Cant install PFsense, OPsense and SOPHOS XG


20 posts in this topic Last Reply

Recommended Posts

Dear unraid pro's,

 

Im trying to install  PFsense, OPsense and Sophos XG on my unraid system. but i cant get it work.

First i tried Sophos XG. it was a start for when i get my quad NIC (HP NC375T Quad Port). with 2 br0 adapters and intel e1000 installed as type that worked.

then when i got my quad NIC i shutdown my system, put in in an pcie slot and boot up again. There it was in my network settings. So far so good.

So i searched online how to get in passthrought to a VM and find the vid from @SpaceInvaderOne for pf sense. and followed his guide to passthrought my quad NIC.

afbeelding.thumb.png.ecd1c95f730813c122c66c2e0a81962f.png

i rebooted my server en it al whent good. see My IOMMU

afbeelding.thumb.png.a6068cc02d63e23daeb4abddf247bd2b.png

They also apear in here.

afbeelding.thumb.png.9ae2c2ed46805d3271f6266d10f81726.png

i tried Sophos with this config (and A lot of others. try an error.)

<?xml version='1.0' encoding='UTF-8'?>
<domain type='kvm'>
  <name>Linux</name>
  <uuid>2bdb46e8-0726-2715-9ddf-b9a683f9b0ab</uuid>
  <metadata>
    <vmtemplate xmlns="unraid" name="Linux" icon="linux.png" os="linux"/>
  </metadata>
  <memory unit='KiB'>1048576</memory>
  <currentMemory unit='KiB'>1048576</currentMemory>
  <memoryBacking>
    <nosharepages/>
  </memoryBacking>
  <vcpu placement='static'>4</vcpu>
  <cputune>
    <vcpupin vcpu='0' cpuset='0'/>
    <vcpupin vcpu='1' cpuset='1'/>
    <vcpupin vcpu='2' cpuset='2'/>
    <vcpupin vcpu='3' cpuset='3'/>
  </cputune>
  <os>
    <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' cores='4' threads='1'/>
    <cache mode='passthrough'/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/local/sbin/qemu</emulator>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/mnt/user/isos en programs/SW-17.5.10_MR-10-620.iso'/>
      <target dev='hda' bus='sata'/>
      <readonly/>
      <boot order='2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='writeback'/>
      <source file='/mnt/user/domains/Linux/vdisk1.img'/>
      <target dev='hdc' bus='sata'/>
      <boot order='1'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>
    <controller type='usb' index='0' model='ich9-ehci1'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci1'>
      <master startport='0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci2'>
      <master startport='2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci3'>
      <master startport='4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pci-root'/>
    <controller type='sata' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </controller>
    <serial type='pty'>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <channel type='unix'>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <graphics type='vnc' port='-1' autoport='yes' websocket='-1' listen='0.0.0.0' keymap='en-us'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x2'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x3'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
    </hostdev>
    <memballoon model='none'/>
  </devices>
</domain>

with this settings it boot but stuck on installation. this is the best try i had in about 16 hours of trying.

After forcing stop, 5 minutes of time and then a try to start ik got this.

afbeelding.png.cc0134f058f86886e036df982114c81d.png

i read  about it and it is some kind of resetting problem. rebooting fixed it, but it is not the way how i should work.

so this is the log of the VM

-chardev socket,id=charmonitor,fd=34,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc,driftfix=slew \
-global kvm-pit.lost_tick_policy=delay \
-no-hpet \
-no-shutdown \
-boot strict=on \
-device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x7.0x7 \
-device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x7 \
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x7.0x1 \
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x7.0x2 \
-device ahci,id=sata0,bus=pci.0,addr=0x4 \
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 \
-blockdev '{"driver":"file","filename":"/mnt/user/isos en programs/SW-17.5.10_MR-10-620.iso","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"raw","file":"libvirt-2-storage"}' \
-device ide-cd,bus=sata0.0,drive=libvirt-2-format,id=sata0-0-0,bootindex=2 \
-blockdev '{"driver":"file","filename":"/mnt/user/domains/Linux/vdisk1.img","node-name":"libvirt-1-storage","cache":{"direct":false,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"cache":{"direct":false,"no-flush":false},"driver":"raw","file":"libvirt-1-storage"}' \
-device ide-hd,bus=sata0.2,drive=libvirt-1-format,id=sata0-0-2,bootindex=1,write-cache=on \
-chardev pty,id=charserial0 \
-device isa-serial,chardev=charserial0,id=serial0 \
-chardev socket,id=charchannel0,fd=36,server,nowait \
-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 \
-device usb-tablet,id=input0,bus=usb.0,port=1 \
-vnc 0.0.0.0:1,websocket=5701 \
-k en-us \
-device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2 \
-device vfio-pci,host=0000:01:00.0,id=hostdev0,bus=pci.0,addr=0x6 \
-device vfio-pci,host=0000:01:00.1,id=hostdev1,bus=pci.0,addr=0x8 \
-device vfio-pci,host=0000:01:00.2,id=hostdev2,bus=pci.0,addr=0x9 \
-device vfio-pci,host=0000:01:00.3,id=hostdev3,bus=pci.0,addr=0xa \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
2020-03-12 09:22:35.434+0000: Domain id=2 is tainted: high-privileges
2020-03-12 09:22:35.434+0000: Domain id=2 is tainted: host-cpu
char device redirected to /dev/pts/1 (label charserial0)
2020-03-12T09:22:37.103265Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3
2020-03-12T09:23:48.664833Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3
2020-03-12T09:24:58.297865Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3
2020-03-12T09:26:07.928847Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3

and i also put the Diagnostics zip in.

 

Can some of you guys Please Please help me ?

 

With kind regards,

Joeri

tower-diagnostics-20200312-1028.zip

Link to post

Hello Pete,

Thanks for your reply.

I have tried several times of rebooting

Also i have recreated the xml file several times. I have tried to passthrought te quad NIC in opsense pfsense sophos and ubuntu without a good result.

im beginning te be a little bit desperate at the moment.

Link to post

Ya similar problem....In my case I run a Dell R710 server which apparently has problems with interrupt mapping because of the chipset (5520 Intel I think) and this does affect everything running on the server.

 

I have decided for now to use 2 ports on my onboard 4 port nic to implement opnsense and maybe return to the remapping problem later.

 

I tried just about everything but nothing worked. I tried to document all of the solutions I tried in the post.

 

Cheers

 

Link to post
3 hours ago, Joeri1594 said:

Unable to power on device, stuck in D3

This is a common error in case a device isn't reset from the VM. Users with AMD GPUs know that issue. Only a server restart helps in this case. This could also happen to none AMD devices if let's say a VM crashes or hangs and the passed through devices aren't reset propably or the device itself aren't able to reset.

 

Maybe you can try to use the fix that helped some AMD users by putting all nics on the same bus with different functions. Adjust the xml with the following:

    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x1'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x2'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x2'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x01' slot='0x00' function='0x3'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x3'/>
    </hostdev>
    

I've put them all on the same bus (bus='0x01') in the "address type" line, same domain/slot and counted the function up starting from 0 (function='0x0'). Maybe this only works on q35 and not i440fx what you selected. Not sure. Try to setup a new VM with the Q35 template and the different addressing I've posted above. It's just an idea, maybe it helps.

Link to post

@Joeri1594 What I did with this tweak is trying to replicate the physical device which is a Quad port nic plugged into a single slot. Thats the reason why I adjusted the slots. This way the the VM should detect it as a single device in a single slot with different functions like the physical device is recognized. This shouldn't be a problem and as I said helped some users with other devices like GPUs.

Link to post

New log from Sophos XG. With 2 br0 adapters and no quadnic passthrought, i wass able to setup the VM.

After setting it up i tought, maby i can now passthrought the Quad NIC. But no, i also used @bastl 's .xml tweak. this is the log i get.


-device vfio-pci,host=0000:01:00.1,id=hostdev1,bus=pci.1,addr=0x9.0x1 \
-device vfio-pci,host=0000:01:00.2,id=hostdev2,bus=pci.1,addr=0xa.0x2 \
-device vfio-pci,host=0000:01:00.3,id=hostdev3,bus=pci.1,addr=0xb.0x3 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
2020-03-12 15:47:16.829+0000: Domain id=3 is tainted: high-privileges
2020-03-12 15:47:16.829+0000: Domain id=3 is tainted: host-cpu
char device redirected to /dev/pts/1 (label charserial0)
2020-03-12T15:47:18.861098Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3
2020-03-12T15:48:29.336821Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3
2020-03-12T15:49:38.967942Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3
2020-03-12T15:50:48.622748Z qemu-system-x86_64: vfio: Unable to power on device, stuck in D3
2020-03-12T15:57:29.268496Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:57:29.379381Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:57:31.360020Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:57:31.473187Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:57:42.466676Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:57:42.588805Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:57:46.826364Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:57:46.952942Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:22.427832Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:22.554454Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:26.997150Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:27.118497Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:29.430835Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:29.552656Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:31.008617Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:31.111485Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:34.000435Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:34.086476Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:36.340813Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:36.459687Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:39.596806Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:39.695139Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:42.710439Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:42.811951Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:44.609582Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:44.760635Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:46.022579Z qemu-system-x86_64: warning: no scancode found for keysym 0
2020-03-12T15:58:46.155262Z qemu-system-x86_64: warning: no scancode found for keysym 0

 

Link to post
21 minutes ago, PeteAsking said:

Opnsense should be fine if you are using i440fx and seabios. What are you using?

<?xml version='1.0' encoding='UTF-8'?>
<domain type='kvm' id='9'>
  <name>OPsense</name>
  <uuid>98924821-74fc-7677-9004-584ba1210a3f</uuid>
  <metadata>
    <vmtemplate xmlns="unraid" name="FreeBSD" icon="freebsd.png" os="freebsd"/>
  </metadata>
  <memory unit='KiB'>2097152</memory>
  <currentMemory unit='KiB'>2097152</currentMemory>
  <memoryBacking>
    <nosharepages/>
  </memoryBacking>
  <vcpu placement='static'>2</vcpu>
  <cputune>
    <vcpupin vcpu='0' cpuset='2'/>
    <vcpupin vcpu='1' cpuset='3'/>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' cores='2' threads='1'/>
    <cache mode='passthrough'/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/local/sbin/qemu</emulator>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/mnt/user/isos en programs/OPNsense-20.1-OpenSSL-dvd-amd64.iso' index='2'/>
      <backingStore/>
      <target dev='hda' bus='sata'/>
      <readonly/>
      <boot order='2'/>
      <alias name='sata0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='writeback'/>
      <source file='/mnt/user/domains/OPsense/vdisk1.img' index='1'/>
      <backingStore/>
      <target dev='hdc' bus='sata'/>
      <boot order='1'/>
      <alias name='sata0-0-2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>
    <controller type='usb' index='0' model='ich9-ehci1'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci1'>
      <alias name='usb'/>
      <master startport='0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci2'>
      <alias name='usb'/>
      <master startport='2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci3'>
      <alias name='usb'/>
      <master startport='4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/>
    </controller>
    <controller type='sata' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'>
      <alias name='pcie.0'/>
    </controller>
    <controller type='pci' index='1' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='1' port='0x10'/>
      <alias name='pci.1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='2' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='2' port='0x11'/>
      <alias name='pci.2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
    </controller>
    <controller type='pci' index='3' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='3' port='0x12'/>
      <alias name='pci.3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
    </controller>
    <controller type='pci' index='4' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='4' port='0x13'/>
      <alias name='pci.4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:74:17:8e'/>
      <source bridge='br0'/>
      <target dev='vnet2'/>
      <model type='e1000-82545em'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='52:54:00:74:17:8f'/>
      <source bridge='br0'/>
      <target dev='vnet3'/>
      <model type='e1000-82545em'/>
      <alias name='net1'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/2'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/2'>
      <source path='/dev/pts/2'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-9-OPsense/org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5902' autoport='yes' websocket='5702' listen='0.0.0.0' keymap='en-us'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+0:+100</label>
    <imagelabel>+0:+100</imagelabel>
  </seclabel>
</domain>

 

Edited by Joeri1594
Link to post

@Joeri1594 I tried to setup a Pfsense VM and got the same issue with one core stuck at 100% load. The only way i could setup Pfsense is to emulate a different CPU. Host Passthrough (default) of of the physical CPU won't work for me. Try to set the CPU Mode to  "Emulated Qemu64" or manual edit the XML with the following. Don't forget to adjust the core count to match your settings.

  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Skylake-Client</model>
    <topology sockets='1' cores='2' threads='1'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='disable' name='pcid'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='erms'/>
    <feature policy='disable' name='invpcid'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='disable' name='spec-ctrl'/>
  </cpu>

Edit:

Only tried with Q35 2.6. Newer versions won't work for me.

Edited by bastl
Link to post
5 hours ago, bastl said:

@Joeri1594 I tried to setup a Pfsense VM and got the same issue with one core stuck at 100% load. The only way i could setup Pfsense is to emulate a different CPU. Host Passthrough (default) of of the physical CPU won't work for me. Try to set the CPU Mode to  "Emulated Qemu64" or manual edit the XML with the following. Don't forget to adjust the core count to match your settings.


  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Skylake-Client</model>
    <topology sockets='1' cores='2' threads='1'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='disable' name='pcid'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='erms'/>
    <feature policy='disable' name='invpcid'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='disable' name='spec-ctrl'/>
  </cpu>

Edit:

Only tried with Q35 2.6. Newer versions won't work for me.

This also works for me!  Many thanks.

i'm not at home and have my quad NIC removed from the server.so i can't  test if it also works atm.

 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.