[ovirt-users] Re: VDSM Network Interface configuration

2019-05-14 Thread Marcin Mirecki
Brett,

Does your /etc/resolv.conf contain the correct dns's?
If not, please update them.

If you need to override the changes done to the ifcfg files, you can use the 
hooks
to introduce your own custom changes. You can find an article describing this in
more details here:
https://www.ovirt.org/blog/2016/05/modify-ifcfg-files/

Marcin

- Original Message -
> From: "Brett Maton" 
> To: "Ovirt Users" 
> Sent: Thursday, October 6, 2016 6:03:23 PM
> Subject: [ovirt-users] VDSM Network Interface configuration
> 
> 
> Where is the configuration that VDSM uses to generate ifcfg files?
> 
> My nameservers have moved and it seems to regenerate the ifcfg (ovirtmgmt)
> file overwriting the changes with the correct name servers in when the
> server is rebooted and s putting in the wrong (old) nameserver addresses.
> 
> Where can I fix this ?
> 
> Thanks
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se



--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AQSGMUK2VN4T4QXIGXFVP6COO74FUQLK/


[ovirt-users] Re: Change host names/IPs

2019-05-14 Thread Marcin Mirecki
Hello Davide,

No, there is no support for changing host ip.
How urgently do you need this?

Thanks,
Marcin



- Original Message -
> From: "Davide Ferrari" 
> To: "users" 
> Sent: Wednesday, October 5, 2016 5:22:57 PM
> Subject: [ovirt-users] Change host names/IPs
> 
> Hello
> 
> Is there a clean way and possibly without downtime to change the hostname and
> IP addresses of all the hosts in a running oVirt cluster?
> 
> --
> Davide Ferrari
> Senior Systems Engineer
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se



--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VYOFIV3YNWZIFOAUPRNVTYE6RBQEF25Q/


[ovirt-users] Re: How to fix ovn apparent inconsistency?

2019-03-20 Thread Marcin Mirecki
Looking at the original state we had:
switch 32367d8a-460f-4447-b35a-abe9ea5187e0 (ovn192)
switch 6110649a-db2b-4de7-8fbc-601095cfe510 (ovn192)
switch 64c4c17f-cd67-4e29-939e-2b952495159f (ovn172)
switch 04501f6b-3977-4ba1-9ead-7096768d796d (ovn172)

In the output of GET, 6110649a-db2b-4de7-8fbc-601095cfe510 is not longer
there, so it has been deleted.
Did you maybe try to submit the request twice?

About  8fd63a10-a2ba-4c56-a8e0-0bc8d70be8b5. There was never a network with
that id, so this is correct.

Also note that to delete a network you will first have to delete its ports.



On Tue, Mar 19, 2019 at 4:58 PM Gianluca Cecchi 
wrote:

>
>
> On Tue, Mar 19, 2019 at 4:44 PM Gianluca Cecchi 
> wrote:
>
>> On Tue, Mar 19, 2019 at 4:31 PM Miguel Duarte de Mora Barroso <
>> mdbarr...@redhat.com> wrote:
>>
>> [snip]
>>
>>
>>> >> >> >> @Gianluca Cecchi , I notice that one of your duplicate networks
>>> -
>>> >> >> >> 'ovn192'  - has no ports attached. That makes it the perfect
>>> candidate
>>> >> >> >> to be deleted, and see if it becomes 'listable' on engine. That
>>> would
>>> >> >> >> help rule out the 'duplicate name' theory.
>>> >> >> >
>>> >> >> >
>>> >> >> >  I can try. Can you give me the command to be run?
>>> >> >> > It is a test oVirt so It would be not a big problem in case of
>>> failures in this respect.
>>> >> >>
>>> >> >> You can delete it via the UI; just be sure to delete the one
>>> without
>>> >> >> ports - it's external ID is 6110649a-db2b-4de7-8fbc-601095cfe510.
>>> >> >>
>>> >> >> It will ask you if you also want to delete it from the external
>>> >> >> provider, say yes.
>>> >> >
>>> >> >
>>> >> >
>>> >> > Inside the GUI I see only one ovn192 network and one ovn172 network
>>> and their external ids don't match the ones without ports...
>>> >> >
>>> >> > - ovn192
>>> >> > Id: 8fd63a10-a2ba-4c56-a8e0-0bc8d70be8b5
>>> >> > External ID: 32367d8a-460f-4447-b35a-abe9ea5187e0
>>> >> >
>>> >> > - ovn172
>>> >> > Id: 7546d5d3-a0e3-40d5-9d22-cf355da47d3a
>>> >> > External ID: 64c4c17f-cd67-4e29-939e-2b952495159f
>>> >> >
>>> >> > So I think I have to delete from command line
>>> >>
>>> >> Check pastebin [0],  with it you can safely delete those 2 networks.
>>> >> Last course of action would be to delete via ovn-nbctl - e.g.
>>> >> ovn-nbctl destroy logical_switch  - but hopefully it won't
>>> >> come to that.
>>> >>
>>> >> [0] - https://paste.fedoraproject.org/paste/mxVUEJZWxG-QHX0mJO1VhA
>>> >>
>>>
>>>
>> I get "not found" for both:
>>
>>  [root@ovmgr1 ~]# curl -k -X DELETE   '
>> https://localhost:9696/v2/networks/6110649a-db2b-4de7-8fbc-601095cfe510'
>>  -H 'X-Auth-Token:
>> WyutJuakjpSzJ4nj7drptpDfbAb3sKcZWvhF3NqRVXRyUpIHz9QGG_ZeeLi7u7trv7Er2D3vAcSX9LIFpXzz7w'
>> {
>>   "error": {
>> "message": "Cannot find Logical_Switch with
>> name=6110649a-db2b-4de7-8fbc-601095cfe510",
>> "code": 404,
>> "title": "Not Found"
>>   }
>> }
>> [root@ovmgr1 ~]# curl -k -X DELETE   '
>> https://localhost:9696/v2/networks/8fd63a10-a2ba-4c56-a8e0-0bc8d70be8b5'
>>  -H 'X-Auth-Token:
>> WyutJuakjpSzJ4nj7drptpDfbAb3sKcZWvhF3NqRVXRyUpIHz9QGG_ZeeLi7u7trv7Er2D3vAcSX9LIFpXzz7w'
>> {
>>   "error": {
>> "message": "Cannot find Logical_Switch with
>> name=8fd63a10-a2ba-4c56-a8e0-0bc8d70be8b5",
>> "code": 404,
>> "title": "Not Found"
>>   }
>> }
>> [root@ovmgr1 ~]#
>>
>> Is there a command to get the supposed list?
>>
>> Thanks for your help.
>> I'm also available to completely reset the OVN config if there is a way
>> for it...
>>
>> Gianluca
>>
>
>
> A GET call outputs this information :
>  [root@ovmgr1 ~]# curl -k -X GET 'https://localhost:9696/v2/networks' -H
> 'X-Auth-Token:
> WyutJuakjpSzJ4nj7drptpDfbAb3sKcZWvhF3NqRVXRyUpIHz9QGG_ZeeLi7u7trv7Er2D3vAcSX9LIFpXzz7w'
> {"networks": [{"status": "ACTIVE", "name": "ovn172", "tenant_id":
> "0001", "mtu": 1442, "port_security_enabled":
> false, "id": "64c4c17f-cd67-4e29-939e-2b952495159f"}, {"status": "ACTIVE",
> "name": "ovn172", "tenant_id": "0001", "mtu":
> 1442, "port_security_enabled": false, "id":
> "04501f6b-3977-4ba1-9ead-7096768d796d"}, {"status": "ACTIVE", "name":
> "ovn192", "tenant_id": "0001", "mtu": 1442,
> "port_security_enabled": false, "id":
> "32367d8a-460f-4447-b35a-abe9ea5187e0"}]}[root@ovmgr1 ~]#
> [root@ovmgr1 ~]#
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PPB523FBFURVOUE5O3RWKFHXOH2RCYE7/


[ovirt-users] Re: How to fix ovn apparent inconsistency?

2019-03-19 Thread Marcin Mirecki
On Mon, Mar 18, 2019 at 5:08 PM Gianluca Cecchi 
wrote:

> On Mon, Mar 18, 2019 at 4:40 PM Miguel Duarte de Mora Barroso <
> mdbarr...@redhat.com> wrote:
>
>> On Mon, Mar 18, 2019 at 2:20 PM Gianluca Cecchi
>>  wrote:
>> >
>> > Hello,
>> > passing from old manual to current OVN in 4.3.1 it seems I have some
>> problems with OVN now.
>> > I cannot assign network on OVN to VM (powered on or off doesn't change).
>> > When I add//edit a vnic, they are not on the possible choices
>> > Environment composed by three hosts and one engine (external on
>> vSphere).
>> > The mgmt network during time has been configured on network named
>> ovirtmgmntZ2Z3
>> > On engine it seems there are 2 switches for every defined ovn network
>> (ovn192 and ovn172)
>> > Below some output of commands in case any inconsistency has remained
>> and I can purge it.
>> > Thanks in advance.
>> >
>>
>> I'm very confused here; you mention that on engine there are 2
>> switches for every ovn network, but, on your ovn-nbctl list
>> logical_switch output I can clearly see the 2 logical switches where
>> the OVN logical networks are stored. Who created those ?
>>
>
> I think it could be related to the situation described here (it is the
> same environment, in the meantime updated also from 4.2.8 to 4.3.1) and
> previous configuration not backed up at that time:
>
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/32S5L4JKHGPHE2XIQMLRIVLOXRG4CHW3/
>
> and some steps not done correctly by me.
> After following indications, I tried to import ovn but probably I did it
> wrong.
>


Is it possible that you added new networks, instead of importing the old
ones?
If so the old networks would just stay in the database, and we would have
duplicated networks like you have now.


>
>
>>
>> Could you show us the properties of those 2 networks ? (e.g. ovn-nbctl
>> list logical_switch 32367d8a-460f-4447-b35a-abe9ea5187e0 & ovn-nbctl
>> list logical_switch 64c4c17f-cd67-4e29-939e-2b952495159f)
>>
>>
> [root@ovmgr1 ~]# ovn-nbctl list logical_switch
> 32367d8a-460f-4447-b35a-abe9ea5187e0
> _uuid   : 32367d8a-460f-4447-b35a-abe9ea5187e0
> acls: []
> dns_records : []
> external_ids: {}
> load_balancer   : []
> name: "ovn192"
> other_config: {subnet="192.168.10.0/24"}
> ports   : [affc5570-3e5a-439c-9fdf-d75d6810e3a3,
> f639d541-2118-4c24-b478-b7a586eb170c]
> qos_rules   : []
> [root@ovmgr1 ~]#
>
> [root@ovmgr1 ~]# ovn-nbctl list logical_switch
> 64c4c17f-cd67-4e29-939e-2b952495159f
> _uuid   : 64c4c17f-cd67-4e29-939e-2b952495159f
> acls: []
> dns_records : []
> external_ids: {}
> load_balancer   : []
> name: "ovn172"
> other_config: {subnet="172.16.10.0/24"}
> ports   : [32c348d9-12e9-4bcf-a43f-69338c887cfc,
> 3c77c2ea-de00-43f9-a5c5-9b3ffea5ec69]
> qos_rules   : []
> [root@ovmgr1 ~]#
>
>
>
>>
>> @Gianluca Cecchi , I notice that one of your duplicate networks -
>> 'ovn192'  - has no ports attached. That makes it the perfect candidate
>> to be deleted, and see if it becomes 'listable' on engine. That would
>> help rule out the 'duplicate name' theory.
>>
>
>  I can try. Can you give me the command to be run?
> It is a test oVirt so It would be not a big problem in case of failures in
> this respect.
>
>
>> At the moment, I can't think of a better alternative. Let's see if
>> Marcin comes up with a better test / idea / alternative.
>>
>> Also, please let us know the version of the ovirt-provider-ovn,
>> openvswitch-ovn-central, and openvswitch-ovn-host.
>>
>
> On engine:
> [root@ovmgr1 ~]# rpm -q ovirt-provider-ovn openvswitch-ovn-central
> openvswitch-ovn-host
> ovirt-provider-ovn-1.2.20-1.el7.noarch
> openvswitch-ovn-central-2.10.1-3.el7.x86_64
> package openvswitch-ovn-host is not installed
> [root@ovmgr1 ~]#
>
> On the 3 hosts I only have this package installed:
> openvswitch-ovn-host-2.10.1-3.el7.x86_64
>
>  Thanks
> Gianluca
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I734KDXNXY3PCO4VMFTK6LO7PDR2VHZR/


[ovirt-users] Re: OVS and Ovirt integration questions

2018-11-16 Thread Marcin Mirecki
On Fri, Nov 16, 2018 at 10:26 AM Ales Musil  wrote:

>
>
> On Thu, Nov 15, 2018 at 10:17 AM <0pk...@riseup.net> wrote:
>
>> Hello,
>>
>> After having integrated OVS with Ovirt and enabled it as default network
>> provider I am facing the following issues.
>>
>
> We are using OVN as network provider.
>
>
>>
>> I can see with "ovs-vsctl show" that the virtual switch / bridge called
>> "br-int" is created. I can see interfaces being added / removed to it as I
>> start / stop VMs.
>>
>> [root@*** ~]# ovs-vsctl show
>> 78e883f9-f074-4292-afce-bb829ded856b
>> Bridge br-int
>> fail_mode: secure
>> Port "vnet6"
>> Interface "vnet6"
>> Port br-int
>> Interface br-int
>> type: internal
>> Port "vnet4"
>> Interface "vnet4"
>> ovs_version: "2.9.0"
>>
>> Now I for example want to create a new interface as shown:
>>
>> ip tuntap add mode tap sniff0
>> ovs-vsctl add-port br-int sniff0 -- --id=@p get port sniff0 -- --id=@m
>> create mirror name=m0 select-all=true output-port=@p -- set bridge br-int
>> mirrors=@m
>> fae36943-2ca7-4914-9679-0b881cd062d8
>>
>> Its created, but how do I assign this sniffing interface to a ovirt VM?
>
>
> If I understand your intentions correctly from now on you just need to add
> OVN network connected to physical 'sniff0'. This can be done via UI in
> Networks -> New network -> Check "Create on physical network" -> Select
> correct provider -> Change to "Custom" and type the 'sniff0' in the
> textbox. From now on you can use vNIC profile of this network and assign it
> to desired VM.
>
>
>
>> also, how can I create sniffing ports listening only on a subset of
>> interfaces if they get dynamically created / removed? vnet6 points to host
>> A now, but after shutting it down starting a few other VMs it will point to
>> host B...
>
>
Matching the interfaces by name is problematic, but I assume you are more
interested about sniffing a specific vm, or a specific interface (with a
known mac)

You could use the vdsm hooks for this.

Every time you plug/unplug an interface, the vdsm host will look for hook
scripts inside:
   /usr/libexec/vdsm/hooks/after_nic_hotplug
   /usr/libexec/vdsm/hooks/after_nic_hotunplug
and execute them after the nic is plugged/unplugged.

Inside the scripts you can retrieve the information about the vm, and the
plugged nic.
A sample script would look as follows:
-
#!/usr/bin/python
import os
vm_id = os.environ['vmId']
nic_xml_file = os.environ['_hook_domxml']
--
with the vm_id being the vm uuid:

and the nic xml file containing something like:


You could identify you port by mac or interfaceid (id of the ovn logical
port).

You could now use this information to adjust your mirror entries.


>
> Adding @Dominik 
>
>
>> How do I control to what vm the vnetX nic gets assigned?
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/FLR67ZYMFONHH3D3AWDIBT6RUYBPTBF4/
>>
>
> Hopefully this helps.
>
> Regards,
> Ales Musil
> --
>
> ALES MUSIL
> Associate Software Engineer - rhv network
>
> Red Hat EMEA 
>
>
> amu...@redhat.com   IM: amusil
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MQRL62MDKSUENAFAYEE2ZSJLJ6BRIWS5/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MSYBRNHIOEHACC4BKX5TQGZCPUF6QUA7/


[ovirt-users] Re: Separating VM network

2018-11-14 Thread Marcin Mirecki
On Wed, Nov 14, 2018 at 5:54 PM  wrote:

> Thanks a lot for you answer, Marcin!
>
> > On Wed, Nov 14, 2018 at 2:24 PM  wrote:
> > Having separate NICs you don't even need separate VLANs. You can just use
> > one NIC for your host/storage network, and use another NIC to create a VM
> > network. You must of course make sure to separate these outside of the
> > hosts.
> > VLANs are useful if you have just one NIC on your host, or want to have
> > multiple networks on a single NIC. You can then create multiple VLAN
> > networks (VLAN devices) on top of your NIC, and so achieve network
> > separation.
> How are these VLAN tags "enforced"? Does the switch automatically separate
> VLANs from each other by default?
>

The VLAN tags are enforced by creating a VLAN device on top of your NIC on
the host (tagging outgoing frames).
Your switch should keep the tagging, unless configured otherwise.


>
> > If you have your VM networks and host network use different NICs, your
> > networks are already separated (L2).
> Yes, but I defined an IP for the "VM" NIC on the hosts which is reachable
> by the VMs (= the VMs are in the same subnet as the host). I want to
> completely make the hosts unreachable by the VM.
> I do not know whether this is best-practice or even necessary? I found
> little to no information about networking best-practices regarding oVirt.
>

If the VM networks are on different VLANs, the subnets are irrelevant,
since you have L2 separation.
You might want to create another VLAN for your local host traffic if you
want to use the same NIC.


>
> Just as an anecdote: we had an laptop in the network of the hosts/storages
> which had for some reason had a static IP defined by an employee - which
> was also assigned to an storage server - which in turn resulted in some
> downtime.
>
> I think separating the hosts/storage from the rest of the network was a
> good first step to prevent such incidents but - as I said before - I am not
> sure whether it suffices.
>

It should do the trick. You will probably need to route your vm traffic out
of the VM network at some stage, which will connect your VM networks with
the rest of your network, but that will be on L3.

>
> Thanks again for all your input!
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/4YLDMESO5ZRPY7YGIEBBP5XUACI5STSU/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XD5APM5KS2YBXSBTETO6A3AEDWLHWCUR/


[ovirt-users] Re: Separating VM network

2018-11-14 Thread Marcin Mirecki
On Wed, Nov 14, 2018 at 2:24 PM  wrote:

> We would like to separate our VM traffic completely from our host/storage
> network. As far as I can see, there is no definitive guide to achieve this
> by using VLANs/separate VM networks/subnetting.
>

Having separate NICs you don't even need separate VLANs. You can just use
one NIC for your host/storage network, and use another NIC to create a VM
network. You must of course make sure to separate these outside of the
hosts.
VLANs are useful if you have just one NIC on your host, or want to have
multiple networks on a single NIC. You can then create multiple VLAN
networks (VLAN devices) on top of your NIC, and so achieve network
separation.


> In our current setup:
> - the storage traffic happens in a separate VLAN (configured directly on
> the switch) on separate NICs on both hosts/storages in the
> 192.168.179.0/24 subnet
> - all other infrastructure (oVirt hosts, gateway, DHCP, DNS, VM
> thinclients, switches, ...) are in the 192.168.178.0/24 subnet
> We now want to separate the oVirt hosts/engine completely from the other
> infrastructure, eg. the VMs and thinclients.
>

If you have your VM networks and host network use different NICs, your
networks are already separated (L2).

>
> I am not experienced in networking and would be very thankful for all
> hints/tipps!
>
> Thanks in advance,
> David
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/FKDIYT5MUOFSZ444VARD7MVN5M5ANUKA/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2U6QM2WDICU6DLUPLPGNPUXMH7MZF54L/


[ovirt-users] Re: Networking - interface and security questions

2018-11-14 Thread Marcin Mirecki
Hello,

The problem with ovn ( 'br-int': No such device) occurs because you are
missing an ovs bridge named "br-int" on your host.
This is the integration bridge used by ovn to create its logical networks.
This is normally created by default during ovs/ovn installation. Please try
adding this manually:
ovs-vsctl add-br br-int
You can check if it exists using:
   ovs-vsctl show
Once added the vm should start fine.

The network filters which you can define in ovirt are the libvirt network
filters (https://libvirt.org/formatnwfilter.html)

Afaik there is not "default" firewall solution advised for ovirt. I will
check if there are any good practices described, but I have not seen any so
far.

Marcin

On Tue, Nov 13, 2018 at 11:43 PM  wrote:

> Hello,
>
> I'm trying to setup a new ovirt install and have run into some general
> issues that I hope someone can help with.
>
> I'm somewhat new to ovirt (but not virtualization).
>
> First off, I've been doing lots of reading and I can't seem to find what
> the generally accepted method is for firewalling access between networks
> and VMs is in ovirt?  I see references to network filters, but no obvious
> ways to set ports or modify the configuration beyond a set list of general
> good-practice policies (no arp spoofing, etc).
>
> What do people use in a production environment?  Trunk out to an external
> firewall and do the filtering there?  Run iptables or some rules locally in
> each VM? Or just run pfSense or other firewall software as another VM and
> manage it there?
>
> And lastly, I'm trying to setup a new interface using the external ovn
> provider but am having problems.
>
> I can define the external provider network just fine (not connected to
> physical network), but can't seem to actually use it.
>
> When I create a new VM and assign the new network to an associated
> interface, the VM fails to start.
>
> The error I get is:
>
> "VM testvm is down with error. Exit message: Cannot get interface MTU on
> 'br-int': No such device."
>
> Am I missing something obvious here?
>
> I'm running oVirt 4.2.7 with the latest oVirt Node on a few hosts (also
> 4.2.7).
>
> All my configuration has been via the web interface so far.
>
> Sincerely,
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGPKRCARFQOMQFND5KWGSGLVCEEUO4AV/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BS5GRBVR3BR7UHVFNF7CXCENM5XZCREN/


[ovirt-users] Re: Ovirt and L2 Gateway

2018-07-03 Thread Marcin Mirecki
Hi Carl,

Glad to hear it helped, and thanks for the description.
May I ask why you want to channel the traffic through
one host?
This solution has a disadvantage of pushing all outfgoing
traffic from the OVN network through a single host, which
is not quite optimal for performance. It would be interesting
for us to know the use case for this.

Thanks,
Marcin


On Sun, Jul 1, 2018 at 6:27 PM,  wrote:

> Hi Marcin.
>
> Thank you for the hint. I have now got the l2gateway functionality working
> as I hoped for.
>
> To sum up the exact steps taken (I am running the new oVirt v. 4.2.4):
>
> 1. In oVirt's web-management interface add the needed "physical network"
> network (by which I mean a network created without clicking the "Create on
> External Provider" check box). When creating the "physical network" click
> "Enable VLAN tagging" and specify the right VLAN ID if this is relevant. In
> the following the name of this newly created "physical network" is referred
> to by the variable $physnet and the VLAN ID is referred to by the variable
> $tag.
>
> 2. Notice that an extra OVN network named "external_$physnet" is
> automatically created by oVirt v. 4.2.4. This _might_ be important and I
> think that you _might_ have to create a similar network yourself if using
> older oVirt versions. Then you would have to create a similar OVN network
> manually and remember to click the "Create on External Provider" check box,
> click the "Connect to Data Center Network" and select the "physical
> network" ($physnet) you created in step 1.
>
> 3. Add the newly created "physical network" ($physnet) to the physical
> interface on the physical host which you want to become your future L2
> Gateway. Do this by clicking the host, selecting "Network Interfaces" and
> clicking the "Setup Host Networks" button. In the window opened drag-drop
> the "physical network" ($physnet) icon onto the box containing the name of
> the relevant physical interface of the host.
>
> 4. In oVirt create a pure OVN overlay network (by clicking the "Create on
> External Provider" check box) which will be used for communication by all
> VM's needing access to the physical network - no matter which host they are
> running on and no matter if the host has a direct physical interface to the
> "physical network" ($physnet) or not. In the following the name of this
> newly created OVN overlay network will referred to by the variable $ovn.
>
> 5. Enter this command on the oVirt engine server to find the chassis UUID
> of the future L2 Gateway host:
> # ovn-sbctl show
>
> Which creates output similar to this:
>
> Chassis "16a1d7e4-70f6-4683-8ad6-77fe7fa6d03f"
> hostname: "kvm1.ovirt.local"
> Encap geneve
> ip: "10.100.0.11"
> options: {csum="true"}
> Chassis "2801ee0b-46c4-4c23-aafc-85804afdff54"
> hostname: "kvm2.ovirt.local"
> Encap geneve
> ip: "10.100.0.12"
> options: {csum="true"}
> Chassis "e732b833-200c-45bb-b55f-25c0f2ab504e"
> hostname: "kvm3.ovirt.local"
> Encap geneve
> ip: "10.100.0.13"
> options: {csum="true"}
>
> Notice the Chassis UUID for the oVirt host which you want to become your
> L2 Gateway: If you e.g. want kvm3.ovirt.local to become your future L2
> Gateway then the chassis UUID in the above example would be
> "e732b833-200c-45bb-b55f-25c0f2ab504e". In the following the correct
> chassis UUID will be referred to by the variable $chassisUUID.
>
> 6. Enter these commands on the oVirt engine server to create a L2 Gateway
> with a name contained in the variable $l2gw (the name is not important but
> you might want to select something meaningful like "l2gw_$physnet"):
> # ovn-nbctl lsp-add $ovn $l2gw "" $tag
> # ovn-nbctl lsp-set-addresses $l2gw unknown
> # ovn-nbctl lsp-set-type $l2gw l2gateway
> # ovn-nbctl lsp-set-options $l2gw network_name=$physnet
> l2gateway-chassis=$chassisUUID
>
> Here you need to be extra careful because the OVN developers have been a
> little sloppy while naming different option keys: The network name uses an
> UNDERSCORE so it is called "network_name" whereas the L2 Gateway chassis
> uses a HYPHEN so it is called "l2gateway-chassis". If you get this wrong
> you can spend quite some time debugging - trust me!!!
>
> That's it. oVirt takes care of the rest :-)
>
> Best regards,
>
> Carl
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/HAHNME4UAG4GI2G54RZSUXGO632Q6ALT/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 

[ovirt-users] Re: Dedicated underlay network for overlay traffic

2018-07-03 Thread Marcin Mirecki
The OVN tunnels are set up during host installation, when
only 'ovirtmgmt' is available (no other networks are created
yet).
You can change the tunneling network for a cluster by using
the procedure described below. This will hopefully be integrated
into the UI one day.

1. Go to:
cd /use/share/ovirt-engine/playbooks

2. Execute:
ansible-playbook --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa -i
/usr/share/ovirt-engine-metrics/bin/ovirt-engine-hosts-ansible-inventory
--extra-vars
" cluster_name= ovn_central=
ovn_tunneling_interface=" ovirt-provider-ovn-driver.yml

Note that this only changes the settings on existing hosts.
If new hosts are added to the cluster, the procedure has to be repeated.

The OVN tunnel network can also be changed on an individual host by
invoking:
vdsm-tool ovn-config  

Marcin


On Sun, Jul 1, 2018 at 7:03 PM,  wrote:

> I am going to be using OVN Geneve overlay networks extensively and I
> expect a lot of traffic on the underlay network being used for transmission
> of the tunnel traffic.
>
> In oVirt the default seems to be that the network "ovirtmgmt" is being
> used for the underlay network - which could cause problems for management
> traffic if vms are saturating the link with traffic on different OVN
> overlay networks.
>
> When selecting a specific cluster, selecting "Logical Networks" and
> pressing the "Manage Networks" button it is possible to specify that a
> specific Data Center Network shall be limited to one or more of the
> following traffic types:
> - VM Network
> - Management
> - Display Network
> - Migration Network
> - Gluster Network
> - Default Route
>
> Here I miss an option called "Underlay Network for OVN Geneve traffic" or
> similar.
>
> Is there a way - e.g. by editing some configuration files on the oVirt
> engine and on the oVirt nodes - to divert all overlay Geneve traffic away
> from the management interface unto a dedicated network interface?
>
> Carl
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/7MX6GKDKNQ7GCIWPEEMH374YIJ3JLDHF/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GHLEPKJ76DABPOZCINN6YSEKAETHHH4G/


[ovirt-users] Re: where did virbr0: come from?

2018-06-29 Thread Marcin Mirecki
host-141 should only resolve on the interface you selected to create the
management bridge.
Please check your /etc/hosts and /etc/resolv.conf for problems

On Thu, Jun 28, 2018 at 11:11 PM, Conrad Jones 
wrote:

> I installed
>
> * CentOS
> * Master repo for ovirt
> * create ovirtmgmt bridge via network scripts (not virbr0)
> * installed VDSM
> * installed cockpit
> * installed cockpit-ovirt-dashboard.noarch
>
> i suspect the virbr0 came from installing the
> cockpit-ovirt-dashboard.noarch components as it also installed a whole host
> of stuff like virt-manager-common.noarch
>
> Anyway this causes the hosted ovirt-engine vm install to fail from cockpit
> as
>
> "[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
> "hostname 'host-141' doesn't uniquely match the interface 'enp3s0' selected
> for the management bridge; it matches also interface with IP
> [u'192.168.122.1']. Please make sure that the hostname got from the
> interface for the management network resolves only there.\n"}"
>
> ---
>
> [sysadmin@host-141 ~]$ ip addr
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: enp3s0:  mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UP group default qlen 1000
> link/ether e0:d5:5e:73:ad:5e brd ff:ff:ff:ff:ff:ff
> inet6 fe80::e2d5:5eff:fe73:ad5e/64 scope link
>valid_lft forever preferred_lft forever
> 18: ovirtmgmt:  mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether e0:d5:5e:73:ad:5e brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.141/24 brd 192.168.1.255 scope global ovirtmgmt
>valid_lft forever preferred_lft forever
> inet6 fe80::e2d5:5eff:fe73:ad5e/64 scope link
>valid_lft forever preferred_lft forever
> 19: virbr0:  mtu 1500 qdisc noqueue
> state DOWN group default qlen 1000
> link/ether 52:54:00:e5:0d:40 brd ff:ff:ff:ff:ff:ff
> inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>valid_lft forever preferred_lft forever
> 20: virbr0-nic:  mtu 1500 qdisc pfifo_fast master
> virbr0 state DOWN group default qlen 1000
> link/ether 52:54:00:e5:0d:40 brd ff:ff:ff:ff:ff:ff
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/WM7GH6K6XH2TNUPA4ZOPUT76TIZKVVJV/
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QVDVIGWRBBSDI4ZVD6ZZYLTMRNZHNWGX/


[ovirt-users] Re: Ovirt and L2 Gateway

2018-06-27 Thread Marcin Mirecki
Hi Carl,

What you want is probably to use the l2gateway type logical switch port in
OVN.
Please refer to the following doc for the description (not very detailed
unfortunately):
http://www.openvswitch.org//support/dist-docs/ovn-nb.5.txt
Look at the Logical_Switch_Port Table type field, along with some of the
options keys.

Unfortunately we do not support this in ovirt, nor is this supported in
ovirt-provider-ovn.
To use this ovn feature, you will have to manually add an l2gateway port to
your environment.

Marcin



On Sun, Jun 24, 2018 at 11:18 PM,  wrote:

> I have install ovirt 4.2.3 and everything seems to be working fine: I can
> create virtual (Geneve overlay) networks for communication between virtual
> machines via the external provider ovirt-provider-ovn by using the OWS
> switch on the cluster. Live migrations and everything else within the
> virtual environment works perfectly :-)
>
> For connections from virtual machines to physical VLAN's in a switch, I
> can also create a logical network which is created using the external
> provider ovirt-provider-ovn by specifying a connection to a physical VLAN
> network created as a separate data center network. This method requires
> that all ovirt-nodes (hosts) in the cluster have access to the physical
> network though.
>
> What I am looking for is a way to implement a L2 Gateway such that (not
> all) ovirt nodes (hosts) need to have direct access to the physical
> network. What I am looking for is a way where virtual machines can
> communicate with the L2 Gateway via virtual (Geneve overlay) networks. On
> the L2 Gateway the virtual network shall then be bridged to the physical
> VLAN on a dedicated network interface. My goal is that the virtual network
> and the physical network becomes one big broadcast domain.
>
> This concept has been described by different people on the Internet such
> as these articles:
> - https://weiti.org/ovn/2018/01/03/ovn-l2-breakout-options
> - https://wiki.openstack.org/wiki/Neutron/L2-GW
>
> How can I accomplish something similar in an ovirt-environment?
>
> Thanks in advance,
>
> Carl Grundholm
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/SUQWX4PAQ2OWM6LQIEQALKEC7YSDHCF2/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SDBDWQX4C2EYRMC57Y4HZGF3MWN6SU5R/


[ovirt-users] Re: Hey, guys, I have a trouble with ovirt OVN.

2018-06-07 Thread Marcin Mirecki
Is this an ovs cluster?
Connecting ovn networks to physcial networks only works for ovs based
networks
The ovn network is connected to a physical network: ovirtmgmt
Is ovirtmgmt an ovs network?



On Thu, Jun 7, 2018 at 2:12 PM, Petr Horacek  wrote:

> Hi Marcin, do you see what could be the problem here? Maybe I'm missing
> something.
>
> 2018-06-07 14:08 GMT+02:00 Egor Chyzhevskiy :
>
>> I tried, but my vm didn't get ip address..
>>
>> 2018-06-07 15:06 GMT+03:00 Petr Horacek :
>>
>>> Just skip the subnet step. Create the network, connect it to physnet and
>>> attach a VM.
>>>
>>> 2018-06-07 13:59 GMT+02:00 Egor Chyzhevskiy :
>>>
 Thank you for fast response. Ok, for example, i gave subnet to my ovn
 network 172.20.139.108/30 and my vm get ip 172.20.139.110. After that
 i tick connect to physical network ovirtmgmt(all vm's in this network has
 ip 172.20.139.x). I don't have ping between vm 172.20.139.110(from ovn
 network with subnet) and 172.20.139.x (from physical network ovirtmgmt).
 What shoul i do to get communication between them?

 2018-06-07 12:07 GMT+03:00 Petr Horacek :

> You should not assign a subnet to external provider network connected
> to physical network. I think both physical and OVN DHCP servers will work,
> but I'm not sure which one has priority.
>
> If you have DHCP server running on your ovirtmgmt network, just create
> a network on external provider and connect it to the ovirtmgmt. Then VMs
> connected to this network should obtain IP from ovirtmgmt DHCP server and
> they should be able to ping one another or ovirtmgmt interface.
>
> Hope that makes it a bit more clear.
>
> 2018-06-07 9:45 GMT+02:00 Чижевский _ЕД :
>
>> You are right, but one little thing, i think that ovn has his own
>> dhcp service.. Am i right? Could you please tell me some words, how does
>> work option when i tick connect to physical network? For example, can i
>> ping vm's from ovn network to ovirtmgmt, or how does it work?
>>
>>
>>
>>
>

>>>
>>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPAOTBHODPIOT5JWK4ANGEVR2MS44BIK/


[ovirt-users] Re: update from 4.1.9 to 4.2.3 and OVN doubt

2018-05-23 Thread Marcin Mirecki
If the old setup is working, I would keep it, and manually update the
provider and openvswitch (yum update ...).
In the future 4.2 I hope the feature of re-using an existing provider will
already be there.

The setup is asking for user and password because we do not store these
values across invocations of engine-setup.
During a fresh install run we have it, as the user has to set it up, on
update runs we don't. The provider needs this in
order to authenticate users using ovirt-engine authentication.
Ovirt authentication for the provider can be disabled, but this has to be
done manually.

On Wed, May 23, 2018 at 10:22 AM, Gianluca Cecchi <gianluca.cec...@gmail.com
> wrote:

> On Wed, May 23, 2018 at 10:04 AM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
>
>> Hi Gianluca,
>>
>> The provider in version 4.1 was installed automatically, but it did not
>> save the fact of being installed.
>> Hence if you try to install it in 4.2, it will try to install itself
>> again (and this time it will save the info of being installed).
>>
>> I'm planning to add a feature that will allow reusing an already existing
>> provider during engine-setup. For now you can skip the provider
>> installation, the existing one will be kept as it is.
>>
>> Thanks,
>> Marcin
>>
>>
> If the reinstall doesn't imply broken upgrade it is not a problem for me
> and then delete the old ovn setup and reconfigure the few vnics involved
> with OVN on the new environment.
>
> If I choose to install the new one, the two inputs required:
>
>   oVirt OVN provider user[admin@internal]:
>   oVirt OVN provider password:
>
> can be any settings or have to be related with the old setup?
>
> So you advise to keep the old one and skip OVN for now and I can continue
> to use in the mean time the OVN provider already setup in 4.1, correct?
> Then in a future 4.2.x release when I will run engine-setup again I can
> choose instead to install ovn provider, and it will keep anyway the already
> configured one without need to resetup OVN and vNICS, correct?
> In this case I will follow what you suggest.
>
> Gianluca
>
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org


[ovirt-users] Re: update from 4.1.9 to 4.2.3 and OVN doubt

2018-05-23 Thread Marcin Mirecki
Hi Gianluca,

The provider in version 4.1 was installed automatically, but it did not
save the fact of being installed.
Hence if you try to install it in 4.2, it will try to install itself again
(and this time it will save the info of being installed).

I'm planning to add a feature that will allow reusing an already existing
provider during engine-setup. For now you can skip the provider
installation, the existing one will be kept as it is.

Thanks,
Marcin

On Mon, May 21, 2018 at 4:55 PM, Gianluca Cecchi 
wrote:

>
>
>>
>>
> Another information regarding my current environment:
> From engine database it results that my OVN provider name is "OVN"
>
> engine=# select id,name from providers;
>   id  |  name
> --+
>  ceab03af-7220-4d42-8f5c-9b557f5d29af | ovirt-image-repository
>  84546a85-2958-4c1d-bbfe-afeb486ebda9 | OVN
> (2 rows)
>
> engine=#
>
> why it seems that in its default config it would name it
> "ovirt-provider-ovn"?
> Does this mean that it will be no conflict in name? But what about the
> current nortbridge and southbridge configs?
>
> Currently my central server is the engine (that is external to the infra)
> and it shows this:
>
> [root@ovmgr1 ~]# ovn-sbctl show
> Chassis "1dce5b7c-a9fc-4ddb-99b4-e2c9e0fa54c5"
> hostname: "ov200.mydomain"
> Encap geneve
> ip: "10.4.192.32"
> options: {csum="true"}
> Chassis "b8872ab5-4606-4a79-b77d-9d956a18d349"
> hostname: "ov301.mydomain"
> Encap geneve
> ip: "10.4.192.34"
> options: {csum="true"}
> Chassis "ddecf0da-4708-4f93-958b-6af365a5eeca"
> hostname: "ov300.mydomain"
> Encap geneve
> ip: "10.4.192.33"
> options: {csum="true"}
> [root@ovmgr1 ~]#
>
> and
>
> [root@ovmgr1 ~]# ovn-nbctl show
> switch 32367d8a-460f-4447-b35a-abe9ea5187e0 (ovn192)
> port affc5570-3e5a-439c-9fdf-d75d6810e3a3
> addresses: ["00:1a:4a:17:01:73 dynamic"]
> port f639d541-2118-4c24-b478-b7a586eb170c
> addresses: ["00:1a:4a:17:01:75 dynamic"]
> switch 6110649a-db2b-4de7-8fbc-601095cfe510 (ovn192)
> switch 64c4c17f-cd67-4e29-939e-2b952495159f (ovn172)
> port 32c348d9-12e9-4bcf-a43f-69338c887cfc
> addresses: ["00:1a:4a:17:01:72 dynamic"]
> port 3c77c2ea-de00-43f9-a5c5-9b3ffea5ec69
> addresses: ["00:1a:4a:17:01:74 dynamic"]
> switch 04501f6b-3977-4ba1-9ead-7096768d796d (ovn172)
> port 0a2a47bc-ea0d-4f1d-8f49-ec903e519983
> addresses: ["00:1a:4a:17:01:65 dynamic"]
> port 8fc7bed4-7663-4903-922b-05e490c6a5a1
> addresses: ["00:1a:4a:17:01:64 dynamic"]
> port f2b64f89-b719-484c-ac02-2a1ac8eaacdb
> addresses: ["00:1a:4a:17:01:59 dynamic"]
> port f7389c88-1ea1-47c2-92fd-6beffb2e2190
> addresses: ["00:1a:4a:17:01:58 dynamic"]
> [root@ovmgr1 ~]#
>
>
> and on my hosts currently I have something like this (eg on ov200):
>
> [root@ov200 ~]# ovs-vsctl show
> ae0a1256-7250-46a2-a1b6-8f0ae6105c20
> Bridge br-int
> fail_mode: secure
> Port br-int
> Interface br-int
> type: internal
> Port "ovn-ddecf0-0"
> Interface "ovn-ddecf0-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.4.192.33"}
> Port "ovn-b8872a-0"
> Interface "ovn-b8872a-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.4.192.34"}
> ovs_version: "2.7.3"
> [root@ov200 ~]#
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org


[ovirt-users] Re: Problems with OVN

2018-05-08 Thread Marcin Mirecki
One way is to set the interfaces on the vm's to use dhcp.
The ovn dhcp is set to use the maximum allowed mtu value (1442 if host nic
mtu is 1500).
Another option would be to increase the host mtu all network devices
outside the vm to be bigger by 58 than the vm mtu.
The difference is caused by the tunneling overhead on each packet.

On Tue, May 8, 2018 at 7:11 PM, Samuli Heinonen <samp...@neutraali.net>
wrote:

> Thanks Marcin! I set MTU to 1400 and connections seem to work. I haven't
> experienced any disconnects so far.
>
> Is there any other way to set MTU rather than setting it per VM? Ie.
> setting it on oVirt/OVN side.
>
> -samuli
>
>
> Marcin Mirecki wrote:
>
>> Could you try the following:
>> on the vms, lower the mtu of the vnics connected to the ovn network?
>> And try again?
>>
>>
>> On Tue, May 8, 2018 at 11:40 AM, Samuli Heinonen<samp...@neutraali.net>
>> wrote:
>>
>> Hi Marcin,
>>>
>>> Here is ip addr output from virtual machines:
>>>
>>> [root@testi2 ~]# ip addr
>>> 1: lo:<LOOPBACK,UP,LOWER_UP>  mtu 65536 qdisc noqueue state UNKNOWN qlen
>>> 1
>>>  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>  inet 127.0.0.1/8 scope host lo
>>> valid_lft forever preferred_lft forever
>>>  inet6 ::1/128 scope host
>>> valid_lft forever preferred_lft forever
>>> 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500 qdisc pfifo_fast
>>> state UP qlen 1000
>>>  link/ether 00:1a:4a:16:01:05 brd ff:ff:ff:ff:ff:ff
>>>  inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic eth0
>>> valid_lft 86331sec preferred_lft 86331sec
>>>  inet6 fe80::21a:4aff:fe16:105/64 scope link
>>> valid_lft forever preferred_lft forever
>>> 3: eth2:<BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500 qdisc pfifo_fast
>>> state UP qlen 1000
>>>  link/ether 00:1a:4a:16:01:03 brd ff:ff:ff:ff:ff:ff
>>>  inet 10.0.200.10/24 brd 10.0.200.255 scope global dynamic eth2
>>> valid_lft 86334sec preferred_lft 86334sec
>>>  inet6 fe80::21a:4aff:fe16:103/64 scope link
>>> valid_lft forever preferred_lft forever
>>>
>>> eth0 connected to network ovirtmgmt
>>> eth2 connected to OVN network vm-public
>>>
>>> [root@testi6 ~]# ip addr
>>> 1: lo:<LOOPBACK,UP,LOWER_UP>  mtu 65536 qdisc noqueue state UNKNOWN qlen
>>> 1
>>>  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>  inet 127.0.0.1/8 scope host lo
>>> valid_lft forever preferred_lft forever
>>>  inet6 ::1/128 scope host
>>> valid_lft forever preferred_lft forever
>>> 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500 qdisc pfifo_fast
>>> state UP qlen 1000
>>>  link/ether 00:1a:4a:16:01:0b brd ff:ff:ff:ff:ff:ff
>>>  inet 10.0.1.27/24 brd 10.0.1.255 scope global dynamic eth0
>>> valid_lft 86187sec preferred_lft 86187sec
>>>  inet6 fe80::21a:4aff:fe16:10b/64 scope link
>>> valid_lft forever preferred_lft forever
>>> 3: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500 qdisc pfifo_fast
>>> state UP qlen 1000
>>>  link/ether 00:1a:4a:16:01:0c brd ff:ff:ff:ff:ff:ff
>>>  inet 10.0.200.11/24 brd 10.0.200.255 scope global dynamic eth1
>>> valid_lft 86301sec preferred_lft 86301sec
>>>  inet6 fe80::21a:4aff:fe16:10c/64 scope link
>>> valid_lft forever preferred_lft forever
>>>
>>> eth0 connected to network ovirtmgmt
>>> eth1 connected to OVN network vm-public
>>>
>>> Best regards,
>>> Samuli
>>>
>>>
>>>
>>> Marcin Mirecki kirjoitti 08.05.2018 10:14:
>>>
>>> Hi Samuli,
>>>>
>>>> Your configuration looks correct.
>>>> Can you also send me the result of 'ip addr' on your vm's?
>>>>
>>>> Thanks,
>>>> Marcin
>>>>
>>>> On Mon, May 7, 2018 at 7:44 PM, Samuli Heinonen
>>>> <samp...@neutraali.net>  wrote:
>>>>
>>>> Hi Marcin,
>>>>
>>>>> Thank you for your response.
>>>>>
>>>>> I used engine-setup to do the configuration. Only exception is that
>>>>> I had to run "vdsm-tool ovn-config engine-ip local-ip" (ie.
>>>>> vdsm-tool ovn-config 10.0.1.101 10.0.1.21) on hypervisors.
>>>>>
>>>>> Here is t

[ovirt-users] Re: Problems with OVN

2018-05-08 Thread Marcin Mirecki
Could you try the following:
on the vms, lower the mtu of the vnics connected to the ovn network?
And try again?


On Tue, May 8, 2018 at 11:40 AM, Samuli Heinonen <samp...@neutraali.net>
wrote:

> Hi Marcin,
>
> Here is ip addr output from virtual machines:
>
> [root@testi2 ~]# ip addr
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:1a:4a:16:01:05 brd ff:ff:ff:ff:ff:ff
> inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic eth0
>valid_lft 86331sec preferred_lft 86331sec
> inet6 fe80::21a:4aff:fe16:105/64 scope link
>valid_lft forever preferred_lft forever
> 3: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:1a:4a:16:01:03 brd ff:ff:ff:ff:ff:ff
> inet 10.0.200.10/24 brd 10.0.200.255 scope global dynamic eth2
>valid_lft 86334sec preferred_lft 86334sec
> inet6 fe80::21a:4aff:fe16:103/64 scope link
>valid_lft forever preferred_lft forever
>
> eth0 connected to network ovirtmgmt
> eth2 connected to OVN network vm-public
>
> [root@testi6 ~]# ip addr
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:1a:4a:16:01:0b brd ff:ff:ff:ff:ff:ff
> inet 10.0.1.27/24 brd 10.0.1.255 scope global dynamic eth0
>valid_lft 86187sec preferred_lft 86187sec
> inet6 fe80::21a:4aff:fe16:10b/64 scope link
>valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:1a:4a:16:01:0c brd ff:ff:ff:ff:ff:ff
> inet 10.0.200.11/24 brd 10.0.200.255 scope global dynamic eth1
>valid_lft 86301sec preferred_lft 86301sec
> inet6 fe80::21a:4aff:fe16:10c/64 scope link
>valid_lft forever preferred_lft forever
>
> eth0 connected to network ovirtmgmt
> eth1 connected to OVN network vm-public
>
> Best regards,
> Samuli
>
>
>
> Marcin Mirecki kirjoitti 08.05.2018 10:14:
>
>> Hi Samuli,
>>
>> Your configuration looks correct.
>> Can you also send me the result of 'ip addr' on your vm's?
>>
>> Thanks,
>> Marcin
>>
>> On Mon, May 7, 2018 at 7:44 PM, Samuli Heinonen
>> <samp...@neutraali.net> wrote:
>>
>> Hi Marcin,
>>>
>>> Thank you for your response.
>>>
>>> I used engine-setup to do the configuration. Only exception is that
>>> I had to run "vdsm-tool ovn-config engine-ip local-ip" (ie.
>>> vdsm-tool ovn-config 10.0.1.101 10.0.1.21) on hypervisors.
>>>
>>> Here is the output of requested commands:
>>>
>>> [root@oe ~]# ovn-sbctl show
>>> Chassis "049183d5-61b6-4b9c-bae3-c7b10d30f8cb"
>>> hostname: "o2.hirundinidae.local"
>>> Encap geneve
>>> ip: "10.0.1.18"
>>> options: {csum="true"}
>>> Port_Binding "87c5e44a-7c8b-41b2-89a6-fa52f27643ed"
>>> Chassis "972f1b7b-10de-4e4f-a5f9-f080890f087d"
>>> hostname: "o3.hirundinidae.local"
>>> Encap geneve
>>> ip: "10.0.1.21"
>>> options: {csum="true"}
>>> Port_Binding "ccea5185-3efa-4d9c-9475-9e46009fea4f"
>>> Port_Binding "e868219c-f16c-45c6-b7b1-72d044fee602"
>>>
>>> [root@oe ~]# ovn-nbctl show
>>> switch 7d264a6c-ea48-4a6d-9663-5244102dc9bb (vm-private)
>>> port 4ec3ecf6-d04a-406c-8354-c5e195ffde05
>>> addresses: ["00:1a:4a:16:01:06 dynamic"]
>>> switch 40aedb7d-b1c3-400e-9ddb-16bee3bb312a (vm-public)
>>> port 87c5e44a-7c8b-41b2-89a6-fa52f27643ed
>>> addresses: ["00:1a:4a:16:01:03"]
>>> port ccea5185-3efa-4d9c-9475-9e46009fea4f
>>> addresses: ["00:1a:4a:16:01:0c"]
>>> port e868219c-f16c-45c6-b7b1-72d044fee602
>>> addresses: ["00:1a:4a:16:01:0a"]
>>>
>>> [root@o2 ~]# ip addr

[ovirt-users] Re: Problems with OVN

2018-05-08 Thread Marcin Mirecki
te_ip="10.0.1.21"}
> Port "vnet0"
> Interface "vnet0"
> ovs_version: "2.9.0"
>
> [root@o3 ~]# ip addr
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UP qlen 1000
> link/ether 78:f2:9e:90:bc:50 brd ff:ff:ff:ff:ff:ff
> 3: enp0s20f0u5c2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast master public state UNKNOWN qlen 1000
> link/ether 50:3e:aa:4c:9c:03 brd ff:ff:ff:ff:ff:ff
> 4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen
> 1000
> link/ether 7e:43:c1:b0:48:73 brd ff:ff:ff:ff:ff:ff
> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
> link/ether 3a:fe:68:34:31:4c brd ff:ff:ff:ff:ff:ff
> 21: public: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP qlen 1000
> link/ether 50:3e:aa:4c:9c:03 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::523e:aaff:fe4c:9c03/64 scope link
>valid_lft forever preferred_lft forever
> 22: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP qlen 1000
> link/ether 78:f2:9e:90:bc:50 brd ff:ff:ff:ff:ff:ff
> inet 10.0.1.21/24 brd 10.0.1.255 scope global ovirtmgmt
>valid_lft forever preferred_lft forever
> inet6 fe80::7af2:9eff:fe90:bc50/64 scope link
>valid_lft forever preferred_lft forever
> 24: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen
> 1000
> link/ether 02:92:3f:89:f2:c7 brd ff:ff:ff:ff:ff:ff
> 25: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UNKNOWN qlen 1000
> link/ether fe:16:3e:0b:b1:2d brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc16:3eff:fe0b:b12d/64 scope link
>valid_lft forever preferred_lft forever
> 27: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UNKNOWN qlen 1000
> link/ether fe:1a:4a:16:01:0b brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:10b/64 scope link
>valid_lft forever preferred_lft forever
> 29: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovs-system state UNKNOWN qlen 1000
> link/ether fe:1a:4a:16:01:0c brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:10c/64 scope link
>valid_lft forever preferred_lft forever
> 31: vnet6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UNKNOWN qlen 1000
> link/ether fe:1a:4a:16:01:07 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:107/64 scope link
>valid_lft forever preferred_lft forever
> 32: vnet7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master public state UNKNOWN qlen 1000
> link/ether fe:1a:4a:16:01:09 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:109/64 scope link
>valid_lft forever preferred_lft forever
> 33: vnet8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovs-system state UNKNOWN qlen 1000
> link/ether fe:1a:4a:16:01:0a brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:10a/64 scope link
>    valid_lft forever preferred_lft forever
> 34: genev_sys_6081: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65000 qdisc
> noqueue master ovs-system state UNKNOWN qlen 1000
> link/ether 46:88:1c:22:6f:c3 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::4488:1cff:fe22:6fc3/64 scope link
>valid_lft forever preferred_lft forever
>
> [root@o3 ~]# ovs-vsctl show
> 8c2c19fc-d9e4-423d-afcb-f5ecff602ca7
> Bridge br-int
> fail_mode: secure
> Port "vnet4"
> Interface "vnet4"
> Port "ovn-049183-0"
> Interface "ovn-049183-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.0.1.18"}
> Port "vnet8"
> Interface "vnet8"
> Port br-int
> Interface br-int
> type: internal
> ovs_version: "2.9.0"
>
> Best regards,
> Samuli
>
>
> Marcin Mirecki wrote:
>
>> Hi Samuli,
>>
>> Let's first make sure the configuration is correct.
>> How did you configure the env? Did you use the automatic engine-setup
>> configuration?
>

Re: [ovirt-users] Problems with OVN

2018-05-07 Thread Marcin Mirecki
Hi Samuli,

Let's first make sure the configuration is correct.
How did you configure the env? Did you use the automatic engine-setup
configuration?

Can you please send me the output of the following:

on engine:
  ovn-sbctl show
  ovn-nbctl show

on hosts:
  ip addr
  ovs-vsctl show

The 'vdsm-tool ovn-config' command configures the ovn controller to use the
first ip as the ovn central, and the local tunnel to use the second one.

Regards,
Marcin


On Sun, May 6, 2018 at 10:42 AM, Samuli Heinonen 
wrote:

> Hi all,
>
> I'm building a home lab using oVirt+GlusterFS in hyperconverged(ish) setup.
>
> My setup consists of 2x nodes with ASRock H110M-STX motherboard, Intel
> Pentium G4560 3,5 GHz CPU and 16 GB RAM. Motherboard has integrated Intel
> Gigabit I219V LAN. At the moment I'm using RaspberryPi as Gluster arbiter
> node. Nodes are connected to basic "desktop switch" without any management
> available.
>
> Hardware is nowhere near perfect, but it get its job done and is enough
> for playing around. However I'm having problems getting OVN to work
> properly and I'm clueless where to look next.
>
> oVirt is setup like this:
> oVirt engine host oe / 10.0.1.101
> oVirt hypervisor host o2 / 10.0.1.18
> oVirt hypervisor host o3 / 10.0.1.21
> OVN network 10.0.200.0/24
>
> When I spin up a VM in o2 and o3 with IP address in network 10.0.1.0/24
> everything works fine. VMs can interact between each other without any
> problems.
>
> Problems show up when I try to use OVN based network between virtual
> machines. If virtual machines are on same hypervisor then everything seems
> to work ok. But if I have virtual machine on hypervisor o2 and another one
> on hypervisor o3 then TCP connections doesn't work very well. UDP seems to
> be ok and it's possible to ping hosts, do dns & ntp queries and so on.
>
> Problem with TCP is that for example when taking SSH connection to another
> host at some point connection just hangs and most of the time it's not even
> possible to even log in before connectiong hangs. If I look into tcpdump at
> that point it looks like packets never reach destination. Also, if I have
> multiple connections, then all of them hang at the same time.
>
> I have tried switching off tx checksum and other similar settings, but it
> didn't make any difference.
>
> I'm suspecting that hardware is not good enough. Before investigating into
> new hardware I'd like to get some confirmation that everything is setup
> correctly.
>
> When setting up oVirt/OVN I had to run following undocumented command to
> get it working at all: vdsm-tool ovn-config 10.0.1.101 10.0.1.21 (oVirt
> engine IP, hypervisor IP). Especially this makes me think that I have
> missed some crucial part in configuration.
>
> On oVirt engine in /var/log/openvswitch/ovsdb-server-nb.log there are
> error messages:
> 2018-05-06T08:30:05.418Z|00913|stream_ssl|WARN|SSL_read: unexpected SSL
> connection close
> 2018-05-06T08:30:05.418Z|00914|jsonrpc|WARN|ssl:127.0.0.1:53152: receive
> error: Protocol error
> 2018-05-06T08:30:05.419Z|00915|reconnect|WARN|ssl:127.0.0.1:53152:
> connection dropped (Protocol error)
>
> To be honest, I'm not sure what's causing those error messages or are they
> related. I found out some bug reports stating that they are not critical.
>
> Any ideas what to do next or should I just get better hardware? :)
>
> Best regards,
> Samuli Heinonen
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovn problem - Failed to communicate with the external provider, see log for additional details.

2018-02-08 Thread Marcin Mirecki
Hello George,

Probably your engine and provider certs do not match.
The engine pki should be in:
/etc/pki/ovirt-engine/certs/
The provider keys are defined in the SSL section of the config file
(/etc/ovirt-provider-ovn/conf.d/...):
[SSL]
https-enabled=true
ssl-key-file=...
ssl-cert-file=...
ssl-cacert-file=...
You can compare the keys/certs using openssl.

Was the provider created using egine-setup?

For testing purposes you can change the "https-enabled" to false and try
connecting using http.

Thanks,
Marcin

On Thu, Feb 8, 2018 at 12:58 PM, Ilya Fedotov  wrote:

> Hello, Georgy
>
>  Maybe, the problem have the different domain name and name your node
> name(local domain), and certificate note valid.
>
>
>
> with br, Ilya
>
> 2018-02-05 22:36 GMT+03:00 George Sitov :
>
>> Hello!
>>
>> I have a problem  wiith configure  external provider.
>>
>> Edit config file - ovirt-provider-ovn.conf, set ssl parameters.
>> systemctl start ovirt-provider-ovn start without problem.
>> In external  proveder in web gui i set:
>> Provider URL:  https://ovirt.mydomain.com:9696
>> Username: admin@internal
>> Authentication URL: https://ovirt.mydomain.com:35357/v2.0/
>> But after i press test  button i see error -  Failed to communicate with
>> the external provider, see log for additional details.
>>
>> /var/log/ovirt-engine/engine.log:
>> 2018-02-05 21:33:55,517+02 ERROR [org.ovirt.engine.core.bll.pro
>> vider.network.openstack.BaseNetworkProviderProxy] (default task-29)
>> [69fa312e-6e2e-4925-b081-385beba18a6a] Bad Gateway (OpenStack response
>> error code: 502)
>> 2018-02-05 21:33:55,517+02 ERROR [org.ovirt.engine.core.bll.pro
>> vider.TestProviderConnectivityCommand] (default task-29)
>> [69fa312e-6e2e-4925-b081-385beba18a6a] Command '
>> org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand'
>> failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050)
>>
>> In /var/log/ovirt-provider-ovn.log:
>>
>> 2018-02-05 21:33:55,510   Starting new HTTPS connection (1):
>> ovirt.astrecdata.com
>> 2018-02-05 21:33:55,516   [SSL: CERTIFICATE_VERIFY_FAILED] certificate
>> verify failed (_ssl.c:579)
>> Traceback (most recent call last):
>>   File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line
>> 126, in _handle_request
>> method, path_parts, content)
>>   File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py",
>> line 176, in handle_request
>> return self.call_response_handler(handler, content, parameters)
>>   File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
>> call_response_handler
>> return response_handler(content, parameters)
>>   File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py",
>> line 60, in post_tokens
>> user_password=user_password)
>>   File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26,
>> in create_token
>> return auth.core.plugin.create_token(user_at_domain, user_password)
>>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py",
>> line 48, in create_token
>> timeout=self._timeout())
>>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line
>> 62, in create_token
>> username, password, engine_url, ca_file, timeout)
>>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line
>> 53, in wrapper
>> response = func(*args, **kwargs)
>>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line
>> 46, in wrapper
>> raise BadGateway(e)
>> BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
>> (_ssl.c:579)
>>
>> Whan i do wrong ?
>> Please help.
>>
>> 
>> With best regards  Georgii.
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Suggestions on changing hosts' network

2018-01-03 Thread Marcin Mirecki
Hello Gianluca,

Add/remove would probably be the simplest way to go.
The procedure would be:
- take host to maintenance
- remove host
- use vdsm-cient to change the ip of ovirtmgmt
- add the host again

Just changing the dns configuration sounds quite interesting.
I suppose the host certificates should be ok if the host was added by
hostname.



On Tue, Jan 2, 2018 at 9:02 AM, Gianluca Cecchi 
wrote:

> Hello,
> I have a 4.1 cluster based on FC storage domain.
> There are 2 hosts that are oVirt node-ng
> The engine is external to the oVirt environment
> Currently the network situation for ovirtmgmt is this one:
>
> engine on network1 (eg 192.168.1.x/24)
> host1 and host2 on network2 (eg 192.168.2.x/24)
>
> network1 and network2 routed through a gw
>
> I have to physically move host1 and host2 so that I should change their ip
> with one on network1.
> When I added the hosts in oVirt I used as Hostname/IP field their dns
> hostname
>
> What is the simplest approach?
> I can also give total downtime without particular problems as this is a
> test environment.
> I think I can put all infra into maintenance, change dns configuration but
> then I have also to change hosts network configuration itself...
> Possibly the best thing to do is remove/add the hosts? I have some doubts
> about the workflow to follow for removal/add and if for an oVirt-ng node I
> can change its ip configuration in an easy way.. perhaps from cockpit and
> then reboot and connect via cockpit to the new ip
>
> Thanks in advance for any suggestion
>
> Gianluca
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] OVS support in oVirt 4.2

2017-12-28 Thread Marcin Mirecki
Hi Eduardo,

Migration is supported for OVN (although there might still be some
performance issues).
OVS is "Experimental", hence not supported.

Marcin


On Thu, Dec 28, 2017 at 12:59 PM, Eduardo Mayoral  wrote:

> Hi,
>
> After upgrading to oVirt 4.2 I see OVS switch type is still listed
> in the UI as "Experimental". I remember in 4.0 using OVS switches
> prevented live migration of the VMs between hosts. Is this still so? Can
> someone comment on the status of OVS switching support in oVirt 4.2 and
> the preferred switch type? I would love to give OVS and OVN a try, but
> not at the expense of sacrificing live migration of VMs.
>
> Thanks for your help!
>
> --
> Eduardo Mayoral Jimeno (emayo...@arsys.es)
> Administrador de sistemas. Departamento de Plataformas. Arsys internet.
> +34 941 620 145 ext. 5153
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] OVS error logs after upgrade to 4.2

2017-12-28 Thread Marcin Mirecki
Hello Misak,

The openvswitch team tells me this is a known ovs problem.
It is fixed by patch:
https://github.com/openvswitch/ovs/commit/bbf219ef584a102fde5150defab3a769a6a44981
merged in master/branch 2.8/branch 2.7.
Looking at git history this is not yet released. It should be included in
2.7.4 when it's out.

Thanks,
Marcin



On Thu, Dec 28, 2017 at 10:53 AM, Misak Khachatryan 
wrote:

> Hi Mor,
>
> submitted: https://bugzilla.redhat.com/show_bug.cgi?id=1529481
>
> I've collected logs but they are 1662.7M in size.
>
> Best regards,
> Misak Khachatryan
>
>
> On Wed, Dec 27, 2017 at 6:44 PM, Mor Kalfon  wrote:
> > Hello Misak,
> >
> > Could you please file a bug about those error messages that you receive
> from
> > OVS?
> > You can use the log collector tool
> > (https://www.ovirt.org/documentation/admin-guide/
> chap-Utilities/#the-log-collector-tool)
> > which gathers all the required logs for us to investigate this issue.
> >
> > Thanks for reporting this issue!
> >
> > On Wed, Dec 27, 2017 at 11:03 AM, Misak Khachatryan 
> > wrote:
> >>
> >> On Wed, Dec 27, 2017 at 12:42 PM, Dan Kenigsberg 
> >> wrote:
> >> > On Wed, Dec 27, 2017 at 8:49 AM, Misak Khachatryan 
> >> > wrote:
> >> >> Hi,
> >> >>
> >> >> It's not on log file, it's from automatic email sent by cron daemon.
> >> >> This one from logrotate.
> >> >
> >> > Would you file a bug about this daily logrotate spam?
> >> >
> >>
> >> Sure, will do.
> >>
> >> >>
> >> >> I'd like to migrate my network to OVS, but as i can't find any guide
> >> >> for that, it's a bit scary.
> >> >
> >> > Why would you like to do that? OVN is useful for big deployments, that
> >> > have many isolated networks. It is not universally recommended, as it
> >> > uses more CPU.
> >> >
> >>
> >> No particular reason, thought that will be future in oVIRT networking,
> >> also i work in relatively big ISP with many PoP and DCs in many
> >> cities. And I'm interested to try it some time.
> >>
> >> >>
> >> >> Best regards,
> >> >> Misak Khachatryan
> >> >>
> >> >>
> >> >> On Tue, Dec 26, 2017 at 3:29 PM, Dan Kenigsberg 
> >> >> wrote:
> >> >>> On Tue, Dec 26, 2017 at 8:35 AM, Misak Khachatryan <
> kmi...@gmail.com>
> >> >>> wrote:
> >>  Hi,
> >> 
> >>  After upgrade to 4.2 I started getting this error from engine:
> >> 
> >>  /etc/cron.daily/logrotate:
> >> 
> >>  2017-12-25T23:12:02Z|1|unixctl|WARN|failed to connect to
> >>  /var/run/openvswitch/ovnnb_db.19883.ctl
> >>  ovs-appctl: cannot connect to
> >>  "/var/run/openvswitch/ovnnb_db.19883.ctl" (No such file or
> directory)
> >>  2017-12-25T23:12:02Z|1|unixctl|WARN|failed to connect to
> >>  /var/run/openvswitch/ovnsb_db.19891.ctl
> >>  ovs-appctl: cannot connect to
> >>  "/var/run/openvswitch/ovnsb_db.19891.ctl" (No such file or
> directory)
> >> 
> >> 
> >>  Seems harmless as i don't use OVS, but how to fix it?
> >> >>>
> >> >>> By default, ovirt-4.2 installs and configure OVN (which uses OVS).
> You
> >> >>> can turn it off on Engine host by running
> >> >>> systemctl stop ovirt-provider-ovn ovn-northd openvswitch
> >> >
> >> > did you try that?
> >> >
> >>
> >> No, but is correct way to disable it completely?
> >>
> >> >>>
> >> >>> but I'd appreciate your help to understand in which log file do you
> >> >>> see these warnings?
> >> >
> >> >>> Have you already disabled openvswitch?
> >> >
> >> > have you ^^ ?
> >>
> >> No, what is a correct way to do it?
> >
> >
> >
> >
> > --
> > Mor Kalfon
> > RHV Networking Team
> > Red Hat IL-Raanana
> > Tel: +972-54-6514148
> >
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] OVS error logs after upgrade to 4.2

2017-12-27 Thread Marcin Mirecki
Hello Misak,

This error hints that your ovn databases are not up (or at least can not be
connected to).
Could you please check if the following command gives any output:

ps -ef|grep 'ovnsb_db\|ovnnb_db'

The databases can be started (if not active) using:
   /usr/share/openvswitch/scripts/ovn-ctl start_ovsdb

Could you please also check the content of:
  /var/run/openvswitch/

The filenames don't look normal (usually they do not contain any numbers as
part of them), please give me some time to check this.

Thanks,
Marcin





On Wed, Dec 27, 2017 at 3:44 PM, Mor Kalfon  wrote:

> Hello Misak,
>
> Could you please file a bug about those error messages that you receive
> from OVS?
> You can use the log collector tool (https://www.ovirt.org/documen
> tation/admin-guide/chap-Utilities/#the-log-collector-tool)
> which gathers all the required logs for us to investigate this issue.
>
> Thanks for reporting this issue!
>
> On Wed, Dec 27, 2017 at 11:03 AM, Misak Khachatryan 
> wrote:
>
>> On Wed, Dec 27, 2017 at 12:42 PM, Dan Kenigsberg 
>> wrote:
>> > On Wed, Dec 27, 2017 at 8:49 AM, Misak Khachatryan 
>> wrote:
>> >> Hi,
>> >>
>> >> It's not on log file, it's from automatic email sent by cron daemon.
>> >> This one from logrotate.
>> >
>> > Would you file a bug about this daily logrotate spam?
>> >
>>
>> Sure, will do.
>>
>> >>
>> >> I'd like to migrate my network to OVS, but as i can't find any guide
>> >> for that, it's a bit scary.
>> >
>> > Why would you like to do that? OVN is useful for big deployments, that
>> > have many isolated networks. It is not universally recommended, as it
>> > uses more CPU.
>> >
>>
>> No particular reason, thought that will be future in oVIRT networking,
>> also i work in relatively big ISP with many PoP and DCs in many
>> cities. And I'm interested to try it some time.
>>
>> >>
>> >> Best regards,
>> >> Misak Khachatryan
>> >>
>> >>
>> >> On Tue, Dec 26, 2017 at 3:29 PM, Dan Kenigsberg 
>> wrote:
>> >>> On Tue, Dec 26, 2017 at 8:35 AM, Misak Khachatryan 
>> wrote:
>>  Hi,
>> 
>>  After upgrade to 4.2 I started getting this error from engine:
>> 
>>  /etc/cron.daily/logrotate:
>> 
>>  2017-12-25T23:12:02Z|1|unixctl|WARN|failed to connect to
>>  /var/run/openvswitch/ovnnb_db.19883.ctl
>>  ovs-appctl: cannot connect to
>>  "/var/run/openvswitch/ovnnb_db.19883.ctl" (No such file or
>> directory)
>>  2017-12-25T23:12:02Z|1|unixctl|WARN|failed to connect to
>>  /var/run/openvswitch/ovnsb_db.19891.ctl
>>  ovs-appctl: cannot connect to
>>  "/var/run/openvswitch/ovnsb_db.19891.ctl" (No such file or
>> directory)
>> 
>> 
>>  Seems harmless as i don't use OVS, but how to fix it?
>> >>>
>> >>> By default, ovirt-4.2 installs and configure OVN (which uses OVS). You
>> >>> can turn it off on Engine host by running
>> >>> systemctl stop ovirt-provider-ovn ovn-northd openvswitch
>> >
>> > did you try that?
>> >
>>
>> No, but is correct way to disable it completely?
>>
>> >>>
>> >>> but I'd appreciate your help to understand in which log file do you
>> >>> see these warnings?
>> >
>> >>> Have you already disabled openvswitch?
>> >
>> > have you ^^ ?
>>
>> No, what is a correct way to do it?
>>
>
>
>
> --
> Mor Kalfon
> RHV Networking Team
> Red Hat IL-Raanana
> Tel: +972-54-6514148 <+972%2054-651-4148>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Logical network setup with neutron

2017-12-06 Thread Marcin Mirecki
Hi Lakshmi,

Yes, only the v2 keystone api is supported at the moment.

The "Physical network" and "Interface mappings" are related.
"Physical network" defines the physical (external) network,
while "Interface mappings" maps this network to a specific interface
on the host.

"Physical network" is mapped to the "provider:physical_network"
parameter in a neutron network.
"Interface mappings" is mapped to the "physical_interface_mappings"
parameter in the neutron agent on the host.
Please look at the following link for a better explanation of how to connect
neutron to an interface:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_openstack_platform/7/html/networking_guide/sec-connect-instance



On Mon, Nov 27, 2017 at 3:02 PM, Lakshmi Narasimhan Sundararajan <
lakshm...@msystechnologies.com> wrote:

> Hi Team,
> I am looking at integrating openstack neutron with oVirt.
> Reading the docs so far, and through my setup experiments, I can see that
> oVirt and neutron do seem to understand each other.
>
> But I need some helpful pointers to help me understand a few items
> during configuration.
>
> 1) During External Provider registration,
>
> a) although openstack keystone is currently supporting v3 api
> endpoints, only configuring v2 works. I see an exception otherwise.I
> have a feeling only v2 auth is supported with oVirt.
>
> b) Interface mappings.
> This I believe is a way for logical networks to switch/route traffic
> back to physical networks. This is of the form label:interface. Where
> label is placed on each Hosts network setting to point to the right
> physical interface.
>
> I did map label "red" when I setup Host networks to a physical Nic.
> And used "red:br-red, green:br-green" here, wherein my intention is to
> create a bridge br-red on each Host for this logical network and
> switch/route packets over the "red" label mapped physical nic on each
> host. And every vm attached to "red" logical network shall have a vnic
> placed on "br-red" Is my understanding correct?
>
> 2) Now I finally create a logical network using external provider
> "openstack neutron". Herein "Physical Network" parameter that I
> totally do not understand.
> If the registration were to have many interface mappings, is this a
> way of pinning to the right interface?
>
> I cannot choose, red, red:br-red... I can only leave it empty,
>
> So what is the IP address of the physical address argument part of
> logical network creation?
>
> "Optionally select the Create on external provider check box. Select
> the External Provider from the drop-down list and provide the IP
> address of the Physical Network". What this field means?
>
> I would appreciate some clarity and helpful pointers here.
>
> Best regards
>
> --
>
>
> DISCLAIMER
>
> The information in this e-mail is confidential and may be subject to legal
> privilege. It is intended solely for the addressee. Access to this e-mail
> by anyone else is unauthorized. If you have received this communication in
> error, please address with the subject heading "Received in error," send to
> i...@msystechnologies.com,  then delete the e-mail and destroy any copies of
> it. If you are not the intended recipient, any disclosure, copying,
> distribution or any action taken or omitted to be taken in reliance on it,
> is prohibited and may be unlawful. The views, opinions, conclusions and
> other information expressed in this electronic mail and any attachments are
> not given or endorsed by the company unless otherwise indicated by an
> authorized representative independent of this message.
> MSys cannot guarantee that e-mail communications are secure or error-free,
> as information could be intercepted, corrupted, amended, lost, destroyed,
> arrive late or incomplete, or contain viruses, though all reasonable
> precautions have been taken to ensure no viruses are present in this
> e-mail.
> As our company cannot accept responsibility for any loss or damage arising
> from the use of this e-mail or attachments we recommend that you subject
> these to your virus checking procedures prior to use
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] OVN and change of mgmt network

2017-10-03 Thread Marcin Mirecki
Hello Gianluca,

Please check on the engine what hosts are registered on ovn-north:
#ovn-sbctl show

For each registered host you should see something like:
   Chassis "69b6b2a6-5afb-4908-8d66-c648cbe09ba8"
   hostname: "f43"
   Encap geneve
   ip: "192.168.120.43"
   

I would assume you have some unwanted entries there (10.4.168.74)

To get rid of this please use:
# ovn-sbctl chassis-del // for example: ovn-sbctl
chassis-del 69b6b2a6-5afb-4908-8d66-c648cbe09ba8

Please let me know if this helps.

Note also that you would have to runplug/plug any vnics on any vm's you
have on those two hosts.

Marcin



On Tue, Oct 3, 2017 at 3:41 PM, Gianluca Cecchi 
wrote:

> Hello,
> I previously had OVN running on engine (as OVN provider with northd and
> northbound and southbound DBs) and hosts (with OVN controller).
>
> After changing mgmt ip of hosts (engine has retained instead the same ip),
> I executed again on them the command:
>
> vdsm-tool ovn-config  
>
> Now I think I have to clean up some things, eg:
>
> 1) On engine
> where I get these lines below
>
> systemctl status ovn-northd.service -l
> . . .
> Sep 29 14:41:42 ovmgr1 ovsdb-server[940]: ovs|5|reconnect|ERR|tcp:10
> .4.167.40:37272: no response to inactivity probe after 5 seconds,
> disconnecting
> Oct 03 11:52:00 ovmgr1 ovsdb-server[940]: ovs|6|reconnect|ERR|tcp:10
> .4.167.41:52078: no response to inactivity probe after 5 seconds,
> disconnecting
>
> The two IPs are the old ones of two hosts
> It seems that a restart of the services has fixed...
> Can anyone confirm if I have to do anything else?
>
> 2) On hosts (there are 3 hosts with OVN on ip 10.4.192.32/33/34)
> where I currently have this output
>
> [root@ov301 ~]# ovs-vsctl show
> 3a38c5bb-0abf-493d-a2e6-345af8aedfe3
> Bridge br-int
> fail_mode: secure
> Port "ovn-1dce5b-0"
> Interface "ovn-1dce5b-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.4.192.32"}
> Port "ovn-ddecf0-0"
> Interface "ovn-ddecf0-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.4.192.33"}
> Port "ovn-fd413b-0"
> Interface "ovn-fd413b-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.4.168.74"}
> Port br-int
> Interface br-int
> type: internal
> ovs_version: "2.7.2"
> [root@ov301 ~]#
>
> The IPs of kind 10.4.192.x are ok.
> But there is a left-over of an old host I initially used for tests,
> corresponding to 10.4.168.74, that now doesn't exist anymore
>
> How can I clean records for 1) and 2)?
>
> Thanks,
> Gianluca
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How to build specific network structure?

2017-08-25 Thread Marcin Mirecki
Just one more thought about your requirement to
have the VM with the firewall on a specific host,
I am not quite sure you need this requirement at all.
What you could do instead, is create an OVN network
that would contain only one vNIC on this VM, and
add your NIC (the one going out to the external servers)
manually to the appropriate OVN LogicalSwitch (the one
matching the OVN network).
This way the OVN network would bridge the externally
facing NIC to your VM vNIC. OVN would take care of
making sure the traffic gets to the appropriate host.



On Wed, Aug 23, 2017 at 5:46 PM, Mitchell Smith <
mitchinseattle2...@gmail.com> wrote:

> Thanks very much for that, the youtube video was very helpful, I was
> basically working from the RedHat documentation at
> https://access.redhat.com/documentation/en-us/red_hat_
> virtualization/4.1/html/administration_guide/sect-
> adding_external_providers which wasn’t very in-depth.
>
> The video did a much better job explaining how OVN works which was very
> useful.
>
> I appreciate the info, thanks.
>
> On Aug 23, 2017, at 7:35 AM, Marcin Mirecki <mmire...@redhat.com> wrote:
>
> Hi,
>
> Please check out this deep dive to see how the OVN provider is set up:
> https://www.youtube.com/watch?v=vGeouWfKJwA=10s
>
> By adding a subnet to the external network you will get a dhcp server
> on this network that will use the defined subnet.
>
> Try using affinity groups to make our VM come up on a specific groups.
>
> To allow to connect your nic with the public IP you can connect it
> to the vm as a passtrough device. Adding one more NIC connected
> to an OVN network would give you a VM connected to both.
>
> Another (not so clean) possiblity is to create an ovirt network, add
> it to the host, and connect the VM to it. On the host you will see
> that a bridge will be created for the network. You could then add
> your NIC that goes to the remote networks to the bridge created for
> the network on your host (manual action).
> This would also be possible using an OVN network with just the
> single NIC from that VM connected, and the external NIC plugged
> into the OVS bridge used for OVN (with manual OVN configuration).
>
>
>
>
>
>
>
>
> On Wed, Aug 23, 2017 at 11:32 AM, Mitch <mitchinseattle2...@gmail.com>
> wrote:
>
>> Hi,
>>
>> I am trying to understand the best way to structure our network with
>> oVirt.
>>
>> We have a number of servers hosted in a remote datacenter, all with a
>> single NIC with a single public IP.
>>
>> One server also has a /26 subnet mapped to it which we have to present
>> on a specific MAC address.
>>
>> What I am trying to do is have all our VMs on a private subnet
>> 10.2.3.0/24 for example, and use OVN to make that subnet available
>> across all oVirt hosts, (PeerVPN and Tinc are also options I’m looking
>> at).
>>
>> On the single host with the /26 on it, I plan to run an instance of
>> Opnsense or similar as a VM, with two NICs, one bridged to eth0 with
>> the specific MAC required for the public subnet, and one that will
>> connect to the private virtual network, I could then do 1-to-1 NAT for
>> those hosts on the private network that need to be publically
>> accessible.
>>
>> I know this isn’t the ideal setup, but we have to work with in the
>> constraints required by the datacenter we are using.
>>
>> Unfortunately I can’t work out how to configure this in oVirt, I
>> assume I need to set up a logical network for the private subnet,
>> using OVN as an external provider, and set up another logical subnet
>> for the public address space and attach that to a specific host in the
>> cluster?
>>
>> For the public address space, how do I bridge that to eth0 and give it
>> a specific MAC address? Also how can I ensure my Opnsense VM comes up
>> on a specific host?
>>
>> For the private network, is OVN the best approach, or am I better off
>> looking at other mesh VPN solutions to build an internal network
>> across our oVirt hosts?
>>
>> Any comments or suggestions will be greatly appreciated.
>>
>> Thanks :)
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How to build specific network structure?

2017-08-23 Thread Marcin Mirecki
Hi,

Please check out this deep dive to see how the OVN provider is set up:
https://www.youtube.com/watch?v=vGeouWfKJwA=10s

By adding a subnet to the external network you will get a dhcp server
on this network that will use the defined subnet.

Try using affinity groups to make our VM come up on a specific groups.

To allow to connect your nic with the public IP you can connect it
to the vm as a passtrough device. Adding one more NIC connected
to an OVN network would give you a VM connected to both.

Another (not so clean) possiblity is to create an ovirt network, add
it to the host, and connect the VM to it. On the host you will see
that a bridge will be created for the network. You could then add
your NIC that goes to the remote networks to the bridge created for
the network on your host (manual action).
This would also be possible using an OVN network with just the
single NIC from that VM connected, and the external NIC plugged
into the OVS bridge used for OVN (with manual OVN configuration).








On Wed, Aug 23, 2017 at 11:32 AM, Mitch 
wrote:

> Hi,
>
> I am trying to understand the best way to structure our network with oVirt.
>
> We have a number of servers hosted in a remote datacenter, all with a
> single NIC with a single public IP.
>
> One server also has a /26 subnet mapped to it which we have to present
> on a specific MAC address.
>
> What I am trying to do is have all our VMs on a private subnet
> 10.2.3.0/24 for example, and use OVN to make that subnet available
> across all oVirt hosts, (PeerVPN and Tinc are also options I’m looking
> at).
>
> On the single host with the /26 on it, I plan to run an instance of
> Opnsense or similar as a VM, with two NICs, one bridged to eth0 with
> the specific MAC required for the public subnet, and one that will
> connect to the private virtual network, I could then do 1-to-1 NAT for
> those hosts on the private network that need to be publically
> accessible.
>
> I know this isn’t the ideal setup, but we have to work with in the
> constraints required by the datacenter we are using.
>
> Unfortunately I can’t work out how to configure this in oVirt, I
> assume I need to set up a logical network for the private subnet,
> using OVN as an external provider, and set up another logical subnet
> for the public address space and attach that to a specific host in the
> cluster?
>
> For the public address space, how do I bridge that to eth0 and give it
> a specific MAC address? Also how can I ensure my Opnsense VM comes up
> on a specific host?
>
> For the private network, is OVN the best approach, or am I better off
> looking at other mesh VPN solutions to build an internal network
> across our oVirt hosts?
>
> Any comments or suggestions will be greatly appreciated.
>
> Thanks :)
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 4.1.1 and ovn problems

2017-04-25 Thread Marcin Mirecki
It looks like ndb is listening (netstat shows this), but not receiving
anything (log is empty).
This looks like a connectivity issue.
Can the provider host ping the ovn host?
Is firewalld/iptables disabled on both hosts?

Let's make sure that OVN is working fine.
I attach a short python script that checks the connection from the
localhost.
Please check if it can connect to ovn from localhost (just execute this on
the host with ovn: "python tcp_connection_test.py" ).
It should connect and print out all the OVN networks.
Does this work?



On Mon, Apr 24, 2017 at 11:23 PM, Gianluca Cecchi <gianluca.cec...@gmail.com
> wrote:

>
> On Mon, Apr 24, 2017 at 10:03 PM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
>
>> Looks like the south db works properly. The north db uses the same
>> mechanism, just a different schema and port.
>>
>> Looking at the netstat output it looks like ovn north db is not even
>> listening, or is there anything for 6641?
>>
>>
>>
>>
> Actually yes... it seems that the switch "-t" with the "-p" doesn't catch
> the 6641 and 6642 "LISTEN" lines, while if I use "-a" instead of "-t" I get
> them too...
>
> with "-a"
> root@ovmgr1 ~]# netstat -apn | grep 664
> tcp0  0 0.0.0.0:66410.0.0.0:*
> LISTEN  6691/ovsdb-server
> tcp0  0 0.0.0.0:66420.0.0.0:*
> LISTEN  6699/ovsdb-server
> tcp0  0 10.4.192.43:664210.4.168.76:38882
> ESTABLISHED 6699/ovsdb-server
> tcp0  0 10.4.192.43:664210.4.168.75:45486
> ESTABLISHED 6699/ovsdb-server
> tcp0  0 10.4.192.43:664210.4.168.74:59176
> ESTABLISHED 6699/ovsdb-server
> unix  3  [ ] STREAM CONNECTED 14119
> 664/vmtoolsd
>
> with "-t"
> [root@ovmgr1 ~]# netstat -tpn | grep 664
> tcp0  0 10.4.192.43:664210.4.168.76:38882
> ESTABLISHED 6699/ovsdb-server
> tcp0  0 10.4.192.43:664210.4.168.75:45486
> ESTABLISHED 6699/ovsdb-server
> tcp0  0 10.4.192.43:664210.4.168.74:59176
> ESTABLISHED 6699/ovsdb-server
>
>
>


-- 

MARCIN mIRECKI

Red Hat

<https://www.redhat.com>
<https://red.ht/sig>
"""

Code for testing ovs connection to OVN north DB
The north DB was configured with:
ovn-nbctl set-connection ptcp:6641
"""

import time
import six

import ovs.db.idl


OVS_CONNECTION='tcp:127.0.0.1:6641'

OVN_NB_OVSSCHEMA_FILE = '/usr/share/openvswitch/ovn-nb.ovsschema'
NETWORK_TABLE_COLUMNS = ['name', 'ports', 'other_config', 'external_ids']
NETWORK_TABLE = 'Logical_Switch'


def get_schema_helper():
schema_helper = ovs.db.idl.SchemaHelper(OVN_NB_OVSSCHEMA_FILE)
schema_helper.register_columns(NETWORK_TABLE, NETWORK_TABLE_COLUMNS)
return schema_helper

def get_networks(ovsdb_connection):
rows = ovsdb_connection.tables['Logical_Switch'].rows
for row in six.itervalues(rows):
print('ROW: uuid:' + str(row.uuid) + '  name:' + str(row.name))

def connect():
schema_helper=get_schema_helper()
ovsdb_connection = ovs.db.idl.Idl(OVS_CONNECTION, schema_helper)

i=1
start = time.time()
while (time.time() - start) < 30:
ovsdb_connection.run()
if ovsdb_connection.has_ever_connected():
print('CONNECTED!')
return ovsdb_connection
print('connecting  ' + str(i) )
i=i+1
time.sleep(0.01)

raise Exception('Failed to connect')

try:
ovsdb_connection = connect()
get_networks(ovsdb_connection)
except Exception as e:
print('Exception' + str(e))___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 4.1.1 and ovn problems

2017-04-24 Thread Marcin Mirecki
Looks like the south db works properly. The north db uses the same
mechanism, just a different schema and port.

Looking at the netstat output it looks like ovn north db is not even
listening, or is there anything for 6641?







On Mon, Apr 24, 2017 at 10:37 AM, Gianluca Cecchi <gianluca.cec...@gmail.com
> wrote:

>
>
> On Sun, Apr 23, 2017 at 11:32 PM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
>
>> Hello Gianluca,
>>
>> Can you please check the ovn north db log.
>> This is placed in /var/log/openvswitch/ovsdb-server-nb.log
>> Please check if the logs has any new entries when you try to connect and
>> when you issue the 'ovn-nbctl set-connection ptcp:6641' command.
>> If the connection attempt is getting through, pvs db should print an
>> error to the log.
>>
>> Please also try restarting the ovn-northd service.
>>
>> Do the ovn-controllers connect to the south-db?
>> You can verify this by looking at /var/log/openvswitch/ovn-controller.log
>> on the ovn-controller host (please look for entries saying "... > ip>:6642 connected")
>>
>> Marcin
>>
>>
>>
> The ovirt nb log contains:
> 2017-04-24T07:46:51.541Z|1|vlog|INFO|opened log file
> /var/log/openvswitch/ovsdb-server-nb.log
> 2017-04-24T07:46:51.550Z|2|ovsdb_server|INFO|ovsdb-server (Open
> vSwitch) 2.7.0
> 2017-04-24T07:47:01.560Z|3|memory|INFO|2268 kB peak resident set size
> after 10.0 seconds
> 2017-04-24T07:47:01.560Z|4|memory|INFO|cells:100 json-caches:1
> monitors:1 ses
>
> In my ovn-controller.log of my 3 hosts I have this, when I run the 2
> commands below on the provider host
>
> ovn-sbctl set-connection ptcp:6642
> ovn-nbctl set-connection ptcp:6641
>
>
> 2017-04-24T07:56:23.178Z|00247|reconnect|INFO|tcp:10.4.192.43:6642:
> connecting...
> 2017-04-24T07:56:23.178Z|00248|reconnect|INFO|tcp:10.4.192.43:6642:
> connection attempt failed (Connection refused)
> 2017-04-24T07:56:23.178Z|00249|reconnect|INFO|tcp:10.4.192.43:6642:
> waiting 8 seconds before reconnect
> 2017-04-24T07:56:31.187Z|00250|reconnect|INFO|tcp:10.4.192.43:6642:
> connecting...
> 2017-04-24T07:56:31.188Z|00251|reconnect|INFO|tcp:10.4.192.43:6642:
> connected
> 2017-04-24T07:56:31.193Z|00252|ofctrl|INFO|unix:/var/run/openvswitch/br-int.mgmt:
> connecting to switch
> 2017-04-24T07:56:31.193Z|00253|rconn|INFO|unix:/var/run/openvswitch/br-int.mgmt:
> connecting...
> 2017-04-24T07:56:31.201Z|00254|rconn|INFO|unix:/var/run/openvswitch/br-int.mgmt:
> connected
> 2017-04-24T07:56:31.201Z|00255|pinctrl|INFO|unix:/var/run/openvswitch/br-int.mgmt:
> connecting to switch
> 2017-04-24T07:56:31.201Z|00256|rconn|INFO|unix:/var/run/openvswitch/br-int.mgmt:
> connecting...
> 2017-04-24T07:56:31.201Z|00257|rconn|INFO|unix:/var/run/openvswitch/br-int.mgmt:
> connected
> 2017-04-24T07:56:31.202Z|00258|binding|INFO|Releasing lport
> 0a2a47bc-ea0d-4f1d-8f49-ec903e519983 from this chassis.
>
> On my provider I see then the 3 oVirt hosts connected:
> [root@ovmgr1 openvswitch]# netstat -tpn|grep 66
> tcp0  0 10.4.192.43:664210.4.168.76:38882
> ESTABLISHED 6699/ovsdb-server
> tcp0  0 10.4.192.43:664210.4.168.75:45486
> ESTABLISHED 6699/ovsdb-server
> tcp0  0 127.0.0.1:5432  127.0.0.1:37074
> ESTABLISHED 16696/postgres: eng
> tcp0  0 10.4.192.43:664210.4.168.74:59176
> ESTABLISHED 6699/ovsdb-server
> [root@ovmgr1 openvswitch]#
>
> But it seems that the "set" command above is not persistent across reboot
> of the provider host that in my case is the oVirt engine server
>
>


-- 

MARCIN mIRECKI

Red Hat

<https://www.redhat.com>
<https://red.ht/sig>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 4.1.1 and ovn problems

2017-04-23 Thread Marcin Mirecki
Hello Gianluca,

Can you please check the ovn north db log.
This is placed in /var/log/openvswitch/ovsdb-server-nb.log
Please check if the logs has any new entries when you try to connect and
when you issue the 'ovn-nbctl set-connection ptcp:6641' command.
If the connection attempt is getting through, pvs db should print an error
to the log.

Please also try restarting the ovn-northd service.

Do the ovn-controllers connect to the south-db?
You can verify this by looking at /var/log/openvswitch/ovn-controller.log
on the ovn-controller host (please look for entries saying "... :6642 connected")

Marcin



On Fri, Apr 21, 2017 at 1:09 PM, Gianluca Cecchi <gianluca.cec...@gmail.com>
wrote:

> On Thu, Apr 20, 2017 at 6:54 PM, Gianluca Cecchi <
> gianluca.cec...@gmail.com> wrote:
>
>> Hello,
>> I installed some months ago a test setup in 4.1.0 with ovn.
>> Now after updating engine and host to 4.1.1 it seems the services are up
>> but it doesn't work.
>> If I run a VM with a network device in OVN external provider, it cant'
>> boot and I get this in engine.log:
>>
>>
>> [snip]
>
>>
>> At the page
>> https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/
>>
>> I see this note about ports:
>>
>> "
>> Since OVS 2.7, OVN central must be configured to listen to requests on
>> appropriate ports:
>>
>> ovn-sbctl set-connection ptcp:6642
>> ovn-nbctl set-connection ptcp:6641
>> "
>>
>> and in my case I indeed passed from 2.6.90 to 2.7.0...
>>
>> Do I need to run these two commands?
>> Or any other configuration settings?
>>
>> Thanks in advance,
>> Gianluca
>>
>
> I confirm that after running these two commands all work ok again and I'm
> able to start a VM with a vnic provided by the OVN provider
>
> [root@ractorshe ~]# ovn-sbctl set-connection ptcp:6642
> [root@ractorshe ~]# ovn-nbctl set-connection ptcp:6641
> [root@ractorshe ~]#
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>


-- 

MARCIN mIRECKI

Red Hat

<https://www.redhat.com>
<https://red.ht/sig>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt and Openstack Neutron: network not working

2017-03-13 Thread Marcin Mirecki
PROVIDER_FAILURE indicates a problem with the external network provider.
The detailed cause of the error should be present in the vdsm logs.


On Mon, Mar 13, 2017 at 11:37 AM, Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com> wrote:

> About VM failing i can add this from engine.log:
>
> 2017-03-13 11:12:35,662+01 INFO
> [org.ovirt.engine.core.vdsbroker.UpdateVmDynamicDataVDSCommand]
> (org.ovirt.thread.pool-6-thread-5)
> [462b7528-dce7-4b9e-98e4-f44ab9a551a5] START,
> UpdateVmDynamicDataVDSCommand(
> UpdateVmDynamicDataVDSCommandParameters:{runAsync='true', hostI
> d='null', vmId='23ea52a8-e499-41bb-8be4-8621b67869fd',
> vmDynamic='org.ovirt.engine.core.common.businessentities.
> VmDynamic@da9f8b26'}),
> log id: 4d5a0bbe
> 2017-03-13 11:12:35,665+01 INFO
> [org.ovirt.engine.core.vdsbroker.UpdateVmDynamicDataVDSCommand]
> (org.ovirt.thread.pool-6-thread-5)
> [462b7528-dce7-4b9e-98e4-f44ab9a551a5] FINISH,
> UpdateVmDynamicDataVDSCommand, log id: 4d5a0bbe
> 2017-03-13 11:14:35,698+01 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (org.ovirt.thread.pool-6-thread-5)
> [462b7528-dce7-4b9e-98e4-f44ab9a551a5] EVENT_ID:
> USER_FAILED_RUN_VM(54), Correlation ID:
> 462b7528-dce7-4b9e-98e4-f44ab9a551a5, Job ID
> : 86497f63-6bd0-46e5-b667-320f4ef30f30, Call Stack: null, Custom Event
> ID: -1, Message: Failed to run VM ovirt-node-test (User:
> admin@internal-authz).
> 2017-03-13 11:14:35,703+01 INFO
> [org.ovirt.engine.core.bll.RunVmCommand]
> (org.ovirt.thread.pool-6-thread-5)
> [462b7528-dce7-4b9e-98e4-f44ab9a551a5] Lock freed to object
> 'EngineLock:{exclusiveLocks='[23ea52a8-e499-41bb-8be4-8621b67869fd= ACTION_TYPE_FAILED_OBJECT_LOCKE
> D>]', sharedLocks='null'}'
> 2017-03-13 11:14:35,703+01 ERROR
> [org.ovirt.engine.core.bll.RunVmCommand]
> (org.ovirt.thread.pool-6-thread-5)
> [462b7528-dce7-4b9e-98e4-f44ab9a551a5] Command
> 'org.ovirt.engine.core.bll.RunVmCommand' failed: EngineException:
> (Failed with error PROVIDER_FAILURE and code 5050)
> 2017-03-13 11:14:35,713+01 INFO
> [org.ovirt.engine.core.bll.ProcessDownVmCommand]
> (org.ovirt.thread.pool-6-thread-36) [48f00a21] Running command:
> ProcessDownVmCommand internal: true.
>
> I see in particular a PROVIDER_FAILURE error, that's maybe related.
>
> 2017-03-13 11:17 GMT+01:00 Luca 'remix_tj' Lorenzetto
> :
> > Hello,
> >
> > now, didn't understand why, the VM isn't starting. This is the VDSM
> > log when i try to poweron while attached to an external network. If i
> > attach to ovirtmgmt or other standard network, vm boots.
> >
> > Luca
> >
> > --
> > "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> > calcoli che potrebbero essere affidati a chiunque se si usassero delle
> > macchine"
> > Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
> >
> > "Internet è la più grande biblioteca del mondo.
> > Ma il problema è che i libri sono tutti sparsi sul pavimento"
> > John Allen Paulos, Matematico (1945-vivente)
> >
> > Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
> lorenzetto.l...@gmail.com>
>
>
>
> --
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
>
> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
> lorenzetto.l...@gmail.com>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt and Openstack Neutron: network not working

2017-03-13 Thread Marcin Mirecki
Yes,
or when you attach an external network vnic to a VM

2017-03-10 16:02 GMT+01:00 Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com>:

> On Fri, Mar 10, 2017 at 2:41 PM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
> > Luca,
> >
> > Can you please send me the vdsm log of plugging a vnic to an external
> > network?
> > The relevant log file is: /var/log/vdsm/vdsm.log
>
> You mean when i power on a VM that is using that external network?
>
>
> --
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
>
> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
> lorenzetto.l...@gmail.com>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt and Openstack Neutron: network not working

2017-03-10 Thread Marcin Mirecki
Luca,

Can you please send me the vdsm log of plugging a vnic to an external
network?
The relevant log file is: /var/log/vdsm/vdsm.log



On Fri, Mar 10, 2017 at 12:11 PM, Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com> wrote:

>
>
> Il 10 mar 2017 11:48 AM, "Marcin Mirecki" <mmire...@redhat.com> ha
> scritto:
>
> Hello Luca
>
> >Name: openstack-networks
> >Type: OpenStack Networking
> >Description:
> >Provider URL: http://openstack.example.com:9696
>
> I assume Networking Plugin: Open vSwitch
>
>
> Yes, i confirm.
>
>
>
> Do you have any security groups defined for the vnic profile on your
> external network?
> Looking at the output you provided is seems you do.The qpb bridge and the
> qvb/qvo veth pair are created when the security groups are present.
> Can you try without the security groups? This would connect your vm vnic
> right into the ovs integration bridge (br-int).
>
>
> No i haven't defined any security policy, explicitly. I'm using a network
> defined through horizon without any special option.
>
>
> >This are the output of the commands you asked from a node where a vm
> >that is attached to a neutron network is running:
> Yes, this is what I needed.
>
> >[root@ovirt002 ~]# ovs-vsctl show
> >ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection
> >failed (No such file or directory)
>
> This is quite worrying. Is ovs on the host working properly?
> Can you please check: service openvswitch status
> If not active: service openvswitch start
>
>
> Who should enable it, a cluster confoguration or whatl else? I'm using
> ovirt-node-ng, i suppose that openvswitch is already installed (didn't
> check).
>
>
>
>
> >> Have you tried connecting any nics manually and checking connectivity
> >> between them?
> >What do you mean?
>
> Add 2 ports in openstack directly
> Add 2 nics on vm's, specifying the libvirt xml for the interfaces:
>
> 
>   
>   
>   
> 
>   
> 
>
>
>
> Where i find the xml file?
>
>
> If the openstack neutron plugin works correctly, the ports should be
> connected to the osn network.
>
>
>
>
>
>
> On Thu, Mar 9, 2017 at 4:26 PM, Luca 'remix_tj' Lorenzetto <
> lorenzetto.l...@gmail.com> wrote:
>
>> On Thu, Mar 9, 2017 at 2:24 PM, Marcin Mirecki <mmire...@redhat.com>
>> wrote:
>> > Hello Luca,
>>
>> Hello Marcin,
>>
>> > The osn provider basically only connects the vnics to the osn networks,
>> > items like dhcp must be handled on the osn networks itself.
>>
>> Yes, i know. The network is defined by neutron, which has it's own dhcp
>> server.
>>
>> > Have you tried connecting any nics manually and checking connectivity
>> > between them?
>>
>> What do you mean?
>>
>> > No connectivity with static IP's could hint at some configuration
>> problems.
>> > Are osn/ovs set up correctly? Firewall blocking traffic?
>>
>> there is no firewall between openstack controllers and ovirt
>> engine/hosts. My doubt is about configuration, i've configured in this
>> way:
>>
>> Name: openstack-networks
>> Type: OpenStack Networking
>> Description:
>> Provider URL: http://openstack.example.com:9696
>>
>> Flagged read-only and requires authentication
>>
>> Set the authentication and tested, reports everything ok.
>>
>> Nothing else has been configured. I didn't found any documentation
>> that clarified if is enough.
>>
>> After powering on i see on openstack this:
>>
>> [stack@opstrio1101 ~]$ openstack port list | grep 00:1a:4a:16:01:51
>> <-- this is mac address of oVirt VM
>> | 86c46fed-dddf-4776-a765-27d4e52e861c | nic1
>> | 00:1a:4a:16:01:51 | ip_address='172.25.7.4',
>> subnet_id='280a98ad-0fd5-4961-a307-d1bfea8355cd' |
>>
>>
>>
>> > Can you please send us a more detailed descirption of your env (ip addr,
>> > brctl show, ovs-vsctl show)?
>>
>> This are the output of the commands you asked from a node where a vm
>> that is attached to a neutron network is running:
>>
>> [root@ovirt002 ~]# ip addr
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>>valid_lft forever preferred_lft forever
>> inet6 ::1/128 scope host
>>valid_lft forever preferred_lft forever
>> 2: enp2s0f0: <BROADCAST,MULTICA

Re: [ovirt-users] oVirt and Openstack Neutron: network not working

2017-03-10 Thread Marcin Mirecki
>[root@fltiovirt002 ~]# ovs-vsctl show
>53bfa8a8-80c5-4372-abb1-633c29eb1e60
>   ovs_version: "2.6.90

This show that ovs is up. It's however missing the integration bridge
(br-int).
The integration bridge is the bridge to which the vm vnics should be
connected.
Try:
   ovs-vsctl add-br br-int
this should create the bridge.




On Fri, Mar 10, 2017 at 2:09 PM, Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com> wrote:

> On Fri, Mar 10, 2017 at 12:11 PM, Luca 'remix_tj' Lorenzetto
>  wrote:
> >
> >>[root@ovirt002 ~]# ovs-vsctl show
> >>ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection
> >>failed (No such file or directory)
> >
> > This is quite worrying. Is ovs on the host working properly?
> > Can you please check: service openvswitch status
> > If not active: service openvswitch start
> >
> >
>
> Hello,
>
> i started ovs on the node where vm is running, but now i see only this:
>
> [root@fltiovirt002 ~]# ovs-vsctl show
> 53bfa8a8-80c5-4372-abb1-633c29eb1e60
> ovs_version: "2.6.90
>
> even restarting the vm on the same host changes nothing. I see instead
> q* interfaces appearing and disappearing from ip a s command output.
>
>
>
> --
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
>
> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
> lorenzetto.l...@gmail.com>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt and Openstack Neutron: network not working

2017-03-10 Thread Marcin Mirecki
> No i haven't defined any security policy, explicitly. I'm using a network
defined through horizon without any special option.

This is strange, as the basic flow should only connect the vnic to the ovs
integration bridge.
Please give me some time to look at the code.

> Where i find the xml file?
This is in the libvirt vm definition. It can be edited using the "virsh"
tools: virsh edit 

You could also attempt to check this by attaching some an interface (like a
veth pair) directly to the ovs bridge and setting the ovs interfaceid
parameter to mark is as osn port. Let me know if this is clear, if not I
will try to decribe the procedure in more detail.




On Fri, Mar 10, 2017 at 12:11 PM, Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com> wrote:

>
>
> Il 10 mar 2017 11:48 AM, "Marcin Mirecki" <mmire...@redhat.com> ha
> scritto:
>
> Hello Luca
>
> >Name: openstack-networks
> >Type: OpenStack Networking
> >Description:
> >Provider URL: http://openstack.example.com:9696
>
> I assume Networking Plugin: Open vSwitch
>
>
> Yes, i confirm.
>
>
>
> Do you have any security groups defined for the vnic profile on your
> external network?
> Looking at the output you provided is seems you do.The qpb bridge and the
> qvb/qvo veth pair are created when the security groups are present.
> Can you try without the security groups? This would connect your vm vnic
> right into the ovs integration bridge (br-int).
>
>
> No i haven't defined any security policy, explicitly. I'm using a network
> defined through horizon without any special option.
>
>
> >This are the output of the commands you asked from a node where a vm
> >that is attached to a neutron network is running:
> Yes, this is what I needed.
>
> >[root@ovirt002 ~]# ovs-vsctl show
> >ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection
> >failed (No such file or directory)
>
> This is quite worrying. Is ovs on the host working properly?
> Can you please check: service openvswitch status
> If not active: service openvswitch start
>
>
> Who should enable it, a cluster confoguration or whatl else? I'm using
> ovirt-node-ng, i suppose that openvswitch is already installed (didn't
> check).
>
>
>
>
> >> Have you tried connecting any nics manually and checking connectivity
> >> between them?
> >What do you mean?
>
> Add 2 ports in openstack directly
> Add 2 nics on vm's, specifying the libvirt xml for the interfaces:
>
> 
>   
>   
>   
> 
>   
> 
>
>
>
> Where i find the xml file?
>
>
> If the openstack neutron plugin works correctly, the ports should be
> connected to the osn network.
>
>
>
>
>
>
> On Thu, Mar 9, 2017 at 4:26 PM, Luca 'remix_tj' Lorenzetto <
> lorenzetto.l...@gmail.com> wrote:
>
>> On Thu, Mar 9, 2017 at 2:24 PM, Marcin Mirecki <mmire...@redhat.com>
>> wrote:
>> > Hello Luca,
>>
>> Hello Marcin,
>>
>> > The osn provider basically only connects the vnics to the osn networks,
>> > items like dhcp must be handled on the osn networks itself.
>>
>> Yes, i know. The network is defined by neutron, which has it's own dhcp
>> server.
>>
>> > Have you tried connecting any nics manually and checking connectivity
>> > between them?
>>
>> What do you mean?
>>
>> > No connectivity with static IP's could hint at some configuration
>> problems.
>> > Are osn/ovs set up correctly? Firewall blocking traffic?
>>
>> there is no firewall between openstack controllers and ovirt
>> engine/hosts. My doubt is about configuration, i've configured in this
>> way:
>>
>> Name: openstack-networks
>> Type: OpenStack Networking
>> Description:
>> Provider URL: http://openstack.example.com:9696
>>
>> Flagged read-only and requires authentication
>>
>> Set the authentication and tested, reports everything ok.
>>
>> Nothing else has been configured. I didn't found any documentation
>> that clarified if is enough.
>>
>> After powering on i see on openstack this:
>>
>> [stack@opstrio1101 ~]$ openstack port list | grep 00:1a:4a:16:01:51
>> <-- this is mac address of oVirt VM
>> | 86c46fed-dddf-4776-a765-27d4e52e861c | nic1
>> | 00:1a:4a:16:01:51 | ip_address='172.25.7.4',
>> subnet_id='280a98ad-0fd5-4961-a307-d1bfea8355cd' |
>>
>>
>>
>> > Can you please send us a more detailed descirption of your env (ip addr,
>> > brctl show, ovs-vsctl show)?
>>
>> This are the output of the com

Re: [ovirt-users] oVirt and Openstack Neutron: network not working

2017-03-10 Thread Marcin Mirecki
Hello Luca

>Name: openstack-networks
>Type: OpenStack Networking
>Description:
>Provider URL: http://openstack.example.com:9696

I assume Networking Plugin: Open vSwitch

Do you have any security groups defined for the vnic profile on your
external network?
Looking at the output you provided is seems you do.The qpb bridge and the
qvb/qvo veth pair are created when the security groups are present.
Can you try without the security groups? This would connect your vm vnic
right into the ovs integration bridge (br-int).

>This are the output of the commands you asked from a node where a vm
>that is attached to a neutron network is running:
Yes, this is what I needed.

>[root@ovirt002 ~]# ovs-vsctl show
>ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection
>failed (No such file or directory)

This is quite worrying. Is ovs on the host working properly?
Can you please check: service openvswitch status
If not active: service openvswitch start

>> Have you tried connecting any nics manually and checking connectivity
>> between them?
>What do you mean?

Add 2 ports in openstack directly
Add 2 nics on vm's, specifying the libvirt xml for the interfaces:


  
  
  

  


If the openstack neutron plugin works correctly, the ports should be
connected to the osn network.


On Thu, Mar 9, 2017 at 4:26 PM, Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com> wrote:

> On Thu, Mar 9, 2017 at 2:24 PM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
> > Hello Luca,
>
> Hello Marcin,
>
> > The osn provider basically only connects the vnics to the osn networks,
> > items like dhcp must be handled on the osn networks itself.
>
> Yes, i know. The network is defined by neutron, which has it's own dhcp
> server.
>
> > Have you tried connecting any nics manually and checking connectivity
> > between them?
>
> What do you mean?
>
> > No connectivity with static IP's could hint at some configuration
> problems.
> > Are osn/ovs set up correctly? Firewall blocking traffic?
>
> there is no firewall between openstack controllers and ovirt
> engine/hosts. My doubt is about configuration, i've configured in this
> way:
>
> Name: openstack-networks
> Type: OpenStack Networking
> Description:
> Provider URL: http://openstack.example.com:9696
>
> Flagged read-only and requires authentication
>
> Set the authentication and tested, reports everything ok.
>
> Nothing else has been configured. I didn't found any documentation
> that clarified if is enough.
>
> After powering on i see on openstack this:
>
> [stack@opstrio1101 ~]$ openstack port list | grep 00:1a:4a:16:01:51
> <-- this is mac address of oVirt VM
> | 86c46fed-dddf-4776-a765-27d4e52e861c | nic1
> | 00:1a:4a:16:01:51 | ip_address='172.25.7.4',
> subnet_id='280a98ad-0fd5-4961-a307-d1bfea8355cd' |
>
>
>
> > Can you please send us a more detailed descirption of your env (ip addr,
> > brctl show, ovs-vsctl show)?
>
> This are the output of the commands you asked from a node where a vm
> that is attached to a neutron network is running:
>
> [root@ovirt002 ~]# ip addr
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: enp2s0f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
> master bond0 state UP qlen 1000
> link/ether 00:21:5a:9b:b7:93 brd ff:ff:ff:ff:ff:ff
> 3: enp2s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
> master bond0 state UP qlen 1000
> link/ether 00:21:5a:9b:b7:93 brd ff:ff:ff:ff:ff:ff
> 4: enp2s0f2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
> master bond1 state UP qlen 1000
> link/ether 00:21:5a:9b:b7:97 brd ff:ff:ff:ff:ff:ff
> 5: enp2s0f3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
> master bond1 state UP qlen 1000
> link/ether 00:21:5a:9b:b7:97 brd ff:ff:ff:ff:ff:ff
> 6: enp2s0f4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq
> state DOWN qlen 1000
> link/ether 00:21:5a:9b:b7:9b brd ff:ff:ff:ff:ff:ff
> 7: enp2s0f5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq
> state DOWN qlen 1000
> link/ether 00:21:5a:9b:b7:9d brd ff:ff:ff:ff:ff:ff
> 8: enp2s0f6: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq
> state DOWN qlen 1000
> link/ether b4:b5:2f:55:bc:eb brd ff:ff:ff:ff:ff:ff
> 9: enp2s0f7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq
> state DOWN qlen 1000
> link/ether b4:

Re: [ovirt-users] oVirt and Openstack Neutron: network not working

2017-03-09 Thread Marcin Mirecki
Hello Luca,
The osn provider basically only connects the vnics to the osn networks,
items like dhcp must be handled on the osn networks itself.
Have you tried connecting any nics manually and checking connectivity
between them?
No connectivity with static IP's could hint at some configuration problems.
Are osn/ovs set up correctly? Firewall blocking traffic?
Can you please send us a more detailed descirption of your env (ip addr,
brctl show, ovs-vsctl show)?

Thanks,
Marcin
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] questions on OVN

2017-02-16 Thread Marcin Mirecki
I missed the last line.

A vdsm configuration is created from a default vdsm configuration file
under /etc/vdsm/vdsm.conf. Then it reads conf files from drop-in dirs and
updates the configuration according to the files:

- /etc/vdsm/vdsm.conf - for user configuration. We install this file if
missing, and never touch this file during upgrade.
- /etc/vdsm/vdsm.conf.d/ - for admin drop-in conf files.
- /usr/lib/vdsm/vdsm.conf.d/ - for vendor drop-in configuration files.
- /var/run/vdsm/vdsm.conf.d/ - for admin temporary configuration.

Files with a .conf suffix can be placed into any of the vdsm.conf.d drop-in
directories.

The priority of the configuration files is determined by the number prefix
of each file.


On Wed, Feb 15, 2017 at 4:43 PM, Gianluca Cecchi <gianluca.cec...@gmail.com>
wrote:

> On Wed, Feb 15, 2017 at 4:23 PM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
>
>> It should not have any negative interference on configuration issues,
>> but
>> it could have a negative impact on performace of your ovirtmgmt network,
>> in case your OVN traffic saturates the connection.
>>
>> >Cannot edit Interface. External network cannot be changed while the
>> virtual machine is running.
>> The error message is incorrect (it predates the introduction of nic
>> hotplugging)
>> It is enough to unplug/plug the nic before/after doing changes (the nic
>> must be in the unplugged state to change it).
>> As far as I know there is already a bug reported about the error message
>> being incorrect.
>>
>
> OK. I just verified that it works as you described, thanks
>
>
>> >In the sense that the tunnel basically already realizes the isolation
>> from the ovirtmgmt network itself (what usually we do making vlans) without
>> >interfering in case I have a great exchange of data for example over the
>> tunnel between 2 VMs placed on different hosts?
>> If the traffic going over the tunnel saturates that link, it will
>> interfere with with your ovirtmgm traffic. For testing this setup should be
>> ok, I would not recommend it for production.
>>
>
> OK, but at least the packets would be invisible to the ovirtmgmt network
> I mean, typically on the same adapter you put separate vlans to segregate
> traffic. This doesn't give you the double of the bandwidth but the
> isolation of the network so that it doesn't to go and inspect the packet to
> see what is the target and so on...
> Does this make sense in this way for the tunnel too or nothing at all?
>
>
>
>>
>>
>> >BTW: does it make sense to create another vlan on the bonding (that is
>> already setup with vlans), assigning an ip on the hosts and then use it?
>> The tunnel should take care of the isolation, so I don't think it would
>> add any value.
>>
>> >The same question could also apply to a general case where for example
>> my hosts have to integrate into a dedicated lan in the infrastructure (eg
>> for backup or monitoring or what else)... would I configure this lan from
>> oVirt or better from hosts themselves?
>> Any configuration changes made manually would cause ovirt to see them as
>> unsynchronized. To do it cleanly you would have to hide the nics used for
>> this by adding them to 'hidden_nic' in vdsm configuration (nics ignored by
>> ovirt). Let me know if you want more information on this.
>> If you need a network to be used by the host, a better solution would be
>> to just create a separate network from ovirt (a non-vm network if you don't
>> need a bridge on top of the nic).
>>
>
> Ah, I see. I think the relevant lines in vdsm.conf are:
>
> # Comma-separated list of fnmatch-patterns for host nics to be hidden
> # from vdsm.
> # hidden_nics = w*,usb*
>
> # Comma-separated list of fnmatch-patterns for host bonds to be hidden
> # from vdsm.
> # hidden_bonds =
>
> # Comma-separated list of fnmatch-patterns for host vlans to be hidden
> # from vdsm. vlan names must be in the format "dev.VLANID" (e.g.
> # eth0.100, em1.20, eth2.200). vlans with alternative names must be
> # hidden from vdsm (e.g. eth0.10-fcoe, em1.myvlan100, vlan200)
> # hidden_vlans =
>
> And in case I have to create some file of type 01_hidden.conf in
> /etc/vdsm/vdsm.conf.d/ to preserve across upgrades, correct?
>
> Gianluca
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] questions on OVN

2017-02-16 Thread Marcin Mirecki
OVN is aleady using GENEVE, VXLAN or STT tunnels (the user can choose any),
so the isolation is already assured.
The scripts provided by ovirt configure a geneve tunnel.
You are free so override this manually to vxlan or stt if you want, let me
know if you need any howto info.

On Wed, Feb 15, 2017 at 4:43 PM, Gianluca Cecchi <gianluca.cec...@gmail.com>
wrote:

> On Wed, Feb 15, 2017 at 4:23 PM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
>
>> It should not have any negative interference on configuration issues,
>> but
>> it could have a negative impact on performace of your ovirtmgmt network,
>> in case your OVN traffic saturates the connection.
>>
>> >Cannot edit Interface. External network cannot be changed while the
>> virtual machine is running.
>> The error message is incorrect (it predates the introduction of nic
>> hotplugging)
>> It is enough to unplug/plug the nic before/after doing changes (the nic
>> must be in the unplugged state to change it).
>> As far as I know there is already a bug reported about the error message
>> being incorrect.
>>
>
> OK. I just verified that it works as you described, thanks
>
>
>> >In the sense that the tunnel basically already realizes the isolation
>> from the ovirtmgmt network itself (what usually we do making vlans) without
>> >interfering in case I have a great exchange of data for example over the
>> tunnel between 2 VMs placed on different hosts?
>> If the traffic going over the tunnel saturates that link, it will
>> interfere with with your ovirtmgm traffic. For testing this setup should be
>> ok, I would not recommend it for production.
>>
>
> OK, but at least the packets would be invisible to the ovirtmgmt network
> I mean, typically on the same adapter you put separate vlans to segregate
> traffic. This doesn't give you the double of the bandwidth but the
> isolation of the network so that it doesn't to go and inspect the packet to
> see what is the target and so on...
> Does this make sense in this way for the tunnel too or nothing at all?
>
>
>
>>
>>
>> >BTW: does it make sense to create another vlan on the bonding (that is
>> already setup with vlans), assigning an ip on the hosts and then use it?
>> The tunnel should take care of the isolation, so I don't think it would
>> add any value.
>>
>> >The same question could also apply to a general case where for example
>> my hosts have to integrate into a dedicated lan in the infrastructure (eg
>> for backup or monitoring or what else)... would I configure this lan from
>> oVirt or better from hosts themselves?
>> Any configuration changes made manually would cause ovirt to see them as
>> unsynchronized. To do it cleanly you would have to hide the nics used for
>> this by adding them to 'hidden_nic' in vdsm configuration (nics ignored by
>> ovirt). Let me know if you want more information on this.
>> If you need a network to be used by the host, a better solution would be
>> to just create a separate network from ovirt (a non-vm network if you don't
>> need a bridge on top of the nic).
>>
>
> Ah, I see. I think the relevant lines in vdsm.conf are:
>
> # Comma-separated list of fnmatch-patterns for host nics to be hidden
> # from vdsm.
> # hidden_nics = w*,usb*
>
> # Comma-separated list of fnmatch-patterns for host bonds to be hidden
> # from vdsm.
> # hidden_bonds =
>
> # Comma-separated list of fnmatch-patterns for host vlans to be hidden
> # from vdsm. vlan names must be in the format "dev.VLANID" (e.g.
> # eth0.100, em1.20, eth2.200). vlans with alternative names must be
> # hidden from vdsm (e.g. eth0.10-fcoe, em1.myvlan100, vlan200)
> # hidden_vlans =
>
> And in case I have to create some file of type 01_hidden.conf in
> /etc/vdsm/vdsm.conf.d/ to preserve across upgrades, correct?
>
> Gianluca
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] questions on OVN

2017-02-15 Thread Marcin Mirecki
It should not have any negative interference on configuration issues,
but
it could have a negative impact on performace of your ovirtmgmt network, in
case your OVN traffic saturates the connection.

>Cannot edit Interface. External network cannot be changed while the
virtual machine is running.
The error message is incorrect (it predates the introduction of nic
hotplugging)
It is enough to unplug/plug the nic before/after doing changes (the nic
must be in the unplugged state to change it).
As far as I know there is already a bug reported about the error message
being incorrect.

>With missing authentication do you mean that I could set up a non-oVirt
host installing controller and driver parts an let it join the others
without control?
There are two problems that relate to authentication:
- ovirt-provider-ovn does not authenticate request. Currently anyone can
send requests to it, and create/delete networks or ports. This should be
implemented in the near future.
- no authentication to access to OVN databases. A workaround for now could
be putting OVN management traffic on a private network not accessible from
outside. This is be implemented by the OVN team.

>In the sense that the tunnel basically already realizes the isolation from
the ovirtmgmt network itself (what usually we do making vlans) without
>interfering in case I have a great exchange of data for example over the
tunnel between 2 VMs placed on different hosts?
If the traffic going over the tunnel saturates that link, it will interfere
with with your ovirtmgm traffic. For testing this setup should be ok, I
would not recommend it for production.

>BTW: does it make sense to create another vlan on the bonding (that is
already setup with vlans), assigning an ip on the hosts and then use it?
The tunnel should take care of the isolation, so I don't think it would add
any value.

>The same question could also apply to a general case where for example my
hosts have to integrate into a dedicated lan in the infrastructure (eg for
backup or monitoring or what else)... would I configure this lan from oVirt
or better from hosts themselves?
Any configuration changes made manually would cause ovirt to see them as
unsynchronized. To do it cleanly you would have to hide the nics used for
this by adding them to 'hidden_nic' in vdsm configuration (nics ignored by
ovirt). Let me know if you want more information on this.
If you need a network to be used by the host, a better solution would be to
just create a separate network from ovirt (a non-vm network if you don't
need a bridge on top of the nic).

Marcin



On Wed, Feb 15, 2017 at 2:59 PM, Gianluca Cecchi <gianluca.cec...@gmail.com>
wrote:

> On Wed, Feb 15, 2017 at 1:55 PM, Marcin Mirecki <mmire...@redhat.com>
> wrote:
>
>> Hello Gianluca,
>>
>> OVN is a tech preview feature in 4.1
>> It's 'fully usable' as far as the basic networking functionality goes
>> (network, ports, subnets),
>>
>
> OK, my question was mainly related to negative interference with other
> parts of oVirt.
> I plan to use it side by side with normal networking so that in the same
> Cluster/Datacenter I can have VMs with "legacy" networks, VMs with OVN
> provided networks and eventually VMs with a mix of the two.
> BTW: I see that while I can hot add an OVN nic to a VM, I cannot hot edit
> an OVN nic; I get the error:
>
> Cannot edit Interface. External network cannot be changed while the
> virtual machine is running.
>
> Any plan to solve this?
>
>
>
>> but it's still missing some parts like authentication, automatic host
>> installation, some of the rest support and others.
>>
>
> Not a big problem for my tests.
> With missing authentication do you mean that I could set up a non-oVirt
> host installing controller and driver parts an let it join the others
> without control?
> Or keystone/similar integration?
>
>
>> You can use ovirtmgmt for the OVN tunnels. How ovirtmgmt is configured is
>> also not relevant for OVN.
>> I am using a similar setup (without bonds) on my dev environment and it's
>> working fine.
>>
>
> So I could have ovirtmgmt on a vlan based bonding and use it without
> problems?
> In the sense that the tunnel basically already realizes the isolation from
> the ovirtmgmt network itself (what usually we do making vlans) without
> interfering in case I have a great exchange of data for example over the
> tunnel between 2 VMs placed on different hosts?
>
> BTW: does it make sense to create another vlan on the bonding (that is
> already setup with vlans), assigning an ip on the hosts and then use it?
> Probably the answer above applies to this too...
> In this case is it recommended to do it from inside oVirt itself or one
> can do it manually in the OS (supposing plain CentOS co

Re: [ovirt-users] questions on OVN

2017-02-15 Thread Marcin Mirecki
Hello Gianluca,

OVN is a tech preview feature in 4.1
It's 'fully usable' as far as the basic networking functionality goes
(network, ports, subnets), but it's still missing some parts like
authentication, automatci host installation, some of the rest support and
others.

You can use ovirtmgmt for the OVN tunnels. How ovirtmgmt is configured is
also not relevant for OVN.
I am using a similar setup (without bonds) on my dev environment and it's
working fine.

Let me know if this answers your questions.
Thanks,
Marcin


On Wed, Feb 15, 2017 at 10:07 AM, Gianluca Cecchi  wrote:

> Hello,
> I'm successfully testing and using OVN on a single host environment with
> self hosted engine and 4.1
> I'm using ip of ovirtmgmt for the host local ip used for OVN tunneling,
> even if actually with a single host it is not so important...
> ovirtmgmt bridge is on top ot lacp based bonding
> Now I would like to apply it on another environment composed by 3 hosts.
> Here ovirtmgmt bridge is on top of an active-backup bonding.
> Are there any cons to put the local ip used for tunneling on ovirtmgmt ip?
> Any problems/impacts on engine access/functionality using this ip for the
> tunnel?
> Is in genera OVN considered stable/fully usable in 4.1?
>
> Thanks in advance,
> Gianluca
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2017-01-13 Thread Marcin Mirecki
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn
(let me know if you need some directions)



- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Monday, January 9, 2017 1:45:37 PM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Ok, found it. The issue is right here:
> 
>  
>  
>  
>  
>  
>  
>  
>  
>  
>   interfaceid="912cba79-982e-4a87-868e-241fedccb59a" />
>  
>  
> 
> There are two elements for virtualport, the first without id and the
> second with. On h2 I had fixed this which was the patch I posted earlier
> although I switched back to use br-int after understanding that was the
> correct way. When that hook was copied to h1 the port gets attached fine.
> 
> Patch with updated testcase attached.
> 
> /Sverker
> 
> 
> Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
> > This is the content of vdsm.log on h1 at this time:
> >
> > 2017-01-06 20:54:12,636 INFO  (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC
> > call VM.create succeeded in 0.01 seconds (__init__:515)
> > 2017-01-06 20:54:12,636 INFO  (vm/6dd5291e) [virt.vm]
> > (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started
> > (vm:1901)
> > 2017-01-06 20:54:12,636 INFO  (vm/6dd5291e) [vds] prepared volume
> > path:
> > /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/----/CentOS-7-x86_64-NetInstall-1611.iso
> > (clientIF:374)
> > 2017-01-06 20:54:12,743 INFO  (vm/6dd5291e) [root]  (hooks:108)
> > 2017-01-06 20:54:12,847 INFO  (vm/6dd5291e) [root]  (hooks:108)
> > 2017-01-06 20:54:12,863 INFO  (vm/6dd5291e) [virt.vm]
> > (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645')  > encoding='UTF-8'?>
> > http://ovirt.org/vm/tune/1.0; type="kvm">
> > CentOS7_3
> > 6dd5291e-6556-4d29-8b4e-ea896e627645
> > 1048576
> > 1048576
> > 4294967296
> > 16
> > 
> > 
> > 
> >  > path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.com.redhat.rhevm.vdsm"
> > />
> > 
> > 
> > 
> >  > path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.org.qemu.guest_agent.0"
> > />
> > 
> > 
> > 
> > 
> > 
> > 
> >  > vram="32768" />
> > 
> >  > passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice">
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >  > interfaceid="912cba79-982e-4a87-868e-241fedccb59a" />
> > 
> > 
> > 
> >  > file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/----/CentOS-7-x86_64-NetInstall-1611.iso"
> > startupPolicy="optional" />
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > hvm
> > 
> > 
> > 
> > 
> > 
> > oVirt
> > oVirt Node
> > 7-3.1611.el7.centos
> >  > name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6
> >  > name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > SandyBridge
> > 
> > 
> &

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2017-01-09 Thread Marcin Mirecki
The port is set up on the host by the ovirt-provider-ovn-driver.
The driver is invoked by the vdsm hook whenever any operation on
the port is done.
Please ensure that this is installed properly.
You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the
hook was executed properly.


- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Friday, January 6, 2017 9:00:26 PM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> I created a new VM in the ui and assigned it to host h1. In
> /var/log/ovirt-provider-ovn.log I get the following:
> 
> 2017-01-06 20:54:11,940   Request: GET : /v2.0/ports
> 2017-01-06 20:54:11,940   Connecting to remote ovn database:
> tcp:127.0.0.1:6641
> 2017-01-06 20:54:12,157   Connected (number of retries: 2)
> 2017-01-06 20:54:12,158   Response code: 200
> 2017-01-06 20:54:12,158   Response body: {"ports": [{"name":
> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id":
> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt",
> "mac_address": "00:1a:4a:16:01:51", "id":
> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id":
> "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name":
> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id":
> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt",
> "mac_address": "00:1a:4a:16:01:52", "id":
> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id":
> "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]}
> 2017-01-06 20:54:12,160   Request: SHOW :
> /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601
> 2017-01-06 20:54:12,160   Connecting to remote ovn database:
> tcp:127.0.0.1:6641
> 2017-01-06 20:54:12,377   Connected (number of retries: 2)
> 2017-01-06 20:54:12,378   Response code: 200
> 2017-01-06 20:54:12,378   Response body: {"network": {"id":
> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}}
> 2017-01-06 20:54:12,380   Request: POST : /v2.0/ports
> 2017-01-06 20:54:12,380   Request body:
> {
>"port" : {
>  "name" : "nic1",
>  "binding:host_id" : "h1.limetransit.com",
>  "admin_state_up" : true,
>  "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe",
>  "device_owner" : "oVirt",
>  "mac_address" : "00:1a:4a:16:01:54",
>  "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601"
>}
> }
> 2017-01-06 20:54:12,380   Connecting to remote ovn database:
> tcp:127.0.0.1:6641
> 2017-01-06 20:54:12,610   Connected (number of retries: 2)
> 2017-01-06 20:54:12,614   Response code: 200
> 2017-01-06 20:54:12,614   Response body: {"port": {"name":
> "912cba79-982e-4a87-868e-241fedccb59a", "network_id":
> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt",
> "mac_address": "00:1a:4a:16:01:54", "id":
> "912cba79-982e-4a87-868e-241fedccb59a", "device_id":
> "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
> 
> h1:/var/log/messages
> Jan  6 20:54:12 h1 ovs-vsctl: ovs|1|vsctl|INFO|Called as ovs-vsctl
> --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 --
> set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" --
> set Interface vnet1
> "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set
> Interface vnet1
> "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set
> Interface vnet1 external-ids:iface-status=active
> 
> [root@h2 ~]# ovn-nbctl show
>  switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge)
>  port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873
>  addresses: ["00:1a:4a:16:01:51"]
>  port 912cba79-982e-4a87-868e-241fedccb59a
>  addresses: ["00:1a:4a:16:01:54"]
>  port 92f6d3c8-68b3-4986-9c09-60bee04644b5
>  addresses: ["00:1a:4a:16:01:52"]
>  port ovirtbridge-port2
>  addresses: ["unknown"]
>  port ovirtbridge-port1
>  addresses: ["unknown"]
> [root@h2 ~]# ovn-sbctl show
> Chassis "6e4dd29f-7607-48d7-8e5a-eef4

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2017-01-03 Thread Marcin Mirecki
How did you create this port?
From the oVirt engine UI?
The OVN provider creates the port when you add the port in the engine UI,
it is then plugged into the ovs bridge by the VIF driver.
Please attach /var/log/ovirt-provider-ovn.log



- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Tuesday, January 3, 2017 2:06:22 AM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Found an issue with Ovirt - OVN integration.
> 
> Engine and OVN central db running on host h2. Created VM to run on host
> h1, which is started. Ovn db state:
> 
> [root@h2 env3]# ovn-nbctl show
>  switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge)
>  port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873
>  addresses: ["00:1a:4a:16:01:51"]
>  port 92f6d3c8-68b3-4986-9c09-60bee04644b5
>  addresses: ["00:1a:4a:16:01:52"]
>  port ovirtbridge-port2
>  addresses: ["unknown"]
>  port ovirtbridge-port1
>  addresses: ["unknown"]
> [root@h2 env3]# ovn-sbctl show
> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5"
>  hostname: "h2.limetransit.com"
>  Encap geneve
>  ip: "148.251.126.50"
>  options: {csum="true"}
>  Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873"
>  Port_Binding "ovirtbridge-port1"
> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9"
>  hostname: "h1.limetransit.com"
>  Encap geneve
>  ip: "144.76.84.73"
>  options: {csum="true"}
>  Port_Binding "ovirtbridge-port2"
> 
> Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is
> started on h1, but it is not assigned to that chassis. The reason is
> that on h1 the port on br-int is created like this:
> 
> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int
> vnet0 -- set Interface vnet0
> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0
> "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set
> Interface vnet0
> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set
> Interface vnet0 external-ids:iface-status=active
> 
> I.e. the extrernal id of interface is wrong. When I manually change to
> the right id like this the port works fine:
> 
> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int
> vnet0 -- set Interface vnet0
> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0
> "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set
> Interface vnet0
> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set
> Interface vnet0 external-ids:iface-status=active
> 
> sb db after correcting the port:
> 
> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5"
>  hostname: "h2.limetransit.com"
>  Encap geneve
>  ip: "148.251.126.50"
>  options: {csum="true"}
>  Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873"
>  Port_Binding "ovirtbridge-port1"
> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9"
>  hostname: "h1.limetransit.com"
>  Encap geneve
>  ip: "144.76.84.73"
>  options: {csum="true"}
>  Port_Binding "ovirtbridge-port2"
>  Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
> 
> I don't know from where the faulty id comes from, it's not in any logs.
> In the domain xml as printed in vdsm.log the id is correct:
> 
>  
>  
>  
>  
>  
>  
>  
>  
>  
>   interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" />
>  
>  
> 
> Where is the ovs-vsctl command line built for this call?
> 
> /Sverker
> 
> 
> Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
> > Got it to work now by following the env8 example in OVN tutorial,
> > where a port is added with type l2gateway. Not sure how that is
> > different from the localnet variant, but didn't suceed in getting that
> > one working. Now I'm able to ping and telnet over the tunnel, but not
> > ssh even when the port is answering on telnet. Nei

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-30 Thread Marcin Mirecki
1. Why not use your physical nic for ovirtmgmt then?

2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch.
   br-int is an internal OVN implementation detail, which the user
   should not care about. What you see in the ovirt UI are logical
   networks. They are implemented as OVN logical switches in case
   of the OVN provider.

Please look at:
http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/
You can get the latest rpms from here:
http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/

- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Friday, December 30, 2016 4:25:58 PM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> 1. No, I did not want to put the ovirtmgmt bridge on my physical nic as
> it always messed up the network config making the host unreachable. I
> have put a ovs bridge on this nic which I will use to make tunnels when
> I add other hosts. Maybe br-int will be used for that instead, will see
> when I get that far.
> 
> As it is now I have a dummy if for ovirtmgmt bridge but this will
> probably not work when I add other hosts as that bridge cannot connect
> to the other hosts. I'm considering keeping this just as a dummy to keep
> ovirt engine satisfied while the actual communication will happen over
> OVN/OVS bridges and tunnels.
> 
> 2. On
> https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/
> there is instructions how to add an OVS bridge to OVN with |ovn-nbctl
> ls-add |. If you want to use br-int then it makes sense to
> make that bridge visible in ovirt webui under networks so that it can be
> selected for VM's.
> 
> It quite doesn't make sense to me that I can select other network for my
> VM but then that setting is not used when setting up the network.
> 
> /Sverker
> 
> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
> > Hi,
> >
> > The OVN provider does not require you to add any bridges manually.
> > As I understand we were dealing with two problems:
> > 1. You only had one physical nic and wanted to put a bridge on it,
> > attaching the management network to the bridge. This was the reason for
> > creating the bridge (the recommended setup would be to used a separate
> > physical nic for the management network). This bridge has nothing to
> > do with the OVN bridge.
> > 2. OVN - you want to use OVN on this system. For this you have to install
> > OVN on your hosts. This should create the br-int bridge, which are
> > then used by the OVN provider. This br-int bridge must be configured
> > to connect to other hosts using the geneve tunnels.
> >
> > In both cases the systems will not be aware of any bridges you create.
> > They need a nic (be it physical or virtual) to connect to other system.
> > Usually this is the physical nic. In your case you decided to put a bridge
> > on the physical nic, and give oVirt a virtual nic attached to this bridge.
> > This works, but keep in mind that the bridge you have introduced is outside
> > of oVirt's (and OVN) control (and as such is not supported).
> >
> >> What is the purpose of
> >> adding my bridges to Ovirt through the external provider and configure
> >> them on my VM
> > I am not quite sure I understand.
> > The external provider (OVN provider to be specific), does not add any
> > bridges
> > to the system. It is using the br-int bridge created by OVN. The networks
> > created by the OVN provider are purely logical entities, implemented using
> > the OVN br-int bridge.
> >
> > Marcin
> >
> >
> > - Original Message -
> >> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> >> To: "Marcin Mirecki" <mmire...@redhat.com>
> >> Cc: "Ovirt Users" <users@ovirt.org>
> >> Sent: Friday, December 30, 2016 12:15:43 PM
> >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt
> >> network
> >>
> >> Hi
> >> That is the logic I quite don't understand. What is the purpose of
> >> adding my bridges to Ovirt through the external provider and configure
> >> them on my VM if you are disregarding that and using br-int anyway?
> >>
> >> /Sverker
> >>
> >> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
> >>> Sverker,
> >>>
> >>> br-int is the integration bridge cre

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-30 Thread Marcin Mirecki
Hi,

The OVN provider does not require you to add any bridges manually.
As I understand we were dealing with two problems:
1. You only had one physical nic and wanted to put a bridge on it,
   attaching the management network to the bridge. This was the reason for
   creating the bridge (the recommended setup would be to used a separate
   physical nic for the management network). This bridge has nothing to
   do with the OVN bridge.
2. OVN - you want to use OVN on this system. For this you have to install
   OVN on your hosts. This should create the br-int bridge, which are
   then used by the OVN provider. This br-int bridge must be configured
   to connect to other hosts using the geneve tunnels.

In both cases the systems will not be aware of any bridges you create.
They need a nic (be it physical or virtual) to connect to other system.
Usually this is the physical nic. In your case you decided to put a bridge
on the physical nic, and give oVirt a virtual nic attached to this bridge.
This works, but keep in mind that the bridge you have introduced is outside
of oVirt's (and OVN) control (and as such is not supported).

> What is the purpose of
> adding my bridges to Ovirt through the external provider and configure
> them on my VM

I am not quite sure I understand.
The external provider (OVN provider to be specific), does not add any bridges
to the system. It is using the br-int bridge created by OVN. The networks
created by the OVN provider are purely logical entities, implemented using
the OVN br-int bridge.

Marcin


- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Friday, December 30, 2016 12:15:43 PM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Hi
> That is the logic I quite don't understand. What is the purpose of
> adding my bridges to Ovirt through the external provider and configure
> them on my VM if you are disregarding that and using br-int anyway?
> 
> /Sverker
> 
> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
> > Sverker,
> >
> > br-int is the integration bridge created by default in OVN. This is the
> > bridge we use for the OVN provider. As OVN is required to be installed,
> > we assume that this bridge is present.
> > Using any other ovs bridge is not supported, and will require custom code
> > changes (such as the ones you created).
> >
> > The proper setup in your case would probably be to create br-int and
> > connect
> > this to your ovirtbridge, although I don't know the details of your env, so
> > this is just my best guess.
> >
> > Marcin
> >
> >
> > - Original Message -
> >> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> >> To: "Marcin Mirecki" <mmire...@redhat.com>
> >> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique"
> >> <nusid...@redhat.com>
> >> Sent: Friday, December 30, 2016 1:14:50 AM
> >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt
> >> network
> >>
> >> Even better, if the value is not hardcoded then the configured value is
> >> used. Might be that I'm missunderstanding something but this is the
> >> behaviour I expected instead of that it is using br-int.
> >>
> >> Attached is a patch which properly sets up the xml, in case there is
> >> already a virtual port there + testcode of some variants
> >>
> >> /Sverker
> >>
> >> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
> >>> When I change
> >>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook
> >>> to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then
> >>> I get the expected behaviour and I get a working network connectivity
> >>> in my VM with IP provided by dhcp.
> >>>
> >>> /Sverker
> >>>
> >>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
> >>>> By default the vNic profile of my OVN bridge ovirtbridge gets a
> >>>> Network filter named vdsm-no-mac-spoofing. If I instead set No filter
> >>>> then I don't get those ebtables / iptables messages. It seems that
> >>>> there is some issue between ovirt/vdsm and firewalld, which we can
> >>>> put to the side for now.
> >>>>
> >>>> It is not clear for me why the port is added on br-int instead of the
> >>>> bridge I've assigned to the VM, which is ovirtbridge

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-30 Thread Marcin Mirecki
Sverker,

br-int is the integration bridge created by default in OVN. This is the
bridge we use for the OVN provider. As OVN is required to be installed,
we assume that this bridge is present.
Using any other ovs bridge is not supported, and will require custom code
changes (such as the ones you created).

The proper setup in your case would probably be to create br-int and connect
this to your ovirtbridge, although I don't know the details of your env, so
this is just my best guess.

Marcin


- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" <nusid...@redhat.com>
> Sent: Friday, December 30, 2016 1:14:50 AM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Even better, if the value is not hardcoded then the configured value is
> used. Might be that I'm missunderstanding something but this is the
> behaviour I expected instead of that it is using br-int.
> 
> Attached is a patch which properly sets up the xml, in case there is
> already a virtual port there + testcode of some variants
> 
> /Sverker
> 
> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
> >
> > When I change
> > /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook
> > to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then
> > I get the expected behaviour and I get a working network connectivity
> > in my VM with IP provided by dhcp.
> >
> > /Sverker
> >
> > Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
> >>
> >> By default the vNic profile of my OVN bridge ovirtbridge gets a
> >> Network filter named vdsm-no-mac-spoofing. If I instead set No filter
> >> then I don't get those ebtables / iptables messages. It seems that
> >> there is some issue between ovirt/vdsm and firewalld, which we can
> >> put to the side for now.
> >>
> >> It is not clear for me why the port is added on br-int instead of the
> >> bridge I've assigned to the VM, which is ovirtbridge??
> >>
> >> /Sverker
> >>
> >> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
> >>>
> >>> The specific command most likely fails because there is no chain
> >>> named libvirt-J-vnet0, but when should that have been created?
> >>> /Sverker
> >>>
> >>>  Vidarebefordrat meddelande 
> >>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt
> >>> network
> >>> Datum:Thu, 29 Dec 2016 08:06:29 -0500 (EST)
> >>> Från: Marcin Mirecki <mmire...@redhat.com>
> >>> Till: Sverker Abrahamsson <sver...@abrahamsson.com>
> >>> Kopia:Ovirt Users <users@ovirt.org>, Lance Richardson
> >>> <lrich...@redhat.com>, Numan Siddique <nusid...@redhat.com>
> >>>
> >>>
> >>>
> >>> Let me add the OVN team.
> >>>
> >>> Lance, Numan,
> >>>
> >>> Can you please look at this?
> >>>
> >>> Trying to plug a vNIC results in:
> >>> > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|1|vsctl|INFO|Called as
> >>> > >>>>>> ovs-vsctl
> >>> > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int
> >>> > >>>>>> vnet0 --
> >>> > >>>>>> set Interface vnet0
> >>> > >>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\""
> >>> > >>>>>> -- set Interface vnet0
> >>> > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\""
> >>> > >>>>>> --
> >>> > >>>>>> set Interface vnet0
> >>> > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" --
> >>> > >>>>>> set
> >>> > >>>>>> Interface vnet0 external-ids:iface-status=active
> >>> > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode
> >>> > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> >>> > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0
> >>> >

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-29 Thread Marcin Mirecki
Let me add the OVN team.

Lance, Numan,

Can you please look at this?

Trying to plug a vNIC results in:
> >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|1|vsctl|INFO|Called as ovs-vsctl
> >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 --
> >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\""
> >>>>>> -- set Interface vnet0
> >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" --
> >>>>>> set Interface vnet0
> >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set
> >>>>>> Interface vnet0 external-ids:iface-status=active
> >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode
> >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j
> >>>>>> libvirt-J-vnet0' failed:
> >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:

More details below


- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Thursday, December 29, 2016 1:42:11 PM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Hi
> Same problem still..
> /Sverker
> 
> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
> > Hi,
> >
> > The tunnels are created to connect multiple OVN controllers.
> > If there is only one, there is no need for the tunnels, so none
> > will be created, this is the correct behavior.
> >
> > Does the problem still occur after setting configuring the OVN-controller?
> >
> > Marcin
> >
> > - Original Message -
> >> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> >> To: "Marcin Mirecki" <mmire...@redhat.com>
> >> Cc: "Ovirt Users" <users@ovirt.org>
> >> Sent: Thursday, December 29, 2016 11:44:32 AM
> >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt
> >> network
> >>
> >> Hi
> >> The rpm packages you listed in the other mail are installed but I had
> >> not run vdsm-tool ovn-config to create tunnel as the OVN controller is
> >> on the same host.
> >>
> >> [root@h2 ~]# rpm -q openvswitch-ovn-common
> >> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64
> >> [root@h2 ~]# rpm -q openvswitch-ovn-host
> >> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64
> >> [root@h2 ~]# rpm -q python-openvswitch
> >> python-openvswitch-2.6.90-1.el7.centos.noarch
> >>
> >> After removing my manually created br-int and run
> >>
> >> vdsm-tool ovn-config 127.0.0.1 172.27.1.1
> >>
> >> then I have the br-int but 'ip link show' does not show any link
> >> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these
> >> are when there is an actual tunnel?
> >>
> >> [root@h2 ~]# ovs-vsctl show
> >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23
> >>   Bridge br-int
> >>   fail_mode: secure
> >>   Port br-int
> >>   Interface br-int
> >>   type: internal
> >>   Bridge ovirtbridge
> >>   Port ovirtbridge
> >>   Interface ovirtbridge
> >>   type: internal
> >>   Bridge "ovsbridge0"
> >>   Port "ovsbridge0"
> >>   Interface "ovsbridge0"
> >>   type: internal
> >>   Port "eth0"
> >>   Interface "eth0"
> >>   ovs_version: "2.6.90"
> >>
> >> [root@h2 ~]# ip link show
> >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
> >> DEFAULT qlen 1
> >>   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> >> master ovs-system state UP mode DEFAULT qlen 1000
> >>   link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff
> >> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
> >> DEFAULT qlen 1000
> >>   link/ether 

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-29 Thread Marcin Mirecki
Hi,

The tunnels are created to connect multiple OVN controllers.
If there is only one, there is no need for the tunnels, so none
will be created, this is the correct behavior.

Does the problem still occur after setting configuring the OVN-controller? 

Marcin

- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Thursday, December 29, 2016 11:44:32 AM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Hi
> The rpm packages you listed in the other mail are installed but I had
> not run vdsm-tool ovn-config to create tunnel as the OVN controller is
> on the same host.
> 
> [root@h2 ~]# rpm -q openvswitch-ovn-common
> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64
> [root@h2 ~]# rpm -q openvswitch-ovn-host
> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64
> [root@h2 ~]# rpm -q python-openvswitch
> python-openvswitch-2.6.90-1.el7.centos.noarch
> 
> After removing my manually created br-int and run
> 
> vdsm-tool ovn-config 127.0.0.1 172.27.1.1
> 
> then I have the br-int but 'ip link show' does not show any link
> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these
> are when there is an actual tunnel?
> 
> [root@h2 ~]# ovs-vsctl show
> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23
>  Bridge br-int
>  fail_mode: secure
>  Port br-int
>  Interface br-int
>  type: internal
>  Bridge ovirtbridge
>  Port ovirtbridge
>  Interface ovirtbridge
>  type: internal
>  Bridge "ovsbridge0"
>  Port "ovsbridge0"
>  Interface "ovsbridge0"
>  type: internal
>  Port "eth0"
>  Interface "eth0"
>  ovs_version: "2.6.90"
> 
> [root@h2 ~]# ip link show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
> DEFAULT qlen 1
>  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovs-system state UP mode DEFAULT qlen 1000
>  link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff
> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
> DEFAULT qlen 1000
>  link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff
> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UNKNOWN mode DEFAULT qlen 1000
>  link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff
> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
> DEFAULT qlen 1000
>  link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff
> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UNKNOWN mode DEFAULT qlen 1000
>  link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff
> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master
> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000
>  link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP mode DEFAULT qlen 1000
>  link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
> 
> Firewall settings:
> [root@h2 ~]# firewall-cmd --list-all-zones
> work
>target: default
>icmp-block-inversion: no
>interfaces:
>sources:
>services: dhcpv6-client ssh
>ports:
>protocols:
>masquerade: no
>forward-ports:
>sourceports:
>icmp-blocks:
>rich rules:
> 
> 
> drop
>target: DROP
>icmp-block-inversion: no
>interfaces:
>sources:
>services:
>ports:
>protocols:
>masquerade: no
>forward-ports:
>sourceports:
>icmp-blocks:
>rich rules:
> 
> 
> internal
>target: default
>icmp-block-inversion: no
>interfaces:
>sources:
>services: dhcpv6-client mdns samba-client ssh
>ports:
>protocols:
>masquerade: no
>forward-ports:
>sourceports:
>icmp-blocks:
>rich rules:
> 
> 
> external
>target: default
>icmp-block-inversion: no
>interfaces:
>sources:
>services: ssh
>ports:
>protocols:
>masquerade: yes
>forward-ports:
>sourceports:
>icmp-blocks:
>rich rules:
> 
> 
> trusted
>target: ACCEPT
>icmp-block-inversion: no
>interfaces:
>sources:
>services:
>ports:
>protocols:
>masqu

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-29 Thread Marcin Mirecki
Hi,

Can you please do: "sudo ovsdb-client dump" 
on the host and send me the output?

Have you configured the ovn controller to connect to the
OVN north? You can do it using "vdsm-tool ovn-config" or
using the OVN tools directly.
Please check out: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/
for details.

Also please note that the OVN provider is completely different
from the neutron-openvswitch plugin. Please don't mix the two.

Marcin


- Original Message -----
> From: "Marcin Mirecki" <mmire...@redhat.com>
> To: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Thursday, December 29, 2016 9:27:19 AM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Hi,
> 
> br-int is the OVN integration bridge, it should have been created
> when installing OVN. I assume you have the following packages installed
> on the host:
> openvswitch-ovn-common
> openvswitch-ovn-host
> python-openvswitch
> 
> Please give me some time to look at the connectivity problem.
> 
> Marcin
> 
> 
> 
> - Original Message -
> > From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> > To: "Marcin Mirecki" <mmire...@redhat.com>
> > Cc: "Ovirt Users" <users@ovirt.org>
> > Sent: Thursday, December 29, 2016 12:47:04 AM
> > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt
> > network
> > 
> > From
> > /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook
> > (installed by ovirt-provider-ovn-driver rpm):
> > 
> > BRIDGE_NAME = 'br-int'
> > 
> > 
> > Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
> > > Googling on the message about br-int suggested adding that bridge to ovs:
> > >
> > > ovs-vsctl add-br br-int
> > >
> > > Then the VM is able to boot, but it fails to get network connectivity.
> > > Output in /var/log/messages:
> > >
> > > Dec 28 23:31:35 h2 ovs-vsctl: ovs|1|vsctl|INFO|Called as ovs-vsctl
> > > --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 --
> > > set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\""
> > > -- set Interface vnet0
> > > "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" --
> > > set Interface vnet0
> > > "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set
> > > Interface vnet0 external-ids:iface-status=active
> > > Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j
> > > libvirt-J-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j
> > > libvirt-P-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed:
> > > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > > '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev
> > > --physdev-is-bridged --physd

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-29 Thread Marcin Mirecki
Hi,

br-int is the OVN integration bridge, it should have been created
when installing OVN. I assume you have the following packages installed
on the host:
openvswitch-ovn-common
openvswitch-ovn-host
python-openvswitch

Please give me some time to look at the connectivity problem.

Marcin



- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Thursday, December 29, 2016 12:47:04 AM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> From
> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook
> (installed by ovirt-provider-ovn-driver rpm):
> 
> BRIDGE_NAME = 'br-int'
> 
> 
> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
> > Googling on the message about br-int suggested adding that bridge to ovs:
> >
> > ovs-vsctl add-br br-int
> >
> > Then the VM is able to boot, but it fails to get network connectivity.
> > Output in /var/log/messages:
> >
> > Dec 28 23:31:35 h2 ovs-vsctl: ovs|1|vsctl|INFO|Called as ovs-vsctl
> > --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 --
> > set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\""
> > -- set Interface vnet0
> > "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" --
> > set Interface vnet0
> > "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set
> > Interface vnet0 external-ids:iface-status=active
> > Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j
> > libvirt-J-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j
> > libvirt-P-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev
> > --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out
> > vnet0 -g FO-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0
> > -g FI-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in
> > vnet0 -g HI-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
> > '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed:
> > Dec 28 23:31:35 h2 firewalld

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-28 Thread Marcin Mirecki
Sverker,

Can you try adding a vnic named veth_* or dummy_*,
(or alternatively add the name of the vnic to 
vdsm.config fake_nics), and setup the management
network using this vnic?
I suppose adding the vnic you use for connecting
to the engine to fake_nics should make it visible
to the engine, and you should be able to use it for
the setup.

Marcin



- Original Message -
> From: "Marcin Mirecki" <mmire...@redhat.com>
> To: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Wednesday, December 28, 2016 12:06:26 PM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> > I have an internal OVS bridge called ovirtbridge which has a port with
> > IP address, but in the host network settings that port is not visible.
> 
> I just verified and unfortunately the virtual ports are not visible in engine
> to assign a network to :(
> I'm afraid that the engine is not ready for such a scenario (even if it
> works).
> Please give me some time to look for a solution.
> 
> - Original Message -
> > From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> > To: "Marcin Mirecki" <mmire...@redhat.com>
> > Cc: "Ovirt Users" <users@ovirt.org>
> > Sent: Wednesday, December 28, 2016 11:48:24 AM
> > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt
> > network
> > 
> > Hi Marcin
> > Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor
> > ovsbridge0 since as soon as it sees them it messes up the network config
> > so that the host will be unreachable.
> > 
> > I have an internal OVS bridge called ovirtbridge which has a port with
> > IP address, but in the host network settings that port is not visible.
> > It doesn't help to name it ovirtmgmt.
> > 
> > The engine is able to communicate with the host on the ip it has been
> > given, it's just that it believes that it HAS to have a ovirtmgmt
> > network which can't be on OVN.
> > 
> > /Sverker
> > 
> > 
> > Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
> > > Hi Sverker,
> > >
> > > The management network is mandatory on each host. It's used by the
> > > engine to communicate with the host.
> > > Looking at your description and the exception it looks like it is
> > > missing.
> > > The error is caused by not having any network for the host
> > > (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster -
> > > which
> > > gets all the networks on nics for a host from vds_interface table in the
> > > DB).
> > >
> > > Could you maybe create a virtual nic connected to ovsbridge0 (as I
> > > understand you
> > > have no physical nic available) and use this for the management network?
> > >
> > >> I then create a bridge for use with ovirt, with a private address.
> > > I'm not quite sure I understand. Is this yet another bridge connected to
> > > ovsbridge0?
> > > You could also attach the vnic for the management network here if need
> > > be.
> > >
> > > Please keep in mind that OVN has no use in setting up the management
> > > network.
> > > The OVN provider can only handle external networks, which can not be used
> > > for a
> > > management network.
> > >
> > > Marcin
> > >
> > >
> > > - Original Message -
> > >> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> > >> To: users@ovirt.org
> > >> Sent: Wednesday, December 28, 2016 12:39:59 AM
> > >> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt
> > >> network
> > >>
> > >>
> > >>
> > >> Hi
> > >> For long time I've been looking for proper support in ovirt for Open
> > >> vSwitch
> > >> so I'm happy that it is moving in the right direction. However, there
> > >> seems
> > >> to still be a dependency on a ovirtmgmt bridge and I'm unable to move
> > >> that
> > >> to the OVN provider.
> > >>
> > >> The hosting center where I rent hw instances has a bit special network
> > >> setup,
> > >> so I have one physical network port with a /32 netmask and
> > >> point-to-point
> > >> config to router. The physical port I connect to a ovs bridge which has
> > >> the
> > >> public ip. Since ovirt alwa

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-28 Thread Marcin Mirecki
> I have an internal OVS bridge called ovirtbridge which has a port with
> IP address, but in the host network settings that port is not visible.

I just verified and unfortunately the virtual ports are not visible in engine 
to assign a network to :(
I'm afraid that the engine is not ready for such a scenario (even if it works).
Please give me some time to look for a solution.

- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>
> Sent: Wednesday, December 28, 2016 11:48:24 AM
> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> Hi Marcin
> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor
> ovsbridge0 since as soon as it sees them it messes up the network config
> so that the host will be unreachable.
> 
> I have an internal OVS bridge called ovirtbridge which has a port with
> IP address, but in the host network settings that port is not visible.
> It doesn't help to name it ovirtmgmt.
> 
> The engine is able to communicate with the host on the ip it has been
> given, it's just that it believes that it HAS to have a ovirtmgmt
> network which can't be on OVN.
> 
> /Sverker
> 
> 
> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
> > Hi Sverker,
> >
> > The management network is mandatory on each host. It's used by the
> > engine to communicate with the host.
> > Looking at your description and the exception it looks like it is missing.
> > The error is caused by not having any network for the host
> > (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster -
> > which
> > gets all the networks on nics for a host from vds_interface table in the
> > DB).
> >
> > Could you maybe create a virtual nic connected to ovsbridge0 (as I
> > understand you
> > have no physical nic available) and use this for the management network?
> >
> >> I then create a bridge for use with ovirt, with a private address.
> > I'm not quite sure I understand. Is this yet another bridge connected to
> > ovsbridge0?
> > You could also attach the vnic for the management network here if need be.
> >
> > Please keep in mind that OVN has no use in setting up the management
> > network.
> > The OVN provider can only handle external networks, which can not be used
> > for a
> > management network.
> >
> > Marcin
> >
> >
> > - Original Message -
> >> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> >> To: users@ovirt.org
> >> Sent: Wednesday, December 28, 2016 12:39:59 AM
> >> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> >>
> >>
> >>
> >> Hi
> >> For long time I've been looking for proper support in ovirt for Open
> >> vSwitch
> >> so I'm happy that it is moving in the right direction. However, there
> >> seems
> >> to still be a dependency on a ovirtmgmt bridge and I'm unable to move that
> >> to the OVN provider.
> >>
> >> The hosting center where I rent hw instances has a bit special network
> >> setup,
> >> so I have one physical network port with a /32 netmask and point-to-point
> >> config to router. The physical port I connect to a ovs bridge which has
> >> the
> >> public ip. Since ovirt always messes up the network config when I've tried
> >> to let it have access to the network config for the physical port, I've
> >> set
> >> eht0 and ovsbridge0 as hidden in vdsm.conf.
> >>
> >>
> >> I then create a bridge for use with ovirt, with a private address. With
> >> the
> >> OVN provider I am now able to import these into the engine and it looks
> >> good. When creating a VM I can select that it will have a vNic on my OVS
> >> bridge.
> >>
> >> However, I can't start the VM as an exception is thrown in the log:
> >>
> >> 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand]
> >> (default task-5) [3c882d53] Error during ValidateFailure.:
> >> java.lang.NullPointerException
> >> at
> >> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140)
> >> [bll.jar:]
> >> at
> >> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69)
> >> [bll.jar:]
> >> at
> >> org.ovirt.engine

Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network

2016-12-28 Thread Marcin Mirecki
Hi Sverker,

The management network is mandatory on each host. It's used by the
engine to communicate with the host.
Looking at your description and the exception it looks like it is missing. 
The error is caused by not having any network for the host 
(network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which
gets all the networks on nics for a host from vds_interface table in the DB).

Could you maybe create a virtual nic connected to ovsbridge0 (as I understand 
you
have no physical nic available) and use this for the management network?

> I then create a bridge for use with ovirt, with a private address.
I'm not quite sure I understand. Is this yet another bridge connected to 
ovsbridge0?
You could also attach the vnic for the management network here if need be.

Please keep in mind that OVN has no use in setting up the management network.
The OVN provider can only handle external networks, which can not be used for a
management network.

Marcin


- Original Message -
> From: "Sverker Abrahamsson" <sver...@abrahamsson.com>
> To: users@ovirt.org
> Sent: Wednesday, December 28, 2016 12:39:59 AM
> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> 
> 
> 
> Hi
> For long time I've been looking for proper support in ovirt for Open vSwitch
> so I'm happy that it is moving in the right direction. However, there seems
> to still be a dependency on a ovirtmgmt bridge and I'm unable to move that
> to the OVN provider.
> 
> The hosting center where I rent hw instances has a bit special network setup,
> so I have one physical network port with a /32 netmask and point-to-point
> config to router. The physical port I connect to a ovs bridge which has the
> public ip. Since ovirt always messes up the network config when I've tried
> to let it have access to the network config for the physical port, I've set
> eht0 and ovsbridge0 as hidden in vdsm.conf.
> 
> 
> I then create a bridge for use with ovirt, with a private address. With the
> OVN provider I am now able to import these into the engine and it looks
> good. When creating a VM I can select that it will have a vNic on my OVS
> bridge.
> 
> However, I can't start the VM as an exception is thrown in the log:
> 
> 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand]
> (default task-5) [3c882d53] Error during ValidateFailure.:
> java.lang.NullPointerException
> at
> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133)
> [bll.jar:]
> at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886)
> [bll.jar:]
> at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76)
> [bll.jar:]
> at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613)
> [bll.jar:]
> at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583)
> [bll.jar:]
> 
> 
> Looking at that section of code where the exception is thrown, I see that it
> iterates over host networks to find required networks, which I assume is
> ovirtmgmt. In the host network setup dialog I don't see any networks at all
> but it lists ovirtmgmt as required. It also list the OVN networks but these
> can't be statically assigned as they are added dynamically when needed,
> which is fine.
> 
> I believe that I either need to remove ovirtmgmt network or configure that it
> is provided by the OVN provider, but neither is possible. Preferably it
> shouldn't be hardcoded which network is management and mandatory but be
> possible to configure.
> 
> /Sverker
> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
> 
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] OVN Deep Dive for oVirt 4.1

2016-12-27 Thread Marcin Mirecki
BEGIN:VCALENDAR
PRODID:Zimbra-Calendar-Provider
VERSION:2.0
METHOD:REQUEST
BEGIN:VTIMEZONE
TZID:Europe/Berlin
BEGIN:STANDARD
DTSTART:16010101T03
TZOFFSETTO:+0100
TZOFFSETFROM:+0200
RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=10;BYDAY=-1SU
TZNAME:CET
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:16010101T02
TZOFFSETTO:+0200
TZOFFSETFROM:+0100
RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=3;BYDAY=-1SU
TZNAME:CEST
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:c1705cfd-9bb1-4d7d-9648-7a8244d8b50b
SUMMARY:OVN Deep Dive for oVirt 4.1
ATTENDEE;CN=Ovirt Users;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE
 :mailto:users@ovirt.org
ORGANIZER;CN=Marcin Mirecki:mailto:mmire...@redhat.com
DTSTART;TZID="Europe/Berlin":20170111T16
DTEND;TZID="Europe/Berlin":20170111T17
STATUS:CONFIRMED
CLASS:PUBLIC
X-MICROSOFT-CDO-INTENDEDSTATUS:BUSY
TRANSP:OPAQUE
LAST-MODIFIED:20161227T161035Z
DTSTAMP:20161227T161035Z
SEQUENCE:1
DESCRIPTION:The following is a new meeting request:\n\nSubject: OVN Deep Div
 e for oVirt 4.1 \nOrganizer: "Marcin Mirecki" <mmire...@redhat.com> \n\nTime
 : Wednesday\, January 11\, 2017\, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterd
 am\, Berlin\, Bern\, Rome\, Stockholm\, Vienna\n \nInvitees: users@ovirt.org
  \n\n\n*~*~*~*~*~*~*~*~*~*\n\nOVN (Open Virtual Networking) is a new network
  virtualization project that\nbrings virtual networking to Open vSwitch.\nOV
 N is now availble to use as a tech preview in oVirt. It is made available\nu
 sing the oVirt external network providers API\, which allows using external\
 nnetwork management software inside environments managed by oVirt.\nThe inte
 gration with OVN will allow users to take advantage of native OVS\nsupport f
 or software defined networks.\n\nThe advantages of using OVN:\n- ability to 
 use large number of networks with no need for multiple host NICs\n  or VLAN 
 use\n- ability to set up new network without any changes to the physical inf
 rastructure\n- easier to maintain due to centralized management\n- good traf
 fic isolation due to Openflow rules\n- improved performance over neutron OVS
  plugin (https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutr
 on-ml2ovs-and-ovn-control-plane/)\n\n\nSession outline:\n- OVN overview\n- o
 Virt external network provider API overview\n- oVirt provider for OVN overvi
 ew\n\nSession link:\nhttps://www.youtube.com/watch?v=vGeouWfKJwA\n\nFeature 
 Page:\nhttps://www.ovirt.org//develop/release-management/features/ovirt-ovn-
 provider/\nBlog Post:\nhttps://www.ovirt.org/blog/2016/11/ovirt-provider-ovn
 /
BEGIN:VALARM
ACTION:DISPLAY
TRIGGER;RELATED=START:-PT5M
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Cumulus Switch

2016-12-20 Thread Marcin Mirecki
If you plan to implement your own provider from scratch, you might want to look 
at:
https://github.com/mmirecki/ovirt-provider_mock

This is a minimal 'mock' implementation, but gives some simple insight on how 
the provider might look like.

Marcin


- Original Message -
> From: "Marcin Mirecki" <mmire...@redhat.com>
> To: "Matt Wells" <matt.we...@mosaic451.com>
> Cc: "Yaniv Dary" <yd...@redhat.com>, "Ovirt Users" <users@ovirt.org>
> Sent: Tuesday, December 20, 2016 10:45:22 AM
> Subject: Re: [ovirt-users] Cumulus Switch
> 
> If you plan to implement your own provider from scratch, you might want to
> look at:
> 
> 
> - Original Message -
> > From: "Matt Wells" <matt.we...@mosaic451.com>
> > To: "Yaniv Dary" <yd...@redhat.com>
> > Cc: "Ovirt Users" <users@ovirt.org>, "Marcin Mirecki" <mmire...@redhat.com>
> > Sent: Monday, December 19, 2016 3:53:42 PM
> > Subject: Re: [ovirt-users] Cumulus Switch
> > 
> > Thanks Yaniv; I'll have a got and share any progress.   I appreciate the
> > reply.
> > 
> > On Sun, Dec 18, 2016 at 7:28 AM Yaniv Dary <yd...@redhat.com> wrote:
> > 
> > > You can read on the external provider design in:
> > >
> > > http://www.ovirt.org/develop/release-management/features/external-network-provider/
> > > You can also start a project to integrate this software to oVirt with the
> > > refrence in:
> > > https://github.com/mmirecki/ovirt-provider-mock
> > >
> > > Patches are welcome!
> > >
> > > Yaniv Dary
> > > Technical Product Manager
> > > Red Hat Israel Ltd.
> > > 34 Jerusalem Road
> > > Building A, 4th floor
> > > Ra'anana, Israel 4350109
> > >
> > > Tel : +972 (9) 7692306 <+972%209-769-2306>
> > > 8272306
> > > Email: yd...@redhat.com
> > > IRC : ydary
> > >
> > >
> > > On Thu, Dec 15, 2016 at 10:07 PM, Matt Wells <matt.we...@mosaic451.com>
> > > wrote:
> > >
> > > I've seen some of the cool stuff coming with OVN and even a co-worker has
> > > done some great things with it.  However I was wondering if anyone had
> > > experience with Cumulus as the external provider for networks.
> > > It's just a "weekend project" I'm picking up and thought to ask on the
> > > list.  I've not found other posts on it yet but will continue to look.
> > > I've just made a fresh lab with the latest and greatest oVirt on CentOS
> > > 7.
> > > Thanks to all and a happy holiday season ( if you're into the holiday
> > > thing ).
> > > :-)
> > >
> > > ___
> > > Users mailing list
> > > Users@ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> > >
> > > --
> > Matt Wells
> > Chief Systems Architect
> > RHCA III, RHCVA - #110-000-353
> > (702) 808-0424
> > matt.we...@mosaic451.com
> >  Las Vegas | Phoenix | Portland Mosaic451.com
> > CONFIDENTIALITY NOTICE: This transmittal is a confidential communication or
> > may otherwise be privileged. If you are not intended recipient, you are
> > hereby notified that you have received this transmittal in error and that
> > any review, dissemination, distribution or copying of this transmittal is
> > strictly prohibited. If you have received this communication in error,
> > please notify this office, and immediately delete this message and all its
> > attachments, if any.
> > 1*
> > 
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Cumulus Switch

2016-12-20 Thread Marcin Mirecki
If you plan to implement your own provider from scratch, you might want to look 
at:


- Original Message -
> From: "Matt Wells" <matt.we...@mosaic451.com>
> To: "Yaniv Dary" <yd...@redhat.com>
> Cc: "Ovirt Users" <users@ovirt.org>, "Marcin Mirecki" <mmire...@redhat.com>
> Sent: Monday, December 19, 2016 3:53:42 PM
> Subject: Re: [ovirt-users] Cumulus Switch
> 
> Thanks Yaniv; I'll have a got and share any progress.   I appreciate the
> reply.
> 
> On Sun, Dec 18, 2016 at 7:28 AM Yaniv Dary <yd...@redhat.com> wrote:
> 
> > You can read on the external provider design in:
> >
> > http://www.ovirt.org/develop/release-management/features/external-network-provider/
> > You can also start a project to integrate this software to oVirt with the
> > refrence in:
> > https://github.com/mmirecki/ovirt-provider-mock
> >
> > Patches are welcome!
> >
> > Yaniv Dary
> > Technical Product Manager
> > Red Hat Israel Ltd.
> > 34 Jerusalem Road
> > Building A, 4th floor
> > Ra'anana, Israel 4350109
> >
> > Tel : +972 (9) 7692306 <+972%209-769-2306>
> > 8272306
> > Email: yd...@redhat.com
> > IRC : ydary
> >
> >
> > On Thu, Dec 15, 2016 at 10:07 PM, Matt Wells <matt.we...@mosaic451.com>
> > wrote:
> >
> > I've seen some of the cool stuff coming with OVN and even a co-worker has
> > done some great things with it.  However I was wondering if anyone had
> > experience with Cumulus as the external provider for networks.
> > It's just a "weekend project" I'm picking up and thought to ask on the
> > list.  I've not found other posts on it yet but will continue to look.
> > I've just made a fresh lab with the latest and greatest oVirt on CentOS 7.
> > Thanks to all and a happy holiday season ( if you're into the holiday
> > thing ).
> > :-)
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> >
> > --
> Matt Wells
> Chief Systems Architect
> RHCA III, RHCVA - #110-000-353
> (702) 808-0424
> matt.we...@mosaic451.com
>  Las Vegas | Phoenix | Portland Mosaic451.com
> CONFIDENTIALITY NOTICE: This transmittal is a confidential communication or
> may otherwise be privileged. If you are not intended recipient, you are
> hereby notified that you have received this transmittal in error and that
> any review, dissemination, distribution or copying of this transmittal is
> strictly prohibited. If you have received this communication in error,
> please notify this office, and immediately delete this message and all its
> attachments, if any.
> 1*
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt / OVN / MTU

2016-12-12 Thread Marcin Mirecki
Devin,

oVirt does not currently support changing external network mtu from within 
ovirt (it rather relies on the provider handling this internally).

If you are using OVN DHCP (have subnets defined for a network), you can modify 
the OVN DHCP options directly in the OVN database.
I have never actually tested this myself, but looking at the OVN documentation, 
it should do the job on the ports.

The standard OVN way to do so is to use the "ovn-vsctl set DHCP_Options ..." 
command.
(Unfortunately as I am trying it now it tells me that modifying DHCP_Options is 
not supported)
Alternatively, you can use the OVS python API (let me know if you need any help 
on this).

Lance,
Would changing the dhcp:options:mtu suffice?
Could you please comment on how to modify the DHCP MTU using the OVN cmd line?

Thanks,
Marcin



- Original Message -
> From: "Devin Acosta" <de...@pabstatencio.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>, "users" <Users@ovirt.org>, "Lance 
> Richardson" <lrich...@redhat.com>
> Sent: Monday, December 12, 2016 1:20:59 AM
> Subject: Fwd: oVirt / OVN / MTU
> 
> Marcin / Lance,
> 
> Not sure if the list was working correctly, I couldn't see that my message
> below made it to the list. If I need to change the MTU settings for OVN /
> OpenVSwitch to something lower than 1500, what is the best way to do this?
> We noticed that some instances (ie: Windows 2012R2) are having issues with
> the default MTU of 1500, I think there is an issue at the upper layers, and
> we can get it to work if we manually set the MTU on the instance to say
> 1400. Is there an easy way to do this so that any VM's that come up
> automatically get MTU of 1400?
> 
> Devin
> 
> -- Forwarded message --
> From: Devin Acosta <de...@pabstatencio.com>
> Date: Fri, Dec 9, 2016 at 2:02 PM
> Subject: oVirt / OVN / MTU
> To: users <Users@ovirt.org>
> 
> 
> 
> We are running oVirt 4.0.5 and we have OVN working to provide a Virtual
> Layer 2 network. We are noticing that because the OVN is using Geneve and
> between all the firewalls and networks it crosses we are running into an
> MTU issue. What is the best suggested way to lower say the entire OVN
> network to say MTU of 1400, and also allow for fragmenting packets?
> 
> 
> --
> 
> Devin Acosta
> Red Hat Certified Architect, LinuxStack
> 602-354-1220 || de...@linuxguru.co
> 
> 
> 
> --
> 
> Devin Acosta
> Red Hat Certified Architect, LinuxStack
> 602-354-1220 || de...@linuxguru.co
> 
___
Users mailing list
Users@ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Hosted-engine --deploy FQDN questions

2016-12-07 Thread Marcin Mirecki
Mark,

hosted_engine_1 is of course the name of the host in the system.
Sorry for the confusion.

Marcin

- Original Message -
> From: "Mark Steckel" <m...@fix.net>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: users@ovirt.org
> Sent: Wednesday, December 7, 2016 10:36:58 AM
> Subject: Re: [ovirt-users] Hosted-engine --deploy FQDN questions
> 
> Marcin,
> 
> - Marcin Mirecki <mmire...@redhat.com> wrote:
> > Mark,
> > 
> > >   Enter the name which will be used to identify this host inside
> > >   the
> > >   Administrator Portal [hosted_engine_1]:
> > 
> > This is the name used for the host inside the Administrator Portal, so
> > basically
> > the name of the VM inside the system.
> > This does not have to be the hostname, but there are also no objection for
> > it.
> > 
> > 
> > >   Engine FQDN:  []:
> > Yes, you are correct. This must be the FQDN of the host, resolvable to IP.
> > This fqdn will be used to access the administration portal.
> 
> If I understand you correctly, both questions apply to the hosted engine vm.
> Correct?
> 
> (If so, I'm glad I asked, because I initially and incorrectly thought that
> the first question referred to the bare metal machine that hosts the hosted
> engine vm.)
> 
> Thanks
> Mark
> 
> 
> 
> > 
> > Marcin
> > 
> > 
> > - Original Message -
> > > From: "Mark Steckel" <m...@fix.net>
> > > To: users@ovirt.org
> > > Sent: Wednesday, December 7, 2016 6:08:38 AM
> > > Subject: [ovirt-users] Hosted-engine --deploy FQDN questions
> > > 
> > > Folks,
> > > 
> > > I'm an OVirt newbie having troubles setting up my first Hosted Engine and
> > > am
> > > stumbling. In this case I think it may be because of the following two
> > > set-up questions.
> > > 
> > >   Enter the name which will be used to identify this host inside
> > >   the
> > >   Administrator Portal [hosted_engine_1]:
> > >   Please provide the FQDN for the engine you would like to use.
> > >   This needs to match the FQDN that you will use for the engine
> > >   installation within the VM.
> > >   Note: This will be the FQDN of the VM you are now going to
> > >   create,
> > >   it should not point to the base host or to any other existing
> > >   machine.
> > >   Engine FQDN:  []:
> > > 
> > > My read of this is that the first question is asking for the name of the
> > > host, while the second question is asking for the name (FQDN) of the
> > > guest
> > > vm which will be the hosted-engine. Is this correct?
> > > 
> > > I'm also presuming that a) the first question should be the hostname of
> > > the
> > > host, and b) that both the host and guest hostnames should resolve to IP
> > > addresses.
> > > 
> > > Thanks
> > > Mark
> > > ___
> > > Users mailing list
> > > Users@ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > > 
> 
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Hosted-engine --deploy FQDN questions

2016-12-07 Thread Marcin Mirecki
Mark,

>   Enter the name which will be used to identify this host inside the
>   Administrator Portal [hosted_engine_1]:

This is the name used for the host inside the Administrator Portal, so basically
the name of the VM inside the system.
This does not have to be the hostname, but there are also no objection for it.


>   Engine FQDN:  []:
Yes, you are correct. This must be the FQDN of the host, resolvable to IP.
This fqdn will be used to access the administration portal.

Marcin


- Original Message -
> From: "Mark Steckel" 
> To: users@ovirt.org
> Sent: Wednesday, December 7, 2016 6:08:38 AM
> Subject: [ovirt-users] Hosted-engine --deploy FQDN questions
> 
> Folks,
> 
> I'm an OVirt newbie having troubles setting up my first Hosted Engine and am
> stumbling. In this case I think it may be because of the following two
> set-up questions.
> 
>   Enter the name which will be used to identify this host inside the
>   Administrator Portal [hosted_engine_1]:
>   Please provide the FQDN for the engine you would like to use.
>   This needs to match the FQDN that you will use for the engine
>   installation within the VM.
>   Note: This will be the FQDN of the VM you are now going to create,
>   it should not point to the base host or to any other existing
>   machine.
>   Engine FQDN:  []:
> 
> My read of this is that the first question is asking for the name of the
> host, while the second question is asking for the name (FQDN) of the guest
> vm which will be the hosted-engine. Is this correct?
> 
> I'm also presuming that a) the first question should be the hostname of the
> host, and b) that both the host and guest hostnames should resolve to IP
> addresses.
> 
> Thanks
> Mark
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 4 and Neutron

2016-12-05 Thread Marcin Mirecki
Z|00605|poll_loop|INFO|wakeup due to 0-ms timeout
> >> at vswitchd/bridge.c:3031 (100% CPU usage)
> >> 2016-12-02T18:27:18.174Z|00606|poll_loop|INFO|Dropped 536053 log
> >> messages in last 6 seconds (most recently, 0 seconds ago) due to excessive
> >> rate
> >> 2016-12-02T18:27:18.174Z|00607|poll_loop|INFO|wakeup due to 0-ms timeout
> >> at vswitchd/bridge.c:3031 (100% CPU usage)
> >> 2016-12-02T18:27:24.174Z|00608|poll_loop|INFO|Dropped 536369 log
> >> messages in last 6 seconds (most recently, 0 seconds ago) due to excessive
> >> rate
> >> 2016-12-02T18:27:24.174Z|00609|poll_loop|INFO|wakeup due to 0-ms timeout
> >> at vswitchd/bridge.c:3031 (100% CPU usage)
> >> 2016-12-02T18:27:30.174Z|00610|poll_loop|INFO|Dropped 532134 log
> >> messages in last 6 seconds (most recently, 0 seconds ago) due to excessive
> >> rate
> >> 2016-12-02T18:27:30.174Z|00611|poll_loop|INFO|wakeup due to 1-ms timeout
> >> at vswitchd/bridge.c:3031 (100% CPU usage)
> >> 2016-12-02T18:27:36.174Z|00612|poll_loop|INFO|Dropped 531659 log
> >> messages in last 6 seconds (most recently, 0 seconds ago) due to excessive
> >> rate
> >> 2016-12-02T18:27:36.174Z|00613|poll_loop|INFO|wakeup due to 0-ms timeout
> >> at vswitchd/bridge.c:3031 (99% CPU usage)
> >>
> >>
> >> One other thing that I notice is that when I got to Provision a Virtual
> >> Machine from the Main Data Center, my Networks don't show under the NIC
> >> where I could select them? Am I missing something on this?
> >>
> >> Thanks very much for your help.
> >>
> >> Devin Acosta
> >>
> >>
> >> On Fri, Dec 2, 2016 at 5:16 AM, Marcin Mirecki <mmire...@redhat.com>
> >> wrote:
> >>
> >>> Devin,
> >>>
> >>> > I presume the OVN Controller should just be some VM that is on the
> >>> > ovirtmgmt network, or is there a preferred place to install the OVN
> >>> > controller software?
> >>>
> >>> Please note the difference between OVN-Central and OVN-Controller:
> >>> OVN-Central is the central part of OVN, storing the logical
> >>> configuration and controlling the many OVN-Controllers
> >>> OVN-Controller is the piece of software which resides on the
> >>> ovirt-hosts, and manages the local OVS setup on the host.
> >>>
> >>>  OVN-Central
> >>>/   |  \
> >>>   /|   \
> >>>  / |\
> >>> /  | \
> >>> OVN-ControllerOVN-Controller   OVN-Controller
> >>>
> >>>
> >>> OVN-central can be installed anywhere , as long as it can communicate
> >>> with the engine and all the hosts.
> >>> During development we install it along the ovirt engine for convinience.
> >>>
> >>> OVN-Controller must be installed on every ovirt host.
> >>>
> >>>
> >>> >I then also assume I install the OVN agents onto all
> >>> > the oVirt Nodes.
> >>>
> >>> Short answer: Yes
> >>>
> >>> Longe answer: If you plan not to use external networks on some clusters,
> >>> you
> >>> can skip its hosts.
> >>> You can choose the clusters which support the external network by
> >>> assigning the
> >>> network to clusters.
> >>>
> >>> > I see
> >>> > that when you go to add the External Provider, does OVN Controller use
> >>> > authentication, is there any information I would need to have besides
> >>> > knowing which node it's on in order to add it to external provider?
> >>>
> >>> For now it is only the url of the provider.
> >>> The provider is still under development, authentication is still just an
> >>> empty mock.
> >>>
> >>> >Would I
> >>> > need to have any bridges or OVS configured on the nodes for this to
> >>> work or
> >>> > just install the services and get them configured and it just works?
> >>>
> >>> We are using the default 'br-int' bridge which OVN is using. All should
> >>> be configured
> >>> when OVS/OVN is installed.
> >>>
> >>> Let me know if I can help with anything else.
> >>> Marcin
> >>>
> >>>
> >>>
> >>&g

Re: [ovirt-users] oVIRT 4 / OVN / Communication issues of instances between nodes.

2016-12-05 Thread Marcin Mirecki
Lance,

We have a problem with communication between different hosts in OVN.
Could you please take a look at the log below?
The part with "dropping duplicate flow" sounds worrying.

Thanks,
Marcin


- Original Message -
> From: "Devin Acosta" 
> To: "users" 
> Sent: Saturday, December 3, 2016 12:24:21 AM
> Subject: [ovirt-users] oVIRT 4 / OVN / Communication issues of instances  
> between nodes.
> 
> 
> Note: When I configured vdsm-tool ovn-config, I passed it the IP address of
> the OVN-Controller which is using the ovirtmgmt network, which is just one
> of the NIC's on the nodes.
> 
> I am opening up new thread as this I feel differs a bit from my original
> request. I have OVN which I believe is deployed correctly. I have noticed
> that if instances get spun up on the same oVIRT node they can all talk
> without issues to one another, however if one instance gets spun up on
> another node even if it has the same (OVN network/subnet), it can't ping or
> reach other instances in the subnet. I noticed that the OVN-Controller of
> the instance that can't talk is logging:
> 
> 2016-12-02T22:50:54.907Z|00181|pinctrl|INFO|DHCPOFFER 00:1a:4a:16:01:5c
> 10.10.10.4
> 2016-12-02T22:50:54.908Z|00182|pinctrl|INFO|DHCPACK 00:1a:4a:16:01:5c
> 10.10.10.4
> 2016-12-02T22:50:55.695Z|00183|ofctrl|INFO|Dropped 7 log messages in last 10
> seconds (most recently, 0 seconds ago) due to excessive rate
> 2016-12-02T22:50:55.695Z|00184|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:10.705Z|00185|ofctrl|INFO|Dropped 6 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:10.705Z|00186|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:20.710Z|00187|ofctrl|INFO|Dropped 4 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:20.710Z|00188|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:35.718Z|00189|ofctrl|INFO|Dropped 5 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:35.718Z|00190|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:45.724Z|00191|ofctrl|INFO|Dropped 3 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:45.724Z|00192|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:55.730Z|00193|ofctrl|INFO|Dropped 5 log messages in last 10
> seconds (most recently, 0 seconds ago) due to excessive rate
> 2016-12-02T22:51:55.730Z|00194|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:10.738Z|00195|ofctrl|INFO|Dropped 5 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:10.739Z|00196|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:20.744Z|00197|ofctrl|INFO|Dropped 3 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:20.744Z|00198|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:35.752Z|00199|ofctrl|INFO|Dropped 5 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:35.752Z|00200|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:45.758Z|00201|ofctrl|INFO|Dropped 4 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:45.758Z|00202|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 
> From the OVN-Controller:
> 
> [root@dev001-022-002 ~]# ovn-nbctl show
> switch ddb3b92f-b359-4b59-a41a-ebae6df7fe9a (devins-net)
> port 6b289418-8b8e-42b4-8334-c71584afcd3e
> addresses: ["00:1a:4a:16:01:5c dynamic"]
> port 71ef81f1-7c20-4c68-b536-d274703f7541
> addresses: ["00:1a:4a:16:01:61 dynamic"]
> port 91d4f4f5-4b9f-42c0-aa2c-8a101474bb84
> addresses: ["00:1a:4a:16:01:5e dynamic"]
> 
> Do I need to do something special in order to allow communication between
> nodes of instances on same OVN network?
> 
> Output of ovs-vsctl show from node3:
> 
> 61af799c-a621-445e-8183-23dcb38ea3cc
> Bridge br-int
> fail_mode: secure
> Port "ovn-456949-0"
> Interface "ovn-456949-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="172.10.10.74"}
> Port "ovn-c0dc09-0"
> Interface "ovn-c0dc09-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="172.10.10.73"}
> Port br-int
> 

Re: [ovirt-users] oVIRT 4 / OVN / Communication issues of instances between nodes.

2016-12-05 Thread Marcin Mirecki
Devin,

Please not the OVN-controller is not the central part where OVN northd is 
running.
OVN-controllers are the OVN processes deployed on the hosts.
The correct usage of the 'vdsm-tool ovn-config'.
 - the IP of the OVN-central (not to be confused with OVN-controllers, which is 
the part of OVN running on the hosts)
 - the local host IP to be used for tunneling to other OVN hosts
for example, if the OVN-central IP should be 10.10.10.1, and the IP of the 
local host used for tunneling: 10.10.10.101:
vdsm-tool ovn-config 10.10.10.1 10.10.10.101

Looking at the output of 'ovs-vsctl' the tunnels have been created.

The OVN log saying 'dropping duplicate flow' is worrying, let me forward this to
the OVN team to take a look at it.

Marcin



- Original Message -
> From: "Devin Acosta" 
> To: "users" 
> Sent: Saturday, December 3, 2016 12:24:21 AM
> Subject: [ovirt-users] oVIRT 4 / OVN / Communication issues of instances  
> between nodes.
> 
> 
> Note: When I configured vdsm-tool ovn-config, I passed it the IP address of
> the OVN-Controller which is using the ovirtmgmt network, which is just one
> of the NIC's on the nodes.
> 
> I am opening up new thread as this I feel differs a bit from my original
> request. I have OVN which I believe is deployed correctly. I have noticed
> that if instances get spun up on the same oVIRT node they can all talk
> without issues to one another, however if one instance gets spun up on
> another node even if it has the same (OVN network/subnet), it can't ping or
> reach other instances in the subnet. I noticed that the OVN-Controller of
> the instance that can't talk is logging:
> 
> 2016-12-02T22:50:54.907Z|00181|pinctrl|INFO|DHCPOFFER 00:1a:4a:16:01:5c
> 10.10.10.4
> 2016-12-02T22:50:54.908Z|00182|pinctrl|INFO|DHCPACK 00:1a:4a:16:01:5c
> 10.10.10.4
> 2016-12-02T22:50:55.695Z|00183|ofctrl|INFO|Dropped 7 log messages in last 10
> seconds (most recently, 0 seconds ago) due to excessive rate
> 2016-12-02T22:50:55.695Z|00184|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:10.705Z|00185|ofctrl|INFO|Dropped 6 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:10.705Z|00186|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:20.710Z|00187|ofctrl|INFO|Dropped 4 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:20.710Z|00188|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:35.718Z|00189|ofctrl|INFO|Dropped 5 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:35.718Z|00190|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:45.724Z|00191|ofctrl|INFO|Dropped 3 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:51:45.724Z|00192|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:51:55.730Z|00193|ofctrl|INFO|Dropped 5 log messages in last 10
> seconds (most recently, 0 seconds ago) due to excessive rate
> 2016-12-02T22:51:55.730Z|00194|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:10.738Z|00195|ofctrl|INFO|Dropped 5 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:10.739Z|00196|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:20.744Z|00197|ofctrl|INFO|Dropped 3 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:20.744Z|00198|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:35.752Z|00199|ofctrl|INFO|Dropped 5 log messages in last 15
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:35.752Z|00200|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 2016-12-02T22:52:45.758Z|00201|ofctrl|INFO|Dropped 4 log messages in last 10
> seconds (most recently, 5 seconds ago) due to excessive rate
> 2016-12-02T22:52:45.758Z|00202|ofctrl|INFO|dropping duplicate flow:
> table_id=32, priority=150, reg10=0x2/0x2, actions=resubmit(,33)
> 
> From the OVN-Controller:
> 
> [root@dev001-022-002 ~]# ovn-nbctl show
> switch ddb3b92f-b359-4b59-a41a-ebae6df7fe9a (devins-net)
> port 6b289418-8b8e-42b4-8334-c71584afcd3e
> addresses: ["00:1a:4a:16:01:5c dynamic"]
> port 71ef81f1-7c20-4c68-b536-d274703f7541
> addresses: ["00:1a:4a:16:01:61 dynamic"]
> port 

Re: [ovirt-users] oVirt 4 and Neutron

2016-12-02 Thread Marcin Mirecki
Devin,

> I presume the OVN Controller should just be some VM that is on the
> ovirtmgmt network, or is there a preferred place to install the OVN
> controller software?

Please note the difference between OVN-Central and OVN-Controller:
OVN-Central is the central part of OVN, storing the logical configuration and 
controlling the many OVN-Controllers
OVN-Controller is the piece of software which resides on the ovirt-hosts, and 
manages the local OVS setup on the host.

 OVN-Central
   /   |  \
  /|   \
 / |\
/  | \
OVN-ControllerOVN-Controller   OVN-Controller


OVN-central can be installed anywhere , as long as it can communicate with the 
engine and all the hosts.
During development we install it along the ovirt engine for convinience.

OVN-Controller must be installed on every ovirt host.


>I then also assume I install the OVN agents onto all
> the oVirt Nodes.

Short answer: Yes

Longe answer: If you plan not to use external networks on some clusters, you
can skip its hosts.
You can choose the clusters which support the external network by assigning the
network to clusters.

> I see
> that when you go to add the External Provider, does OVN Controller use
> authentication, is there any information I would need to have besides
> knowing which node it's on in order to add it to external provider?

For now it is only the url of the provider.
The provider is still under development, authentication is still just an
empty mock.

>Would I
> need to have any bridges or OVS configured on the nodes for this to work or
> just install the services and get them configured and it just works?

We are using the default 'br-int' bridge which OVN is using. All should be 
configured
when OVS/OVN is installed.

Let me know if I can help with anything else.
Marcin



- Original Message -
> From: "Devin Acosta" <de...@pabstatencio.com>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: "users" <Users@ovirt.org>, "Yaniv Dary" <yd...@redhat.com>
> Sent: Thursday, December 1, 2016 6:19:07 PM
> Subject: Re: [ovirt-users] oVirt 4 and Neutron
> 
> I have manually created the RPM's successfully, I just want to clarify a
> few items so I make sure I'm deploying this according to best practice.
> 
> I presume the OVN Controller should just be some VM that is on the
> ovirtmgmt network, or is there a preferred place to install the OVN
> controller software? I then also assume I install the OVN agents onto all
> the oVirt Nodes. My take on this is that this OVN replaces the more complex
> Neutron/OVS installation, and makes for a more simple deployment.  I see
> that when you go to add the External Provider, does OVN Controller use
> authentication, is there any information I would need to have besides
> knowing which node it's on in order to add it to external provider? Would I
> need to have any bridges or OVS configured on the nodes for this to work or
> just install the services and get them configured and it just works?
> 
> 
> Your assistance is appreciated.
> 
> On Thu, Dec 1, 2016 at 3:54 AM, Marcin Mirecki <mmire...@redhat.com> wrote:
> 
> > Devin,
> >
> > The openvswitch OVN packages must be build manually at the moment. It is
> > still not available either in the repos, nor as a download.
> > For now please use the procedure attached below to build the OVN rpm's.
> >
> > I am not sure where 'firewalld-system' comes from. Is it not
> > 'firewalld-filesystem'?
> > This should be available from the standard repo.
> >
> > The ovirt-provider-ovn is being developed quite actively, and the blogpost
> > is already somewhat outdated (even though it's not even a month old). I
> > will try to update it asap.
> >
> > Thanks,
> > Marcin
> >
> >
> > BUILDING PROVIDER RPMS:
> > --
> >   git clone https://gerrit.ovirt.org/ovirt-provider-ovn
> >   make rpm
> >
> >
> >
> >
> > BUILDING OVN RPMS:
> > --
> >
> > Clone the repository:
> >
> >   git clone https://github.com/openvswitch/ovs
> >
> > Install the following packages, as they are need to build ovn:
> >
> >   yum -y install gcc make python-devel openssl-devel kernel-devel graphviz
> > kernel-debug-devel autoconf automake rpm-build redhat-rpm-config rpm-build
> > rpmdevtools bash-completion autoconf automake libtool PyQt4 groff
> > libcap-ng-devel python-twisted-core python-zope-interface graphviz
> > openssl-devel selinux-policy-devel
> >
> > Build the ovn rpms:
> >
> >

Re: [ovirt-users] oVirt 4 and Neutron

2016-12-01 Thread Marcin Mirecki
Devin,

The openvswitch OVN packages must be build manually at the moment. It is still 
not available either in the repos, nor as a download.
For now please use the procedure attached below to build the OVN rpm's.

I am not sure where 'firewalld-system' comes from. Is it not 
'firewalld-filesystem'?
This should be available from the standard repo.

The ovirt-provider-ovn is being developed quite actively, and the blogpost is 
already somewhat outdated (even though it's not even a month old). I will try 
to update it asap.

Thanks,
Marcin


BUILDING PROVIDER RPMS:
--
  git clone https://gerrit.ovirt.org/ovirt-provider-ovn
  make rpm




BUILDING OVN RPMS:
--

Clone the repository:

  git clone https://github.com/openvswitch/ovs

Install the following packages, as they are need to build ovn:

  yum -y install gcc make python-devel openssl-devel kernel-devel graphviz 
kernel-debug-devel autoconf automake rpm-build redhat-rpm-config rpm-build 
rpmdevtools bash-completion autoconf automake libtool PyQt4 groff 
libcap-ng-devel python-twisted-core python-zope-interface graphviz 
openssl-devel selinux-policy-devel

Build the ovn rpms:

  cd ovs
  ./boot.sh
  ./configure
  make dist
  cp openvswitch-.tar.gz $HOME/rpmbuild/SOURCES
  cd $HOME/rpmbuild/SOURCES
  tar xzf openvswitch-.tar.gz
  cd openvswitch-
  rpmbuild -bb rhel/openvswitch-fedora.spec

The built rpms will reside here: ~/rpmbuild/RPMS/x86_64/









- Original Message -
> From: "Yaniv Dary" <yd...@redhat.com>
> To: "Devin Acosta" <de...@pabstatencio.com>, "Marcin Mirecki" 
> <mmire...@redhat.com>
> Cc: "users" <Users@ovirt.org>
> Sent: Thursday, December 1, 2016 11:15:00 AM
> Subject: Re: [ovirt-users] oVirt 4 and Neutron
> 
> Adding Marcin to help with this.
> 
> Yaniv Dary
> Technical Product Manager
> Red Hat Israel Ltd.
> 34 Jerusalem Road
> Building A, 4th floor
> Ra'anana, Israel 4350109
> 
> Tel : +972 (9) 7692306
> 8272306
> Email: yd...@redhat.com
> IRC : ydary
> 
> 
> On Thu, Dec 1, 2016 at 6:42 AM, Devin Acosta <de...@pabstatencio.com> wrote:
> 
> >
> > Yaniv,
> >
> > I am looking at the page that talks about ovirt-provider-ovn, and it
> > sounds like something I want to try. However the document seems to be not
> > complete, and I'm not sure i fully understand how it should be deployed.
> > When I downloaded the "ovirt-provider-ovn-driver-0-1.noarch.rpm" and try
> > to install on the oVIRT nodes it complains about needing other packages
> > such as:
> >
> > - openvswitch-ovn-central
> > - python-openvswitch
> > - firewalld-system
> > - openvswitch-ovn-host
> >
> > I don't see anywhere where it talks about getting access to the RPMS for
> > openvswitch-ovn-central. Also I presume like Neutron I would install OVN on
> > a Master node and then install some clients on the nodes? Can you provide
> > me additional information on this?
> >
> >
> >
> > On Tue, Nov 22, 2016 at 1:43 AM, Yaniv Dary <yd...@redhat.com> wrote:
> >
> >> We are working on a native path to SDN via OVN (experimental at this
> >> point):
> >> https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/
> >>
> >> Using Neutron is an option, but at some point the native option might be
> >> easier to use (we want to add a UI for it and tighter integration).
> >>
> >> Yaniv Dary
> >> Technical Product Manager
> >> Red Hat Israel Ltd.
> >> 34 Jerusalem Road
> >> Building A, 4th floor
> >> Ra'anana, Israel 4350109
> >>
> >> Tel : +972 (9) 7692306
> >> 8272306
> >> Email: yd...@redhat.com
> >> IRC : ydary
> >>
> >>
> >> On Tue, Nov 22, 2016 at 5:09 AM, Devin Acosta <de...@pabstatencio.com>
> >> wrote:
> >>
> >>> oVirt Users:
> >>>
> >>> My work is currently deploying oVirt 4.0.5 into our Development
> >>> environment. I see there use to be a maintained Openstack Neutron image
> >>> that could be used with oVirt to provide SDN functionality. I'm
> >>> suspecting
> >>> that the reason for the image no longer being maintained is because it
> >>> became a hassle to keep updated and patched. From what I understand the
> >>> current idea is to just point your oVirt installation to an already
> >>> installed Openstack setup. I can easily install an image and install the
> >>> latest Openstack (Keystone/Neutron) and then point oVirt to it, but I
> >>> want
> >>

Re: [ovirt-users] OVN Provider setup issues

2016-11-23 Thread Marcin Mirecki
Andrea,

Please check if the network is attached to the cluster.

Thanks,
Marcin

- Original Message -
> From: "Andrea Fagiani" 
> To: users@ovirt.org
> Cc: "Dan Kenigsberg" , "Lance Richardson" 
> , mmire...@redhat.com
> Sent: Wednesday, November 23, 2016 11:02:10 AM
> Subject: Re: [ovirt-users] OVN Provider setup issues
> 
> Hi Dan,
> 
> I was able to setup the OVN external provider building and loading the
> updated OVS kernel module; I am currently running it on all 5 hosts,
> ovs-vsctl shows all the tunnels correctly instantiated.
> 
> However, after importing the provider into the oVirt engine and setting
> up a vNic profile, I cannot assign it to any VM; it doesn't show up in
> the vNic profiles list.
> 
> Any suggestions?
> 
> Thanks,
> Andrea
> 
> 
> On 18/11/2016 12:33, Dan Kenigsberg wrote:
> > On Fri, Nov 18, 2016 at 09:13:53AM +0100, Andrea Fagiani wrote:
> >> Hi Lance,
> >>
> >> thanks, I have currently deployed oVirt using the oVirt Node images, so
> >> indeed I would like to avoid updating;
> >> out of curiosity, is there actually a beta/pre-release version of the node
> >> avaiable?
> > I'm afraid that such version would be available only after the release
> > of centos7.3 and ovirt-4.1-beta. Now we're still speaking about
> > master-branch experiments.
> >
> >> I have since reinstalled the host to perform further testing but I'll give
> >> it a shot as soon as soon as I find the time.
> > We'd love to hear how that works for you.
> >
> > Regards,
> > Dan.
> 
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] VDSM Network Interface configuration

2016-10-07 Thread Marcin Mirecki
Brett,

Does your /etc/resolv.conf contain the correct dns's?
If not, please update them.

If you need to override the changes done to the ifcfg files, you can use the 
hooks
to introduce your own custom changes. You can find an article describing this in
more details here:
https://www.ovirt.org/blog/2016/05/modify-ifcfg-files/

Marcin

- Original Message -
> From: "Brett Maton" 
> To: "Ovirt Users" 
> Sent: Thursday, October 6, 2016 6:03:23 PM
> Subject: [ovirt-users] VDSM Network Interface configuration
> 
> 
> Where is the configuration that VDSM uses to generate ifcfg files?
> 
> My nameservers have moved and it seems to regenerate the ifcfg (ovirtmgmt)
> file overwriting the changes with the correct name servers in when the
> server is rebooted and s putting in the wrong (old) nameserver addresses.
> 
> Where can I fix this ?
> 
> Thanks
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Change host names/IPs

2016-10-05 Thread Marcin Mirecki
Hello Davide,

No, there is no support for changing host ip.
How urgently do you need this?

Thanks,
Marcin



- Original Message -
> From: "Davide Ferrari" 
> To: "users" 
> Sent: Wednesday, October 5, 2016 5:22:57 PM
> Subject: [ovirt-users] Change host names/IPs
> 
> Hello
> 
> Is there a clean way and possibly without downtime to change the hostname and
> IP addresses of all the hosts in a running oVirt cluster?
> 
> --
> Davide Ferrari
> Senior Systems Engineer
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)

2016-09-15 Thread Marcin Mirecki
Andre,

The clean-traffic is meant to prevent mac/IP/ARP spoofing.
I am afraid this is the best we can offer out of the box at the moment.

If you are willing to give some additional effort you can try and look at the 
OVS based
networking (added recently). You could use the vdsm hooks to create some 
additional
openflow rules on the ovs-switch that would put some constraints on where the 
traffic is going.

One more item which is still in a very early development stage is an 
OVN-provider (http://openvswitch.org/support/dist-docs/ovn-architecture.7.html).
OVN itself is also still not a ripe project, but is actively being developed.
If you are interested I could update you once we have something working.

Thanks,
Marcin


- Original Message -
> From: "André Gustavo" <an...@andregustavo.org>
> To: "Marcin Mirecki" <mmire...@redhat.com>
> Cc: Users@ovirt.org
> Sent: Tuesday, September 13, 2016 11:53:30 PM
> Subject: Re: [ovirt-users] Associate IP addresses to MAC addresses 
> (anti-spoofing rules)
> 
> I forgot to comment
> 
> It is a public network (Public IP)
> 
> I have 2 servers and 1 router
> I hired a "IP block" that can be accessed through the router
> 
> For example:
> 
> Network: 165.112.12.112/28
> IPs: 165.112.12.113 - 167.114.12.125
> Gateway: 165.112.12.126 (router)
> 
> I provide to my client a public IP directly in VM
> 
> I want to prevent a customer responds by another customer
> or take another ip available for himself
> 
> 
> 
> Since that my client has access to the "User Portal"
> The "clean-traffic" filter will prevent it change the ip when it shut down
> and restart the VM?
> 
> Thanks,
> André
> 
> 2016-09-13 5:57 GMT-03:00 Marcin Mirecki <mmire...@redhat.com>:
> 
> > Hi André,
> >
> > The best separation would be providing a separate network for each
> > customer.
> > This way you could protect them from other malicious users on your
> > internal networks.
> > Please describe your env in some more detail.
> >
> > Thanks,
> > Marcin
> >
> >
> >
> > - Original Message -
> > > From: "André Gustavo" <an...@andregustavo.org>
> > > To: Users@ovirt.org
> > > Sent: Monday, September 12, 2016 8:33:40 PM
> > > Subject: [ovirt-users] Associate IP addresses to MAC addresses
> > (anti-spoofing rules)
> > >
> > > Aloha,
> > >
> > > I'm using oVirt 4 in my hosting.
> > >
> > > However, easily a customer can change the IP to another client (IP
> > spoofing)
> > >
> > > In vNIC profiles, altered Network Filter
> > > from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> > >
> > > It worked partially, but if the client power off 'vm' and turn on the
> > 'vm',
> > > he can perform the change in IP
> > >
> > > I tried to use eptables, but also had problems
> > > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> > >
> > >
> > > What is the best option?
> > >
> > >
> > > --
> > > ---
> > > André Gustavo Timermann
> > > Curitiba/PR - Brasil
> > >
> > > ___
> > > Users mailing list
> > > Users@ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> >
> 
> 
> 
> --
> ---
> André Gustavo Timermann
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)

2016-09-13 Thread Marcin Mirecki
Andre,

Please also try the clean-traffic filter.
This filter should prevent MAC, IP and ARP spoofing, all in one.

Thanks,
Marcin

- Original Message -
> From: "Marcin Mirecki" <mmire...@redhat.com>
> To: "André Gustavo" <an...@andregustavo.org>
> Cc: Users@ovirt.org
> Sent: Tuesday, September 13, 2016 10:57:09 AM
> Subject: Re: [ovirt-users] Associate IP addresses to MAC  addresses   
> (anti-spoofing rules)
> 
> Hi André,
> 
> The best separation would be providing a separate network for each customer.
> This way you could protect them from other malicious users on your internal
> networks.
> Please describe your env in some more detail.
> 
> Thanks,
> Marcin
> 
> 
> 
> - Original Message -
> > From: "André Gustavo" <an...@andregustavo.org>
> > To: Users@ovirt.org
> > Sent: Monday, September 12, 2016 8:33:40 PM
> > Subject: [ovirt-users] Associate IP addresses to MAC addresses
> > (anti-spoofing rules)
> > 
> > Aloha,
> > 
> > I'm using oVirt 4 in my hosting.
> > 
> > However, easily a customer can change the IP to another client (IP
> > spoofing)
> > 
> > In vNIC profiles, altered Network Filter
> > from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> > 
> > It worked partially, but if the client power off 'vm' and turn on the 'vm',
> > he can perform the change in IP
> > 
> > I tried to use eptables, but also had problems
> > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> > 
> > 
> > What is the best option?
> > 
> > 
> > --
> > ---
> > André Gustavo Timermann
> > Curitiba/PR - Brasil
> > 
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)

2016-09-13 Thread Marcin Mirecki
Hi André,

The best separation would be providing a separate network for each customer.
This way you could protect them from other malicious users on your internal 
networks.
Please describe your env in some more detail.

Thanks,
Marcin



- Original Message -
> From: "André Gustavo" 
> To: Users@ovirt.org
> Sent: Monday, September 12, 2016 8:33:40 PM
> Subject: [ovirt-users] Associate IP addresses to MAC addresses
> (anti-spoofing rules)
> 
> Aloha,
> 
> I'm using oVirt 4 in my hosting.
> 
> However, easily a customer can change the IP to another client (IP spoofing)
> 
> In vNIC profiles, altered Network Filter
> from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> 
> It worked partially, but if the client power off 'vm' and turn on the 'vm',
> he can perform the change in IP
> 
> I tried to use eptables, but also had problems
> http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> 
> 
> What is the best option?
> 
> 
> --
> ---
> André Gustavo Timermann
> Curitiba/PR - Brasil
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [ovirt 3.6] Logical network not working

2016-09-09 Thread Marcin Mirecki
Hello Luca,

The description of your setup seems to be correct.
Can you please disable firewalld and iptables just to make sure this is not the 
cause.
I'll try to recreate and see what the possible causes can be.

Thanks,
Marcin


- Original Message -
> From: "Luca 'remix_tj' Lorenzetto" 
> To: users@ovirt.org
> Sent: Thursday, September 8, 2016 5:44:27 PM
> Subject: [ovirt-users] [ovirt 3.6] Logical network not working
> 
> Hello,
> 
> i'm new to ovirt and i did some months ago a setup of ovirt 3.6 for
> playing. My setup is composed by two physical hosts with 6 nic each
> and another machine hosting the engine. All hosts are running RHEL 7.2
> 
> Setup went well, no problems. I've been able to convert the kvm image
> provided by redhat and have it running on ovirt.
> 
> Then i decided to configure a new network in addition to the
> ovirtmgmt. I went to networks, i created the logical network called
> Development and set the flag "Enable VLAN Tagging" and inserted the
> vlan tag.
> Once created the logical network i went to each host and did setup
> network and assigned the logical network to the interface where the
> vlan is connected. The interface is configured with bootproto=none, so
> no IP has been assigned to the eno5.828 that appeared after assigning
> logical network.
> 
> I started then a vm and connected to the vNIC "Develoment/Development"
> and assigned an IP. But networking is not working: no ping, no traffic
> visible with tcpdump.
> 
> I tested the single interfaces on the hosts and where the logical
> network is connected with tcpdump (both eno5 and eno5.828) i see tons
> of broadcast traffic of that interface.
> 
> With brctl-show i see that assigned to the bridge Development there
> are both eno5.828 and vnic0.
> 
> Any way to understand what's happening and why traffic is not passing?
> 
> Thank you
> 
> Luca
> 
> --
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
> 
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
> 
> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net ,
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Retrieving KVM Guest IP adresses

2016-01-08 Thread Marcin Mirecki
You might want to take a look at guestagent.py located on vdsm in:
/usr/share/vdsm/virt/guestagent.py

This handles the guestagents on the vdsm side.

Regards,
Marcin

- Original Message -
From: "Jean-Pierre Ribeauville" 
To: users@ovirt.org
Sent: Friday, January 8, 2016 10:53:23 AM
Subject: [ovirt-users] Retrieving KVM Guest IP adresses



Hi, 



By using libvirt API or virsh domifaddr, I’m not able to retrieve Guest IP 
addresses. 

But , ovirt GUI shows these addresses correctly. 

I would need some hint to understand how ovirt manages to retrieve it. 



Is there any interaction with Guest agent (qemu , vdsm ) ? 



If I have to dive in source code , which tail’s cat I have to pull ? 



Thx for help. 



Regards, 






J.P. Ribeauville 




P: +33.(0).1.47.17.20.49 

. 

Puteaux 3 Etage 5 Bureau 4 



jpribeauvi...@axway.com 
http://www.axway.com 






P Pensez à l’environnement avant d’imprimer. 





___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users