Re: [ovirt-users] [ATN] LDAP Users please read
- Original Message - From: Jason Keltz j...@cse.yorku.ca To: Alon Bar-Lev alo...@redhat.com Cc: users@ovirt.org Sent: Friday, August 7, 2015 4:12:40 PM Subject: Re: [ovirt-users] [ATN] LDAP Users please read Hi Alon. Thanks for your detailed response. I decided to give the new system a try. Rather than migrate, I prefer to re-add from scratch, so I did: # engine-manage-domains delete --domain=EECS.YORKU.CA # systemctl restart ovirt-engine Good, but you could have first added the new one and only after you have all working delete the legacy one :) Not important right now. # yum install ovirt-engine-extension-aaa-ldap ... but I ran into my first trouble when I tried the following as per your AAA-LDAP documentation: QUICK START --- USING INSTALLER Install ovirt-engine-extension-aaa-ldap-setup and execute: # ovirt-engine-extension-aaa-ldap-setup The setup will guide you throughout the process of most common use cases. There's no command ovirt-engine-extension-aaa-ldap-setup. I checked the repository, and I can't find any package that includes that command. I guess that's something in 3.6 only.I don't want to use the manual installation method. The method that I use should match the simplicity of engine-manage-domains. Correct this is new in 3.6, in 3.5 you should follow the documentation of 1.0[1] [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0 I re-add back my existing domain so that I can migrate it. So.. # engine-manage-domains add --domain=EECS.YORKU.CA --provider=ipa --user=ovirtadmin Enter password: I downloaded the ovirt-engine-kerlab-migration-1.0.2-1.el7ev.noarch.rpm from https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases and installed it: # rpm -i ovirt-engine-kerbldap-migration-1.0.2-1.el7ev.noarch.rpm I need to provide to the tool the domain, and the cacert. It's too bad about having to provide the cacert -- the previous method of specifying a provider, username, password, and auto-downloading the cert seemed more user friendly. The documentation doesn't tell me where I might find the cacert. Without much experience using the Red Hat IPA product, it's buried. Is it the /root/cacert.p12 file? I copied that file to /tmp on my engine server, and then: there is no standard method to get CA certificate. we provided some information at[1] under: 3. [Optional] Obtaining LDAP CA certificate. FreeIPA Copy /etc/ipa/ca.crt to your oVirt machine into /tmp. [1] https://github.com/machacekondra/ovirt-engine-kerbldap-migration # ovirt-engine-kerbldap-migration-tool --domain EECS.YORKU.CA --cacert /tmp/cacert.p12 PKCS#12 file should never leave your IPA machine :) sh-4.2# ovirt-engine-kerbldap-migration-tool --domain EECS.YORKU.CA --cacert /home/jas/cacert.p12 [INFO ] tool: ovirt-engine-kerbldap-migration-1.0.2 (ovirt-engine-kerbldap-migration-1.0.2-1.el7ev) [INFO ] Connecting to database [INFO ] Sanity checks [INFO ] Loading options [ERROR ] Conversion failed: Domain EECS.YORKU.CA not exists in configuration. (minor correction in that last line: does not exist instead of not exists). thanks! will fix. can you please add --debug and --log=/tmp/debug.log and send os the debug.log? probably we cannot resolve dns srvrecord correctly. $ dig +noall +answer srv _ldap._tcp.EECS.YORKU.CA should return a set of LDAP servers for your domain, if you do not have srvrecord we can workaround this by specifying a specific ldap server using --ldapserver parameter. Of course the domain does actually exist. I can login to engine with my domain login. yes, true, the question is what wrong in our conversion program :) Jason. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] iSCSI question... LUNS-Targets balnk
Hi Jiri, On 07/08/2015 4:38 AM, Jiri Belka wrote: Have you tried to attach LUN on anything else then oVirt? This way you could find out if it is oVirt or a general issue. Yes, I did. I am able to connect a Windows 7 machine to the LUN with absolutely no issue. Regards, Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ATN] LDAP Users please read
On 08/06/2015 01:50 PM, Alon Bar-Lev wrote: - Original Message - From: Jason Keltz j...@cse.yorku.ca To: users@ovirt.org Sent: Thursday, August 6, 2015 7:47:26 PM Subject: Re: [ovirt-users] [ATN] LDAP Users please read On 04.08.2015 09:56, Alon Bar-Lev wrote: Hello LDAP Users, If you migrated from 3.4 or if you used engine-managed-domains to add LDAP support into engine - this message is for you. In 3.5 we introduced a new LDAP provider[1][2], it is superset of the previous implementation, highlights includes: * Better response times. * Simplicity, Use of LDAP protocol only - kerberos is no longer needed. * More LDAP implementations are supported. * Flexible configuration, can be customized on site to support special setups. * Supportability, better logs and feedbacks to enable remote support. * Variety of fallback policies, examples: srvrecord, failover, round-robin and more. * Active Directory: supports multiple domain in forest. In 3.5 the previous LDAP provider is marked as legacy, users' issues will be resolved by migration to the new provider. Upgrade to 4.0 will not be possible if legacy provider is being used. The new provider is working without any issue for quite some time, we would like to eliminate the remaining usage of the legacy provider as soon as possible. A tool was created[3] to automate the process, it should perform everything in safe and automatic process, while enables customization if such required. The one prerequisite that we could not automate easily is obtaining the CA certificate used by the LDAP server to communicate using SSL/TLS, you should acquire this manually and provide it as parameter. We (Ondra CCed and I) will help anyone that is experiencing issues with the process, please do not delay migration to the point it becomes emergency. Let's define a virtual goal -- in 1 month no legacy LDAP usage anywhere. Regards, Alon Bar-Lev. [1] http://www.ovirt.org/Features/AAA [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0 Sorry Alon.. I'm puzzled. I setup RHEL IPA server to act as an authentication front-end for my ovirt installation. It also acts as an IPA server for all the servers involved in my ovirt installation. I enabled my engine installation to authenticate with my IPA server like this: engine# engine-manage-domains add --domain=EECS.YORKU.CA --provider=ipa --user=ovirtadmin Your new system refers to only LDAP, and not Kerberos, other than saying that it obsoletes the legacy Kerberos/LDAP implementation. Will Kerberos support now be obsolete? Since I've already invested the time to get engine working with IPA and Kerberos, I don't really see the point in changing things now, but I'd also rather deal with this now, rather than down the line when I want to upgrade and find that my existing installation is no longer compatible.Sooo -- does this change still affect my current installation? Should I migrate? What do I migrate to? and How? Not at all. The IPA provides several services, at least LDAP, DNS, Kerberos: These two are not actually related and used for two different purposes: 1. LDAP - a protocol to access a repository (database) holding entity information. 2. DNS - a protocol to locate resources within network. 3. Kerberos - single sign on infrastructure, enables to create trust between entities and single server, while after successful authentication, entity can access other entities without presenting credentials. Why do we use LDAP? LDAP is standard [simple(?)] protocol to acquire entity information. Why do we use Kerberos? Mainly for users will not require to enter their passwords over and over to access services (SSO), and to not expose their credentials to services. For various of incorrect reasons the legacy LDAP provider implementation used Kerberos to authenticate between the engine machine and the LDAP server. This actually breaks one of the major kerberos principals - do not expose the credentials to service. In our case the engine machine is the service and the user and password are sent to the engine machine so it can issue Kerberos ticket instead of it accepting restricted ticket from the user. Moreover, using two protocols in order to perform authentication and authorization introduces complexity, performance impact and probably depend on one other service DNS srvrecord. So we need true services to be configured correctly and operating in order to be able to perform a task that can be performed using LDAP only. In practice, if a service has access to user credentials (user/password) it can communicate directly using LDAP to the entity repository to very if these correct. This is similar to how Kerberos behaves in IPA environment, as password is actually stored in the repository. The new implementation does exactly that, it uses only LDAP protocol to perform
[ovirt-users] VM time offset
Hi guys, I'm having an issue where the VMs do not keep correct time upon reboot. The clock is always off by ~4 hours. I've checked and time and time zone on engine/host nodes is correct. Correct time zone is specified in the ovirt vm configuration as well. The VM in question is a clean CentOS 7 install. It did not have NTP enabled. I've tried setting it up with a local server and no dice. Upon reboot it always gets messed up. [root@xyz-dev ~]# date Fri Aug 7 17:18:09 EDT 2015 [root@xyz-dev ~]# reboot Connection to sso-dev closed by remote host. [root@xyz-dev ~]# date Fri Aug 7 13:20:47 EDT 2015 [root@xyz-dev ~]# ntpdate ntp1.xyz.domain.org 7 Aug 17:21:05 ntpdate[2151]: step time server 130.64.25.6 offset 14410.388931 sec Thanks, --Usman ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] VM Live Backup
Hi, To support Michael here (i think he knows the script i sent around already) having a builtin backup would be much nicer. The current procedure (ovirt 3.5) involves not only snapshotting and exporting, but also a clone before the export which puts massive unnecessary load on the environment. We have developers who can potentially develop such a backup procedure, however, we can not do this alone. Do you guys think we could do something like that through crowfunding or who would be willing to participate in something like that ? Regards Soeren From: users-boun...@ovirt.orgmailto:users-boun...@ovirt.org on behalf of Donny Davis Date: Thursday 30 July 2015 23:20 To: Prof. Dr. Michael Schefczyk Cc: users Subject: Re: [ovirt-users] VM Live Backup You could write a script to interface with the api that creates a snapshot and then exports or copies that to a backup nfs share And then run that on a cron job On Jul 30, 2015 5:18 PM, Prof. Dr. Michael Schefczyk mich...@schefczyk.netmailto:mich...@schefczyk.net wrote: Dear All, One feature that I am really missing in oVirt is a foolproof (i.e., in a way that even I will be able to implement) scheduled (cron would be good) live VM backup that outputs ideally qcow2 files per disk plus an xml-configuration file that one could upload to a regular KVM host, in case that should be required. As far as I understand, that is not yet on the roadmap, correct? For my plain SOHO KVM hosts, I am using a script to do just that. While I almost never need the backups - files with a human readable text name which I know how to use on any freshly installed KVM host in case of a crash emergency -, I feel better keeping them available for some time period. Regards, Michael ___ Users mailing list Users@ovirt.orgmailto:Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt+gluster+NFS : storage hicups
Le 07/08/2015 02:17, Donny Davis a écrit : I have the same setup, and my only issue is at the switch level with CTDB. The IP does failover, however until I issue a ping from the interface ctdb is connected to, the storage will not connect. If i go to the host with the CTDB vip, and issue a ping from the interface ctdb is on, everything works as described. I know the problem you're describing, as we faced it in a completely different context. But I'm not sure it's oVirt specific. In our case, what was worse was that our bonding induced similar issues when switching (mode 1), and our arp cache was too long. (do YOU have bondig also?) We're still in the process of correcting that, but as I said, it is in a different datacenter, so not related to this thread. -- Nicolas ECARNOT ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Migrate to CentOS7 on new hardware
Hello, I want to migrate my oVirt Hypervisors to CentOS7. My strategy is to install new boxes with CentOS7 and add them to the OVirt Cluster. But I get this message in engine.log: 2015-08-07 13:01:35,388 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-55) [5b9014cb] Correlation ID: 5b9014cb, Job ID: eddd1466-307f-400e-8d9b-b8cd67c2433c, Call Stack: null, Custom Event ID: -1, Message: Not possible to mix RHEL 6.x and 7.x hosts in one cluster. Tried adding RHEL - 7 - 1.1503.el7.centos.2.8 host to a cluster with RHEL - 6 - 6.el6.centos.12.2 hosts. I use oVirt Engine Version: 3.5.2.1-1.el6 Could you please show me a migration strategy? With best regards Andreas Andreas Ewert Server _ Tel.: +49 221 456 44321 Fax: +49 221 456 95 44321 CBC Cologne Broadcasting Center GmbH Picassoplatz 1 • 50679 Köln Sitz der Gesellschaft: Köln • AG Köln • HRB 25232 Geschäftsführer: Thomas Harscheidt • www.cbc.dehttp://www.cbc.de/ Ein Unternehmen der Mediengruppe RTL Deutschland ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Graceful shutdown on power loss
From: John Gardeniers jgardeni...@objectmastery.com To: users users@ovirt.org Sent: Friday, August 7, 2015 7:38:00 AM Subject: [ovirt-users] Graceful shutdown on power loss I'm looking into the best way to shut down our VM environment if a power outage looks like draining the UPS batteries. Is there API documentation covering this or does someone know of a article somewhere on the topic? We're currently running v3.5 engine and v3.4 hypervisors with gluster v3.4 storage. Our setup uses RHEV rather than Ovirt, in case that makes a difference. You don't say much about your setup. Does your UPS hw have network card or serial/usb? Anyway I suppose you have to cook your own solution which would get data from your UPS boxes and shutdown the VMs via restapi. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Migrate to CentOS7 on new hardware
- Original Message - From: andreas ewert andreas.ew...@cbc.de To: users@ovirt.org Sent: Friday, August 7, 2015 1:12:03 PM Subject: [ovirt-users] Migrate to CentOS7 on new hardware Hello, I want to migrate my oVirt Hypervisors to CentOS7. My strategy is to install new boxes with CentOS7 and add them to the OVirt Cluster. But I get this message in engine.log: 2015-08-07 13:01:35,388 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-55) [5b9014cb] Correlation ID: 5b9014cb, Job ID: eddd1466-307f-400e-8d9b-b8cd67c2433c, Call Stack: null, Custom Event ID: -1, Message: Not possible to mix RHEL 6.x and 7.x hosts in one cluster. Tried adding RHEL - 7 - 1.1503.el7.centos.2.8 host to a cluster with RHEL - 6 - 6.el6.centos.12.2 hosts. I use oVirt Engine Version: 3.5.2.1-1.el6 IIRC recent version also migration between cluster but with warning message. I don't remember if it was in 3.5 or 3.6 but it's doable. There should be some button in migrate dialog which shows more options. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] iSCSI question... LUNS-Targets balnk
From: Alan Murrell li...@murrell.ca To: users@ovirt.org Sent: Thursday, August 6, 2015 7:54:06 PM Subject: [ovirt-users] iSCSI question... LUNS-Targets balnk Hello, I am hoping someone here has had experience in setting up an iSCSI target using 'targetcli'. I followed the following guide: http://www.certdepot.net/rhel7-configure-iscsi-target-initiator-persistently/. This is on my single host (with hosted engine currently running; I am using a seperate HDD for the iSCSI storage) The iSCSI initiator of my host, from it's information page in oVirt, is iqn.1994-05.com.redhat:ba4cc8b3368e, so I created an ACL with that name. Here is a result of the listing in the 'acls' directory for my IQN: --- START --- /iscsi/iqn.20...gt1/tpg1/acls ls o- acls .. [ACLs: 1] o- iqn.1994-05.com.redhat:ba4cc8b3368e .. [Mapped LUNs: 1] | o- mapped_lun0 [lun0 block/block1 (rw)] --- END --- So it appears as though my host's initiator is mapped to my LUN 0. When I go in to oVirt and add iSCSI storage, the Discover finds my target, and I can even log in successfully, however when I click on the LUNS-Targets side tab, there are no LUNs listed, so I cannot add any iSCSI storage. Any ideas on why the LUN is not showing up? Have you tried to attach LUN on anything else then oVirt? This way you could find out if it is oVirt or a general issue. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Multiple Networks on Self Hosted Engine
I am trying to install RHEVM 3.5 Self Hosted Engine. I have multiple vlan interfaces on the host that I would also like to have available on the self hosted engine. I have eth0.305 and eth3.306 on the host that I would like to have available on RHEVM. During the hosted-engine setup I get the option to add only one of interfaces but not both and do not seem to be able to add a second network at any point during setup or after the engine vm is installed. Any advise on doing this? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] VM status is not shown in webgui after start of VM
Dear all, I am running 3.5.2-1.el7.centos on 1 node, self hosted install. When I start a VM the VM is up (I can connec to it), but the status in the GUI becomes “grey” with an up-arrow and the “Launching VM…” task has a sand-clock at “Executing”. Because of this, I can’t really connec to the console, and it just seems weird. Could you please guide me as to how to debug this problem? Thanks in advance, — Christophe Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 7, avenue des Hauts-Fourneaux L-4362 Esch-sur-Alzette T: +352 46 66 44 6124 F: +352 46 66 44 6949 http://www.uni.lu/lcsb [Facebook]https://www.facebook.com/trefex [Twitter] https://twitter.com/Trefex [Google Plus] https://plus.google.com/+ChristopheTrefois/ [Linkedin] https://www.linkedin.com/in/trefoischristophe [skype] http://skype:Trefex?call This message is confidential and may contain privileged information. It is intended for the named recipient only. If you receive it in error please notify me and permanently delete the original message and any copies. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Hosted Engine on SAS storage array
From: Cristian Mammoli c.mamm...@apra.it To: users users@ovirt.org Sent: Thursday, August 6, 2015 6:19:55 PM Subject: [ovirt-users] Hosted Engine on SAS storage array I see oVirt 3.6 support HE on fibre channel, what if I have a SAS SAN? Is it supported as well? Does 'SAS storage array' means serial-attached scsi disks which are located out of your engine box? If so then it would be (from OS perspective) a DAS (direct attached storage), wouldn't it? Local storage is not helpful if you want to use multiple hosts. Or at least I'm not aware of any solution for sharing DAS. If 'SAS storage array' means some reservation via SCSI commands whic is supported by storage box, then I would say - no it's not supported. But I could be mistaken. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] automatic migration on power failure
[...] HA option on VM also works fine, but it only restarts on the same host. below is our current setup. If the host is down how could engine's HA feature start VMs on same host (the one which is down)? HA should start VMs on any other host in same cluster. Maybe you have to describe more details... j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Reports] Virtual machine Network usage statistics
From: Lionel Caignec caig...@cines.fr To: users@ovirt.org Sent: Wednesday, July 29, 2015 8:21:19 AM Subject: [ovirt-users] [Reports] Virtual machine Network usage statistics Hi, i've recently installed ovirt-engine-report, and i've a little problem with reports about VM. All graphs from Network inteface usage for VM are empty. Is it some configuration to do to get this data? All data for cpu/memory are ok. If I could recommend you, forget about reports. I know no one who likes it. You better feed your own metrics database yourself and get some reports from it via other tool. I do not orient well in this area but there's Grafana, InfluxDB, graphite... http://grafana.org/ j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] usb redirection in native mode does not work in linked clones
From: Cristian Mammoli c.mamm...@apra.it To: users@ovirt.org Sent: Monday, July 27, 2015 5:35:45 PM Subject: [ovirt-users] usb redirection in native mode does not work in linked clones Hi, linked clones with usb redirection in native mode does not start: engine error: VM TestPoolAuto-1 is down with error. Exit message: internal error: process exited while connecting to monitor: qemu-kvm: -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2: Duplicate ID 'usb' for device . We have had this issue fixed in the past. What is version of your oVirt environment? (That means - upgrade first, test and then let's see.). j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] upgrade to ovirt 3.5.3, vm quantity wrong!!
From: CheungPaul eq2...@msn.com To: users@ovirt.org Sent: Monday, August 3, 2015 3:30:42 AM Subject: [ovirt-users] upgrade to ovirt 3.5.3, vm quantity wrong!! Dear All , last week I upgrade ovirt 3.5.0 to 3.5.3 I hope it could fix some bug, but I met this problem look: all I running is 11 vm on this host, but it shows 17, do you guys know how to fixed it? Have you tried to get number of VMs via RESTAPI for comparison? Have you tried to `ps aux | grep qemu-kvm' on the hosts and compare the number of found VM processes? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Is there a software-way to configure power management in oVirt?
From: lof...@lofyer.org To: users@ovirt.org Sent: Friday, July 31, 2015 3:58:39 AM Subject: [ovirt-users] Is there a software-way to configure power management in oVirt? Is there a software-way to configure power management in oVirt? Not all my clients have got IPMI. There's SSH soft fencing called by default but yeah, it needs working IP/sshd on hosts. What do you want to achieve? You want to cycle virtual hosts? If so check fence-agents-rhevm-4.0.11-17.el7.x86_64 which is one of vdsm deps. If you want something else, then steal rhevm fence agent code and modify to suit your needs. FYI I submitted this BZ for soft fencing agents https://bugzilla.redhat.com/show_bug.cgi?id=1251469 j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ubuntu guest doesn't reboot properly
From: Alan Murrell li...@murrell.ca To: users users@ovirt.org Sent: Sunday, July 26, 2015 11:34:40 AM Subject: [ovirt-users] Ubuntu guest doesn't reboot properly I have an Ubuntu 14.04 guest (actually Zentyal server). Guest additions are installed from respository (and even displays the extra info like IP address, host name, memory use) in the oVirt dash board. Whenever I either reboot the guest or shut it down, it never seems to come up properly. It shows that it is powered on and it responds to ping, but I cannot SSH in (says connection refused). The SPICE console display just shows black with some slightly coloured bars in the upper left of the screen, so I am unable to determine what stage of the boot process it is on and/or if it is even at a login screen. I have a Windows 7 guest VM that reboots with no issue. I currently do not have another Linux guest VM to test with, but I plan on installing a Debian guest, CentOS guest, as well as a vanilla Ubuntu 14.04 guest to see if it is a Linux thing, and Ubuntu thing, or just something odd with the Zentyal spin of Ubuntu. I will report on my results (it may take a bit), but I wanted to check here to see if anyone else has already troubleshot this and what the findings and conclusions were? There's ovirt guest agent log in /var/log, please check it out. Also check vdsm.log on host to see if reboot was in operation. And last thing - what version do you have of your environment? Are all using latest versions? If not, update first... j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Multiple Networks on Self Hosted Engine
On 07/08/2015 9:39 AM, Brent Miles wrote: I am trying to install RHEVM 3.5 Self Hosted Engine. I have multiple vlan interfaces on the host that I would also like to have available on the self hosted engine. Out of curiousity, what is the use-case for this? vm is installed. Any advise on doing this? The short answer is you can't do this. I went through this some time ago, except my use-case was a firewall routing for multiple VLANs, with all the VLANs on a single interface. This is a common scenario in our current VMware deployments. VM (guest) interfaces cannot handle VLAN routing. It has to do something with in order to that, the whole network layer needs to be opened up tot he VM needing the access, and that poses a security risk. My explanation is probably a bit wrong, but there was a good discussion about it on my thread: http://lists.ovirt.org/pipermail/users/2014-January/thread.html#20101 My thread is the one that is [Users] Networking questions (LONG) I am currently looking into using the Neutron appliance, since it uses openVswitch, and may be able to do what we were originally looking to do (though we have run into a bit of a roadblock with that at the moment as far as getting the Neutron appliance working on our lab host) Regards, Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
