[CentOS-virt] Xen Security patching
Hi Guys When is the next update of Hypervisor packages going to be released? There appears to be no changes to the main hypervisor RPMs since September (Even in the BETA / RC1 tree) and there are 5+ Xen Security Advisories with patches which need to be added. Security issues are handled and released in sync with public disclosure upstream with zero lag I can rebuild my own, but that's not really the point. In other news I've been doing some testing of the 3.10 kernel and so far so good! Thanks - Chris ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] proper bridging technoque
Cancel my last email as I peeked at a server I set up last year w/o issue having multiple interfaces. Its working no issue. I don't recall but can you gentlemen tell me if there are any routes that need to be set? My guest VMs being on a 2nd or 3rd NIC interface can't get a IP via DHCP and when set statically cannot send/recv packets. I vaguely recall setting routes on the working box from last year but forgot :) - aurf On Nov 21, 2013, at 5:52 PM, Digimer wrote: It's not so much hard as it is knowing all the hops in your network. If anything along the chain has a low MTU, the whole route is effectively reduced. On 21/11/13 20:20, Nico Kadel-Garcia wrote: This is int4eresting stuff. I do note that the virt-manager tool, and NetworkManager, give *no* insight and detailed management sufficient to resolve this stuff. Note also that dancing through all the hoops to get this working, end-to-end, is one of the big reasons that most environments refuse to even *try* to use jumbo frames, as helpful as they sometimes are to heavy data transfers. On Thu, Nov 21, 2013 at 6:58 PM, Digimer li...@alteeve.ca wrote: On 21/11/13 18:20, aurfalien wrote: On Nov 21, 2013, at 2:45 PM, Digimer wrote: The 'vnetX' number doesn't relate to the interface, bridge or anything else. The vnetX number is a simple sequence that increments each time a VM is started. So don't think that you need 'vnet6'... it can be anything. The 'brctl show' output from earlier showed that both vnet0 and vnet1 were connected to br0. You can try using the bridge utils to remove them from br0 and connect them to br6 as a test. -- Digimer Well, when I remove vnet1 from br0 and add vnet1 to br1, I loose connectivity with my VMs. No biggy so I reboot my entire host. Then vnet1 show back under br0. I just don't understand enough about this to get a clue, depressing. - aurf Think of each bridge as if it were a physical switch. When you detached vnet1 from br0, you unplugged it from a switch. When you attached it to br1, you plugged it into another switch. If there is no connection out to your network/internet on a given switch, then anything plugged into that switch will go nowhere. Same with bridges. You seemed to indicate earlier that the main connection was on br6. Is this true? If so, then switch br6 is the switch with the uplink to your network. Plug a VM into it and you can route out through it. When you rebooted the VM, the hypervisor read the definition file. That definition file says to plug in the server to br0. So it makes sense that the reboot reconnected it to br0. If you want to use jumbo frames on the br0 switch, you need to set the larger MTU on the interfaces are all set to your desired MTU size. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] proper bridging technoque
On 22/11/13 17:11, aurfalien wrote: Sorry guys, I've tried and tried, no dice. Seems like I am missing missing a vent1, vnet2, etc... to br0 association. I can see were the vnet# gets created upon VM startup. And based on how my VM xml file is set, will go to either br0, br1. br2, etc... But in my case, the only interface that works is vnet0 for all my VMs. In the CentOS virtual machine manager for whatever NIC you choose, there is a drop down option for virtual network interface. For source device, I only ever see a vnet0 to br0. For my other bridges, there is only eth# to vnet#. The configs for this are rather simple and I don't know were else to look; various /etc/sysconfig/network* files and the VM xml config. Everythings is set to the same MTU wether standard or jumbo, but no matter what, my VMs network interfaces work when set to vnet0 as its connected to br0. I cannot get br6 to show with vnet2 for example. Not even my vnet1 is connected to br1 but rather br0. However in the UI as mentioned before, i do not see a vnet1 to br1 relationship. Are there any other config files I can look at? - aurf Why do you have so many bridges? In almost all cases, only one bridge is needed. The bridge should connect to a real interface to get to the outside world. Then all VMs should point to that bridge. I think you might be over-complicating things. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] proper bridging technoque
On Nov 22, 2013, at 3:51 PM, Digimer wrote: On 22/11/13 18:11, aurfalien wrote: Cancel my last email as I peeked at a server I set up last year w/o issue having multiple interfaces. Its working no issue. I don't recall but can you gentlemen tell me if there are any routes that need to be set? My guest VMs being on a 2nd or 3rd NIC interface can't get a IP via DHCP and when set statically cannot send/recv packets. I vaguely recall setting routes on the working box from last year but forgot :) - aurf We're not all gentlemen. ;) So you have multiple separate networks? Well no, I have 1 network that my host is connected to. This host has 2 active NICs, eth0 1Gb (which has a corresponding br0) and eth6 10Gb (which has a corresponding br6). It also has 1 inactive or not connected NIC being eth1 which has a br1 associated with it. All and any VMs configured on this host can send/rcv packets while on br0. But when I set any of those VMs to use br6, no routing occurs. So while I have a bridge per NIC, I only have 1 network, 1 subnet, 1 gateway etc... I've looked at the diff between my working server having 6 NICs and my non working server have 2 active NICs and don't see any diff. - aurf ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
