?!&amp;rdquo; 😄 or also if you try to implement your own &amp;lsquo;firewall&amp;rsquo; with DNAT support (stay tuned - post&amp;rsquo;s following!).&lt;/p>
+&lt;h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
+&lt;span>
+&lt;a href="#part-1-libvirt-preparation">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>Okay now that I came around with &lt;em>some&lt;/em> arguments - if they&amp;rsquo;re convincing or not is not important - how does this work?&lt;/p>
+&lt;p>Assuming you&amp;rsquo;ve Libvirt and Podman already installed on your system without any modification and you run&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-list
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>you should have at least the &lt;code>default&lt;/code> network already.&lt;/p>
+&lt;p>The definition of all networks (as of every other component of libvirt) is in XML.
+&lt;code>virsh&lt;/code> comes with a &lt;code>net-dumpxml&lt;/code> command to export the configuration of a network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-dumpxml default
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>The output should look (more or less) like in the following snippet:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>default&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>8d2028ed-cc9a-4eae-9883-b59b673d560d&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;forward&lt;/span> &lt;span style="color:#a6e22e">mode=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;nat&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;port&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;1024&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;65535&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/forward&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;virbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;63:b3:d8:75:53:6b&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.1&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.2&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.254&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>So we&amp;rsquo;ve a &lt;code>&amp;lt;network/&amp;gt;&lt;/code> that is defined by:&lt;/p>
+&lt;ul>
+&lt;li>a &lt;code>&amp;lt;name/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;em>optional&lt;/em> &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> node&lt;/li>
+&lt;li>a &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code> interface&lt;/li>
+&lt;li>the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> for the bridge interface (of the host)&lt;/li>
+&lt;li>the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> of the host on the bridge interface
+&lt;ul>
+&lt;li>an &lt;em>optional&lt;/em> &lt;code>&amp;lt;dhcp/&amp;gt;&lt;/code> range definition&lt;/li>
+&lt;/ul>
+&lt;/li>
+&lt;/ul>
+&lt;p>The complete reference for the XML schema can be found &lt;a href="https://libvirt.org/formatnetwork.html">here&lt;/a>.&lt;/p>
+&lt;p>Before we have a closer look how to bring Podman containers into a Libvirt network, let&amp;rsquo;s define a new &lt;code>containers&lt;/code> network.
+The following snippet contains the definition I&amp;rsquo;ll use:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>containers&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>929b7b7d-bd82-452d-96b7-12f0cf1a4b17&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;conbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;af:af:13:ed:c6:41&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.42&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.100&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.150&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>It&amp;rsquo;s quite similar except I made a few adoptions:&lt;/p>
+&lt;ul>
+&lt;li>remove the &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> block&lt;/li>
+&lt;li>change the &lt;code>&amp;lt;name/&amp;gt;&lt;/code> and the &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code> (with the help of &lt;code>uuidgen&lt;/code>)&lt;/li>
+&lt;li>change the &lt;code>name=&amp;quot;&amp;quot;&lt;/code> of the &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> (use any &lt;a href="https://macaddress.io/mac-address-generator">mac address generator&lt;/a>)&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> and &lt;code>start=&amp;quot;&amp;quot;&lt;/code> and &lt;code>end=&amp;quot;&amp;quot;&lt;/code> of the DHCP range accordingly&lt;/li>
+&lt;/ul>
+&lt;p>You may use any private network - as far as I can tell it shouldn&amp;rsquo;t matter if you&amp;rsquo;re using a class B, C or D private network as long as you don&amp;rsquo;t have any conflicts with your LAN or any other virtual interfaces of your environment.&lt;/p>
+&lt;p>When done safe your network definition as &lt;code>.xml&lt;/code> file.
+To import the configuration you can use &lt;code>virsh net-define&lt;/code> like in the following snippet (assuming the network definition is in &lt;code>containers.xml&lt;/code>):&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-define containers.xml
+&amp;gt; Network containers defined from containers.xml
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>&lt;em>Note: this only works because the XML already contains an &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>. Otherwise you&amp;rsquo;d have to use &lt;code>virsh net-create&lt;/code> and a few more extra steps to make the network actually persistent.&lt;/em>&lt;/p>
+&lt;p>If you now check with &lt;code>virsh net-list&lt;/code> you&amp;rsquo;d be disappointed because there&amp;rsquo;s no network!
+Checking again with &lt;code>virsh net-list --all&lt;/code> explains why our &lt;code>containers&lt;/code> network wasn&amp;rsquo;t in the output previously because it is by default &lt;em>inactive&lt;/em>.
+To activate it we&amp;rsquo;ve to start it like so:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-start containers
+&amp;gt; Network containers started
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>If you don&amp;rsquo;t mind the extra adapter and wish to use the network frequently in the future you might consider to autostart it:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-autostart containers
+&amp;gt; Network containers marked as autostarted
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>With our custom Libvirt network in place we&amp;rsquo;re good to go to configure Podman.&lt;/p>
+&lt;h2 id="part-2-podman-cni-network" >Part 2: Podman CNI network
+&lt;span>
+&lt;a href="#part-2-podman-cni-network">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>&lt;em>Note: this only works with &lt;strong>rootfull&lt;/strong> Podman because rootless Podman does not use CNI but another network stack.&lt;/em>&lt;/p>
+&lt;p>A clean Podman installation without any custom network created comes with the default network &lt;code>podman&lt;/code>.
+Rootfull Podman network configs are by default stored in &lt;code>/etc/cni/net.d&lt;/code>.
+You should find the default network as &lt;code>87-podman.conflist&lt;/code> in the aforementioned directory.&lt;/p>
+&lt;p>Every Podman network is defined as JSON file.
+We will define our own &lt;code>libvirt&lt;/code> network to join Podman containers into the previously created Libvirt network.
+You can either use &lt;code>podman network create&lt;/code> to create the network (at least more or less) or you can copy for example the default network and make some adjustments.&lt;/p>
+&lt;p>To create the new network from the CLI you can use the following command:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman network create &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --disable-dns &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --internal &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --gateway 10.10.2.37 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip-range 10.10.2.160/29 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --subnet 10.10.2.0/24 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> libvirt
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Note that I used a different IP range as in the Libvirt network! Otherwise Podman will complain that the IP range is already in use at an adapter.
+You can use this command to create the required file in &lt;code>/etc/cni/net.d/&lt;/code> but you&amp;rsquo;ve to update the &lt;code>ranges&lt;/code> accordingly before creating a container in the network.&lt;/p>
+&lt;p>Because we&amp;rsquo;ve to edit the &lt;code>.conflist&lt;/code> either way copy the default one is also fine.&lt;/p>
+&lt;p>The &lt;code>.conflist&lt;/code> I&amp;rsquo;m using looks like this:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-json" data-lang="json">{
+&lt;span style="color:#f92672">&amp;#34;cniVersion&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.4.0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;name&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;libvirt&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;plugins&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;bridge&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;bridge&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;conbr0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;isGateway&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">false&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;hairpinMode&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;ipam&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;host-local&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;routes&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;dst&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.0.0.0/0&amp;#34;&lt;/span>
+}
+],
+&lt;span style="color:#f92672">&amp;#34;ranges&amp;#34;&lt;/span>: [
+[
+{
+&lt;span style="color:#f92672">&amp;#34;subnet&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.0/24&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeStart&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.151&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeEnd&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.160&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;gateway&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.42&amp;#34;&lt;/span>
+}
+]
+]
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;portmap&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;capabilities&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;portMappings&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;firewall&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;backend&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;&amp;#34;&lt;/span>
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;tuning&amp;#34;&lt;/span>
+}
+]
+}
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Interestingly the &lt;code>rangeStart&lt;/code> and &lt;code>rangeEnd&lt;/code> are actually IP addresses and not tight to some IP networks but unfortunately there&amp;rsquo;s no equivalent for &lt;code>podman network create&lt;/code> hence I update both to a range after the DHCP range of the Libvirt network to make sure that no duplicate IPs are assigned.&lt;/p>
+&lt;p>I tend to declare the network as &lt;code>host-local&lt;/code> but this shouldn&amp;rsquo;t be critical.
+The &lt;strong>most important&lt;/strong> part is to update the &lt;code>bridge&lt;/code> to the same interface like in the Libvirt network definition (in my case &lt;code>conbr0&lt;/code>).&lt;/p>
+&lt;p>After this we&amp;rsquo;re ready to go and you can for instance start a Nginx container in the &lt;code>libvirt&lt;/code> network and you should be able to reach it from a VM in the Libvirt network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman run &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --rm &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> -d &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --name nginx &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --network libvirt &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip 10.10.1.151 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> docker.io/nginx:alpine
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>A nice option for &lt;code>podman run&lt;/code> is &lt;code>--ip&lt;/code>.
+You&amp;rsquo;ve to choose an IP from the previously configured &lt;code>range&lt;/code> but you can skip the &lt;code>podman inspect&lt;/code> or &lt;code>ip a&lt;/code> to get the container IP and the container will have the IP every time you start it, if you like 😉 and speaking of &amp;lsquo;nice&amp;rsquo; &lt;code>podman run&lt;/code> options: you do know &lt;code>--replace&lt;/code>, don&amp;rsquo;t you?&lt;/p></description></item></channel></rss>
--- a/post/libvirt-podman-network-mesh/index.html
+++ b/post/libvirt-podman-network-mesh/index.html
@ -0,0 +1,281 @@
+<!doctype html><html lang=en-us data-theme>
+<head>
+<meta charset=utf-8>
+<meta name=HandheldFriendly content="True">
+<meta name=viewport content="width=device-width,initial-scale=1">
+<meta name=referrer content="no-referrer-when-downgrade">
+<title>Libvirt & Podman: network 'mesh' - 1533B4dC0.de</title>
+<meta name=description content="Joining libvirt VMs and Podman container in a common network">
+<link rel=icon type=image/x-icon href=https://www.1533b4dc0.de/favicon.ico>
+<link rel=apple-touch-icon-precomposed href=https://www.1533b4dc0.de/favicon.png>
+<style>body{visibility:hidden;opacity:0}</style>
+<noscript>
+<style>body{visibility:visible;opacity:1}</style>
+</noscript>
+<link rel=stylesheet href=https://www.1533b4dc0.de/css/style.min.e4dd69a921886f06d1a0e2bf835aa4fdced2d03b6f83804e6ae146caac8882bb.css integrity="sha256-5N1pqSGIbwbRoOK/g1qk/c7S0Dtvg4BOauFGyqyIgrs=">
+<script src=https://www.1533b4dc0.de/js/script.min.510c781c39dbb21b4c76d85c82e2bdf4689220adbb7cd61e49e9d293e442fb42.js type=text/javascript integrity="sha256-UQx4HDnbshtMdthcguK99GiSIK27fNYeSenSk+RC+0I="></script>
+<meta property="og:title" content="Libvirt & Podman: network 'mesh'">
+<meta property="og:description" content="Joining libvirt VMs and Podman container in a common network">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/"><meta property="article:section" content="post">
+<meta property="article:published_time" content="2022-02-24T00:00:00+00:00">
+<meta property="article:modified_time" content="2022-02-24T00:00:00+00:00">
+<meta name=twitter:card content="summary">
+<meta name=twitter:title content="Libvirt & Podman: network 'mesh'">
+<meta name=twitter:description content="Joining libvirt VMs and Podman container in a common network">
+</head>
+<body>
+<a class=skip-main href=#main>Skip to main content</a>
+<div class=container>
+<header class=common-header>
+<div class=header-top>
+<h1 class=site-title>
+<a href=/>1533B4dC0.de</a>
+</h1>
+<ul class=social-icons>
+<li>
+<a href=https://github.com/baez90 title=Github rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path fill="currentcolor" d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6.0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6.0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3.0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1.0-6.2-.3-40.4-.3-61.4.0.0-70 15-84.7-29.8.0.0-11.4-29.1-27.8-36.6.0.0-22.9-15.7 1.6-15.4.0.0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5.0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9.0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4.0 33.7-.3 75.4-.3 83.6.0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6.0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9.0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.linkedin.com/in/peter-s-kurfer title=Linkedin rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentcolor" d="M416 32H31.9C14.3 32 0 46.5.0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6.0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3zM135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3.0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2.0 38.5 17.3 38.5 38.5.0 21.3-17.2 38.5-38.5 38.5zm282.1 243h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6.0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2.0 79.7 44.3 79.7 101.9V416z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.xing.com/profile/Sebastian_Kurfer title=Xing rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path fill="currentcolor" d="M162.7 210c-1.8 3.3-25.2 44.4-70.1 123.5-4.9 8.3-10.8 12.5-17.7 12.5H9.8c-7.7.0-12.1-7.5-8.5-14.4l69-121.3c.2.0.2-.1.0-.3l-43.9-75.6c-4.3-7.8.3-14.1 8.5-14.1H1e2c7.3.0 13.3 4.1 18 12.2l44.7 77.5zM382.6 46.1l-144 253v.3L330.2 466c3.9 7.1.2 14.1-8.5 14.1h-65.2c-7.6.0-13.6-4-18-12.2l-92.4-168.5c3.3-5.8 51.5-90.8 144.8-255.2 4.6-8.1 10.4-12.2 17.5-12.2h65.7c8 0 12.3 6.7 8.5 14.1z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.1533b4dc0.de/index.xml title=RSS rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentcolor" d="M128.081 415.959c0 35.369-28.672 64.041-64.041 64.041S0 451.328.0 415.959s28.672-64.041 64.041-64.041 64.04 28.673 64.04 64.041zm175.66 47.25c-8.354-154.6-132.185-278.587-286.95-286.95C7.656 175.765.0 183.105.0 192.253v48.069c0 8.415 6.49 15.472 14.887 16.018 111.832 7.284 201.473 96.702 208.772 208.772.547 8.397 7.604 14.887 16.018 14.887h48.069c9.149.001 16.489-7.655 15.995-16.79zm144.249.288C439.596 229.677 251.465 40.445 16.503 32.01 7.473 31.686.0 38.981.0 48.016v48.068c0 8.625 6.835 15.645 15.453 15.999 191.179 7.839 344.627 161.316 352.465 352.465.353 8.618 7.373 15.453 15.999 15.453h48.068c9.034-.001 16.329-7.474 16.005-16.504z"/></svg>
+</span>
+</a>
+</li>
+</ul>
+</div>
+<nav>
+<a href=https://www.1533b4dc0.de/about/ title>About</a>
+<a href=https://www.1533b4dc0.de/projects/ title>Projects</a>
+<a href=https://www.1533b4dc0.de/tags/ title>Tags</a>
+<a href=https://www.1533b4dc0.de/posts/ title>Archive</a>
+</nav>
+</header>
+<main id=main tabindex=-1>
+<article class="post h-entry">
+<div class=post-header>
+<header>
+<h1 class="p-name post-title">Libvirt & Podman: network 'mesh'</h1>
+</header>
+</div>
+<div class="content e-content">
+<p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
+<p>When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
+I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜</p>
+<p>Well 1st of all, not everything can be solved with containers.
+For instance windows applications can be run in Windows containers but I&rsquo;m not aware of how to run a Windows container on my Linux desktop.</p>
+<p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
+As you might know I&rsquo;m a bit of network 🤓 and I love playing around with &lsquo;weird&rsquo; stuff almost no one else does even think about if not forced to.
+So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with DNAT support (stay tuned - post&rsquo;s following!).</p>
+<h2 id=part-1-libvirt-preparation>Part 1: Libvirt preparation
+<span>
+<a href=#part-1-libvirt-preparation><svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 007.54.54l3-3a5 5 0 00-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 00-7.54-.54l-3 3a5 5 0 007.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
+</a>
+</span>
+</h2><p>Okay now that I came around with <em>some</em> arguments - if they&rsquo;re convincing or not is not important - how does this work?</p>
+<p>Assuming you&rsquo;ve Libvirt and Podman already installed on your system without any modification and you run</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash>virsh net-list
+</code></pre></div><p>you should have at least the <code>default</code> network already.</p>
+<p>The definition of all networks (as of every other component of libvirt) is in XML.
+<code>virsh</code> comes with a <code>net-dumpxml</code> command to export the configuration of a network:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash>virsh net-dumpxml default
+</code></pre></div><p>The output should look (more or less) like in the following snippet:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-xml data-lang=xml><span style=color:#f92672>&lt;network&gt;</span>
+  <span style=color:#f92672>&lt;name&gt;</span>default<span style=color:#f92672>&lt;/name&gt;</span>
+  <span style=color:#f92672>&lt;uuid&gt;</span>8d2028ed-cc9a-4eae-9883-b59b673d560d<span style=color:#f92672>&lt;/uuid&gt;</span>
+  <span style=color:#f92672>&lt;forward</span> <span style=color:#a6e22e>mode=</span><span style=color:#e6db74>&#39;nat&#39;</span><span style=color:#f92672>&gt;</span>
+    <span style=color:#f92672>&lt;nat&gt;</span>
+      <span style=color:#f92672>&lt;port</span> <span style=color:#a6e22e>start=</span><span style=color:#e6db74>&#39;1024&#39;</span> <span style=color:#a6e22e>end=</span><span style=color:#e6db74>&#39;65535&#39;</span><span style=color:#f92672>/&gt;</span>
+    <span style=color:#f92672>&lt;/nat&gt;</span>
+  <span style=color:#f92672>&lt;/forward&gt;</span>
+  <span style=color:#f92672>&lt;bridge</span> <span style=color:#a6e22e>name=</span><span style=color:#e6db74>&#39;virbr0&#39;</span> <span style=color:#a6e22e>stp=</span><span style=color:#e6db74>&#39;on&#39;</span> <span style=color:#a6e22e>delay=</span><span style=color:#e6db74>&#39;0&#39;</span><span style=color:#f92672>/&gt;</span>
+  <span style=color:#f92672>&lt;mac</span> <span style=color:#a6e22e>address=</span><span style=color:#e6db74>&#39;63:b3:d8:75:53:6b&#39;</span><span style=color:#f92672>/&gt;</span>
+  <span style=color:#f92672>&lt;ip</span> <span style=color:#a6e22e>address=</span><span style=color:#e6db74>&#39;192.168.122.1&#39;</span> <span style=color:#a6e22e>netmask=</span><span style=color:#e6db74>&#39;255.255.255.0&#39;</span><span style=color:#f92672>&gt;</span>
+    <span style=color:#f92672>&lt;dhcp&gt;</span>
+      <span style=color:#f92672>&lt;range</span> <span style=color:#a6e22e>start=</span><span style=color:#e6db74>&#39;192.168.122.2&#39;</span> <span style=color:#a6e22e>end=</span><span style=color:#e6db74>&#39;192.168.122.254&#39;</span><span style=color:#f92672>/&gt;</span>
+    <span style=color:#f92672>&lt;/dhcp&gt;</span>
+  <span style=color:#f92672>&lt;/ip&gt;</span>
+<span style=color:#f92672>&lt;/network&gt;</span>
+</code></pre></div><p>So we&rsquo;ve a <code>&lt;network/></code> that is defined by:</p>
+<ul>
+<li>a <code>&lt;name/></code></li>
+<li>a <code>&lt;uuid/></code></li>
+<li>a <em>optional</em> <code>&lt;forward/></code> node</li>
+<li>a <code>&lt;bridge/></code> interface</li>
+<li>the <code>&lt;mac/></code> for the bridge interface (of the host)</li>
+<li>the <code>&lt;ip/></code> of the host on the bridge interface
+<ul>
+<li>an <em>optional</em> <code>&lt;dhcp/></code> range definition</li>
+</ul>
+</li>
+</ul>
+<p>The complete reference for the XML schema can be found <a href=https://libvirt.org/formatnetwork.html>here</a>.</p>
+<p>Before we have a closer look how to bring Podman containers into a Libvirt network, let&rsquo;s define a new <code>containers</code> network.
+The following snippet contains the definition I&rsquo;ll use:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-xml data-lang=xml><span style=color:#f92672>&lt;network&gt;</span>
+  <span style=color:#f92672>&lt;name&gt;</span>containers<span style=color:#f92672>&lt;/name&gt;</span>
+  <span style=color:#f92672>&lt;uuid&gt;</span>929b7b7d-bd82-452d-96b7-12f0cf1a4b17<span style=color:#f92672>&lt;/uuid&gt;</span>
+  <span style=color:#f92672>&lt;bridge</span> <span style=color:#a6e22e>name=</span><span style=color:#e6db74>&#39;conbr0&#39;</span> <span style=color:#a6e22e>stp=</span><span style=color:#e6db74>&#39;on&#39;</span> <span style=color:#a6e22e>delay=</span><span style=color:#e6db74>&#39;0&#39;</span><span style=color:#f92672>/&gt;</span>
+  <span style=color:#f92672>&lt;mac</span> <span style=color:#a6e22e>address=</span><span style=color:#e6db74>&#39;af:af:13:ed:c6:41&#39;</span><span style=color:#f92672>/&gt;</span>
+  <span style=color:#f92672>&lt;ip</span> <span style=color:#a6e22e>address=</span><span style=color:#e6db74>&#39;10.10.1.42&#39;</span> <span style=color:#a6e22e>netmask=</span><span style=color:#e6db74>&#39;255.255.255.0&#39;</span><span style=color:#f92672>&gt;</span>
+    <span style=color:#f92672>&lt;dhcp&gt;</span>
+      <span style=color:#f92672>&lt;range</span> <span style=color:#a6e22e>start=</span><span style=color:#e6db74>&#39;10.10.1.100&#39;</span> <span style=color:#a6e22e>end=</span><span style=color:#e6db74>&#39;10.10.1.150&#39;</span><span style=color:#f92672>/&gt;</span>
+    <span style=color:#f92672>&lt;/dhcp&gt;</span>
+  <span style=color:#f92672>&lt;/ip&gt;</span>
+<span style=color:#f92672>&lt;/network&gt;</span>
+</code></pre></div><p>It&rsquo;s quite similar except I made a few adoptions:</p>
+<ul>
+<li>remove the <code>&lt;forward/></code> block</li>
+<li>change the <code>&lt;name/></code> and the <code>&lt;uuid/></code> (with the help of <code>uuidgen</code>)</li>
+<li>change the <code>name=""</code> of the <code>&lt;bridge/></code></li>
+<li>change the <code>address=""</code> attribute of the <code>&lt;mac/></code> (use any <a href=https://macaddress.io/mac-address-generator>mac address generator</a>)</li>
+<li>change the <code>address=""</code> attribute of the <code>&lt;ip/></code> and <code>start=""</code> and <code>end=""</code> of the DHCP range accordingly</li>
+</ul>
+<p>You may use any private network - as far as I can tell it shouldn&rsquo;t matter if you&rsquo;re using a class B, C or D private network as long as you don&rsquo;t have any conflicts with your LAN or any other virtual interfaces of your environment.</p>
+<p>When done safe your network definition as <code>.xml</code> file.
+To import the configuration you can use <code>virsh net-define</code> like in the following snippet (assuming the network definition is in <code>containers.xml</code>):</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash>$ virsh net-define containers.xml
+
+&gt; Network containers defined from containers.xml
+</code></pre></div><p><em>Note: this only works because the XML already contains an <code>&lt;uuid/></code>. Otherwise you&rsquo;d have to use <code>virsh net-create</code> and a few more extra steps to make the network actually persistent.</em></p>
+<p>If you now check with <code>virsh net-list</code> you&rsquo;d be disappointed because there&rsquo;s no network!
+Checking again with <code>virsh net-list --all</code> explains why our <code>containers</code> network wasn&rsquo;t in the output previously because it is by default <em>inactive</em>.
+To activate it we&rsquo;ve to start it like so:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash>$ virsh net-start containers
+
+&gt; Network containers started
+</code></pre></div><p>If you don&rsquo;t mind the extra adapter and wish to use the network frequently in the future you might consider to autostart it:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash>$ virsh net-autostart containers
+
+&gt; Network containers marked as autostarted
+</code></pre></div><p>With our custom Libvirt network in place we&rsquo;re good to go to configure Podman.</p>
+<h2 id=part-2-podman-cni-network>Part 2: Podman CNI network
+<span>
+<a href=#part-2-podman-cni-network><svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 007.54.54l3-3a5 5 0 00-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 00-7.54-.54l-3 3a5 5 0 007.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
+</a>
+</span>
+</h2><p><em>Note: this only works with <strong>rootfull</strong> Podman because rootless Podman does not use CNI but another network stack.</em></p>
+<p>A clean Podman installation without any custom network created comes with the default network <code>podman</code>.
+Rootfull Podman network configs are by default stored in <code>/etc/cni/net.d</code>.
+You should find the default network as <code>87-podman.conflist</code> in the aforementioned directory.</p>
+<p>Every Podman network is defined as JSON file.
+We will define our own <code>libvirt</code> network to join Podman containers into the previously created Libvirt network.
+You can either use <code>podman network create</code> to create the network (at least more or less) or you can copy for example the default network and make some adjustments.</p>
+<p>To create the new network from the CLI you can use the following command:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash>podman network create <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --disable-dns <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --internal <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --gateway 10.10.2.37 <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --ip-range 10.10.2.160/29 <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --subnet 10.10.2.0/24 <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    libvirt
+</code></pre></div><p>Note that I used a different IP range as in the Libvirt network! Otherwise Podman will complain that the IP range is already in use at an adapter.
+You can use this command to create the required file in <code>/etc/cni/net.d/</code> but you&rsquo;ve to update the <code>ranges</code> accordingly before creating a container in the network.</p>
+<p>Because we&rsquo;ve to edit the <code>.conflist</code> either way copy the default one is also fine.</p>
+<p>The <code>.conflist</code> I&rsquo;m using looks like this:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-json data-lang=json>{
+   <span style=color:#f92672>&#34;cniVersion&#34;</span>: <span style=color:#e6db74>&#34;0.4.0&#34;</span>,
+   <span style=color:#f92672>&#34;name&#34;</span>: <span style=color:#e6db74>&#34;libvirt&#34;</span>,
+   <span style=color:#f92672>&#34;plugins&#34;</span>: [
+      {
+         <span style=color:#f92672>&#34;type&#34;</span>: <span style=color:#e6db74>&#34;bridge&#34;</span>,
+         <span style=color:#f92672>&#34;bridge&#34;</span>: <span style=color:#e6db74>&#34;conbr0&#34;</span>,
+         <span style=color:#f92672>&#34;isGateway&#34;</span>: <span style=color:#66d9ef>false</span>,
+         <span style=color:#f92672>&#34;hairpinMode&#34;</span>: <span style=color:#66d9ef>true</span>,
+         <span style=color:#f92672>&#34;ipam&#34;</span>: {
+            <span style=color:#f92672>&#34;type&#34;</span>: <span style=color:#e6db74>&#34;host-local&#34;</span>,
+            <span style=color:#f92672>&#34;routes&#34;</span>: [
+               {
+                  <span style=color:#f92672>&#34;dst&#34;</span>: <span style=color:#e6db74>&#34;0.0.0.0/0&#34;</span>
+               }
+            ],
+            <span style=color:#f92672>&#34;ranges&#34;</span>: [
+               [
+                  {
+                     <span style=color:#f92672>&#34;subnet&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.0/24&#34;</span>,
+                     <span style=color:#f92672>&#34;rangeStart&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.151&#34;</span>,
+                     <span style=color:#f92672>&#34;rangeEnd&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.160&#34;</span>,
+                     <span style=color:#f92672>&#34;gateway&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.42&#34;</span>
+                  }
+               ]
+            ]
+         }
+      },
+      {
+         <span style=color:#f92672>&#34;type&#34;</span>: <span style=color:#e6db74>&#34;portmap&#34;</span>,
+         <span style=color:#f92672>&#34;capabilities&#34;</span>: {
+            <span style=color:#f92672>&#34;portMappings&#34;</span>: <span style=color:#66d9ef>true</span>
+         }
+      },
+      {
+         <span style=color:#f92672>&#34;type&#34;</span>: <span style=color:#e6db74>&#34;firewall&#34;</span>,
+         <span style=color:#f92672>&#34;backend&#34;</span>: <span style=color:#e6db74>&#34;&#34;</span>
+      },
+      {
+         <span style=color:#f92672>&#34;type&#34;</span>: <span style=color:#e6db74>&#34;tuning&#34;</span>
+      }
+   ]
+}
+</code></pre></div><p>Interestingly the <code>rangeStart</code> and <code>rangeEnd</code> are actually IP addresses and not tight to some IP networks but unfortunately there&rsquo;s no equivalent for <code>podman network create</code> hence I update both to a range after the DHCP range of the Libvirt network to make sure that no duplicate IPs are assigned.</p>
+<p>I tend to declare the network as <code>host-local</code> but this shouldn&rsquo;t be critical.
+The <strong>most important</strong> part is to update the <code>bridge</code> to the same interface like in the Libvirt network definition (in my case <code>conbr0</code>).</p>
+<p>After this we&rsquo;re ready to go and you can for instance start a Nginx container in the <code>libvirt</code> network and you should be able to reach it from a VM in the Libvirt network:</p>
+<div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash>podman run <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --rm <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    -d <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --name nginx <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --network libvirt <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    --ip 10.10.1.151 <span style=color:#ae81ff>\
+</span><span style=color:#ae81ff></span>    docker.io/nginx:alpine
+</code></pre></div><p>A nice option for <code>podman run</code> is <code>--ip</code>.
+You&rsquo;ve to choose an IP from the previously configured <code>range</code> but you can skip the <code>podman inspect</code> or <code>ip a</code> to get the container IP and the container will have the IP every time you start it, if you like 😉 and speaking of &lsquo;nice&rsquo; <code>podman run</code> options: you do know <code>--replace</code>, don&rsquo;t you?</p>
+</div>
+<div class=post-info>
+<div class="post-date dt-published">2022-02-24</div>
+<a class="post-hidden-url u-url" href=https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</a>
+<a href=https://www.1533b4dc0.de/ class="p-name p-author post-hidden-author h-card" rel=me>Peter Kurfer</a>
+<div class=post-taxonomies>
+<ul class=post-tags>
+<li><a href=https://www.1533b4dc0.de/tags/podman/>#podman</a></li>
+<li><a href=https://www.1533b4dc0.de/tags/libvirt/>#libvirt</a></li>
+</ul>
+</div>
+</div>
+</article>
+</main>
+<footer class=common-footer>
+<div class=common-footer-bottom>
+<div class=copyright>
+<p>© Peter Kurfer, 2022<br>
+Powered by <a target=_blank rel="noopener noreferrer" href=https://gohugo.io/>Hugo</a>, theme <a target=_blank rel="noopener noreferrer" href=https://github.com/mitrichius/hugo-theme-anubis>Anubis</a>.<br>
+<script src=https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js></script>
+<script>mermaid.initialize({startOnLoad:!0,securityLevel:'loose'})</script>
+</p>
+</div>
+<button class=theme-switcher>
+Dark theme
+</button>
+<script>const STORAGE_KEY='user-color-scheme',defaultTheme="auto";let currentTheme,switchButton,autoDefinedScheme=window.matchMedia('(prefers-color-scheme: dark)');const autoChangeScheme=a=>{currentTheme=a.matches?'dark':'light',document.documentElement.setAttribute('data-theme',currentTheme),changeButtonText()};document.addEventListener('DOMContentLoaded',function(){switchButton=document.querySelector('.theme-switcher'),currentTheme=detectCurrentScheme(),currentTheme=='dark'&&document.documentElement.setAttribute('data-theme','dark'),currentTheme=='auto'&&(autoChangeScheme(autoDefinedScheme),autoDefinedScheme.addListener(autoChangeScheme)),switchButton&&(changeButtonText(),switchButton.addEventListener('click',switchTheme,!1)),showContent()});function detectCurrentScheme(){return localStorage.getItem(STORAGE_KEY)?localStorage.getItem(STORAGE_KEY):defaultTheme?defaultTheme:window.matchMedia?window.matchMedia('(prefers-color-scheme: dark)').matches?'dark':'light':'light'}function changeButtonText(a){a&&(a.textContent=currentTheme=='dark'?"Light theme":"Dark theme")}function switchTheme(a){currentTheme=='dark'?(localStorage.setItem(STORAGE_KEY,'light'),document.documentElement.setAttribute('data-theme','light'),currentTheme='light'):(localStorage.setItem(STORAGE_KEY,'dark'),document.documentElement.setAttribute('data-theme','dark'),currentTheme='dark'),changeButtonText()}function showContent(){document.body.style.visibility='visible',document.body.style.opacity=1}</script>
+</div>
+<p class="h-card vcard">
+<a href=https://www.1533b4dc0.de/ class="p-name u-url url fn" rel=me>Peter Kurfer</a>
+</p>
+</footer>
+</div>
+</body>
+</html>
--- a/sitemap.xml
+++ b/sitemap.xml
@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml"><url><loc>https://www.1533b4dc0.de/about/</loc></url><url><loc>https://www.1533b4dc0.de/projects/</loc></url><url><loc>https://www.1533b4dc0.de/</loc></url><url><loc>https://www.1533b4dc0.de/categories/</loc></url><url><loc>https://www.1533b4dc0.de/tags/index/</loc></url><url><loc>https://www.1533b4dc0.de/post/</loc></url><url><loc>https://www.1533b4dc0.de/tags/</loc></url></urlset>
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml"><url><loc>https://www.1533b4dc0.de/about/</loc></url><url><loc>https://www.1533b4dc0.de/projects/</loc></url><url><loc>https://www.1533b4dc0.de/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/libvirt/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/podman/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/post/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/categories/</loc></url><url><loc>https://www.1533b4dc0.de/tags/index/</loc></url></urlset>
--- a/tags/index.html
+++ b/tags/index.html
@ -74,6 +74,14 @@
 <a href=/tags/index/>index</a>
 (1)
 </li>
+<li>
+<a href=/tags/libvirt/>libvirt</a>
+(1)
+</li>
+<li>
+<a href=/tags/podman/>podman</a>
+(1)
+</li>
 </ul>
 </main>
 <footer class=common-footer>
--- a/tags/index.xml
+++ b/tags/index.xml
@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Tags on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/</link><description>1533B4dC0.de (Tags)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><atom:link href="https://www.1533b4dc0.de/tags/index.xml" rel="self" type="application/rss+xml"/></channel></rss>
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Tags on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/</link><description>1533B4dC0.de (Tags)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/index.xml" rel="self" type="application/rss+xml"/></channel></rss>
--- a/tags/libvirt/index.html
+++ b/tags/libvirt/index.html
@ -0,0 +1,116 @@
+<!doctype html><html lang=en-us data-theme>
+<head>
+<meta charset=utf-8>
+<meta name=HandheldFriendly content="True">
+<meta name=viewport content="width=device-width,initial-scale=1">
+<meta name=referrer content="no-referrer-when-downgrade">
+<title>libvirt - 1533B4dC0.de</title>
+<meta name=description content>
+<link rel=alternate type=application/rss+xml href=https://www.1533b4dc0.de/tags/libvirt/index.xml title=1533B4dC0.de>
+<link rel=icon type=image/x-icon href=https://www.1533b4dc0.de/favicon.ico>
+<link rel=apple-touch-icon-precomposed href=https://www.1533b4dc0.de/favicon.png>
+<style>body{visibility:hidden;opacity:0}</style>
+<noscript>
+<style>body{visibility:visible;opacity:1}</style>
+</noscript>
+<link rel=stylesheet href=https://www.1533b4dc0.de/css/style.min.e4dd69a921886f06d1a0e2bf835aa4fdced2d03b6f83804e6ae146caac8882bb.css integrity="sha256-5N1pqSGIbwbRoOK/g1qk/c7S0Dtvg4BOauFGyqyIgrs=">
+<script src=https://www.1533b4dc0.de/js/script.min.510c781c39dbb21b4c76d85c82e2bdf4689220adbb7cd61e49e9d293e442fb42.js type=text/javascript integrity="sha256-UQx4HDnbshtMdthcguK99GiSIK27fNYeSenSk+RC+0I="></script>
+<meta property="og:title" content="libvirt">
+<meta property="og:description" content>
+<meta property="og:type" content="website">
+<meta property="og:url" content="https://www.1533b4dc0.de/tags/libvirt/">
+<meta name=twitter:card content="summary">
+<meta name=twitter:title content="libvirt">
+<meta name=twitter:description content>
+</head>
+<body>
+<a class=skip-main href=#main>Skip to main content</a>
+<div class=container>
+<header class=common-header>
+<div class=header-top>
+<h1 class=site-title>
+<a href=/>1533B4dC0.de</a>
+</h1>
+<ul class=social-icons>
+<li>
+<a href=https://github.com/baez90 title=Github rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path fill="currentcolor" d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6.0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6.0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3.0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1.0-6.2-.3-40.4-.3-61.4.0.0-70 15-84.7-29.8.0.0-11.4-29.1-27.8-36.6.0.0-22.9-15.7 1.6-15.4.0.0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5.0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9.0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4.0 33.7-.3 75.4-.3 83.6.0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6.0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9.0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.linkedin.com/in/peter-s-kurfer title=Linkedin rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentcolor" d="M416 32H31.9C14.3 32 0 46.5.0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6.0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3zM135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3.0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2.0 38.5 17.3 38.5 38.5.0 21.3-17.2 38.5-38.5 38.5zm282.1 243h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6.0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2.0 79.7 44.3 79.7 101.9V416z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.xing.com/profile/Sebastian_Kurfer title=Xing rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path fill="currentcolor" d="M162.7 210c-1.8 3.3-25.2 44.4-70.1 123.5-4.9 8.3-10.8 12.5-17.7 12.5H9.8c-7.7.0-12.1-7.5-8.5-14.4l69-121.3c.2.0.2-.1.0-.3l-43.9-75.6c-4.3-7.8.3-14.1 8.5-14.1H1e2c7.3.0 13.3 4.1 18 12.2l44.7 77.5zM382.6 46.1l-144 253v.3L330.2 466c3.9 7.1.2 14.1-8.5 14.1h-65.2c-7.6.0-13.6-4-18-12.2l-92.4-168.5c3.3-5.8 51.5-90.8 144.8-255.2 4.6-8.1 10.4-12.2 17.5-12.2h65.7c8 0 12.3 6.7 8.5 14.1z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.1533b4dc0.de/index.xml title=RSS rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentcolor" d="M128.081 415.959c0 35.369-28.672 64.041-64.041 64.041S0 451.328.0 415.959s28.672-64.041 64.041-64.041 64.04 28.673 64.04 64.041zm175.66 47.25c-8.354-154.6-132.185-278.587-286.95-286.95C7.656 175.765.0 183.105.0 192.253v48.069c0 8.415 6.49 15.472 14.887 16.018 111.832 7.284 201.473 96.702 208.772 208.772.547 8.397 7.604 14.887 16.018 14.887h48.069c9.149.001 16.489-7.655 15.995-16.79zm144.249.288C439.596 229.677 251.465 40.445 16.503 32.01 7.473 31.686.0 38.981.0 48.016v48.068c0 8.625 6.835 15.645 15.453 15.999 191.179 7.839 344.627 161.316 352.465 352.465.353 8.618 7.373 15.453 15.999 15.453h48.068c9.034-.001 16.329-7.474 16.005-16.504z"/></svg>
+</span>
+</a>
+</li>
+</ul>
+</div>
+<nav>
+<a href=https://www.1533b4dc0.de/about/ title>About</a>
+<a href=https://www.1533b4dc0.de/projects/ title>Projects</a>
+<a href=https://www.1533b4dc0.de/tags/ title>Tags</a>
+<a href=https://www.1533b4dc0.de/posts/ title>Archive</a>
+</nav>
+</header>
+<main id=main tabindex=-1>
+<h1>Tag: libvirt</h1>
+<div class=post-info>
+<a href=/tags/>To all tags</a>
+</div>
+<article class="post-list h-feed">
+<div class=post-header>
+<header>
+<h1 class="p-name post-title"><a class=u-url href=/post/libvirt-podman-network-mesh/>Libvirt & Podman: network 'mesh'</a></h1>
+</header>
+</div>
+<div class="content post-summary p-summary">
+Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give Netavark a try, too!
+When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment. I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜
+</div>
+<div class=post-info>
+<div class="post-date dt-published">2022-02-24</div>
+<a class="post-hidden-url u-url" href=https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</a>
+<a href=https://www.1533b4dc0.de/ class="p-name p-author post-hidden-author h-card" rel=me>Peter Kurfer</a>
+<div class=post-taxonomies>
+<ul class=post-tags>
+<li><a href=https://www.1533b4dc0.de/tags/podman/>#podman</a></li>
+<li><a href=https://www.1533b4dc0.de/tags/libvirt/>#libvirt</a></li>
+</ul>
+</div>
+</div>
+</article>
+</main>
+<footer class=common-footer>
+<div class=common-footer-bottom>
+<div class=copyright>
+<p>© Peter Kurfer, 2022<br>
+Powered by <a target=_blank rel="noopener noreferrer" href=https://gohugo.io/>Hugo</a>, theme <a target=_blank rel="noopener noreferrer" href=https://github.com/mitrichius/hugo-theme-anubis>Anubis</a>.<br>
+<script src=https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js></script>
+<script>mermaid.initialize({startOnLoad:!0,securityLevel:'loose'})</script>
+</p>
+</div>
+<button class=theme-switcher>
+Dark theme
+</button>
+<script>const STORAGE_KEY='user-color-scheme',defaultTheme="auto";let currentTheme,switchButton,autoDefinedScheme=window.matchMedia('(prefers-color-scheme: dark)');const autoChangeScheme=a=>{currentTheme=a.matches?'dark':'light',document.documentElement.setAttribute('data-theme',currentTheme),changeButtonText()};document.addEventListener('DOMContentLoaded',function(){switchButton=document.querySelector('.theme-switcher'),currentTheme=detectCurrentScheme(),currentTheme=='dark'&&document.documentElement.setAttribute('data-theme','dark'),currentTheme=='auto'&&(autoChangeScheme(autoDefinedScheme),autoDefinedScheme.addListener(autoChangeScheme)),switchButton&&(changeButtonText(),switchButton.addEventListener('click',switchTheme,!1)),showContent()});function detectCurrentScheme(){return localStorage.getItem(STORAGE_KEY)?localStorage.getItem(STORAGE_KEY):defaultTheme?defaultTheme:window.matchMedia?window.matchMedia('(prefers-color-scheme: dark)').matches?'dark':'light':'light'}function changeButtonText(a){a&&(a.textContent=currentTheme=='dark'?"Light theme":"Dark theme")}function switchTheme(a){currentTheme=='dark'?(localStorage.setItem(STORAGE_KEY,'light'),document.documentElement.setAttribute('data-theme','light'),currentTheme='light'):(localStorage.setItem(STORAGE_KEY,'dark'),document.documentElement.setAttribute('data-theme','dark'),currentTheme='dark'),changeButtonText()}function showContent(){document.body.style.visibility='visible',document.body.style.opacity=1}</script>
+</div>
+<p class="h-card vcard">
+<a href=https://www.1533b4dc0.de/ class="p-name u-url url fn" rel=me>Peter Kurfer</a>
+</p>
+</footer>
+</div>
+</body>
+</html>
--- a/tags/libvirt/index.xml
+++ b/tags/libvirt/index.xml
@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>libvirt on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/libvirt/</link><description>1533B4dC0.de (libvirt)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/libvirt/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt &amp; Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description>&lt;p>&lt;em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&amp;rsquo;ll give &lt;strong>Netavark&lt;/strong> a try, too!&lt;/em>&lt;/p>
+&lt;p>When playing around with containers and VMs one might ask if it&amp;rsquo;s possible to bring VMs and containers into a common network segment.
+I see &amp;lsquo;why the hell would I need a VM anyway when already having containers&amp;rsquo; or something similar I almost see on your face 😜&lt;/p>
+&lt;p>Well 1st of all, not everything can be solved with containers.
+For instance windows applications can be run in Windows containers but I&amp;rsquo;m not aware of how to run a Windows container on my Linux desktop.&lt;/p>
+&lt;p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
+As you might know I&amp;rsquo;m a bit of network 🤓 and I love playing around with &amp;lsquo;weird&amp;rsquo; stuff almost no one else does even think about if not forced to.
+So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &amp;ldquo;why&amp;rsquo;s Netflix on the TV not working?!&amp;rdquo; 😄 or also if you try to implement your own &amp;lsquo;firewall&amp;rsquo; with DNAT support (stay tuned - post&amp;rsquo;s following!).&lt;/p>
+&lt;h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
+&lt;span>
+&lt;a href="#part-1-libvirt-preparation">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>Okay now that I came around with &lt;em>some&lt;/em> arguments - if they&amp;rsquo;re convincing or not is not important - how does this work?&lt;/p>
+&lt;p>Assuming you&amp;rsquo;ve Libvirt and Podman already installed on your system without any modification and you run&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-list
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>you should have at least the &lt;code>default&lt;/code> network already.&lt;/p>
+&lt;p>The definition of all networks (as of every other component of libvirt) is in XML.
+&lt;code>virsh&lt;/code> comes with a &lt;code>net-dumpxml&lt;/code> command to export the configuration of a network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-dumpxml default
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>The output should look (more or less) like in the following snippet:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>default&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>8d2028ed-cc9a-4eae-9883-b59b673d560d&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;forward&lt;/span> &lt;span style="color:#a6e22e">mode=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;nat&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;port&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;1024&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;65535&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/forward&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;virbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;63:b3:d8:75:53:6b&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.1&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.2&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.254&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>So we&amp;rsquo;ve a &lt;code>&amp;lt;network/&amp;gt;&lt;/code> that is defined by:&lt;/p>
+&lt;ul>
+&lt;li>a &lt;code>&amp;lt;name/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;em>optional&lt;/em> &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> node&lt;/li>
+&lt;li>a &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code> interface&lt;/li>
+&lt;li>the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> for the bridge interface (of the host)&lt;/li>
+&lt;li>the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> of the host on the bridge interface
+&lt;ul>
+&lt;li>an &lt;em>optional&lt;/em> &lt;code>&amp;lt;dhcp/&amp;gt;&lt;/code> range definition&lt;/li>
+&lt;/ul>
+&lt;/li>
+&lt;/ul>
+&lt;p>The complete reference for the XML schema can be found &lt;a href="https://libvirt.org/formatnetwork.html">here&lt;/a>.&lt;/p>
+&lt;p>Before we have a closer look how to bring Podman containers into a Libvirt network, let&amp;rsquo;s define a new &lt;code>containers&lt;/code> network.
+The following snippet contains the definition I&amp;rsquo;ll use:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>containers&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>929b7b7d-bd82-452d-96b7-12f0cf1a4b17&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;conbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;af:af:13:ed:c6:41&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.42&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.100&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.150&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>It&amp;rsquo;s quite similar except I made a few adoptions:&lt;/p>
+&lt;ul>
+&lt;li>remove the &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> block&lt;/li>
+&lt;li>change the &lt;code>&amp;lt;name/&amp;gt;&lt;/code> and the &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code> (with the help of &lt;code>uuidgen&lt;/code>)&lt;/li>
+&lt;li>change the &lt;code>name=&amp;quot;&amp;quot;&lt;/code> of the &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> (use any &lt;a href="https://macaddress.io/mac-address-generator">mac address generator&lt;/a>)&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> and &lt;code>start=&amp;quot;&amp;quot;&lt;/code> and &lt;code>end=&amp;quot;&amp;quot;&lt;/code> of the DHCP range accordingly&lt;/li>
+&lt;/ul>
+&lt;p>You may use any private network - as far as I can tell it shouldn&amp;rsquo;t matter if you&amp;rsquo;re using a class B, C or D private network as long as you don&amp;rsquo;t have any conflicts with your LAN or any other virtual interfaces of your environment.&lt;/p>
+&lt;p>When done safe your network definition as &lt;code>.xml&lt;/code> file.
+To import the configuration you can use &lt;code>virsh net-define&lt;/code> like in the following snippet (assuming the network definition is in &lt;code>containers.xml&lt;/code>):&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-define containers.xml
+&amp;gt; Network containers defined from containers.xml
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>&lt;em>Note: this only works because the XML already contains an &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>. Otherwise you&amp;rsquo;d have to use &lt;code>virsh net-create&lt;/code> and a few more extra steps to make the network actually persistent.&lt;/em>&lt;/p>
+&lt;p>If you now check with &lt;code>virsh net-list&lt;/code> you&amp;rsquo;d be disappointed because there&amp;rsquo;s no network!
+Checking again with &lt;code>virsh net-list --all&lt;/code> explains why our &lt;code>containers&lt;/code> network wasn&amp;rsquo;t in the output previously because it is by default &lt;em>inactive&lt;/em>.
+To activate it we&amp;rsquo;ve to start it like so:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-start containers
+&amp;gt; Network containers started
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>If you don&amp;rsquo;t mind the extra adapter and wish to use the network frequently in the future you might consider to autostart it:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-autostart containers
+&amp;gt; Network containers marked as autostarted
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>With our custom Libvirt network in place we&amp;rsquo;re good to go to configure Podman.&lt;/p>
+&lt;h2 id="part-2-podman-cni-network" >Part 2: Podman CNI network
+&lt;span>
+&lt;a href="#part-2-podman-cni-network">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>&lt;em>Note: this only works with &lt;strong>rootfull&lt;/strong> Podman because rootless Podman does not use CNI but another network stack.&lt;/em>&lt;/p>
+&lt;p>A clean Podman installation without any custom network created comes with the default network &lt;code>podman&lt;/code>.
+Rootfull Podman network configs are by default stored in &lt;code>/etc/cni/net.d&lt;/code>.
+You should find the default network as &lt;code>87-podman.conflist&lt;/code> in the aforementioned directory.&lt;/p>
+&lt;p>Every Podman network is defined as JSON file.
+We will define our own &lt;code>libvirt&lt;/code> network to join Podman containers into the previously created Libvirt network.
+You can either use &lt;code>podman network create&lt;/code> to create the network (at least more or less) or you can copy for example the default network and make some adjustments.&lt;/p>
+&lt;p>To create the new network from the CLI you can use the following command:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman network create &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --disable-dns &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --internal &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --gateway 10.10.2.37 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip-range 10.10.2.160/29 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --subnet 10.10.2.0/24 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> libvirt
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Note that I used a different IP range as in the Libvirt network! Otherwise Podman will complain that the IP range is already in use at an adapter.
+You can use this command to create the required file in &lt;code>/etc/cni/net.d/&lt;/code> but you&amp;rsquo;ve to update the &lt;code>ranges&lt;/code> accordingly before creating a container in the network.&lt;/p>
+&lt;p>Because we&amp;rsquo;ve to edit the &lt;code>.conflist&lt;/code> either way copy the default one is also fine.&lt;/p>
+&lt;p>The &lt;code>.conflist&lt;/code> I&amp;rsquo;m using looks like this:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-json" data-lang="json">{
+&lt;span style="color:#f92672">&amp;#34;cniVersion&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.4.0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;name&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;libvirt&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;plugins&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;bridge&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;bridge&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;conbr0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;isGateway&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">false&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;hairpinMode&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;ipam&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;host-local&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;routes&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;dst&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.0.0.0/0&amp;#34;&lt;/span>
+}
+],
+&lt;span style="color:#f92672">&amp;#34;ranges&amp;#34;&lt;/span>: [
+[
+{
+&lt;span style="color:#f92672">&amp;#34;subnet&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.0/24&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeStart&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.151&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeEnd&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.160&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;gateway&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.42&amp;#34;&lt;/span>
+}
+]
+]
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;portmap&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;capabilities&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;portMappings&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;firewall&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;backend&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;&amp;#34;&lt;/span>
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;tuning&amp;#34;&lt;/span>
+}
+]
+}
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Interestingly the &lt;code>rangeStart&lt;/code> and &lt;code>rangeEnd&lt;/code> are actually IP addresses and not tight to some IP networks but unfortunately there&amp;rsquo;s no equivalent for &lt;code>podman network create&lt;/code> hence I update both to a range after the DHCP range of the Libvirt network to make sure that no duplicate IPs are assigned.&lt;/p>
+&lt;p>I tend to declare the network as &lt;code>host-local&lt;/code> but this shouldn&amp;rsquo;t be critical.
+The &lt;strong>most important&lt;/strong> part is to update the &lt;code>bridge&lt;/code> to the same interface like in the Libvirt network definition (in my case &lt;code>conbr0&lt;/code>).&lt;/p>
+&lt;p>After this we&amp;rsquo;re ready to go and you can for instance start a Nginx container in the &lt;code>libvirt&lt;/code> network and you should be able to reach it from a VM in the Libvirt network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman run &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --rm &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> -d &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --name nginx &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --network libvirt &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip 10.10.1.151 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> docker.io/nginx:alpine
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>A nice option for &lt;code>podman run&lt;/code> is &lt;code>--ip&lt;/code>.
+You&amp;rsquo;ve to choose an IP from the previously configured &lt;code>range&lt;/code> but you can skip the &lt;code>podman inspect&lt;/code> or &lt;code>ip a&lt;/code> to get the container IP and the container will have the IP every time you start it, if you like 😉 and speaking of &amp;lsquo;nice&amp;rsquo; &lt;code>podman run&lt;/code> options: you do know &lt;code>--replace&lt;/code>, don&amp;rsquo;t you?&lt;/p></description></item></channel></rss>
--- a/tags/libvirt/page/1/index.html
+++ b/tags/libvirt/page/1/index.html
@ -0,0 +1 @@
+<!doctype html><html><head><title>https://www.1533b4dc0.de/tags/libvirt/</title><link rel=canonical href=https://www.1533b4dc0.de/tags/libvirt/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://www.1533b4dc0.de/tags/libvirt/"></head></html>
--- a/tags/podman/index.html
+++ b/tags/podman/index.html
@ -0,0 +1,116 @@
+<!doctype html><html lang=en-us data-theme>
+<head>
+<meta charset=utf-8>
+<meta name=HandheldFriendly content="True">
+<meta name=viewport content="width=device-width,initial-scale=1">
+<meta name=referrer content="no-referrer-when-downgrade">
+<title>podman - 1533B4dC0.de</title>
+<meta name=description content>
+<link rel=alternate type=application/rss+xml href=https://www.1533b4dc0.de/tags/podman/index.xml title=1533B4dC0.de>
+<link rel=icon type=image/x-icon href=https://www.1533b4dc0.de/favicon.ico>
+<link rel=apple-touch-icon-precomposed href=https://www.1533b4dc0.de/favicon.png>
+<style>body{visibility:hidden;opacity:0}</style>
+<noscript>
+<style>body{visibility:visible;opacity:1}</style>
+</noscript>
+<link rel=stylesheet href=https://www.1533b4dc0.de/css/style.min.e4dd69a921886f06d1a0e2bf835aa4fdced2d03b6f83804e6ae146caac8882bb.css integrity="sha256-5N1pqSGIbwbRoOK/g1qk/c7S0Dtvg4BOauFGyqyIgrs=">
+<script src=https://www.1533b4dc0.de/js/script.min.510c781c39dbb21b4c76d85c82e2bdf4689220adbb7cd61e49e9d293e442fb42.js type=text/javascript integrity="sha256-UQx4HDnbshtMdthcguK99GiSIK27fNYeSenSk+RC+0I="></script>
+<meta property="og:title" content="podman">
+<meta property="og:description" content>
+<meta property="og:type" content="website">
+<meta property="og:url" content="https://www.1533b4dc0.de/tags/podman/">
+<meta name=twitter:card content="summary">
+<meta name=twitter:title content="podman">
+<meta name=twitter:description content>
+</head>
+<body>
+<a class=skip-main href=#main>Skip to main content</a>
+<div class=container>
+<header class=common-header>
+<div class=header-top>
+<h1 class=site-title>
+<a href=/>1533B4dC0.de</a>
+</h1>
+<ul class=social-icons>
+<li>
+<a href=https://github.com/baez90 title=Github rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path fill="currentcolor" d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6.0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6.0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3.0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1.0-6.2-.3-40.4-.3-61.4.0.0-70 15-84.7-29.8.0.0-11.4-29.1-27.8-36.6.0.0-22.9-15.7 1.6-15.4.0.0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5.0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9.0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4.0 33.7-.3 75.4-.3 83.6.0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6.0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9.0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.linkedin.com/in/peter-s-kurfer title=Linkedin rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentcolor" d="M416 32H31.9C14.3 32 0 46.5.0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6.0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3zM135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3.0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2.0 38.5 17.3 38.5 38.5.0 21.3-17.2 38.5-38.5 38.5zm282.1 243h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6.0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2.0 79.7 44.3 79.7 101.9V416z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.xing.com/profile/Sebastian_Kurfer title=Xing rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path fill="currentcolor" d="M162.7 210c-1.8 3.3-25.2 44.4-70.1 123.5-4.9 8.3-10.8 12.5-17.7 12.5H9.8c-7.7.0-12.1-7.5-8.5-14.4l69-121.3c.2.0.2-.1.0-.3l-43.9-75.6c-4.3-7.8.3-14.1 8.5-14.1H1e2c7.3.0 13.3 4.1 18 12.2l44.7 77.5zM382.6 46.1l-144 253v.3L330.2 466c3.9 7.1.2 14.1-8.5 14.1h-65.2c-7.6.0-13.6-4-18-12.2l-92.4-168.5c3.3-5.8 51.5-90.8 144.8-255.2 4.6-8.1 10.4-12.2 17.5-12.2h65.7c8 0 12.3 6.7 8.5 14.1z"/></svg>
+</span>
+</a>
+</li>
+<li>
+<a href=https://www.1533b4dc0.de/index.xml title=RSS rel=me>
+<span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentcolor" d="M128.081 415.959c0 35.369-28.672 64.041-64.041 64.041S0 451.328.0 415.959s28.672-64.041 64.041-64.041 64.04 28.673 64.04 64.041zm175.66 47.25c-8.354-154.6-132.185-278.587-286.95-286.95C7.656 175.765.0 183.105.0 192.253v48.069c0 8.415 6.49 15.472 14.887 16.018 111.832 7.284 201.473 96.702 208.772 208.772.547 8.397 7.604 14.887 16.018 14.887h48.069c9.149.001 16.489-7.655 15.995-16.79zm144.249.288C439.596 229.677 251.465 40.445 16.503 32.01 7.473 31.686.0 38.981.0 48.016v48.068c0 8.625 6.835 15.645 15.453 15.999 191.179 7.839 344.627 161.316 352.465 352.465.353 8.618 7.373 15.453 15.999 15.453h48.068c9.034-.001 16.329-7.474 16.005-16.504z"/></svg>
+</span>
+</a>
+</li>
+</ul>
+</div>
+<nav>
+<a href=https://www.1533b4dc0.de/about/ title>About</a>
+<a href=https://www.1533b4dc0.de/projects/ title>Projects</a>
+<a href=https://www.1533b4dc0.de/tags/ title>Tags</a>
+<a href=https://www.1533b4dc0.de/posts/ title>Archive</a>
+</nav>
+</header>
+<main id=main tabindex=-1>
+<h1>Tag: podman</h1>
+<div class=post-info>
+<a href=/tags/>To all tags</a>
+</div>
+<article class="post-list h-feed">
+<div class=post-header>
+<header>
+<h1 class="p-name post-title"><a class=u-url href=/post/libvirt-podman-network-mesh/>Libvirt & Podman: network 'mesh'</a></h1>
+</header>
+</div>
+<div class="content post-summary p-summary">
+Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give Netavark a try, too!
+When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment. I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜
+</div>
+<div class=post-info>
+<div class="post-date dt-published">2022-02-24</div>
+<a class="post-hidden-url u-url" href=https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</a>
+<a href=https://www.1533b4dc0.de/ class="p-name p-author post-hidden-author h-card" rel=me>Peter Kurfer</a>
+<div class=post-taxonomies>
+<ul class=post-tags>
+<li><a href=https://www.1533b4dc0.de/tags/podman/>#podman</a></li>
+<li><a href=https://www.1533b4dc0.de/tags/libvirt/>#libvirt</a></li>
+</ul>
+</div>
+</div>
+</article>
+</main>
+<footer class=common-footer>
+<div class=common-footer-bottom>
+<div class=copyright>
+<p>© Peter Kurfer, 2022<br>
+Powered by <a target=_blank rel="noopener noreferrer" href=https://gohugo.io/>Hugo</a>, theme <a target=_blank rel="noopener noreferrer" href=https://github.com/mitrichius/hugo-theme-anubis>Anubis</a>.<br>
+<script src=https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js></script>
+<script>mermaid.initialize({startOnLoad:!0,securityLevel:'loose'})</script>
+</p>
+</div>
+<button class=theme-switcher>
+Dark theme
+</button>
+<script>const STORAGE_KEY='user-color-scheme',defaultTheme="auto";let currentTheme,switchButton,autoDefinedScheme=window.matchMedia('(prefers-color-scheme: dark)');const autoChangeScheme=a=>{currentTheme=a.matches?'dark':'light',document.documentElement.setAttribute('data-theme',currentTheme),changeButtonText()};document.addEventListener('DOMContentLoaded',function(){switchButton=document.querySelector('.theme-switcher'),currentTheme=detectCurrentScheme(),currentTheme=='dark'&&document.documentElement.setAttribute('data-theme','dark'),currentTheme=='auto'&&(autoChangeScheme(autoDefinedScheme),autoDefinedScheme.addListener(autoChangeScheme)),switchButton&&(changeButtonText(),switchButton.addEventListener('click',switchTheme,!1)),showContent()});function detectCurrentScheme(){return localStorage.getItem(STORAGE_KEY)?localStorage.getItem(STORAGE_KEY):defaultTheme?defaultTheme:window.matchMedia?window.matchMedia('(prefers-color-scheme: dark)').matches?'dark':'light':'light'}function changeButtonText(a){a&&(a.textContent=currentTheme=='dark'?"Light theme":"Dark theme")}function switchTheme(a){currentTheme=='dark'?(localStorage.setItem(STORAGE_KEY,'light'),document.documentElement.setAttribute('data-theme','light'),currentTheme='light'):(localStorage.setItem(STORAGE_KEY,'dark'),document.documentElement.setAttribute('data-theme','dark'),currentTheme='dark'),changeButtonText()}function showContent(){document.body.style.visibility='visible',document.body.style.opacity=1}</script>
+</div>
+<p class="h-card vcard">
+<a href=https://www.1533b4dc0.de/ class="p-name u-url url fn" rel=me>Peter Kurfer</a>
+</p>
+</footer>
+</div>
+</body>
+</html>
--- a/tags/podman/index.xml
+++ b/tags/podman/index.xml
@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>podman on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/podman/</link><description>1533B4dC0.de (podman)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/podman/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt &amp; Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description>&lt;p>&lt;em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&amp;rsquo;ll give &lt;strong>Netavark&lt;/strong> a try, too!&lt;/em>&lt;/p>
+&lt;p>When playing around with containers and VMs one might ask if it&amp;rsquo;s possible to bring VMs and containers into a common network segment.
+I see &amp;lsquo;why the hell would I need a VM anyway when already having containers&amp;rsquo; or something similar I almost see on your face 😜&lt;/p>
+&lt;p>Well 1st of all, not everything can be solved with containers.
+For instance windows applications can be run in Windows containers but I&amp;rsquo;m not aware of how to run a Windows container on my Linux desktop.&lt;/p>
+&lt;p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
+As you might know I&amp;rsquo;m a bit of network 🤓 and I love playing around with &amp;lsquo;weird&amp;rsquo; stuff almost no one else does even think about if not forced to.
+So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &amp;ldquo;why&amp;rsquo;s Netflix on the TV not working?!&amp;rdquo; 😄 or also if you try to implement your own &amp;lsquo;firewall&amp;rsquo; with DNAT support (stay tuned - post&amp;rsquo;s following!).&lt;/p>
+&lt;h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
+&lt;span>
+&lt;a href="#part-1-libvirt-preparation">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>Okay now that I came around with &lt;em>some&lt;/em> arguments - if they&amp;rsquo;re convincing or not is not important - how does this work?&lt;/p>
+&lt;p>Assuming you&amp;rsquo;ve Libvirt and Podman already installed on your system without any modification and you run&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-list
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>you should have at least the &lt;code>default&lt;/code> network already.&lt;/p>
+&lt;p>The definition of all networks (as of every other component of libvirt) is in XML.
+&lt;code>virsh&lt;/code> comes with a &lt;code>net-dumpxml&lt;/code> command to export the configuration of a network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">virsh net-dumpxml default
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>The output should look (more or less) like in the following snippet:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>default&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>8d2028ed-cc9a-4eae-9883-b59b673d560d&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;forward&lt;/span> &lt;span style="color:#a6e22e">mode=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;nat&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;port&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;1024&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;65535&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/nat&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/forward&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;virbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;63:b3:d8:75:53:6b&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.1&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.2&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;192.168.122.254&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>So we&amp;rsquo;ve a &lt;code>&amp;lt;network/&amp;gt;&lt;/code> that is defined by:&lt;/p>
+&lt;ul>
+&lt;li>a &lt;code>&amp;lt;name/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>a &lt;em>optional&lt;/em> &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> node&lt;/li>
+&lt;li>a &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code> interface&lt;/li>
+&lt;li>the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> for the bridge interface (of the host)&lt;/li>
+&lt;li>the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> of the host on the bridge interface
+&lt;ul>
+&lt;li>an &lt;em>optional&lt;/em> &lt;code>&amp;lt;dhcp/&amp;gt;&lt;/code> range definition&lt;/li>
+&lt;/ul>
+&lt;/li>
+&lt;/ul>
+&lt;p>The complete reference for the XML schema can be found &lt;a href="https://libvirt.org/formatnetwork.html">here&lt;/a>.&lt;/p>
+&lt;p>Before we have a closer look how to bring Podman containers into a Libvirt network, let&amp;rsquo;s define a new &lt;code>containers&lt;/code> network.
+The following snippet contains the definition I&amp;rsquo;ll use:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-xml" data-lang="xml">&lt;span style="color:#f92672">&amp;lt;network&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;name&amp;gt;&lt;/span>containers&lt;span style="color:#f92672">&amp;lt;/name&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;uuid&amp;gt;&lt;/span>929b7b7d-bd82-452d-96b7-12f0cf1a4b17&lt;span style="color:#f92672">&amp;lt;/uuid&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;bridge&lt;/span> &lt;span style="color:#a6e22e">name=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;conbr0&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">stp=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;on&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">delay=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;0&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;mac&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;af:af:13:ed:c6:41&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;ip&lt;/span> &lt;span style="color:#a6e22e">address=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.42&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">netmask=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;255.255.255.0&amp;#39;&lt;/span>&lt;span style="color:#f92672">&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;range&lt;/span> &lt;span style="color:#a6e22e">start=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.100&amp;#39;&lt;/span> &lt;span style="color:#a6e22e">end=&lt;/span>&lt;span style="color:#e6db74">&amp;#39;10.10.1.150&amp;#39;&lt;/span>&lt;span style="color:#f92672">/&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/dhcp&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/ip&amp;gt;&lt;/span>
+&lt;span style="color:#f92672">&amp;lt;/network&amp;gt;&lt;/span>
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>It&amp;rsquo;s quite similar except I made a few adoptions:&lt;/p>
+&lt;ul>
+&lt;li>remove the &lt;code>&amp;lt;forward/&amp;gt;&lt;/code> block&lt;/li>
+&lt;li>change the &lt;code>&amp;lt;name/&amp;gt;&lt;/code> and the &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code> (with the help of &lt;code>uuidgen&lt;/code>)&lt;/li>
+&lt;li>change the &lt;code>name=&amp;quot;&amp;quot;&lt;/code> of the &lt;code>&amp;lt;bridge/&amp;gt;&lt;/code>&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;mac/&amp;gt;&lt;/code> (use any &lt;a href="https://macaddress.io/mac-address-generator">mac address generator&lt;/a>)&lt;/li>
+&lt;li>change the &lt;code>address=&amp;quot;&amp;quot;&lt;/code> attribute of the &lt;code>&amp;lt;ip/&amp;gt;&lt;/code> and &lt;code>start=&amp;quot;&amp;quot;&lt;/code> and &lt;code>end=&amp;quot;&amp;quot;&lt;/code> of the DHCP range accordingly&lt;/li>
+&lt;/ul>
+&lt;p>You may use any private network - as far as I can tell it shouldn&amp;rsquo;t matter if you&amp;rsquo;re using a class B, C or D private network as long as you don&amp;rsquo;t have any conflicts with your LAN or any other virtual interfaces of your environment.&lt;/p>
+&lt;p>When done safe your network definition as &lt;code>.xml&lt;/code> file.
+To import the configuration you can use &lt;code>virsh net-define&lt;/code> like in the following snippet (assuming the network definition is in &lt;code>containers.xml&lt;/code>):&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-define containers.xml
+&amp;gt; Network containers defined from containers.xml
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>&lt;em>Note: this only works because the XML already contains an &lt;code>&amp;lt;uuid/&amp;gt;&lt;/code>. Otherwise you&amp;rsquo;d have to use &lt;code>virsh net-create&lt;/code> and a few more extra steps to make the network actually persistent.&lt;/em>&lt;/p>
+&lt;p>If you now check with &lt;code>virsh net-list&lt;/code> you&amp;rsquo;d be disappointed because there&amp;rsquo;s no network!
+Checking again with &lt;code>virsh net-list --all&lt;/code> explains why our &lt;code>containers&lt;/code> network wasn&amp;rsquo;t in the output previously because it is by default &lt;em>inactive&lt;/em>.
+To activate it we&amp;rsquo;ve to start it like so:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-start containers
+&amp;gt; Network containers started
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>If you don&amp;rsquo;t mind the extra adapter and wish to use the network frequently in the future you might consider to autostart it:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">$ virsh net-autostart containers
+&amp;gt; Network containers marked as autostarted
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>With our custom Libvirt network in place we&amp;rsquo;re good to go to configure Podman.&lt;/p>
+&lt;h2 id="part-2-podman-cni-network" >Part 2: Podman CNI network
+&lt;span>
+&lt;a href="#part-2-podman-cni-network">
+&lt;svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg">&lt;path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/>&lt;/svg>
+&lt;/a>
+&lt;/span>
+&lt;/h2>&lt;p>&lt;em>Note: this only works with &lt;strong>rootfull&lt;/strong> Podman because rootless Podman does not use CNI but another network stack.&lt;/em>&lt;/p>
+&lt;p>A clean Podman installation without any custom network created comes with the default network &lt;code>podman&lt;/code>.
+Rootfull Podman network configs are by default stored in &lt;code>/etc/cni/net.d&lt;/code>.
+You should find the default network as &lt;code>87-podman.conflist&lt;/code> in the aforementioned directory.&lt;/p>
+&lt;p>Every Podman network is defined as JSON file.
+We will define our own &lt;code>libvirt&lt;/code> network to join Podman containers into the previously created Libvirt network.
+You can either use &lt;code>podman network create&lt;/code> to create the network (at least more or less) or you can copy for example the default network and make some adjustments.&lt;/p>
+&lt;p>To create the new network from the CLI you can use the following command:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman network create &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --disable-dns &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --internal &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --gateway 10.10.2.37 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip-range 10.10.2.160/29 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --subnet 10.10.2.0/24 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> libvirt
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Note that I used a different IP range as in the Libvirt network! Otherwise Podman will complain that the IP range is already in use at an adapter.
+You can use this command to create the required file in &lt;code>/etc/cni/net.d/&lt;/code> but you&amp;rsquo;ve to update the &lt;code>ranges&lt;/code> accordingly before creating a container in the network.&lt;/p>
+&lt;p>Because we&amp;rsquo;ve to edit the &lt;code>.conflist&lt;/code> either way copy the default one is also fine.&lt;/p>
+&lt;p>The &lt;code>.conflist&lt;/code> I&amp;rsquo;m using looks like this:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-json" data-lang="json">{
+&lt;span style="color:#f92672">&amp;#34;cniVersion&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.4.0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;name&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;libvirt&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;plugins&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;bridge&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;bridge&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;conbr0&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;isGateway&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">false&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;hairpinMode&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;ipam&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;host-local&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;routes&amp;#34;&lt;/span>: [
+{
+&lt;span style="color:#f92672">&amp;#34;dst&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;0.0.0.0/0&amp;#34;&lt;/span>
+}
+],
+&lt;span style="color:#f92672">&amp;#34;ranges&amp;#34;&lt;/span>: [
+[
+{
+&lt;span style="color:#f92672">&amp;#34;subnet&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.0/24&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeStart&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.151&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;rangeEnd&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.160&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;gateway&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;10.10.1.42&amp;#34;&lt;/span>
+}
+]
+]
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;portmap&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;capabilities&amp;#34;&lt;/span>: {
+&lt;span style="color:#f92672">&amp;#34;portMappings&amp;#34;&lt;/span>: &lt;span style="color:#66d9ef">true&lt;/span>
+}
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;firewall&amp;#34;&lt;/span>,
+&lt;span style="color:#f92672">&amp;#34;backend&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;&amp;#34;&lt;/span>
+},
+{
+&lt;span style="color:#f92672">&amp;#34;type&amp;#34;&lt;/span>: &lt;span style="color:#e6db74">&amp;#34;tuning&amp;#34;&lt;/span>
+}
+]
+}
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>Interestingly the &lt;code>rangeStart&lt;/code> and &lt;code>rangeEnd&lt;/code> are actually IP addresses and not tight to some IP networks but unfortunately there&amp;rsquo;s no equivalent for &lt;code>podman network create&lt;/code> hence I update both to a range after the DHCP range of the Libvirt network to make sure that no duplicate IPs are assigned.&lt;/p>
+&lt;p>I tend to declare the network as &lt;code>host-local&lt;/code> but this shouldn&amp;rsquo;t be critical.
+The &lt;strong>most important&lt;/strong> part is to update the &lt;code>bridge&lt;/code> to the same interface like in the Libvirt network definition (in my case &lt;code>conbr0&lt;/code>).&lt;/p>
+&lt;p>After this we&amp;rsquo;re ready to go and you can for instance start a Nginx container in the &lt;code>libvirt&lt;/code> network and you should be able to reach it from a VM in the Libvirt network:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">&lt;code class="language-bash" data-lang="bash">podman run &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --rm &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> -d &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --name nginx &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --network libvirt &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> --ip 10.10.1.151 &lt;span style="color:#ae81ff">\
+&lt;/span>&lt;span style="color:#ae81ff">&lt;/span> docker.io/nginx:alpine
+&lt;/code>&lt;/pre>&lt;/div>&lt;p>A nice option for &lt;code>podman run&lt;/code> is &lt;code>--ip&lt;/code>.
+You&amp;rsquo;ve to choose an IP from the previously configured &lt;code>range&lt;/code> but you can skip the &lt;code>podman inspect&lt;/code> or &lt;code>ip a&lt;/code> to get the container IP and the container will have the IP every time you start it, if you like 😉 and speaking of &amp;lsquo;nice&amp;rsquo; &lt;code>podman run&lt;/code> options: you do know &lt;code>--replace&lt;/code>, don&amp;rsquo;t you?&lt;/p></description></item></channel></rss>
--- a/tags/podman/page/1/index.html
+++ b/tags/podman/page/1/index.html
@ -0,0 +1 @@
+<!doctype html><html><head><title>https://www.1533b4dc0.de/tags/podman/</title><link rel=canonical href=https://www.1533b4dc0.de/tags/podman/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://www.1533b4dc0.de/tags/podman/"></head></html>
				`@ -0,0 +1 @@`
				`<!doctype html><html><head><title>https://www.1533b4dc0.de/tags/libvirt/</title><link rel=canonical href=https://www.1533b4dc0.de/tags/libvirt/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://www.1533b4dc0.de/tags/libvirt/"></head></html>`