Re: [ovirt-users] vdsm hook noipspoof on interface level

2018-04-27 Thread Eitan Raviv 
Probably an easier solution than implementing a vdsm hook in code, would be
to use network filter parameters in the web-admin UI of the engine.

If the vNic profile of the network on the WAN interface (the one you would
like to restrict IPs on) has a clean-traffic filter, then you can specify a
different set of IPs for any interface using this network.
In the web-admin UI of the engine go to -
 Compute | Virtual machines |  | Network Interfaces | 
 and click  edit.

At the bottom of the edit form you can insert the ip pool for the interface
by specifying several key-value pairs where the key is 'IP' and the value
is the ip address (e.g. 192.168.122.13).

HTH




On Sun, Apr 15, 2018 at 3:24 AM, Peter Hudec  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Thanks,
>
> this was the last part into my puzzle, HOST INTERFACE params.
>
> The example hook provided in
> https://bugzilla.redhat.com/show_bug.cgi?id=1366905#c8,
> https://bugzilla.redhat.com/attachment.cgi?id=1232201 looks good, but
> it seems to set the IP param on all interfaces too, regardless on
> which interface the NIC PARAM is set.
>
> The hooks should be called per vNIC, as reading the
> https://www.ovirt.org/documentation/admin-guide/appe-VDSM_and_Hooks/#the
> - -vdsm-hook-domain-xml-object,
> the one/several of thees hooks should be used or maybe I'm wrong ;(
>
> Peter
>
> On 14/04/2018 07:04, Eitan Raviv wrote:
> > You might find the following useful:
> >
> > https://ovirt.org/develop/release-management/features/network/networkf
> ilterparameters/
> >
> >  HTH
> >
> > On Thu, Apr 12, 2018, 14:52 Peter Hudec  > > wrote:
> >
> > Hi,
> >
> > I would like to restrict of usage IP address on VMs. Thos could be
> > achied by usinf clear-filter instead of vdsm-no-mac-spoofing.
> >
> > I have found noipspoof vdsm hook,
> > https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof.
> >
> > This hook but set the filtering on all interfaces, the setting is
> > on VM level, not interface level. So if the there are more
> > interfaces on all of them. I would like just restrict the WAN
> > interface on multi homed VMs.
> >
> > Peter
> >
> > -- *Peter Hudec* Infraštruktúrny architekt phu...@cnc.sk
> >   > >
> >
> > *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2  35 000
> > 100
> >
> > Mobil:+421 905 997 203 *www.cnc.sk *
> > >
> >
> > ___ Users mailing list
> > Users@ovirt.org 
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
>
> - --
> *Peter Hudec*
> Infraštruktúrny architekt
> phu...@cnc.sk 
>
> *CNC, a.s.*
> Borská 6, 841 04 Bratislava
> Recepcia: +421 2  35 000 100
>
> Mobil:+421 905 997 203
> *www.cnc.sk* 
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlrSm54ACgkQQnvVWOJ3
> 5BDz5A//dqyf9wnvkRCjEmeUkMsN72qL7o+utazM7L8S4sY4Pu6INsPhpy7QtwHw
> fyXbdrU9qy+5ts3g+yoxpsdkTWUk47m/6nQR3fiw0nXJu44/ABl+Hw4g0H3/k86f
> 7sYOYvZ8IfCpL9/2r1VRlP8j7e+CdI8Ltcjppn7PtKhPT03f87p2PT1pJd95DYS+
> GbqZZ6yOAUlePP/808+f7hYxKNz0ek1tf/ZxzLgSJsCl1PsIhKiCBiuze/5hdeL5
> /VNWVSqVXNZdzOZkupxas50f/AH6g4DXniyChqvoTi+D37Wpf5yTxXM5C+Qf36Ok
> 2qZEovxuno51A5l9qIE0n2LQ3I6zJbybdth33sV1uxFK65CWxlfLgbPxb4+9JONF
> 2yozK/DtmGC7Hree2INBGOJA/55fCrccxSMuLW8JbmZqx43uCrE/FBWZhXE6Lx+f
> F5hR5e3kJEWjEtyPKpdtXedmOsb06xvGq+WFOGl8VgaRmNgsuLN/YYy13kRDY+0K
> j//ZX7ZqBaP9TqaW9y1LljTPLGugqVX+uzPdbUvW4vqahNU8mT5Kq1pBrrGPdY+C
> FolC1CLiWixAAhtSXfJihflFUJq+pYkAXDYBNPj/uyuIyeGXABw1UkJqgc0bVAal
> lSAMK2P09xwJ8Db5HpqxXpOHe/s5XdYD8Mj0jebQ2308CPNxfQM=
> =AvLd
> -END PGP SIGNATURE-
>



-- 
Eitan Raviv
IRC: erav (#ovirt #vdsm #devel #rhev-dev)
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] vdsm hook noipspoof on interface level

2018-04-14 Thread Peter Hudec 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Thanks,

this was the last part into my puzzle, HOST INTERFACE params.

The example hook provided in
https://bugzilla.redhat.com/show_bug.cgi?id=1366905#c8,
https://bugzilla.redhat.com/attachment.cgi?id=1232201 looks good, but
it seems to set the IP param on all interfaces too, regardless on
which interface the NIC PARAM is set.

The hooks should be called per vNIC, as reading the
https://www.ovirt.org/documentation/admin-guide/appe-VDSM_and_Hooks/#the
- -vdsm-hook-domain-xml-object,
the one/several of thees hooks should be used or maybe I'm wrong ;(

Peter

On 14/04/2018 07:04, Eitan Raviv wrote:
> You might find the following useful:
> 
> https://ovirt.org/develop/release-management/features/network/networkf
ilterparameters/
>
>  HTH
> 
> On Thu, Apr 12, 2018, 14:52 Peter Hudec  > wrote:
> 
> Hi,
> 
> I would like to restrict of usage IP address on VMs. Thos could be 
> achied by usinf clear-filter instead of vdsm-no-mac-spoofing.
> 
> I have found noipspoof vdsm hook, 
> https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof.
> 
> This hook but set the filtering on all interfaces, the setting is
> on VM level, not interface level. So if the there are more
> interfaces on all of them. I would like just restrict the WAN
> interface on multi homed VMs.
> 
> Peter
> 
> -- *Peter Hudec* Infraštruktúrny architekt phu...@cnc.sk
>   >
> 
> *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2  35 000
> 100
> 
> Mobil:+421 905 997 203 *www.cnc.sk *
> >
> 
> ___ Users mailing list 
> Users@ovirt.org  
> http://lists.ovirt.org/mailman/listinfo/users
> 


- -- 
*Peter Hudec*
Infraštruktúrny architekt
phu...@cnc.sk 

*CNC, a.s.*
Borská 6, 841 04 Bratislava
Recepcia: +421 2  35 000 100

Mobil:+421 905 997 203
*www.cnc.sk* 

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlrSm54ACgkQQnvVWOJ3
5BDz5A//dqyf9wnvkRCjEmeUkMsN72qL7o+utazM7L8S4sY4Pu6INsPhpy7QtwHw
fyXbdrU9qy+5ts3g+yoxpsdkTWUk47m/6nQR3fiw0nXJu44/ABl+Hw4g0H3/k86f
7sYOYvZ8IfCpL9/2r1VRlP8j7e+CdI8Ltcjppn7PtKhPT03f87p2PT1pJd95DYS+
GbqZZ6yOAUlePP/808+f7hYxKNz0ek1tf/ZxzLgSJsCl1PsIhKiCBiuze/5hdeL5
/VNWVSqVXNZdzOZkupxas50f/AH6g4DXniyChqvoTi+D37Wpf5yTxXM5C+Qf36Ok
2qZEovxuno51A5l9qIE0n2LQ3I6zJbybdth33sV1uxFK65CWxlfLgbPxb4+9JONF
2yozK/DtmGC7Hree2INBGOJA/55fCrccxSMuLW8JbmZqx43uCrE/FBWZhXE6Lx+f
F5hR5e3kJEWjEtyPKpdtXedmOsb06xvGq+WFOGl8VgaRmNgsuLN/YYy13kRDY+0K
j//ZX7ZqBaP9TqaW9y1LljTPLGugqVX+uzPdbUvW4vqahNU8mT5Kq1pBrrGPdY+C
FolC1CLiWixAAhtSXfJihflFUJq+pYkAXDYBNPj/uyuIyeGXABw1UkJqgc0bVAal
lSAMK2P09xwJ8Db5HpqxXpOHe/s5XdYD8Mj0jebQ2308CPNxfQM=
=AvLd
-END PGP SIGNATURE-
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] vdsm hook noipspoof on interface level

2018-04-13 Thread Eitan Raviv 
You might find the following useful:

https://ovirt.org/develop/release-management/features/network/networkfilterparameters/

HTH

On Thu, Apr 12, 2018, 14:52 Peter Hudec  wrote:

> Hi,
>
> I would like to restrict of usage IP address on VMs. Thos could be
> achied by usinf clear-filter instead of vdsm-no-mac-spoofing.
>
> I have found noipspoof vdsm hook,
> https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof.
>
> This hook but set the filtering on all interfaces, the setting is on VM
> level, not interface level. So if the there are more interfaces on all
> of them. I would like just restrict the WAN interface on multi homed VMs.
>
> Peter
>
> --
> *Peter Hudec*
> Infraštruktúrny architekt
> phu...@cnc.sk 
>
> *CNC, a.s.*
> Borská 6, 841 04 Bratislava
> Recepcia: +421 2  35 000 100
>
> Mobil:+421 905 997 203
> *www.cnc.sk* 
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] vdsm hook noipspoof on interface level

2018-04-12 Thread Peter Hudec 
Hi,

I would like to restrict of usage IP address on VMs. Thos could be
achied by usinf clear-filter instead of vdsm-no-mac-spoofing.

I have found noipspoof vdsm hook,
https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof.

This hook but set the filtering on all interfaces, the setting is on VM
level, not interface level. So if the there are more interfaces on all
of them. I would like just restrict the WAN interface on multi homed VMs.

Peter

-- 
*Peter Hudec*
Infraštruktúrny architekt
phu...@cnc.sk 

*CNC, a.s.*
Borská 6, 841 04 Bratislava
Recepcia: +421 2  35 000 100

Mobil:+421 905 997 203
*www.cnc.sk* 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users