QEMU-KVM automatically set filterref parameter

Question

I'm sorry if this is a simple question, but I am just starting out with qemu and can't find a easy way to do this.

I am trying to somewhat automate my KVM deployment. I am currently running into the issue that I can't find a way to automatically set parameters for a filterref.

This is what my network option for virt-install currently looks like and that is working fine for now.

--network type=bridge,network=default,bridge=bridge0,model=e1000e,mac=$mac,filterref=clean-traffic

However I can't find anything to set a parameter to define the IP address it's supposed to be locked down to. This is the result that I want in the xml:

<filterref filter='clean-traffic'>
  <parameter name='IP' value='XXX.XXX.XXX.XXX'/>
</filterref>

I am looking for a way to automatically add that parameter, preferably directly with virt-install or to an extent were I can just run a script, enter the few variables I want to set. And at this point the VM would already be running and waiting for the setup to be completed, with the filter loaded. Basically I want the parameter to be loaded before the first startup, so that there is no chance of anyone trying to mess with the ip address.

Is this possible?

This is the whole "script" I just copy into the console at the moment.

name=WindowsTest
mac=00:50:56:00:05:C5
size=70
ram=6000
vcpus=6
let cores=vcpus/2

virt-install \
    --name=$name \
    --ram=$ram \
    --cpu=host \
    --vcpus=$vcpus,maxvcpus=$vcpus,sockets=1,cores=$cores,threads=2 \
    --os-type=windows \
    --os-variant=win10 \
    --disk path=/var/lib/libvirt/clutchImages/$name.qcow2,size=$size,format=qcow2,bus=virtio \
    --cdrom /var/isos/Windows_20H2_English.iso \
    --disk /var/isos/virtio-win-0.1.185.iso,device=cdrom \
    --network type=bridge,network=default,bridge=bridge0,model=e1000e,mac=$mac,filterref=clean-traffic  \
    --graphics spice,listen=157.90.2.208  \
    --graphics vnc

virsh version output:

   virsh version
    Compiled against library: libvirt 6.0.0
    Using library: libvirt 6.0.0
    Using API: QEMU 6.0.0
    Running hypervisor: QEMU 4.2.0

I am on CentOS Linux release 8.3.2011.

Answer 1

Make arbitrary edits to virt-install's xml output

According to the man page you can make direct edits to the XML using XPath syntax.

e.g.

virt-install \
#...
--network network="${net}",mac="${macaddr},filterref.filter=clean-traffic" \
--xml xpath.create=./devices/interface/filterref/parameter \
--xml xpath.set=./devices/interface/filterref/parameter/@name=IP \
--xml xpath.set=./devices/interface/filterref/parameter/@value=10.0.0.20
#...

virt-install man page excerpt:

man virt-install | grep -m1 -A40 '\-\-xml'

--xml
    Syntax: --xml ARGS

    Make  direct edits to the generated XML using XPath syntax. Take an ex?
    ample like

       virt-install --xml ./@foo=bar --xml ./newelement/subelement=1

    This will alter the generated XML to contain:

       <domain foo='bar' ...>
         ...
         <newelement>
           <subelement>1</subelement>
         </newelement>
       </domain>

    The --xml option has 4 sub options:

    --xml xpath.set=XPATH[=VALUE]
           The default behavior if no explicit suboption is set. Takes  the
           form  XPATH=VALUE unless paired with xpath.value . See below for
           how value is interpreted.

    --xml xpath.value=VALUE
           xpath.set will be interpreted only  as  the  XPath  string,  and
           xpath.value  will be used as the value to set. May help sidestep
           problems if the string you need to set  contains  a  '='  equals
           sign.

           If  value  is  empty,  it's treated as unsetting that particular
           node.

    --xml xpath.create=XPATH
           Create the node as an empty element. Needed for boolean elements
           like <readonly/>

    --xml xpath.delete=XPATH
           Delete the entire node specified by the xpath, and all its chil?
           dren

XML result

<interface type="network">
  <!-- ... -->
  <filterref filter="clean-traffic">
    <parameter name="IP" value="10.0.0.20"/>
  </filterref>
</interface>

virsh version output:

Compiled against library: libvirt 7.7.0
Using library: libvirt 7.7.0
Using API: QEMU 7.7.0
Running hypervisor: QEMU 6.2.0

Answer 2

Quick & dirty

name=WindowsTest
mac=00:50:56:00:05:C5
IP=xxx.yyy.zzz.qqq
size=70
ram=6000
vcpus=6
let cores=vcpus/2

virt-install \
    --name=$name \
    --ram=$ram \
    --cpu=host \
    --vcpus=$vcpus,maxvcpus=$vcpus,sockets=1,cores=$cores,threads=2 \
    --os-type=windows \
    --os-variant=win10 \
    --disk path=/var/lib/libvirt/clutchImages/$name.qcow2,size=$size,format=qcow2,bus=virtio \
    --cdrom /var/isos/Windows_20H2_English.iso \
    --disk /var/isos/virtio-win-0.1.185.iso,device=cdrom \
    --network type=bridge,network=default,bridge=bridge0,model=e1000e,mac=$mac,filterref=clean-traffic  \
    --graphics spice,listen=157.90.2.208  \
    --graphics vnc
    --print-xml  > /tmp/{$name}.xml  && \ 
sed -i "s/<filterref.*/<filterref filter='clean-traffic'>\n <parameter name='IP' value='${IP}'\/>\n <\/filterref>/g" /tmp/{$name}.xml &&  \
virsh create /tmp/{$name}.xml