Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
No, I didn't see (notice) that step / instructions anywhere... How to do that? -Original Message- From: Simone Tiraboschi [mailto:stira...@redhat.com] Sent: Wednesday, June 08, 2016 10:23 AM To: Will Dennis Cc: jvdw...@xs4all.nl; users@ovirt.org; Michal Skrivanek Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM Did you also correctly installed vdsm-hook-macspoof on all of your hosted-engine hosts? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Wed, Jun 8, 2016 at 4:22 PM, Will Dennis wrote: > FYI, here are the results of 'engine-config -g [...]' on my engine VM: > > [root@ovirt-engine-01 ~]# sudo engine-config -g UserDefinedVMProperties > UserDefinedVMProperties: version: 3.0 > UserDefinedVMProperties: version: 3.1 > UserDefinedVMProperties: version: 3.2 > UserDefinedVMProperties: version: 3.3 > UserDefinedVMProperties: version: 3.4 > UserDefinedVMProperties: version: 3.5 > UserDefinedVMProperties: macspoof=(true|false) version: 3.6 > > [root@ovirt-engine-01 ~]# sudo engine-config -g CustomDeviceProperties > CustomDeviceProperties: version: 3.0 > CustomDeviceProperties: version: 3.1 > CustomDeviceProperties: version: 3.2 > CustomDeviceProperties: version: 3.3 > CustomDeviceProperties: > {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, > *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.4 > CustomDeviceProperties: > {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, > *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.5 > CustomDeviceProperties: > {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, > *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.6 > -Original Message- > From: Will Dennis > Sent: Wednesday, June 08, 2016 10:14 AM > To: 'Simone Tiraboschi' > Cc: jvdw...@xs4all.nl; users@ovirt.org; Michal Skrivanek > Subject: RE: [ovirt-users] virt-in-virt problem: DHCP failing for a container > in a oVirt VM > > Hi Simone, > > These are the instructions I followed, which I found at: > https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ > > > Adding VM custom properties (macspoof) > # engine-config -s "UserDefinedVMProperties=macspoof=(true|false)" > # service ovirt-engine restart > > In order to deactivate mac spoof filtering on a VM: > > 1. Bring down the VM > 2. edit the VM > 3. Click advanced > 4. Custom properties > 5. Add a key > 6. elect macspoof > 7. Type true as the value <<< > 8. Start the VM > > > I did indeed do this. See the attached UI pic from one of the VMs I edited. > So I take it that this did not properly alter the 'filterref' attribute > properly? > Did you also correctly installed vdsm-hook-macspoof on all of your hosted-engine hosts? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
FYI, here are the results of 'engine-config -g [...]' on my engine VM: [root@ovirt-engine-01 ~]# sudo engine-config -g UserDefinedVMProperties UserDefinedVMProperties: version: 3.0 UserDefinedVMProperties: version: 3.1 UserDefinedVMProperties: version: 3.2 UserDefinedVMProperties: version: 3.3 UserDefinedVMProperties: version: 3.4 UserDefinedVMProperties: version: 3.5 UserDefinedVMProperties: macspoof=(true|false) version: 3.6 [root@ovirt-engine-01 ~]# sudo engine-config -g CustomDeviceProperties CustomDeviceProperties: version: 3.0 CustomDeviceProperties: version: 3.1 CustomDeviceProperties: version: 3.2 CustomDeviceProperties: version: 3.3 CustomDeviceProperties: {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.4 CustomDeviceProperties: {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.5 CustomDeviceProperties: {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.6 -Original Message- From: Will Dennis Sent: Wednesday, June 08, 2016 10:14 AM To: 'Simone Tiraboschi' Cc: jvdw...@xs4all.nl; users@ovirt.org; Michal Skrivanek Subject: RE: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM Hi Simone, These are the instructions I followed, which I found at: https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ Adding VM custom properties (macspoof) # engine-config -s "UserDefinedVMProperties=macspoof=(true|false)" # service ovirt-engine restart In order to deactivate mac spoof filtering on a VM: 1. Bring down the VM 2. edit the VM 3. Click advanced 4. Custom properties 5. Add a key 6. elect macspoof 7. Type true as the value <<< 8. Start the VM I did indeed do this. See the attached UI pic from one of the VMs I edited. So I take it that this did not properly alter the 'filterref' attribute properly? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
Hi Simone, These are the instructions I followed, which I found at: https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ Adding VM custom properties (macspoof) # engine-config -s "UserDefinedVMProperties=macspoof=(true|false)" # service ovirt-engine restart In order to deactivate mac spoof filtering on a VM: 1. Bring down the VM 2. edit the VM 3. Click advanced 4. Custom properties 5. Add a key 6. elect macspoof 7. Type true as the value <<< 8. Start the VM I did indeed do this. See the attached UI pic from one of the VMs I edited. So I take it that this did not properly alter the 'filterref' attribute properly? -Original Message- From: Simone Tiraboschi [mailto:stira...@redhat.com] Sent: Wednesday, June 08, 2016 5:58 AM To: Will Dennis Cc: jvdw...@xs4all.nl; users@ovirt.org; Michal Skrivanek Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM On Wed, Jun 8, 2016 at 12:00 AM, Will Dennis wrote: > > > > > > > The issue is simple here ^^^ Please check if and how you configured the macspoof vdsm hook; please follow this guide: https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Wed, Jun 8, 2016 at 12:00 AM, Will Dennis wrote: > The "-r" arg to virsh makes all the difference :) (much to learn...) > > [root@ovirt-node-03 ~]# virsh -r list > IdName State > > 6 proxmox-01 running > 7 proxmox-02 running > > [root@ovirt-node-03 ~]# virsh -r dumpxml proxmox-01 > > proxmox-01 > 1a49b65b-9950-4b29-8c72-139d5263e11d > http://ovirt.org/vm/tune/1.0";> > > > 4294967296 > 8388608 > 8388608 > 16 > > 1020 > > > > > > /machine > > > > oVirt > oVirt Node > 7-2.1511.el7.centos.2.10 > 271BC900-7252-11DD-8001-002185350C3C > 1a49b65b-9950-4b29-8c72-139d5263e11d > > > > hvm > > > > > > > > Penryn > > > > > > > > > > > destroy > restart > destroy > > /usr/libexec/qemu-kvm > > > > > > > > > > > > >io='threads'/> >file='/rhev/data-center/0001-0001-0001-0001-0138/4e2358ab-6b51-4d13-9e36-ac5cb271618a/images/aeae1aeb-047e-493f-a70c-f471f2e7245c/278ed347-c79a-4168-b578-1562a08ac551'/> > > > aeae1aeb-047e-493f-a70c-f471f2e7245c > > >function='0x0'/> > > > >function='0x0'/> > > > >function='0x1'/> > > > >function='0x2'/> > > > > > > > > > > The issue is simple here ^^^ Please check if and how you configured the macspoof vdsm hook; please follow this guide: https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof > > >function='0x0'/> > > >path='/var/lib/libvirt/qemu/channels/1a49b65b-9950-4b29-8c72-139d5263e11d.com.redhat.rhevm.vdsm'/> >state='disconnected'/> > > > > >path='/var/lib/libvirt/qemu/channels/1a49b65b-9950-4b29-8c72-139d5263e11d.org.qemu.guest_agent.0'/> >state='disconnected'/> > > > > > > > > > > > listen='0' passwdValidTo='2016-05-18T15:01:33' connected='disconnect'> > > > > > >function='0x0'/> > > > > > > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
The "-r" arg to virsh makes all the difference :) (much to learn...) [root@ovirt-node-03 ~]# virsh -r list IdName State 6 proxmox-01 running 7 proxmox-02 running [root@ovirt-node-03 ~]# virsh -r dumpxml proxmox-01 proxmox-01 1a49b65b-9950-4b29-8c72-139d5263e11d http://ovirt.org/vm/tune/1.0";> 4294967296 8388608 8388608 16 1020 /machine oVirt oVirt Node 7-2.1511.el7.centos.2.10 271BC900-7252-11DD-8001-002185350C3C 1a49b65b-9950-4b29-8c72-139d5263e11d hvm Penryn destroy restart destroy /usr/libexec/qemu-kvm aeae1aeb-047e-493f-a70c-f471f2e7245c ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On 7-6-2016 16:34, Will Dennis wrote: > Oops, missed that comment... > > When I try an operation with virsh, it asks me for credentials that it > doesn't accept... > > [root@ovirt-node-03 ~]# virsh list > Please enter your authentication name: root > Please enter your password: > error: failed to connect to the hypervisor > error: no valid connection > error: authentication failed: authentication failed > > I have tried both 'root' (as above) as well as my credentials I use with > oVirt (AD auth), but neither work. > > 'virsh -r dumpxml' should work without being asked for passwords :-) Probably most commands that only gets info will work with '-r' (readonly) Searching the wild world web for virsh ovirt should give you a couple of old ML entries with an account and password, or set your own. Sorry for not giving you more explicit urls/pointers. Joop ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
;, u'shared':u'false', u'path':u'', u'type':u'disk' }, { u'poolID':u'0001-0001-0001-0001-0138', u'volumeInfo':{ u'domainID':u'4e2358ab-6b51-4d13-9e36-ac5cb271618a', u'volType':u'path', u'leaseOffset':0, u'volumeID':u'278ed347-c79a-4168-b578-1562a08ac551', u'leasePath': u'/rhev/data-center/mnt/glusterSD/ovirt-node-01.nec-labs.com:_vmdata/4e2358ab-6b51-4d13-9e36-ac5cb271618a/images/aeae1aeb-047e-493f-a70c-f471f2e7245c/278ed347-c79a-4168-b578-1562a08ac551.lease', u'imageID':u'aeae1aeb-047e-493f-a70c-f471f2e7245c', u'path': u'/rhev/data-center/mnt/glusterSD/ovirt-node-01.nec-labs.com:_vmdata/4e2358ab-6b51-4d13-9e36-ac5cb271618a/images/aeae1aeb-047e-493f-a70c-f471f2e7245c/278ed347-c79a-4168-b578-1562a08ac551' }, u'index':0, u'iface':u'virtio', u'apparentsize':u'536870912000', u'alias':u'virtio-disk0', u'imageID':u'aeae1aeb-047e-493f-a70c-f471f2e7245c', u'readonly':u'False', u'shared':u'false', u'truesize':u'11320029184', u'type':u'disk', u'domainID':u'4e2358ab-6b51-4d13-9e36-ac5cb271618a', u'reqsize':u'0', u'format':u'raw', u'deviceId':u'aeae1aeb-047e-493f-a70c-f471f2e7245c', u'address':{ u'slot':u'0x05', u'bus':u'0x00', u'domain':u'0x', u'type':u'pci', u'function':u'0x0' }, u'device':u'disk', u'path':u'/rhev/data-center/0001-0001-0001-0001-0138/4e2358ab-6b51-4d13-9e36-ac5cb271618a/images/aeae1aeb-047e-493f-a70c-f471f2e7245c/278ed347-c79a-4168-b578-1562a08ac551', u'propagateErrors':u'off', u'optional':u'false', u'name':u'vda', u'bootOrder':u'1', u'volumeID':u'278ed347-c79a-4168-b578-1562a08ac551', u'specParams':{ }, u'volumeChain':[ { u'domainID':u'4e2358ab-6b51-4d13-9e36-ac5cb271618a', u'volType':u'path', u'leaseOffset':0, u'volumeID':u'278ed347-c79a-4168-b578-1562a08ac551', u'leasePath': u'/rhev/data-center/mnt/glusterSD/ovirt-node-01.nec-labs.com:_vmdata/4e2358ab-6b51-4d13-9e36-ac5cb271618a/images/aeae1aeb-047e-493f-a70c-f471f2e7245c/278ed347-c79a-4168-b578-1562a08ac551.lease', u'imageID':u'aeae1aeb-047e-493f-a70c-f471f2e7245c', u'path': u'/rhev/data-center/mnt/glusterSD/ovirt-node-01.nec-labs.com:_vmdata/4e2358ab-6b51-4d13-9e36-ac5cb271618a/images/aeae1aeb-047e-493f-a70c-f471f2e7245c/278ed347-c79a-4168-b578-1562a08ac551' } ] }, { u'device':u'usb', u'alias':u'usb', u'type':u'controller', u'address':{ u'slot':u'0x01', u'bus':u'0x00', u'domain':u'0x', u'type':u'pci', u'function':u'0x2' } }, { u'device':u'ide', u'alias':u'ide', u'type':u'controller', u'address':{ u'slot':u'0x01', u'bus':u'0x00', u'domain':u'0x', u'type':u'pci', u'function':u'0x1' } }, { u'device':u'unix', u'alias':u'channel0', u'type':u'channel', u'address':{ u'bus':u'0', u'controller':u'0', u'type':u'virtio-serial', u'port':u'1' } }, { u'device':u'unix', u'alias':u'channel1', u'type':u'channel', u'address':{ u'bus':u'0', u'controller':u'0', u'type':u'virtio-serial', u'port':u'2' } }, { u'device':u'spicevmc', u'alias':u'channel2', u'type':u'channel', u'address':{ u'bus':u'0', u'controller':u'0', u'type':u'virtio-serial', u'port':u'3' } } ], u'display':u'qxl', u'status':u'Up', u'timeOffset':u'0', u'maxVCpus':u'16', u'guestIPs':u'', u'statusTime':u'12906968250', u'maxMemSlots':16 } -Original Message- From: Yedidyah Bar David [mailto:d...@redhat.com] Sent: Tuesday, June 07, 2016 2:03 AM To: Will Dennis Cc: users@ovirt.org; Michal Skrivanek Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM On Tue, Jun 7, 2016 at 12:04 AM, Will Dennis wrote: > Sorry, got away from this for a while attending to other work, but back at it > now... Anyone have any ideas on how I may further troubleshoot this issue? Edward later asked you to post the domxml. You can find it with 'virsh dumpxml vm' or search vdsm logs. Best, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Tue, Jun 7, 2016 at 12:04 AM, Will Dennis wrote: > Sorry, got away from this for a while attending to other work, but back at it > now... Anyone have any ideas on how I may further troubleshoot this issue? Edward later asked you to post the domxml. You can find it with 'virsh dumpxml vm' or search vdsm logs. Best, > > Thanks > > -Original Message- > From: Will Dennis > Sent: Wednesday, May 18, 2016 11:39 AM > To: 'Michal Skrivanek'; 'Yedidyah Bar David' > Cc: 'users@ovirt.org' > Subject: RE: [ovirt-users] virt-in-virt problem: DHCP failing for a container > in a oVirt VM > > Sadly, having set the 'macspoof' key to 'true' in Custom Properties in the VM > Edit dialog, then restarting the VM thereafter, I'm still not seeing the > container's MAC address in the relevant bridge's MAC table in oVirt, and the > container is failing to lease a DHCP address from the external network... > > Looked at the ebtables filter table, nothing there... > [root@ovirt-node-03 ~]# ebtables -t filter -L Bridge table: filter > > Bridge chain: INPUT, entries: 0, policy: ACCEPT > > Bridge chain: FORWARD, entries: 0, policy: ACCEPT > > Bridge chain: OUTPUT, entries: 0, policy: ACCEPT > > > Anyone know where else I could look to troubleshoot? > -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
Sorry, got away from this for a while attending to other work, but back at it now... Anyone have any ideas on how I may further troubleshoot this issue? Thanks -Original Message- From: Will Dennis Sent: Wednesday, May 18, 2016 11:39 AM To: 'Michal Skrivanek'; 'Yedidyah Bar David' Cc: 'users@ovirt.org' Subject: RE: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM Sadly, having set the 'macspoof' key to 'true' in Custom Properties in the VM Edit dialog, then restarting the VM thereafter, I'm still not seeing the container's MAC address in the relevant bridge's MAC table in oVirt, and the container is failing to lease a DHCP address from the external network... Looked at the ebtables filter table, nothing there... [root@ovirt-node-03 ~]# ebtables -t filter -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT Anyone know where else I could look to troubleshoot? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Wed, May 18, 2016 at 6:39 PM, Will Dennis wrote: > Sadly, having set the 'macspoof' key to 'true' in Custom Properties in the > VM Edit dialog, then restarting the VM thereafter, I'm still not seeing the > container's MAC address in the relevant bridge's MAC table in oVirt, and > the container is failing to lease a DHCP address from the external > network... > > Looked at the ebtables filter table, nothing there... > [root@ovirt-node-03 ~]# ebtables -t filter -L > Bridge table: filter > > Bridge chain: INPUT, entries: 0, policy: ACCEPT > > Bridge chain: FORWARD, entries: 0, policy: ACCEPT > > Bridge chain: OUTPUT, entries: 0, policy: ACCEPT > > > Anyone know where else I could look to troubleshoot? > > > -Original Message- > From: Will Dennis > Sent: Wednesday, May 18, 2016 11:06 AM > To: 'Michal Skrivanek'; Yedidyah Bar David > Cc: users@ovirt.org > Subject: RE: [ovirt-users] virt-in-virt problem: DHCP failing for a > container in a oVirt VM > > Yup, I see it now in the Admin portal VM Edit dialog - thanks! > > Will > > -Original Message- > From: Michal Skrivanek [mailto:mskri...@redhat.com] > Sent: Wednesday, May 18, 2016 2:37 AM > To: Yedidyah Bar David > Cc: Will Dennis; users@ovirt.org > Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a > container in a oVirt VM > > > > > On 15 May 2016, at 07:24, Yedidyah Bar David wrote: > > > >> On Wed, May 11, 2016 at 5:17 PM, Will Dennis > wrote: > >> OK; I searched the oVirt site for 'engine-config' (unfamiliar with it) > and found the following page: > >> > https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ > >> > >> I see the instructions on it for "Adding VM custom properties > (macspoof)", so I did execute the referenced engine-config line, and then > restarted the ovirt-engine service. I then went and powered off the VM I'd > like to deactivate mac spoof filtering on, then went in to the User Portal > and clicked "Edit" on the VM. However, I can not find a "Custom Properties" > dialog anywhere in the VM Edit UI (yes, I did enable Advanced options.) > Where should I be seeing this? > > > > Not sure it's visible in the User Portal, might be a matter of > permissions. > > Iirc it's not in user portal by design. All custom properties are > generally considered admin-like stuff > > > > > In the admin portal it has, in the same dialog, its own sub menu. > > -- > > Didi > > ___ > Hello Will, Please send the VM domxml. >From the host, just issue: sudo virsh dumpxml (To list the VM/s: sudo virsh list) Thanks, Edy. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
Sadly, having set the 'macspoof' key to 'true' in Custom Properties in the VM Edit dialog, then restarting the VM thereafter, I'm still not seeing the container's MAC address in the relevant bridge's MAC table in oVirt, and the container is failing to lease a DHCP address from the external network... Looked at the ebtables filter table, nothing there... [root@ovirt-node-03 ~]# ebtables -t filter -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT Anyone know where else I could look to troubleshoot? -Original Message- From: Will Dennis Sent: Wednesday, May 18, 2016 11:06 AM To: 'Michal Skrivanek'; Yedidyah Bar David Cc: users@ovirt.org Subject: RE: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM Yup, I see it now in the Admin portal VM Edit dialog - thanks! Will -Original Message- From: Michal Skrivanek [mailto:mskri...@redhat.com] Sent: Wednesday, May 18, 2016 2:37 AM To: Yedidyah Bar David Cc: Will Dennis; users@ovirt.org Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM > On 15 May 2016, at 07:24, Yedidyah Bar David wrote: > >> On Wed, May 11, 2016 at 5:17 PM, Will Dennis wrote: >> OK; I searched the oVirt site for 'engine-config' (unfamiliar with it) and >> found the following page: >> https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ >> >> I see the instructions on it for "Adding VM custom properties (macspoof)", >> so I did execute the referenced engine-config line, and then restarted the >> ovirt-engine service. I then went and powered off the VM I'd like to >> deactivate mac spoof filtering on, then went in to the User Portal and >> clicked "Edit" on the VM. However, I can not find a "Custom Properties" >> dialog anywhere in the VM Edit UI (yes, I did enable Advanced options.) >> Where should I be seeing this? > > Not sure it's visible in the User Portal, might be a matter of permissions. Iirc it's not in user portal by design. All custom properties are generally considered admin-like stuff > > In the admin portal it has, in the same dialog, its own sub menu. > -- > Didi > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
Yup, I see it now in the Admin portal VM Edit dialog - thanks! Will -Original Message- From: Michal Skrivanek [mailto:mskri...@redhat.com] Sent: Wednesday, May 18, 2016 2:37 AM To: Yedidyah Bar David Cc: Will Dennis; users@ovirt.org Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM > On 15 May 2016, at 07:24, Yedidyah Bar David wrote: > >> On Wed, May 11, 2016 at 5:17 PM, Will Dennis wrote: >> OK; I searched the oVirt site for 'engine-config' (unfamiliar with it) and >> found the following page: >> https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ >> >> I see the instructions on it for "Adding VM custom properties (macspoof)", >> so I did execute the referenced engine-config line, and then restarted the >> ovirt-engine service. I then went and powered off the VM I'd like to >> deactivate mac spoof filtering on, then went in to the User Portal and >> clicked "Edit" on the VM. However, I can not find a "Custom Properties" >> dialog anywhere in the VM Edit UI (yes, I did enable Advanced options.) >> Where should I be seeing this? > > Not sure it's visible in the User Portal, might be a matter of permissions. Iirc it's not in user portal by design. All custom properties are generally considered admin-like stuff > > In the admin portal it has, in the same dialog, its own sub menu. > -- > Didi > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
> On 15 May 2016, at 07:24, Yedidyah Bar David wrote: > >> On Wed, May 11, 2016 at 5:17 PM, Will Dennis wrote: >> OK; I searched the oVirt site for 'engine-config' (unfamiliar with it) and >> found the following page: >> https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ >> >> I see the instructions on it for "Adding VM custom properties (macspoof)", >> so I did execute the referenced engine-config line, and then restarted the >> ovirt-engine service. I then went and powered off the VM I'd like to >> deactivate mac spoof filtering on, then went in to the User Portal and >> clicked "Edit" on the VM. However, I can not find a "Custom Properties" >> dialog anywhere in the VM Edit UI (yes, I did enable Advanced options.) >> Where should I be seeing this? > > Not sure it's visible in the User Portal, might be a matter of permissions. Iirc it's not in user portal by design. All custom properties are generally considered admin-like stuff > > In the admin portal it has, in the same dialog, its own sub menu. > -- > Didi > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Wed, May 11, 2016 at 5:17 PM, Will Dennis wrote: > OK; I searched the oVirt site for 'engine-config' (unfamiliar with it) and > found the following page: > https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ > > I see the instructions on it for "Adding VM custom properties (macspoof)", so > I did execute the referenced engine-config line, and then restarted the > ovirt-engine service. I then went and powered off the VM I'd like to > deactivate mac spoof filtering on, then went in to the User Portal and > clicked "Edit" on the VM. However, I can not find a "Custom Properties" > dialog anywhere in the VM Edit UI (yes, I did enable Advanced options.) Where > should I be seeing this? Not sure it's visible in the User Portal, might be a matter of permissions. In the admin portal it has, in the same dialog, its own sub menu. -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
OK; I searched the oVirt site for 'engine-config' (unfamiliar with it) and found the following page: https://www.ovirt.org/develop/developer-guide/engine/engine-config-examples/ I see the instructions on it for "Adding VM custom properties (macspoof)", so I did execute the referenced engine-config line, and then restarted the ovirt-engine service. I then went and powered off the VM I'd like to deactivate mac spoof filtering on, then went in to the User Portal and clicked "Edit" on the VM. However, I can not find a "Custom Properties" dialog anywhere in the VM Edit UI (yes, I did enable Advanced options.) Where should I be seeing this? -Original Message- From: Yedidyah Bar David [mailto:d...@redhat.com] Sent: Tuesday, May 10, 2016 4:31 PM To: Will Dennis Cc: Simone Tiraboschi; Yaniv Kaul; users@ovirt.org Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM On Tue, May 10, 2016 at 8:36 PM, Will Dennis wrote: > Hi Simone, > > Sorry but I'm just getting back to this... Not sure where/how one might > implement the hook you have indicated... It looks to be VM-specific, but I > don't see anywhere in either the Admin UI or the User portal UI to set such a > parameter... Can you give me instructions on how to implement this? > Please check the README that Simone linked to. You have to add a property using engine-config. It will appear in the ui when editing a VM, under custom properties. > -Original Message- > From: Simone Tiraboschi [mailto:stira...@redhat.com] > Sent: Monday, May 09, 2016 3:54 AM > To: Yaniv Kaul > Cc: Will Dennis; users@ovirt.org > Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container > in a oVirt VM > > There is also a specific VDSM hook to address this configuration: > https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Tue, May 10, 2016 at 8:36 PM, Will Dennis wrote: > Hi Simone, > > Sorry but I'm just getting back to this... Not sure where/how one might > implement the hook you have indicated... It looks to be VM-specific, but I > don't see anywhere in either the Admin UI or the User portal UI to set such a > parameter... Can you give me instructions on how to implement this? > Please check the README that Simone linked to. You have to add a property using engine-config. It will appear in the ui when editing a VM, under custom properties. > -Original Message- > From: Simone Tiraboschi [mailto:stira...@redhat.com] > Sent: Monday, May 09, 2016 3:54 AM > To: Yaniv Kaul > Cc: Will Dennis; users@ovirt.org > Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container > in a oVirt VM > > There is also a specific VDSM hook to address this configuration: > https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
Hi Simone, Sorry but I'm just getting back to this... Not sure where/how one might implement the hook you have indicated... It looks to be VM-specific, but I don't see anywhere in either the Admin UI or the User portal UI to set such a parameter... Can you give me instructions on how to implement this? -Original Message- From: Simone Tiraboschi [mailto:stira...@redhat.com] Sent: Monday, May 09, 2016 3:54 AM To: Yaniv Kaul Cc: Will Dennis; users@ovirt.org Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM There is also a specific VDSM hook to address this configuration: https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Sat, May 7, 2016 at 11:06 AM, Yaniv Kaul wrote: > > > On Fri, May 6, 2016 at 11:07 PM, Will Dennis wrote: >> >> That’s in iptables, right? I have iptables disabled on my oVirt nodes... > > > No, it's a L2 filter libvirt sets up, I believe using ebtables. > Y. There is also a specific VDSM hook to address this configuration: https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof >> >> >> >> From: Yaniv Kaul [mailto:yk...@redhat.com] >> Sent: Friday, May 06, 2016 3:50 PM >> To: Will Dennis >> Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a >> container in a oVirt VM >> >> >> >> Long shot - you need to disable the EnableMACAntiSpoofingFilterRules . >> >> Y. >> >> >> >> On Fri, May 6, 2016 at 8:27 PM, Will Dennis wrote: >> >> Hi all, >> >> >> >> Have an interesting problem – I am running a VM in oVirt that is running >> Proxmox VE 4.1 OS, which I have spun up a container on. The container is >> set for DHCP, and I have verified that it is sending Discover packets as >> normal, and that these packets are making it out of the Proxmox VM to the >> oVirt bridge (which is attached to a VLAN sub-interface of a bond >> interface.) However, these packets do NOT make it past the oVirt bridge. The >> interesting thing is that the Proxmox VM (as well as any other VM I spin up >> on oVirt) works fine with DHCP. (I also have other oVirt VMs instantiated >> which are using LXD to spin up containers, and I have the same problem with >> those as well.) I checked a bunch of stuff, and the only clue I could find >> is that it seems that the oVirt bridge is not learning the MAC for the >> container on the VM, even though it does learn the VM’s MAC, but I can >> capture DHCP traffic coming from the container off the ‘vnet0’ interface >> which is joined to that bridge... >> >> >> >> Info: >> >> >> >> = off Proxmox VM = >> >> >> >> Container's MAC address: 32:62:65:61:65:33 >> >> >> >> root@proxmox-02:~# ip link sh >> >> 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode >> DEFAULT group default >> >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> >> 2: eth0: mtu 1500 qdisc pfifo_fast >> master vmbr0 state UP mode DEFAULT group default qlen 1000 >> >> link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff >> >> 3: vmbr0: mtu 1500 qdisc noqueue state >> UP mode DEFAULT group default >> >> link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff >> >> 7: veth100i0@if6: mtu 1500 qdisc >> pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 >> >> link/ether fe:50:4f:3c:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 >> <<< veth connection to container >> >> >> >> root@proxmox-02:~# brctl showmacs vmbr0 >> >> port no mac addris local? ageing timer >> >> 1 00:12:3f:24:a4:54 no 112.88 >> >> 1 00:1a:4a:16:01:56 no 0.02 >> >> 1 00:1a:4a:16:01:57 yes0.00 >> >> 1 00:1a:4a:16:01:57 yes0.00 >> >> 1 00:24:50:dd:a2:05 no 1.37 >> >> 1 18:03:73:e3:be:5a no21.04 >> >> 1 18:03:73:e3:ca:24 no 4.23 >> >> 1 18:03:73:e3:cb:5b no48.41 >> >> 1 18:03:73:e3:cc:e5 no91.93 >> >> 1 18:03:73:e3:cd:b8 no 151.04 >> >> 1 18:03:73:e3:ce:43 no 0.80 >> >> 1 18:03:73:e3:d0:a4 no 290.74 >> >> 1 18:03:73:e3:d4:26 no34.06 >> >> 1 18:03:73:e3:d5:3d no 6.36 >> >> 1 18:03:73:e4:23:08 no88.76 >> >> 1 18:03:73:e4:25:92 no 111.86 >> >> 1 18:03:73:e4:26:2f no 9.54 >> >> 1 18:03:73:e4:2b:4c no 114.86 >> >> 1 18:03:73:e4:31:15 no 263.91 >> >> 1 18:03:73:e4:6c:19 no 6.36 >> >> 1 18:03:73:e4:7e:0a no 103.06 >> >> 1 18:03:73:e8:16:e0 no23.21 >> >> 2 32:62:65:61:65:33 no 5.08
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
On Fri, May 6, 2016 at 11:07 PM, Will Dennis wrote: > That’s in iptables, right? I have iptables disabled on my oVirt nodes... > No, it's a L2 filter libvirt sets up, I believe using ebtables. Y. > > > *From:* Yaniv Kaul [mailto:yk...@redhat.com] > *Sent:* Friday, May 06, 2016 3:50 PM > *To:* Will Dennis > *Subject:* Re: [ovirt-users] virt-in-virt problem: DHCP failing for a > container in a oVirt VM > > > > Long shot - you need to disable the EnableMACAntiSpoofingFilterRules . > > Y. > > > > On Fri, May 6, 2016 at 8:27 PM, Will Dennis wrote: > > Hi all, > > > > Have an interesting problem – I am running a VM in oVirt that is running > Proxmox VE 4.1 OS, which I have spun up a container on. The container is > set for DHCP, and I have verified that it is sending Discover packets as > normal, and that these packets are making it out of the Proxmox VM to the > oVirt bridge (which is attached to a VLAN sub-interface of a bond > interface.) However, these packets do NOT make it past the oVirt bridge. > The interesting thing is that the Proxmox VM (as well as any other VM I > spin up on oVirt) works fine with DHCP. (I also have other oVirt VMs > instantiated which are using LXD to spin up containers, and I have the same > problem with those as well.) I checked a bunch of stuff, and the only clue > I could find is that it seems that the oVirt bridge is not learning the MAC > for the container on the VM, even though it does learn the VM’s MAC, but I > can capture DHCP traffic coming from the container off the ‘vnet0’ > interface which is joined to that bridge... > > > > Info: > > > > = off Proxmox VM = > > > > Container's MAC address: 32:62:65:61:65:33 > > > > root@proxmox-02:~# ip link sh > > 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode > DEFAULT group default > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > 2: eth0: mtu 1500 qdisc pfifo_fast > master vmbr0 state UP mode DEFAULT group default qlen 1000 > > link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff > > 3: vmbr0: mtu 1500 qdisc noqueue state > UP mode DEFAULT group default > > link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff > > 7: veth100i0@if6: mtu 1500 qdisc > pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 > > link/ether fe:50:4f:3c:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 > <<< veth connection to container > > > > root@proxmox-02:~# brctl showmacs vmbr0 > > port no mac addris local? ageing timer > > 1 00:12:3f:24:a4:54 no 112.88 > > 1 00:1a:4a:16:01:56 no 0.02 > > 1 00:1a:4a:16:01:57 yes0.00 > > 1 00:1a:4a:16:01:57 yes0.00 > > 1 00:24:50:dd:a2:05 no 1.37 > > 1 18:03:73:e3:be:5a no21.04 > > 1 18:03:73:e3:ca:24 no 4.23 > > 1 18:03:73:e3:cb:5b no48.41 > > 1 18:03:73:e3:cc:e5 no91.93 > > 1 18:03:73:e3:cd:b8 no 151.04 > > 1 18:03:73:e3:ce:43 no 0.80 > > 1 18:03:73:e3:d0:a4 no 290.74 > > 1 18:03:73:e3:d4:26 no34.06 > > 1 18:03:73:e3:d5:3d no 6.36 > > 1 18:03:73:e4:23:08 no88.76 > > 1 18:03:73:e4:25:92 no 111.86 > > 1 18:03:73:e4:26:2f no 9.54 > > 1 18:03:73:e4:2b:4c no 114.86 > > 1 18:03:73:e4:31:15 no 263.91 > > 1 18:03:73:e4:6c:19 no 6.36 > > 1 18:03:73:e4:7e:0a no 103.06 > > 1 18:03:73:e8:16:e0 no23.21 > > 2 32:62:65:61:65:33 no 5.08 <<< container’s > MAC learned on Proxmox bridge > > 1 34:17:eb:9b:e0:29 no 265.22 > > 1 34:17:eb:9b:f8:ea no 114.86 > > 1 44:d3:ca:7e:3c:ff no 0.00 > > 1 78:2b:cb:3b:ca:b9 no 284.70 > > 1 78:2b:cb:92:cb:cb no 279.70 > > 1 78:2b:cb:93:08:a8 no 287.05 > > 1 b8:ca:3a:7a:70:63 no 4.83 > > 1 f8:bc:12:69:bb:a3 no 121.82 > > 2 fe:50:4f:3c:bd:b8 yes0.00 > > 2 fe:50:4f:3c:bd:b8 yes0.0
Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
That’s in iptables, right? I have iptables disabled on my oVirt nodes... From: Yaniv Kaul [mailto:yk...@redhat.com] Sent: Friday, May 06, 2016 3:50 PM To: Will Dennis Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM Long shot - you need to disable the EnableMACAntiSpoofingFilterRules . Y. On Fri, May 6, 2016 at 8:27 PM, Will Dennis mailto:wden...@nec-labs.com>> wrote: Hi all, Have an interesting problem – I am running a VM in oVirt that is running Proxmox VE 4.1 OS, which I have spun up a container on. The container is set for DHCP, and I have verified that it is sending Discover packets as normal, and that these packets are making it out of the Proxmox VM to the oVirt bridge (which is attached to a VLAN sub-interface of a bond interface.) However, these packets do NOT make it past the oVirt bridge. The interesting thing is that the Proxmox VM (as well as any other VM I spin up on oVirt) works fine with DHCP. (I also have other oVirt VMs instantiated which are using LXD to spin up containers, and I have the same problem with those as well.) I checked a bunch of stuff, and the only clue I could find is that it seems that the oVirt bridge is not learning the MAC for the container on the VM, even though it does learn the VM’s MAC, but I can capture DHCP traffic coming from the container off the ‘vnet0’ interface which is joined to that bridge... Info: = off Proxmox VM = Container's MAC address: 32:62:65:61:65:33 root@proxmox-02:~# ip link sh 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff 3: vmbr0: mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff 7: veth100i0@if6: mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 link/ether fe:50:4f:3c:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 <<< veth connection to container root@proxmox-02:~# brctl showmacs vmbr0 port no mac addris local? ageing timer 1 00:12:3f:24:a4:54 no 112.88 1 00:1a:4a:16:01:56 no 0.02 1 00:1a:4a:16:01:57 yes0.00 1 00:1a:4a:16:01:57 yes0.00 1 00:24:50:dd:a2:05 no 1.37 1 18:03:73:e3:be:5a no21.04 1 18:03:73:e3:ca:24 no 4.23 1 18:03:73:e3:cb:5b no48.41 1 18:03:73:e3:cc:e5 no91.93 1 18:03:73:e3:cd:b8 no 151.04 1 18:03:73:e3:ce:43 no 0.80 1 18:03:73:e3:d0:a4 no 290.74 1 18:03:73:e3:d4:26 no34.06 1 18:03:73:e3:d5:3d no 6.36 1 18:03:73:e4:23:08 no88.76 1 18:03:73:e4:25:92 no 111.86 1 18:03:73:e4:26:2f no 9.54 1 18:03:73:e4:2b:4c no 114.86 1 18:03:73:e4:31:15 no 263.91 1 18:03:73:e4:6c:19 no 6.36 1 18:03:73:e4:7e:0a no 103.06 1 18:03:73:e8:16:e0 no23.21 2 32:62:65:61:65:33 no 5.08 <<< container’s MAC learned on Proxmox bridge 1 34:17:eb:9b:e0:29 no 265.22 1 34:17:eb:9b:f8:ea no 114.86 1 44:d3:ca:7e:3c:ff no 0.00 1 78:2b:cb:3b:ca:b9 no 284.70 1 78:2b:cb:92:cb:cb no 279.70 1 78:2b:cb:93:08:a8 no 287.05 1 b8:ca:3a:7a:70:63 no 4.83 1 f8:bc:12:69:bb:a3 no 121.82 2 fe:50:4f:3c:bd:b8 yes0.00 2 fe:50:4f:3c:bd:b8 yes0.00 = off oVirt node that has Proxmox VM (relevant lines from ‘ip link show’) 2: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT 3: enp4s0f0: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 4: enp4s0f1: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 8: bond0.169@bond0<mailto:bond0.169@bond0>: mtu 1500 qdisc noqueue master 169-net state UP mode DEFAULT 10: bond0.180@bond0<mailto:bond0.180@bond0>: mtu 1500 qdisc noqueue master 180-net state UP mode DEFAULT 12: bond0.207@bond0<mailto:bond0.207@bond0>: mtu 1500 qdisc noqueue master 207-net state UP mode DEFAULT 13: 207-net: mtu 1500 qdisc noqueue state UP mode DEFAULT 30: vnet0: mtu 1500 qdisc pfifo_fast master 207-net state UNKNOWN mode DEFAULT qlen 500 <<
[ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
Hi all, Have an interesting problem - I am running a VM in oVirt that is running Proxmox VE 4.1 OS, which I have spun up a container on. The container is set for DHCP, and I have verified that it is sending Discover packets as normal, and that these packets are making it out of the Proxmox VM to the oVirt bridge (which is attached to a VLAN sub-interface of a bond interface.) However, these packets do NOT make it past the oVirt bridge. The interesting thing is that the Proxmox VM (as well as any other VM I spin up on oVirt) works fine with DHCP. (I also have other oVirt VMs instantiated which are using LXD to spin up containers, and I have the same problem with those as well.) I checked a bunch of stuff, and the only clue I could find is that it seems that the oVirt bridge is not learning the MAC for the container on the VM, even though it does learn the VM's MAC, but I can capture DHCP traffic coming from the container off the 'vnet0' interface which is joined to that bridge... Info: = off Proxmox VM = Container's MAC address: 32:62:65:61:65:33 root@proxmox-02:~# ip link sh 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff 3: vmbr0: mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff 7: veth100i0@if6: mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 link/ether fe:50:4f:3c:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 <<< veth connection to container root@proxmox-02:~# brctl showmacs vmbr0 port no mac addris local? ageing timer 1 00:12:3f:24:a4:54 no 112.88 1 00:1a:4a:16:01:56 no 0.02 1 00:1a:4a:16:01:57 yes0.00 1 00:1a:4a:16:01:57 yes0.00 1 00:24:50:dd:a2:05 no 1.37 1 18:03:73:e3:be:5a no21.04 1 18:03:73:e3:ca:24 no 4.23 1 18:03:73:e3:cb:5b no48.41 1 18:03:73:e3:cc:e5 no91.93 1 18:03:73:e3:cd:b8 no 151.04 1 18:03:73:e3:ce:43 no 0.80 1 18:03:73:e3:d0:a4 no 290.74 1 18:03:73:e3:d4:26 no34.06 1 18:03:73:e3:d5:3d no 6.36 1 18:03:73:e4:23:08 no88.76 1 18:03:73:e4:25:92 no 111.86 1 18:03:73:e4:26:2f no 9.54 1 18:03:73:e4:2b:4c no 114.86 1 18:03:73:e4:31:15 no 263.91 1 18:03:73:e4:6c:19 no 6.36 1 18:03:73:e4:7e:0a no 103.06 1 18:03:73:e8:16:e0 no23.21 2 32:62:65:61:65:33 no 5.08 <<< container's MAC learned on Proxmox bridge 1 34:17:eb:9b:e0:29 no 265.22 1 34:17:eb:9b:f8:ea no 114.86 1 44:d3:ca:7e:3c:ff no 0.00 1 78:2b:cb:3b:ca:b9 no 284.70 1 78:2b:cb:92:cb:cb no 279.70 1 78:2b:cb:93:08:a8 no 287.05 1 b8:ca:3a:7a:70:63 no 4.83 1 f8:bc:12:69:bb:a3 no 121.82 2 fe:50:4f:3c:bd:b8 yes0.00 2 fe:50:4f:3c:bd:b8 yes0.00 = off oVirt node that has Proxmox VM (relevant lines from 'ip link show') 2: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT 3: enp4s0f0: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 4: enp4s0f1: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 8: bond0.169@bond0: mtu 1500 qdisc noqueue master 169-net state UP mode DEFAULT 10: bond0.180@bond0: mtu 1500 qdisc noqueue master 180-net state UP mode DEFAULT 12: bond0.207@bond0: mtu 1500 qdisc noqueue master 207-net state UP mode DEFAULT 13: 207-net: mtu 1500 qdisc noqueue state UP mode DEFAULT 30: vnet0: mtu 1500 qdisc pfifo_fast master 207-net state UNKNOWN mode DEFAULT qlen 500 <<< veth connection to Proxmox VM 31: vnet1: mtu 1500 qdisc pfifo_fast master 207-net state UNKNOWN mode DEFAULT qlen 500 [root@ovirt-node-03 ~]# brctl show bridge name bridge id STP enabled interfaces 169-net 8000.0015177be9da no bond0.169 180-net 8000.0015177be9da no bond0.180 207-net 8000.0015177be9da no bond0.207 vnet0 vnet1 ;