Re: [Users] simple networking? [SOLVED] mostly

[jplor...@gmail.com]

Hi,

No I'm not. At this time the engine is on a virtualbox vm. Everything is on
top of centos 6.5.
Regards
Regards
El dic 19, 2013 6:39 AM, "Assaf Muller"  escribió:

> Juan - Are you using an all-in-one?
>
> Assaf Muller, Cloud Networking Engineer
> Red Hat
>
>
> - Original Message -
> From: "Juan Pablo Lorier" 
> To: "Antoni Segura Puimedon" , "Itamar Heim" <
> ih...@redhat.com>
> Cc: users@ovirt.org
> Sent: Monday, December 16, 2013 9:16:13 PM
> Subject: Re: [Users] simple networking? [SOLVED] mostly
>
> Hi Antoni,
>
> I've tried two secentarios: to create a ifcfg-eth0.128 with the
> parameters so it survives restarts, and to create dinamically with
> vconfig and ifconfig so it does not survive the restart to see if ovirt
> get the mgmt working.
> The only thing that worked to me was creating the hole ovirtmgmt bridge
> on top or the bondX.128 and of course, it does not fails.
>
> This log is from one of the last two hosts I set up (3.3.1) where I
> didn't create the bond, just created a vlan on top of eth0.
>
>
> https://drive.google.com/file/d/0B9OrU8RK9m26TjdGcTBLbkJrYVU/edit?usp=sharing
>
> Regards,
>
>
> On 16/12/13 16:52, Antoni Segura Puimedon wrote:
> > Hi Juan Pablo,
> >
> > Could you please share:
> >
> > /var/log/vdsm/supervdsm.log
> >
> > So that I can see why the installation fails? I'd also like to know
> > how you set up the pre-existent vlan on the host.
> >
> > ----- Original Message -
> >> From: "Itamar Heim" 
> >> To: "Juan Pablo Lorier" , users@ovirt.org, "Dan
> Kenigsberg" , "Antoni Segura
> >> Puimedon" 
> >> Sent: Monday, December 16, 2013 7:13:04 PM
> >> Subject: Re: [Users] simple networking? [SOLVED] mostly
> >>
> >> On 12/16/2013 12:54 PM, Juan Pablo Lorier wrote:
> >>> Itamar,
> >>>
> >>> I have the same problem and already have mentioned that in previous
> >>> posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
> >>> set the host ip manually on top of a vlan interface and the, after
> ovirt
> >>> does install the node, it fails to finish as it can't manage properly
> to
> >>> create the bridge and pass the ip to the brand new bridge. The
> ovirtmgmt
> >>> interface I create in engine is a bond (and originally I configure just
> >>> a single interface with the ip to grant engine access), just in case
> >>> this changes the scenario.
> >>> Regards,
> >>>
> >>> ___
> >>> Users mailing list
> >>> Users@ovirt.org
> >>> http://lists.ovirt.org/mailman/listinfo/users
> >>>
> >> dan/toni - thoughts?
> >>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Assaf Muller]

Juan - Are you using an all-in-one?

Assaf Muller, Cloud Networking Engineer 
Red Hat 


- Original Message -
From: "Juan Pablo Lorier" 
To: "Antoni Segura Puimedon" , "Itamar Heim" 

Cc: users@ovirt.org
Sent: Monday, December 16, 2013 9:16:13 PM
Subject: Re: [Users] simple networking? [SOLVED] mostly

Hi Antoni,

I've tried two secentarios: to create a ifcfg-eth0.128 with the
parameters so it survives restarts, and to create dinamically with
vconfig and ifconfig so it does not survive the restart to see if ovirt
get the mgmt working.
The only thing that worked to me was creating the hole ovirtmgmt bridge
on top or the bondX.128 and of course, it does not fails.

This log is from one of the last two hosts I set up (3.3.1) where I
didn't create the bond, just created a vlan on top of eth0.

https://drive.google.com/file/d/0B9OrU8RK9m26TjdGcTBLbkJrYVU/edit?usp=sharing

Regards,


On 16/12/13 16:52, Antoni Segura Puimedon wrote:
> Hi Juan Pablo,
>
> Could you please share:
>
> /var/log/vdsm/supervdsm.log
>
> So that I can see why the installation fails? I'd also like to know
> how you set up the pre-existent vlan on the host.
>
> - Original Message -
>> From: "Itamar Heim" 
>> To: "Juan Pablo Lorier" , users@ovirt.org, "Dan 
>> Kenigsberg" , "Antoni Segura
>> Puimedon" 
>> Sent: Monday, December 16, 2013 7:13:04 PM
>> Subject: Re: [Users] simple networking? [SOLVED] mostly
>>
>> On 12/16/2013 12:54 PM, Juan Pablo Lorier wrote:
>>> Itamar,
>>>
>>> I have the same problem and already have mentioned that in previous
>>> posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
>>> set the host ip manually on top of a vlan interface and the, after ovirt
>>> does install the node, it fails to finish as it can't manage properly to
>>> create the bridge and pass the ip to the brand new bridge. The ovirtmgmt
>>> interface I create in engine is a bond (and originally I configure just
>>> a single interface with the ip to grant engine access), just in case
>>> this changes the scenario.
>>> Regards,
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>> dan/toni - thoughts?
>>

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Dan Kenigsberg]

On Mon, Dec 16, 2013 at 06:01:51PM -0500, Antoni Segura Puimedon wrote:
> - Original Message -
> > From: "Moti Asayag" 
> > To: "Antoni Segura Puimedon" 
> > Cc: users@ovirt.org, "Juan Pablo Lorier" 
> > Sent: Monday, December 16, 2013 8:43:24 PM
> > Subject: Re: [Users] simple networking? [SOLVED] mostly
> > 
> > By looking at the output of 'getCapabilities' i noticed vdsm
> > didn't report any value for 'lastClientIface': 'lastClientIface': ''
> > 
> > It seems like the first 'getCapabilities' which the engine relies
> > on to report the nic for configuring the management network on top
> > of is missing.
> > 
> > Toni, any idea in which case it might not be reported ?
> 
> Sure, this is fixed now (or at least the behavior was changed). The thing
> is that this Caps reports the management_ip as 0.0.0.0, which leads me to
> believe that this is probably an all in one setup. The code for getting
> lastClientIface used to check for which device had assigned the management_ip,
> which doesn't exist in this case.

management_ip 0.0.0.0 means very little: only that Vdsm has kept its
default of listening on all interfaces. I do not see how it is related.

> 
> If we were to use the current code, that tries to route a packet, it would
> behave differently. However, it would still leave us out of luck as the device
> that would be reported to the engine would be, if this is indeed
> an allinone, the loopback device.

I am confused about this reasoning. The vdsm.log.26.xz shows 10 calls to
getCabilities, all from 192.168.128.79. Two of them (the first included)
reports that odd lastClient = '0.0.0.0'. Both happen to be the first
call after Vdsm has started up.

It smells like a race (or a more consistent fault) in how we set
self.server.lastClient = self.client_address[0]

I'd apreciate a bug opened on that, for a closer scrutiny.

Dan.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Antoni Segura Puimedon]

- Original Message -
> From: "Moti Asayag" 
> To: "Antoni Segura Puimedon" 
> Cc: users@ovirt.org, "Juan Pablo Lorier" 
> Sent: Monday, December 16, 2013 8:43:24 PM
> Subject: Re: [Users] simple networking? [SOLVED] mostly
> 
> By looking at the output of 'getCapabilities' i noticed vdsm
> didn't report any value for 'lastClientIface': 'lastClientIface': ''
> 
> It seems like the first 'getCapabilities' which the engine relies
> on to report the nic for configuring the management network on top
> of is missing.
> 
> Toni, any idea in which case it might not be reported ?

Sure, this is fixed now (or at least the behavior was changed). The thing
is that this Caps reports the management_ip as 0.0.0.0, which leads me to
believe that this is probably an all in one setup. The code for getting
lastClientIface used to check for which device had assigned the management_ip,
which doesn't exist in this case.

If we were to use the current code, that tries to route a packet, it would
behave differently. However, it would still leave us out of luck as the device
that would be reported to the engine would be, if this is indeed
an allinone, the loopback device.
> 
> 
> Thread-20::DEBUG::2013-12-05 14:01:43,531::BindingXMLRPC::981::vds::(wrapper)
> return getCapabilities with {'status': {'message': 'Done', 'code': 0},
> 'info': {'HBAInventory': {'iSCSI': [{'InitiatorName':
> 'iqn.1994-05.com.redhat:1a6a2adc920'}], 'FC': []}, 'packages2': {'kernel':
> {'release': '358.23.2.el6.x86_64', 'buildtime': 1381955832.0, 'version':
> '2.6.32'}, 'glusterfs-rdma': {'release': '8.el6', 'buildtime': 1375787859L,
> 'version': '3.4.0'}, 'glusterfs-fuse': {'release': '8.el6', 'buildtime':
> 1375787859L, 'version': '3.4.0'}, 'spice-server': {'release': '6.el6',
> 'buildtime': 1385213397L, 'version': '0.12.4'}, 'vdsm': {'release':
> '11.el6', 'buildtime': 1384277438L, 'version': '4.13.0'}, 'qemu-kvm':
> {'release': '2.355.0.1.el6_4.9', 'buildtime': 1380718456L, 'version':
> '0.12.1.2'}, 'qemu-img': {'release': '2.355.0.1.el6_4.9', 'buildtime':
> 1380718456L, 'version': '0.12.1.2'}, 'libvirt': {'release': '29.el6',
> 'buildtime': 1385212305L, 'version': '0.10.2'}, 'glusterfs': {'release':
> '8.el6', 'buildtime': 1375787859L, 'version': '3.4.0'}, 'mom': {'release':
> '3.el6', 'buildtime': 1375215703L, 'version': '0.3.2'}, 'glusterfs-server':
> {'release': '8.el6', 'buildtime': 1375787859L, 'version': '3.4.0'}},
> 'cpuModel': 'Intel(R) Xeon(R) CPU   X5450  @ 3.00GHz', 'hooks': {},
> 'cpuSockets': '2', 'vmTypes': ['kvm'], 'supportedProtocols': ['2.2', '2.3'],
> 'networks': {'ovirtmgmt': {'iface': 'ovirtmgmt', 'addr': '192.168.128.82',
> 'cfg': {'DEFROUTE': 'yes', 'IPADDR': '192.168.128.82', 'GATEWAY':
> '192.168.128.49', 'DELAY': '0', 'NM_CONTROLLED': 'no', 'NETMASK':
> '255.255.255.0', 'BOOTPROTO': 'none', 'STP': 'no', 'DEVICE': 'ovirtmgmt',
> 'TYPE': 'Bridge', 'ONBOOT': 'yes'}, 'ipv6addrs':
> ['fe80::21e:c9ff:fe2b:7a5c/64'], 'gateway': '192.168.128.49', 'netmask':
> '255.255.255.0', 'stp': 'off', 'bridged': True, 'qosInbound': '',
> 'qosOutbound': '', 'mtu': '1500', 'ipv6gateway': '::', 'ports':
> ['bond0.128']}, 'iscsi131': {'iface': 'iscsi131', 'addr': '192.168.131.82',
> 'cfg': {'DEFROUTE': 'no', 'IPADDR': '192.168.131.82', 'DELAY': '0',
> 

Re: [Users] simple networking? [SOLVED] mostly

[Moti Asayag]

O': 'none', 'STP': 'no', 'DEVICE': 
'iscsi130', 'TYPE': 'Bridge', 'ONBOOT': 'yes'}, 'ipv6addrs': 
['fe80::215:17ff:fe9b:eb04/64'], 'gateway': '0.0.0.0', 'netmask': 
'255.255.255.0', 'stp': 'off', 'bridged': True, 'qosInbound': '', 
'qosOutbound': '', 'mtu': '1500', 'ipv6gateway': '::', 'ports': 
['bond1.130']}}, 'bridges': {'ovirtmgmt': {'addr': '192.168.128.82', 'cfg': {
 'DEFROUTE': 'yes', 'IPADDR': '192.168.128.82', 'GATEWAY': '192.168.128.49', 
'DELAY': '0', 'NM_CONTROLLED': 'no', 'NETMASK': '255.255.255.0', 'BOOTPROTO': 
'none', 'STP': 'no', 'DEVICE': 'ovirtmgmt', 'TYPE': 'Bridge', 'ONBOOT': 'yes'}, 
'ipv6addrs': ['fe80::21e:c9ff:fe2b:7a5c/64'], 'mtu': '1500', 'netmask': 
'255.255.255.0', 'stp': 'off', 'ipv6gateway': '::', 'gateway': 
'192.168.128.49', 'ports': ['bond0.128']}, 'iscsi131': {'addr': 
'192.168.131.82', 'cfg': {'DEFROUTE': 'no', 'IPADDR': '192.168.131.82', 
'DELAY': '0', 'NM_CONTROLLED': 'no', 'NETMASK': '255.255.255.0', 'BOOTPROTO': 
'none', 'STP': 'no', 'DEVICE': 'iscsi131', 'TYPE': 'Bridge', 'ONBOOT': 'yes'}, 
'ipv6addrs': ['fe80::215:17ff:fe9b:eb04/64'], 'mtu': '1500', 'netmask': 
'255.255.255.0', 'stp': 'off', 'ipv6gateway': '::', 'gateway': '0.0.0.0', 
'ports': ['bond1.131']}, 'iscsi130': {'addr': '192.168.130.82', 'cfg': 
{'DEFROUTE': 'no', 'IPADDR': '192.168.130.82', 'DELAY': '0', 'NM_CONTROLLED': 
'no', 'NETMASK': '255.255.255.0'
 , 'BOOTPROTO': 'none', 'STP': 'no', 'DEVICE': 'iscsi130', 'TYPE': 'Bridge', 
'ONBOOT': 'yes'}, 'ipv6addrs': ['fe80::215:17ff:fe9b:eb04/64'],
 'mtu': '1500', 'netmask': '255.255.255.0', 'stp': 'off', 'ipv6gateway': '::', 
'gateway': '0.0.0.0', 'ports': ['bond1.130']}}, 'uuid': 
'44454C4C-5300-1038-8034-CAC04F4C4631', 'lastClientIface': '', 'nics': {'p3p1': 
{'netmask': '', 'addr': '', 'hwaddr': '00:15:17:9b:eb:04', 'cfg': {'SLAVE': 
'yes', 'NM_CONTROLLED': 'no', 'MTU': '1500', 'HWADDR': '00:15:17:9b:eb:04', 
'MASTER': 'bond1', 'DEVICE': 'p3p1', 'STP': 'no', 'ONBOOT': 'yes'}, 
'ipv6addrs': [], 'permhwaddr': '00:15:17:9B:EB:04', 'speed': 1000, 'mtu': 
'1500'}, 'p3p2': {'netmask': '', 'addr': '', 'hwaddr': '00:15:17:9b:eb:04', 
'cfg': {'SLAVE': 'yes', 'NM_CONTROLLED': 'no', 'MTU': '1500', 'HWADDR': 
'00:15:17:9b:eb:05', 'MASTER': 'bond1', 'DEVICE': 'p3p2', 'STP': 'no', 
'ONBOOT': 'yes'}, 'ipv6addrs': [], 'permhwaddr': '00:15:17:9B:EB:05', 'speed': 
1000, 'mtu': '1500'}, 'eth1': {'netmask': '', 'addr': '', 'hwaddr': 
'00:1e:c9:2b:7a:5c', 'cfg': {'SLAVE': 'yes', 'NM_CONTROLLED': 'no', 'MTU': 
'1500', 'HWADDR': '00:1e:c9:2b:7a:5e', '
 STP': 'no', 'DEVICE': 'eth1', 'MASTER': 'bond0', 'ONBOOT': 'yes'}, 
'ipv6addrs': [], 'permhwaddr': '00:1E:C

Re: [Users] simple networking? [SOLVED] mostly

[Juan Pablo Lorier]

Hi Moty,

Here's the vdsm.log that should match the one I just sent to Antoni.

https://drive.google.com/file/d/0B9OrU8RK9m26MGFTTGctUllxSHc/edit?usp=sharing

I can't be much of help these days (I'm out of office), but if it's just
send logs, I'll be back at office next friday and give you the info you
may request.
Regards,


On 16/12/13 17:09, Moti Asayag wrote:
>
> - Original Message -
>> From: "Juan Pablo Lorier" 
>> To: users@ovirt.org
>> Sent: Monday, December 16, 2013 7:54:34 PM
>> Subject: Re: [Users] simple networking? [SOLVED] mostly
>>
>> Itamar,
>>
>> I have the same problem and already have mentioned that in previous
>> posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
>> set the host ip manually on top of a vlan interface and the, after ovirt
>> does install the node, it fails to finish as it can't manage properly to
>> create the bridge and pass the ip to the brand new bridge. The ovirtmgmt
>> interface I create in engine is a bond (and originally I configure just
>> a single interface with the ip to grant engine access), just in case
>> this changes the scenario.
>> Regards,
>>
> Just to make sure i get it right:
>
> You're attempting to install a host which is configured:
> eth0 --- eth0.128 (which has a static ip configured)
>
> When you install the host, you provide as address either the ip of eth0.128
> as you configured manually or a fqdn which is resolved to the same ip.
>
> 'ovirtmgmt' logical network definition is a vm network tagged with 128.
>
> Can you provide the from the output of 'getCapabilities' from the vdsm.log
> immediately after vdsm starts during the installation the value of 
> 'lastClientIface' ?
> Or even better - the entire output of 'getCapabilities' (which will indicate 
> that
> vdsm reports properly the required information about the nic it should 
> configure).
>
> Could you confirm the above and provide the missing pieces ?
>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Juan Pablo Lorier]

Hi Antoni,

I've tried two secentarios: to create a ifcfg-eth0.128 with the
parameters so it survives restarts, and to create dinamically with
vconfig and ifconfig so it does not survive the restart to see if ovirt
get the mgmt working.
The only thing that worked to me was creating the hole ovirtmgmt bridge
on top or the bondX.128 and of course, it does not fails.

This log is from one of the last two hosts I set up (3.3.1) where I
didn't create the bond, just created a vlan on top of eth0.

https://drive.google.com/file/d/0B9OrU8RK9m26TjdGcTBLbkJrYVU/edit?usp=sharing

Regards,


On 16/12/13 16:52, Antoni Segura Puimedon wrote:
> Hi Juan Pablo,
>
> Could you please share:
>
> /var/log/vdsm/supervdsm.log
>
> So that I can see why the installation fails? I'd also like to know
> how you set up the pre-existent vlan on the host.
>
> - Original Message -
>> From: "Itamar Heim" 
>> To: "Juan Pablo Lorier" , users@ovirt.org, "Dan 
>> Kenigsberg" , "Antoni Segura
>> Puimedon" 
>> Sent: Monday, December 16, 2013 7:13:04 PM
>> Subject: Re: [Users] simple networking? [SOLVED] mostly
>>
>> On 12/16/2013 12:54 PM, Juan Pablo Lorier wrote:
>>> Itamar,
>>>
>>> I have the same problem and already have mentioned that in previous
>>> posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
>>> set the host ip manually on top of a vlan interface and the, after ovirt
>>> does install the node, it fails to finish as it can't manage properly to
>>> create the bridge and pass the ip to the brand new bridge. The ovirtmgmt
>>> interface I create in engine is a bond (and originally I configure just
>>> a single interface with the ip to grant engine access), just in case
>>> this changes the scenario.
>>> Regards,
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>> dan/toni - thoughts?
>>

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Moti Asayag]

- Original Message -
> From: "Juan Pablo Lorier" 
> To: users@ovirt.org
> Sent: Monday, December 16, 2013 7:54:34 PM
> Subject: Re: [Users] simple networking? [SOLVED] mostly
> 
> Itamar,
> 
> I have the same problem and already have mentioned that in previous
> posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
> set the host ip manually on top of a vlan interface and the, after ovirt
> does install the node, it fails to finish as it can't manage properly to
> create the bridge and pass the ip to the brand new bridge. The ovirtmgmt
> interface I create in engine is a bond (and originally I configure just
> a single interface with the ip to grant engine access), just in case
> this changes the scenario.
> Regards,
> 

Just to make sure i get it right:

You're attempting to install a host which is configured:
eth0 --- eth0.128 (which has a static ip configured)

When you install the host, you provide as address either the ip of eth0.128
as you configured manually or a fqdn which is resolved to the same ip.

'ovirtmgmt' logical network definition is a vm network tagged with 128.

Can you provide the from the output of 'getCapabilities' from the vdsm.log
immediately after vdsm starts during the installation the value of 
'lastClientIface' ?
Or even better - the entire output of 'getCapabilities' (which will indicate 
that
vdsm reports properly the required information about the nic it should 
configure).

Could you confirm the above and provide the missing pieces ?

> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Antoni Segura Puimedon]

Hi Juan Pablo,

Could you please share:

/var/log/vdsm/supervdsm.log

So that I can see why the installation fails? I'd also like to know
how you set up the pre-existent vlan on the host.

- Original Message -
> From: "Itamar Heim" 
> To: "Juan Pablo Lorier" , users@ovirt.org, "Dan 
> Kenigsberg" , "Antoni Segura
> Puimedon" 
> Sent: Monday, December 16, 2013 7:13:04 PM
> Subject: Re: [Users] simple networking? [SOLVED] mostly
> 
> On 12/16/2013 12:54 PM, Juan Pablo Lorier wrote:
> > Itamar,
> >
> > I have the same problem and already have mentioned that in previous
> > posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
> > set the host ip manually on top of a vlan interface and the, after ovirt
> > does install the node, it fails to finish as it can't manage properly to
> > create the bridge and pass the ip to the brand new bridge. The ovirtmgmt
> > interface I create in engine is a bond (and originally I configure just
> > a single interface with the ip to grant engine access), just in case
> > this changes the scenario.
> > Regards,
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> 
> dan/toni - thoughts?
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Itamar Heim]

On 12/16/2013 12:54 PM, Juan Pablo Lorier wrote:

Itamar,

I have the same problem and already have mentioned that in previous
posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
set the host ip manually on top of a vlan interface and the, after ovirt
does install the node, it fails to finish as it can't manage properly to
create the bridge and pass the ip to the brand new bridge. The ovirtmgmt
interface I create in engine is a bond (and originally I configure just
a single interface with the ip to grant engine access), just in case
this changes the scenario.
Regards,

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



dan/toni - thoughts?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Juan Pablo Lorier]

Itamar,

I have the same problem and already have mentioned that in previous
posts. In my case, I have vlan 128 tagged assigned for ovirtmgmt so I
set the host ip manually on top of a vlan interface and the, after ovirt
does install the node, it fails to finish as it can't manage properly to
create the bridge and pass the ip to the brand new bridge. The ovirtmgmt
interface I create in engine is a bond (and originally I configure just
a single interface with the ip to grant engine access), just in case
this changes the scenario.
Regards,

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Itamar Heim]

On 12/16/2013 02:06 PM, Sven Kieske wrote:

Is this entirely true?

AFAIK you need ovirt.org repos at the host and ssh must be functional
(network of course too).
at least the ovirt.org repos did not come with EL 6.4 and there were
no ovirt packages in the EL 6.4 Repos

Did this change in EL 6.5? I did not yet investigate EL 6.5, it
would be huge if you can really setup vdsm on a minimal server install
without additional repos.


ssh and repos are still needed. nothing fancier should be needed.
ssh we cannot solve... repo's maybe worth thinking about as an option



Am 16.12.2013 08:27, schrieb Itamar Heim:

you shouldn't have to do *anything* from the host. the gui/engine should
take care of everything. can you reproduce this from the engine on
another host and document the steps for further investigation?




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Bob Doolittle]

On 12/16/13 07:06, Sven Kieske wrote:

Is this entirely true?


In my experience, yes. The one thing I had to do was to enable the sshd 
service on the Host (and possibly tweak the firewall to allow sshd 
service?).


When you click "Add Host" on the engine, it uses ssh into the Host to 
configure the necessary repositories. I may have had to add the 
"Optional" repository for EL6, but certainly not the oVirt repository - 
that is handled by the host-deploy code.


I have done this with both 6.4 and 6.5.

In any case, Ted's issues are not related to repository configuration or 
package dependencies.


-Bob



AFAIK you need ovirt.org repos at the host and ssh must be functional
(network of course too).
at least the ovirt.org repos did not come with EL 6.4 and there were
no ovirt packages in the EL 6.4 Repos

Did this change in EL 6.5? I did not yet investigate EL 6.5, it
would be huge if you can really setup vdsm on a minimal server install
without additional repos.

Am 16.12.2013 08:27, schrieb Itamar Heim:

you shouldn't have to do *anything* from the host. the gui/engine should
take care of everything. can you reproduce this from the engine on
another host and document the steps for further investigation?


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Sven Kieske]

Is this entirely true?

AFAIK you need ovirt.org repos at the host and ssh must be functional
(network of course too).
at least the ovirt.org repos did not come with EL 6.4 and there were
no ovirt packages in the EL 6.4 Repos

Did this change in EL 6.5? I did not yet investigate EL 6.5, it
would be huge if you can really setup vdsm on a minimal server install
without additional repos.

Am 16.12.2013 08:27, schrieb Itamar Heim:
> you shouldn't have to do *anything* from the host. the gui/engine should
> take care of everything. can you reproduce this from the engine on
> another host and document the steps for further investigation?

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Itamar Heim]

On 12/13/2013 06:04 AM, Ted Miller wrote:



From: users-boun...@ovirt.org  on behalf of Ted Miller 

Sent: Wednesday, November 27, 2013 12:18 PM
To: users@ovirt.org
Subject: [Users] simple networking?

I am trying to set up a testing network using o-virt, but the networking is
refusing to cooperate.  I am testing for possible use in two different
production setups.

My previous experience has been with VMWare.  I have always set up a single
bridged network on each host.  All my hosts, VMs, and non-VM computers were
peers on the LAN.  They could all talk to each other, and things worked very
well.  There was a firewall/gateway that provided access to the Internet, and
hosts, VMs, and could all communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can see each
other?
Is there anywhere that describes the philosophy behind the networking setup?
What reason is there that networks are so divided?

After banging my head against the wall trying to configure just one host, I
am very frustrated.  I have spent several HOURS Googling for a coherent
explanation of how/why networking is supposed to work, but only fine obscure
references like "letting non-VMs see VM traffic would be a huge security
violation".  I have no concept of what king of an installation the o-virt
designers have in mind, but it is obviously worlds different from what I am
trying to do.

The best I can tell, o-virt networking works like this (at least when you
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any other
network.
   the ovirtmgt network cannot talk to VMs (unless that VM is running the
engine)
   the ovirtmgt network can only talk to hosts, not to other non-VM 
computers
a VM network can talk only to VMs
   cannot talk to hosts
   cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that o-virt
puts into every host and VM under its jurisdiction.

All of the above is inferred from things I Googled, because I can't find
anywhere that explains what or how things are supposed to work--only things
telling people WHAT THEY CANT DO.  All I see on the mailing lists is people
getting their hands slapped because they are trying to do SIMPLE SETUPS that
should work, but don't (due to either design restrictions or software bugs).

My use case A:
   * My (2 or 3) hosts have only one physical NIC.
   * My VMs exist to provide services to non-VM computers.
  *  The VMs do not run X-windows, but they provide GUI programs to
non-VMs via "ssh -X" connections.
   * MY VMs need access to storage that is shared with hosts and non-VMs on
the LAN.

Is there some way to TURN OFF network control in o-virt?  My systems are
small and static.  I can hand-configure the networking a whole lot easier
than I can deal with o-virt (as I have used it so far). Mostly I would need
to be able to turn off the firewall rules on both hosts and VMs.

banging head against wall,
Ted
*

I have spent the last three days getting a Centos 6.5 host running under O-virt.

Since the networking was just a small part of this, I am going to open an new 
thread
to discuss the Centos 6.5 host setup process.  Look for a thread titled 
something like
"Centos 6.5 host configuration" if you want the gory details, or want to try if 
for yourself.

My biggest problem is that the o-virt GUI is apparently incapable of setting
up a bridge in Centos, which turned out to be what I needed.  I had to set up 
the
bridge BEFORE adding the host to the ovirt cluster.  If the bridge was not set
up ahead of time, the whole installation failed completely.


you shouldn't have to do *anything* from the host. the gui/engine should 
take care of everything. can you reproduce this from the engine on 
another host and document the steps for further investigation?


thanks,
   Itamar



The bridge was only one of a list of things that had to be done ahead of time, 
in order
for the process to complete correctly.

Ted Miller
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Bob Doolittle]

On 12/13/2013 03:11 PM, Ted Miller wrote:


On 12/13/2013 7:56 AM, Bob Doolittle wrote:


On 12/12/2013 11:04 PM, Ted Miller wrote:


From: users-boun...@ovirt.org  on behalf of 
Ted Miller 

Sent: Wednesday, November 27, 2013 12:18 PM
To: users@ovirt.org
Subject: [Users] simple networking?

I am trying to set up a testing network using o-virt, but the 
networking is

refusing to cooperate.  I am testing for possible use in two different
production setups.

My previous experience has been with VMWare.  I have always set up a 
single
bridged network on each host.  All my hosts, VMs, and non-VM 
computers were
peers on the LAN.  They could all talk to each other, and things 
worked very
well.  There was a firewall/gateway that provided access to the 
Internet, and

hosts, VMs, and could all communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can 
see each

other?
Is there anywhere that describes the philosophy behind the 
networking setup?

What reason is there that networks are so divided?

After banging my head against the wall trying to configure just one 
host, I

am very frustrated.  I have spent several HOURS Googling for a coherent
explanation of how/why networking is supposed to work, but only fine 
obscure
references like "letting non-VMs see VM traffic would be a huge 
security
violation".  I have no concept of what king of an installation the 
o-virt
designers have in mind, but it is obviously worlds different from 
what I am

trying to do.

The best I can tell, o-virt networking works like this (at least 
when you

have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any 
other

network.
   the ovirtmgt network cannot talk to VMs (unless that VM is 
running the

engine)
   the ovirtmgt network can only talk to hosts, not to other 
non-VM computers

a VM network can talk only to VMs
   cannot talk to hosts
   cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that 
o-virt

puts into every host and VM under its jurisdiction.

All of the above is inferred from things I Googled, because I can't 
find
anywhere that explains what or how things are supposed to work--only 
things
telling people WHAT THEY CANT DO.  All I see on the mailing lists is 
people
getting their hands slapped because they are trying to do SIMPLE 
SETUPS that
should work, but don't (due to either design restrictions or 
software bugs).


My use case A:
   * My (2 or 3) hosts have only one physical NIC.
   * My VMs exist to provide services to non-VM computers.
  *  The VMs do not run X-windows, but they provide GUI programs to
non-VMs via "ssh -X" connections.
   * MY VMs need access to storage that is shared with hosts and 
non-VMs on

the LAN.

Is there some way to TURN OFF network control in o-virt?  My systems 
are
small and static.  I can hand-configure the networking a whole lot 
easier
than I can deal with o-virt (as I have used it so far). Mostly I 
would need

to be able to turn off the firewall rules on both hosts and VMs.

banging head against wall,
Ted
*

I have spent the last three days getting a Centos 6.5 host running 
under O-virt.


Since the networking was just a small part of this, I am going to 
open an new thread
to discuss the Centos 6.5 host setup process.  Look for a thread 
titled something like
"Centos 6.5 host configuration" if you want the gory details, or 
want to try if for yourself.


My biggest problem is that the o-virt GUI is apparently incapable of 
setting
up a bridge in Centos, which turned out to be what I needed. I had 
to set up the
bridge BEFORE adding the host to the ovirt cluster.  If the bridge 
was not set

up ahead of time, the whole installation failed completely.

The bridge was only one of a list of things that had to be done 
ahead of time, in order

for the process to complete correctly.


Ted, I have RHEL 6.5 running in a VM, and it can talk to all my VMs 
and hosts on my LAN, and I didn't have to do anything special. I 
didn't define any new networks or bridges or anything of the sort, 
either in oVirt or on my host or engine. It just worked.


I am running RHEL 6.5 on both my engine and my host, as well in this 
particular VM.


-Bob
Do you have the Engine on a separate machine, or did you set up the 
host as an All-In-One?


Did you install 6.5 or upgrade to 6.5?



I have two machines for oVirt. One (Intel i5) is Fedora 19 running a VM 
via libvirt (set to come up on boot so I never use libvirt any more 
directly). In that VM is an RHEL 6.5 guest running Engine (upgraded from 
6.4, although I no longer recall if ovirt-engine was installed before or 
a

Re: [Users] simple networking? [SOLVED] mostly

[Ted Miller]

On 12/13/2013 7:56 AM, Bob Doolittle wrote:


On 12/12/2013 11:04 PM, Ted Miller wrote:


From: users-boun...@ovirt.org  on behalf of Ted 
Miller 

Sent: Wednesday, November 27, 2013 12:18 PM
To: users@ovirt.org
Subject: [Users] simple networking?

I am trying to set up a testing network using o-virt, but the networking is
refusing to cooperate.  I am testing for possible use in two different
production setups.

My previous experience has been with VMWare.  I have always set up a single
bridged network on each host.  All my hosts, VMs, and non-VM computers were
peers on the LAN.  They could all talk to each other, and things worked very
well.  There was a firewall/gateway that provided access to the Internet, and
hosts, VMs, and could all communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can see each
other?
Is there anywhere that describes the philosophy behind the networking setup?
What reason is there that networks are so divided?

After banging my head against the wall trying to configure just one host, I
am very frustrated.  I have spent several HOURS Googling for a coherent
explanation of how/why networking is supposed to work, but only fine obscure
references like "letting non-VMs see VM traffic would be a huge security
violation".  I have no concept of what king of an installation the o-virt
designers have in mind, but it is obviously worlds different from what I am
trying to do.

The best I can tell, o-virt networking works like this (at least when you
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any other
network.
   the ovirtmgt network cannot talk to VMs (unless that VM is running the
engine)
   the ovirtmgt network can only talk to hosts, not to other non-VM 
computers

a VM network can talk only to VMs
   cannot talk to hosts
   cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that o-virt
puts into every host and VM under its jurisdiction.

All of the above is inferred from things I Googled, because I can't find
anywhere that explains what or how things are supposed to work--only things
telling people WHAT THEY CANT DO.  All I see on the mailing lists is people
getting their hands slapped because they are trying to do SIMPLE SETUPS that
should work, but don't (due to either design restrictions or software bugs).

My use case A:
   * My (2 or 3) hosts have only one physical NIC.
   * My VMs exist to provide services to non-VM computers.
  *  The VMs do not run X-windows, but they provide GUI programs to
non-VMs via "ssh -X" connections.
   * MY VMs need access to storage that is shared with hosts and non-VMs on
the LAN.

Is there some way to TURN OFF network control in o-virt?  My systems are
small and static.  I can hand-configure the networking a whole lot easier
than I can deal with o-virt (as I have used it so far). Mostly I would need
to be able to turn off the firewall rules on both hosts and VMs.

banging head against wall,
Ted
*

I have spent the last three days getting a Centos 6.5 host running under 
O-virt.


Since the networking was just a small part of this, I am going to open an 
new thread
to discuss the Centos 6.5 host setup process.  Look for a thread titled 
something like
"Centos 6.5 host configuration" if you want the gory details, or want to 
try if for yourself.


My biggest problem is that the o-virt GUI is apparently incapable of setting
up a bridge in Centos, which turned out to be what I needed.  I had to set 
up the
bridge BEFORE adding the host to the ovirt cluster.  If the bridge was not 
set

up ahead of time, the whole installation failed completely.

The bridge was only one of a list of things that had to be done ahead of 
time, in order

for the process to complete correctly.


Ted, I have RHEL 6.5 running in a VM, and it can talk to all my VMs and 
hosts on my LAN, and I didn't have to do anything special. I didn't define 
any new networks or bridges or anything of the sort, either in oVirt or on 
my host or engine. It just worked.


I am running RHEL 6.5 on both my engine and my host, as well in this 
particular VM.


-Bob
Do you have the Engine on a separate machine, or did you set up the host as 
an All-In-One?


Did you install 6.5 or upgrade to 6.5?

Ted
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking?

[Sven Kieske]

Well,

you seem to have extreme problems in setting this up, so
I write some basic setup which should just work with all vms
and all "hosts" on the same network:

have 2 physical servers, both in the same network (maybe via dhcp or
static, doesn't matter).
Setup on both hosts EL6.4 (6.5 should work too, but I haven't tested that).

On one host install ovirt-engine the following way:

For ovirt to work, the host must resolve his hostname via his IP.
if you do this through /etc/hosts or via DNS is up to you :-)

#Install the repo:

yum -y install
http://resources.ovirt.org/releases/ovirt-release-el.noarch.rpm

#Install EPEL (we need some packages from here):

 yum -y install
http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

#We need these packages from epel:

yum install novnc python-ply python-kitchen python-daemon

#now deactivate epel, in order to install ovirt-engine! Why deactivate?
#EPEL has also some of the ovirt-packages but different versions, so
#avoid conflicts by:

sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo

#now install engine:

yum install ovirt-engine

#and configure it (may start automatically, don't remember that one):

engine-setup

#pay attention to the firewall settings during engine-setup


Now the second host:

Install EL 6.4(6.5 should work too? didn't do this one for now).

#Install EPEL:

yum -y install
http://ftp.tu-chemnitz.de/pub/linux/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
#Install ovirt-repo:
yum -y install
http://resources.ovirt.org/releases/ovirt-release-el.noarch.rpm

depending on where you want your data domain, you may have to create
a directory for it and assign the rights for ovirt to it:

chown -R 36:36 /path/to/local/storage

make sure SSH is setup on both hosts.

Now go to your adminportal:

Create a new datacenter, and a cluster in it.
go to "system"(in the left pane)->"Hosts"(right pane)
Click "New" select Datacenter and Cluster, fill in a name, address(IP or
Resolvable DNS-Name (maybe even via "/etc/hosts")IPv6 doesn't work
afaik), fill in the root password of the remote host.
Click on "advanced parameters", for most users "automatically configure
host firewall" is the right thing.

You can test the connection by clicking "fetch", it should fill in
automatically the ssh_host_key, if it does not, check your network
setup!

Optional you can configure powermanagement (you want that, ovirt
complains a lot without, and it's useful!).

When you click "Ok" the following happens in the background:

engine log ins with root/ssh credentials on the other server, installs
vdsm via repo and automatically configures the ovirtmgmt bridge for you.

(this takes some time)
when this is finished you are ready to deploy vms.
the datacenter, cluster and host get automatically the "ovirtmgmt"
logical network. if you don't create others by hand, your vms in this
dc get the same, if DHCP manages it and you install proper images into
the vms all vms and hosts should "see" everyone on this network.


HTH

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking? [SOLVED] mostly

[Bob Doolittle]

On 12/12/2013 11:04 PM, Ted Miller wrote:


From: users-boun...@ovirt.org  on behalf of Ted Miller 

Sent: Wednesday, November 27, 2013 12:18 PM
To: users@ovirt.org
Subject: [Users] simple networking?

I am trying to set up a testing network using o-virt, but the networking is
refusing to cooperate.  I am testing for possible use in two different
production setups.

My previous experience has been with VMWare.  I have always set up a single
bridged network on each host.  All my hosts, VMs, and non-VM computers were
peers on the LAN.  They could all talk to each other, and things worked very
well.  There was a firewall/gateway that provided access to the Internet, and
hosts, VMs, and could all communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can see each
other?
Is there anywhere that describes the philosophy behind the networking setup?
What reason is there that networks are so divided?

After banging my head against the wall trying to configure just one host, I
am very frustrated.  I have spent several HOURS Googling for a coherent
explanation of how/why networking is supposed to work, but only fine obscure
references like "letting non-VMs see VM traffic would be a huge security
violation".  I have no concept of what king of an installation the o-virt
designers have in mind, but it is obviously worlds different from what I am
trying to do.

The best I can tell, o-virt networking works like this (at least when you
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any other
network.
   the ovirtmgt network cannot talk to VMs (unless that VM is running the
engine)
   the ovirtmgt network can only talk to hosts, not to other non-VM 
computers
a VM network can talk only to VMs
   cannot talk to hosts
   cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that o-virt
puts into every host and VM under its jurisdiction.

All of the above is inferred from things I Googled, because I can't find
anywhere that explains what or how things are supposed to work--only things
telling people WHAT THEY CANT DO.  All I see on the mailing lists is people
getting their hands slapped because they are trying to do SIMPLE SETUPS that
should work, but don't (due to either design restrictions or software bugs).

My use case A:
   * My (2 or 3) hosts have only one physical NIC.
   * My VMs exist to provide services to non-VM computers.
  *  The VMs do not run X-windows, but they provide GUI programs to
non-VMs via "ssh -X" connections.
   * MY VMs need access to storage that is shared with hosts and non-VMs on
the LAN.

Is there some way to TURN OFF network control in o-virt?  My systems are
small and static.  I can hand-configure the networking a whole lot easier
than I can deal with o-virt (as I have used it so far). Mostly I would need
to be able to turn off the firewall rules on both hosts and VMs.

banging head against wall,
Ted
*

I have spent the last three days getting a Centos 6.5 host running under O-virt.

Since the networking was just a small part of this, I am going to open an new 
thread
to discuss the Centos 6.5 host setup process.  Look for a thread titled 
something like
"Centos 6.5 host configuration" if you want the gory details, or want to try if 
for yourself.

My biggest problem is that the o-virt GUI is apparently incapable of setting
up a bridge in Centos, which turned out to be what I needed.  I had to set up 
the
bridge BEFORE adding the host to the ovirt cluster.  If the bridge was not set
up ahead of time, the whole installation failed completely.

The bridge was only one of a list of things that had to be done ahead of time, 
in order
for the process to complete correctly.


Ted, I have RHEL 6.5 running in a VM, and it can talk to all my VMs and 
hosts on my LAN, and I didn't have to do anything special. I didn't 
define any new networks or bridges or anything of the sort, either in 
oVirt or on my host or engine. It just worked.


I am running RHEL 6.5 on both my engine and my host, as well in this 
particular VM.


-Bob


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking?

[Bob Doolittle]

On 12/02/2013 11:39 AM, Ted Miller wrote:

On 11/28/2013 3:54 AM, noc wrote:

On 27-11-2013 18:18, Ted Miller wrote:
I am trying to set up a testing network using o-virt, but the 
networking is refusing to cooperate.  I am testing for possible use 
in two different production setups.


My previous experience has been with VMWare.  I have always set up a 
single bridged network on each host.  All my hosts, VMs, and non-VM 
computers were peers on the LAN.  They could all talk to each other, 
and things worked very well.  There was a firewall/gateway that 
provided access to the Internet, and hosts, VMs, and could all 
communicate with the Internet as needed.


o-virt seems to be compartmentalizing things beyond all reason.
That is a way to use oVirt, but the following simple setup should 
work and give you a way to check against your setup.


I have two setups, one at home and one at work. The one at home is a 
setup of 2 hosts and one of those is a hacked up host/engine.
engine/host1: standard fedora19 kde install, static ip (192.168.1.11) 
configured with my NAS (192.168.1.16) as dhcp/dns server and my 
internet router (192.168.1.254) as gateway
Just make sure that NetworkManager is off and that your interfaces 
are not NM managed, network on.
This was a allinone setup but I got a NAS with NFS so I turned my aio 
setup into a engine/host system. It has problems with that but 
nothing network related.


Host2: same as above but without the engine install, ip:192.168.1.22, 
gw 192.168.1.254 DNS:192.168.1.16.


How does it all come together?
Well in your case, and mine if I were to start over, start with a 
static network which is NOT managed by NetworkManager. Use either 
Fedora or Centos which ever you more comfortable with and it also 
depends on whether you want to test/use all the features in oVirt. 
Currently, there are a few features not available in Centos because 
the versions of libvirt/kvm/qemu/gluster are too old in Centos.
Install ovirt-engine on your first 'server', probably choose NFS as 
your storage domain, either on your engine server or from somewhere 
else on your network. Make sure its nfs-v3 and not v4!, local default 
is v4!
Make sure that ip addresses on you network are resolvable, either 
through /etc/hosts or through DNS! Engine-setup will complain if this 
doesn't work, using localhost will not work either!
On the engine server there will be no bridge and nothing will change 
the network config.


Next the first host.
Prepare the host in a similar way you did the engine server. You can 
choose a minimal install of either Centos or Fedora or install a full 
desktop but make sure that ips are static and NOT managed by 
NetworkManager, hostname resolvable, ovirt repo available.


From the webui add your prepared host and if everything went OK 
you'll see that on that host you will now have a bridge, ovirtmgmt, 
which acts as the primary interface.
Create a VMs and choose ovirtmgmt as a network for its nics, can't 
choose anything else. Either give the VMs a static address or use a 
dhcp server but the VMs should be able to talk to each other, to the 
host(s), the engine and to the internet.


Every host that you add after the first will also has its network 
turned into a bridge, ovirtmgmt, and 
communication/migration/display/etc will take place over this 
network. One caveat, storage domain mapping is from the host to the 
storage, the engine, if it is NOT the NFS server, doesn't have to 
have access to the storage.


If you have servers with more that 1 nic then you can create 
additional networks using the webui of oVirt and assign these to 
clusters and to VMs.


If you need vlans to coexist with ovirtmgmt on the same physical nic, 
I think that is possible but haven't tried it myself. In theory you 
need to setup the network first outside of oVirt, including you vlan 
structure and then install ovirt.


Some concepts:
oVirt engine: is just the manager, does 'nothing' related to running 
VMs itself. You can turn it off and all hosts with their VMs will 
keep running. You just can't start new ones, in short manage them.
oVirt host: is the real workhorse and is managed using oVirt-engine. 
Runs VDSM which communicates with engine and starts/manages the VMs 
on the host on behalf of engine.
oVirt node: is a special slimmed down Fedora distro that includes 
VDSM and a small setup so that it can be used as a oVirt host


People tend to mix and match ovirt-host and ovirt-node which makes 
for nice communication problems :-)


If you haven't done so, there is an irc channel, ovirt, on 
irc.oftc.net with helpful people, if they are awake.


Joop
--
#irc jvandewege

When I get another project out of the way (hopefully this week), I 
will be able to get back to my test setup and try again.  Between your 
info, something I stumbled onto on a blog, and the info from Mike, I 
hope to have enough to make some progress when I take another stab at it.


I'd just like to reiterate what has been

Re: [Users] simple networking?

[Juan Pablo Lorier]

Hi Ted,

I've lost the beggining of the thread so excuse me if I'm wrong about
the topic.
Do you want to get all the vms and host in the same subnet as the rest
of your lan or the hole collision domain?
When you create the logical networks (LN) in ovirt you can check if they
are required or not. If you decide that all your hosts must give access
to some subnet for vm use, you can create a LN, mark it as required in
your data center (DC) and configure it in every host you have in the dc.
Then you have two choices, if you just want the vms to access that
subnet, add it to the host without configuring the ip on the host and
you'll just get a bridge for vm use. If you want the host to use the
bridge also, configure the ip and you'll get both, vms and host to be in
the subnet.
If what you need is to get every vm access to the hole collision domain,
then I don't think you can do it in ovirt as you get a bridge for every
logical network and if you have both, tagged and untagged vlan traffic,
you won't be able use the same nic (or bond) to place mixed LNs (a
limitation I've rised but yet haven't been resolved).
Hope this helps.
Regards,

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking?

[Ted Miller]

Thank you for your response, Mike.  I am slow answering because of the 
American Thanksgiving holiday.  Answers are below.


On 11/28/2013 1:41 AM, Mike Kolesnik wrote:

- Original Message -

I am trying to set up a testing network using o-virt, but the networking is
refusing to cooperate.  I am testing for possible use in two different
production setups.

My previous experience has been with VMWare.  I have always set up a single
bridged network on each host.  All my hosts, VMs, and non-VM computers were
peers on the LAN.  They could all talk to each other, and things worked very
well.  There was a firewall/gateway that provided access to the Internet, and
hosts, VMs, and could all communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can see each
other?
Is there anywhere that describes the philosophy behind the networking setup?
What reason is there that networks are so divided?

Yes there is lack of documentation in this area, it's a shame but given it's an
open source project with an open wiki, everyone is invited to contribute and
improve this.

I'll see if I can get a page started..

Please post a link if you succeed.



After banging my head against the wall trying to configure just one host, I
am very frustrated.  I have spent several HOURS Googling for a coherent
explanation of how/why networking is supposed to work, but only fine obscure
references like "letting non-VMs see VM traffic would be a huge security
violation".  I have no concept of what king of an installation the o-virt
designers have in mind, but it is obviously worlds different from what I am
trying to do.

The best I can tell, o-virt networking works like this (at least when you
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any other
network.
   the ovirtmgt network cannot talk to VMs (unless that VM is running the
engine)
   the ovirtmgt network can only talk to hosts, not to other non-VM
   computers
a VM network can talk only to VMs
   cannot talk to hosts
   cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that o-virt
puts into every host and VM under its jurisdiction.

Not sure what you mean by all these "restrictions", from what I know the 
firewall
rules that are set on each host are to allow host to talk to engine
(ssh, vdsm, VM consoles traffic, etc) no more no less..

Usually the default behavior of firewall is to block almost all communication so
when you add a host and check the "Configure firewall" box it modifies it so 
that
your host can function properly.


I need my host to be on my LAN (for multiple reasons).  Ovirtmgt "stole" the 
LAN connection, and cut off the host from the LAN, a connection which worked 
fine until then.


oVirt has no sense of firewall otherwise. For all it cares you can turn it off
completely, or configure it by yourself (manually or via 
puppet/chef/foreman/etc)
and not use the capability of the system to configure it for you.
How do I keep the engine from reconfiguring the firewall again if I change it 
manually?  I saw a blog post that mentioned being able to uncheck a box (on 
the o-virt web GUI) called "configure IPTables". That /might/ be what I 
need.  I didn't see that box, but I wasn't looking for it (and at the moment 
I don't have o-virt available to me).

You can also change it so that it uses the rules you want by modifying
IPTablesConfig via engine-config tool.


Where can I find documentation on changing firewall rules using engine-config?

From what I understand, I want my LAN to be my non-VLAN bridge.  Can I move 
the ovirtmgt functionality to run over the LAN, or can I/will I have to put 
ovirt-mgt onto a VLAN?

All of the above is inferred from things I Googled, because I can't find
anywhere that explains what or how things are supposed to work--only things
telling people WHAT THEY CANT DO.  All I see on the mailing lists is people
getting their hands slapped because they are trying to do SIMPLE SETUPS that
should work, but don't (due to either design restrictions or software bugs).
My use case A:
   * My (2 or 3) hosts have only one physical NIC.
   * My VMs exist to provide services to non-VM computers.
  *  The VMs do not run X-windows, but they provide GUI programs to
non-VMs via "ssh -X" connections.
   * MY VMs need access to storage that is shared with hosts and non-VMs on
the LAN.

Your VMs will be sitting on the ovirtmgmt network, or on a VLAN?
I want them to sit on the LAN (which may be ovirtmgt, if I can get the IP 
filtering turned off).  If they have to be on something else too, that is OK, 
as long as it does not interfere with them being on the LAN.


FYI, the LANs on both of my applications are fairly small.  One of them less 
than 10 nodes, the other less than 

Re: [Users] simple networking?

[Sven Kieske]

Hi,

Am 02.12.2013 17:24, schrieb Ted Miller:> That still doesn't offer what
I need: VMs and host all talking on LAN to
> all other LAN residents.

that should work out of the box, but depends on your setup, of course.

without further details about your environment, nobody can help you, I'm
afraid.

So I ask you for:

your OS-Versions, IP-Ranges, ovirt-engine and vdsm versions
and how exactly did you install engine and vdsm and how did you
register compute nodes to the engine, etc. ?

Which VM-OS did you install and how? how did you setup networking
in ovirt?

I really don't know how anyone could help you without this information,
beside wild guessing.



-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking?

[Ted Miller]

On 11/28/2013 3:54 AM, noc wrote:

On 27-11-2013 18:18, Ted Miller wrote:
I am trying to set up a testing network using o-virt, but the networking 
is refusing to cooperate.  I am testing for possible use in two different 
production setups.


My previous experience has been with VMWare.  I have always set up a 
single bridged network on each host.  All my hosts, VMs, and non-VM 
computers were peers on the LAN.  They could all talk to each other, and 
things worked very well.  There was a firewall/gateway that provided 
access to the Internet, and hosts, VMs, and could all communicate with the 
Internet as needed.


o-virt seems to be compartmentalizing things beyond all reason.
That is a way to use oVirt, but the following simple setup should work and 
give you a way to check against your setup.


I have two setups, one at home and one at work. The one at home is a setup 
of 2 hosts and one of those is a hacked up host/engine.
engine/host1: standard fedora19 kde install, static ip (192.168.1.11) 
configured with my NAS (192.168.1.16) as dhcp/dns server and my internet 
router (192.168.1.254) as gateway
Just make sure that NetworkManager is off and that your interfaces are not 
NM managed, network on.
This was a allinone setup but I got a NAS with NFS so I turned my aio setup 
into a engine/host system. It has problems with that but nothing network 
related.


Host2: same as above but without the engine install, ip:192.168.1.22, gw 
192.168.1.254 DNS:192.168.1.16.


How does it all come together?
Well in your case, and mine if I were to start over, start with a static 
network which is NOT managed by NetworkManager. Use either Fedora or Centos 
which ever you more comfortable with and it also depends on whether you 
want to test/use all the features in oVirt. Currently, there are a few 
features not available in Centos because the versions of 
libvirt/kvm/qemu/gluster are too old in Centos.
Install ovirt-engine on your first 'server', probably choose NFS as your 
storage domain, either on your engine server or from somewhere else on your 
network. Make sure its nfs-v3 and not v4!, local default is v4!
Make sure that ip addresses on you network are resolvable, either through 
/etc/hosts or through DNS! Engine-setup will complain if this doesn't work, 
using localhost will not work either!
On the engine server there will be no bridge and nothing will change the 
network config.


Next the first host.
Prepare the host in a similar way you did the engine server. You can choose 
a minimal install of either Centos or Fedora or install a full desktop but 
make sure that ips are static and NOT managed by NetworkManager, hostname 
resolvable, ovirt repo available.


From the webui add your prepared host and if everything went OK you'll see 
that on that host you will now have a bridge, ovirtmgmt, which acts as the 
primary interface.
Create a VMs and choose ovirtmgmt as a network for its nics, can't choose 
anything else. Either give the VMs a static address or use a dhcp server 
but the VMs should be able to talk to each other, to the host(s), the 
engine and to the internet.


Every host that you add after the first will also has its network turned 
into a bridge, ovirtmgmt, and communication/migration/display/etc will take 
place over this network. One caveat, storage domain mapping is from the 
host to the storage, the engine, if it is NOT the NFS server, doesn't have 
to have access to the storage.


If you have servers with more that 1 nic then you can create additional 
networks using the webui of oVirt and assign these to clusters and to VMs.


If you need vlans to coexist with ovirtmgmt on the same physical nic, I 
think that is possible but haven't tried it myself. In theory you need to 
setup the network first outside of oVirt, including you vlan structure and 
then install ovirt.


Some concepts:
oVirt engine: is just the manager, does 'nothing' related to running VMs 
itself. You can turn it off and all hosts with their VMs will keep running. 
You just can't start new ones, in short manage them.
oVirt host: is the real workhorse and is managed using oVirt-engine. Runs 
VDSM which communicates with engine and starts/manages the VMs on the host 
on behalf of engine.
oVirt node: is a special slimmed down Fedora distro that includes VDSM and 
a small setup so that it can be used as a oVirt host


People tend to mix and match ovirt-host and ovirt-node which makes for nice 
communication problems :-)


If you haven't done so, there is an irc channel, ovirt, on irc.oftc.net 
with helpful people, if they are awake.


Joop
--
#irc jvandewege

When I get another project out of the way (hopefully this week), I will be 
able to get back to my test setup and try again.  Between your info, 
something I stumbled onto on a blog, and the info from Mike, I hope to have 
enough to make some progress when I take another stab at it.


Ted Miller

___
Users mailing list
Users@ov

Re: [Users] simple networking?

[Ted Miller]

On 11/27/2013 4:35 PM, Thomas Suckow wrote:

On 11/27/2013 01:00 PM, Ted Miller wrote:

I am not using an all-in-one.

Do you have more than one host?  If not, that is a very different story,
because it only has to "talk to itself".  I have the engine on a VM (at the
moment on a KVM host not managed by ovirt).  I was trying to bring up one
host, but couldn't get past that point.  Will then have to add another host,
and migrate the engine to running on one of those two hosts.
Ted Miller

I don't currently, I had dabbled with adding another host but found out the
other server had a different processor and removed it. That said, my vms
can talk to eachother and the host can talk to vms and vice versa.


That still doesn't offer what I need: VMs and host all talking on LAN to all 
other LAN residents.



It works better than when I just used virt-manager.

After setting up the bridge on the host does it lose all network connectivity?


No, it could still talk to ovirt-engine.  It seemed to work the way o-virt 
wanted it to, just not the way I need it to.



If so it may be the same issue I was having where I had to manually
manipulate the network configuration to fix the bridge.


Thanks for the answer,
Ted Miller

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking?

[noc]

Resend to the list for others to benefit, I hope :-)

Joop


On 27-11-2013 18:18, Ted Miller wrote:

I am trying to set up a testing network using o-virt, but the
networking is refusing to cooperate.  I am testing for possible use in
two different production setups.

My previous experience has been with VMWare.  I have always set up a
single bridged network on each host.  All my hosts, VMs, and non-VM
computers were peers on the LAN.  They could all talk to each other,
and things worked very well.  There was a firewall/gateway that
provided access to the Internet, and hosts, VMs, and could all
communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
That is a way to use oVirt, but the following simple setup should work 
and give you a way to check against your setup.


I have two setups, one at home and one at work. The one at home is a 
setup of 2 hosts and one of those is a hacked up host/engine.
engine/host1: standard fedora19 kde install, static ip (192.168.1.11) 
configured with my NAS (192.168.1.16) as dhcp/dns server and my internet 
router (192.168.1.254) as gateway
Just make sure that NetworkManager is off and that your interfaces are 
not NM managed, network on.
This was a allinone setup but I got a NAS with NFS so I turned my aio 
setup into a engine/host system. It has problems with that but nothing 
network related.


Host2: same as above but without the engine install, ip:192.168.1.22, gw 
192.168.1.254 DNS:192.168.1.16.


How does it all come together?
Well in your case, and mine if I were to start over, start with a static 
network which is NOT managed by NetworkManager. Use either Fedora or 
Centos which ever you more comfortable with and it also depends on 
whether you want to test/use all the features in oVirt. Currently, there 
are a few features not available in Centos because the versions of 
libvirt/kvm/qemu/gluster are too old in Centos.
Install ovirt-engine on your first 'server', probably choose NFS as your 
storage domain, either on your engine server or from somewhere else on 
your network. Make sure its nfs-v3 and not v4!, local default is v4!
Make sure that ip addresses on you network are resolvable, either 
through /etc/hosts or through DNS! Engine-setup will complain if this 
doesn't work, using localhost will not work either!
On the engine server there will be no bridge and nothing will change the 
network config.


Next the first host.
Prepare the host in a similar way you did the engine server. You can 
choose a minimal install of either Centos or Fedora or install a full 
desktop but make sure that ips are static and NOT managed by 
NetworkManager, hostname resolvable, ovirt repo available.


From the webui add your prepared host and if everything went OK you'll 
see that on that host you will now have a bridge, ovirtmgmt, which acts 
as the primary interface.
Create a VMs and choose ovirtmgmt as a network for its nics, can't 
choose anything else. Either give the VMs a static address or use a dhcp 
server but the VMs should be able to talk to each other, to the host(s), 
the engine and to the internet.


Every host that you add after the first will also has its network turned 
into a bridge, ovirtmgmt, and communication/migration/display/etc will 
take place over this network. One caveat, storage domain mapping is from 
the host to the storage, the engine, if it is NOT the NFS server, 
doesn't have to have access to the storage.


If you have servers with more that 1 nic then you can create additional 
networks using the webui of oVirt and assign these to clusters and to VMs.


If you need vlans to coexist with ovirtmgmt on the same physical nic, I 
think that is possible but haven't tried it myself. In theory you need 
to setup the network first outside of oVirt, including you vlan 
structure and then install ovirt.


Some concepts:
oVirt engine: is just the manager, does 'nothing' related to running VMs 
itself. You can turn it off and all hosts with their VMs will keep 
running. You just can't start new ones, in short manage them.
oVirt host: is the real workhorse and is managed using oVirt-engine. 
Runs VDSM which communicates with engine and starts/manages the VMs on 
the host on behalf of engine.
oVirt node: is a special slimmed down Fedora distro that includes VDSM 
and a small setup so that it can be used as a oVirt host


People tend to mix and match ovirt-host and ovirt-node which makes for 
nice communication problems :-)


If you haven't done so, there is an irc channel, ovirt, on irc.oftc.net 
with helpful people, if they are awake.


Joop
--
#irc jvandewege

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking?

[Mike Kolesnik]

- Original Message -
> I am trying to set up a testing network using o-virt, but the networking is
> refusing to cooperate.  I am testing for possible use in two different
> production setups.
> 
> My previous experience has been with VMWare.  I have always set up a single
> bridged network on each host.  All my hosts, VMs, and non-VM computers were
> peers on the LAN.  They could all talk to each other, and things worked very
> well.  There was a firewall/gateway that provided access to the Internet, and
> hosts, VMs, and could all communicate with the Internet as needed.
> 
> o-virt seems to be compartmentalizing things beyond all reason.
> Is there any way to set up simple networking, so ALL computers can see each
> other?
> Is there anywhere that describes the philosophy behind the networking setup?
> What reason is there that networks are so divided?

Yes there is lack of documentation in this area, it's a shame but given it's an
open source project with an open wiki, everyone is invited to contribute and
improve this.

I'll see if I can get a page started..

> 
> After banging my head against the wall trying to configure just one host, I
> am very frustrated.  I have spent several HOURS Googling for a coherent
> explanation of how/why networking is supposed to work, but only fine obscure
> references like "letting non-VMs see VM traffic would be a huge security
> violation".  I have no concept of what king of an installation the o-virt
> designers have in mind, but it is obviously worlds different from what I am
> trying to do.
> 
> The best I can tell, o-virt networking works like this (at least when you
> have only one NIC):
> there must be an ovirtmgt network, which cannot be combined with any other
> network.
>   the ovirtmgt network cannot talk to VMs (unless that VM is running the
> engine)
>   the ovirtmgt network can only talk to hosts, not to other non-VM
>   computers
> a VM network can talk only to VMs
>   cannot talk to hosts
>   cannot talk to non-VMs
> hosts cannot talk to my LAN
> hosts cannot talk to VMs
> VMs cannot talk to my LAN
> All of the above are enforced by a boatload of firewall rules that o-virt
> puts into every host and VM under its jurisdiction.

Not sure what you mean by all these "restrictions", from what I know the 
firewall
rules that are set on each host are to allow host to talk to engine
(ssh, vdsm, VM consoles traffic, etc) no more no less..

Usually the default behavior of firewall is to block almost all communication so
when you add a host and check the "Configure firewall" box it modifies it so 
that
your host can function properly.

oVirt has no sense of firewall otherwise. For all it cares you can turn it off
completely, or configure it by yourself (manually or via 
puppet/chef/foreman/etc)
and not use the capability of the system to configure it for you.

You can also change it so that it uses the rules you want by modifying
IPTablesConfig via engine-config tool.

> 
> All of the above is inferred from things I Googled, because I can't find
> anywhere that explains what or how things are supposed to work--only things
> telling people WHAT THEY CANT DO.  All I see on the mailing lists is people
> getting their hands slapped because they are trying to do SIMPLE SETUPS that
> should work, but don't (due to either design restrictions or software bugs).

What slaps did you see?
What simple setups don't work?

> 
> My use case A:
>   * My (2 or 3) hosts have only one physical NIC.
>   * My VMs exist to provide services to non-VM computers.
>  *  The VMs do not run X-windows, but they provide GUI programs to
> non-VMs via "ssh -X" connections.
>   * MY VMs need access to storage that is shared with hosts and non-VMs on
> the LAN.

Your VMs will be sitting on the ovirtmgmt network, or on a VLAN?

If you want to use VLANs for the VM traffic, you can configure the management
network to be non-VM thus allowing you to put VLANs on the same NIC this
network is occupying (just make sure to sync it first, because changes aren't
applied automatically to the hosts, yet).

In my small setup, the VMs are not on VLAN and can talk to all other machines
on the LAN via SSH and I didn't configure anything special on host level..

> 
> Is there some way to TURN OFF network control in o-virt?  My systems are
> small and static.  I can hand-configure the networking a whole lot easier
> than I can deal with o-virt (as I have used it so far). Mostly I would need
> to be able to turn off the firewall rules on both hosts and VMs.
> 
> banging head against wall,

Try not to break the wall (or your head) ;)

> Ted
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] simple networking?

[Thomas Suckow]

On 11/27/2013 09:18 AM, Ted Miller wrote:

I am trying to set up a testing network using o-virt, but the networking is
refusing to cooperate.  I am testing for possible use in two different
production setups.

My previous experience has been with VMWare.  I have always set up a single
bridged network on each host.  All my hosts, VMs, and non-VM computers were
peers on the LAN.  They could all talk to each other, and things worked very
well.  There was a firewall/gateway that provided access to the Internet, and
hosts, VMs, and could all communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can see each
other?
Is there anywhere that describes the philosophy behind the networking setup?
What reason is there that networks are so divided?

After banging my head against the wall trying to configure just one host, I
am very frustrated.  I have spent several HOURS Googling for a coherent
explanation of how/why networking is supposed to work, but only fine obscure
references like "letting non-VMs see VM traffic would be a huge security
violation".  I have no concept of what king of an installation the o-virt
designers have in mind, but it is obviously worlds different from what I am
trying to do.

The best I can tell, o-virt networking works like this (at least when you
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any other
network.
   the ovirtmgt network cannot talk to VMs (unless that VM is running the
engine)
   the ovirtmgt network can only talk to hosts, not to other non-VM 
computers
a VM network can talk only to VMs
   cannot talk to hosts
   cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that o-virt
puts into every host and VM under its jurisdiction.

All of the above is inferred from things I Googled, because I can't find
anywhere that explains what or how things are supposed to work--only things
telling people WHAT THEY CANT DO.  All I see on the mailing lists is people
getting their hands slapped because they are trying to do SIMPLE SETUPS that
should work, but don't (due to either design restrictions or software bugs).

My use case A:
   * My (2 or 3) hosts have only one physical NIC.
   * My VMs exist to provide services to non-VM computers.
  *  The VMs do not run X-windows, but they provide GUI programs to
non-VMs via "ssh -X" connections.
   * MY VMs need access to storage that is shared with hosts and non-VMs on
the LAN.

Is there some way to TURN OFF network control in o-virt?  My systems are
small and static.  I can hand-configure the networking a whole lot easier
than I can deal with o-virt (as I have used it so far). Mostly I would need
to be able to turn off the firewall rules on both hosts and VMs.

banging head against wall,
Ted

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Odd, All my VMs/Hosts (They also only have one nic) can talk to each 
other and I don't see any rules trying to prevent this in iptables. 
Also, unless there is some feature I don't know about, ovirt doesn't 
screw with VM internals. My ovirtmgt network is the same as my main network.


¯\(°_°)/¯

-
Thomas
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[Users] simple networking?

[Ted Miller]

I am trying to set up a testing network using o-virt, but the networking is 
refusing to cooperate.  I am testing for possible use in two different 
production setups.


My previous experience has been with VMWare.  I have always set up a single 
bridged network on each host.  All my hosts, VMs, and non-VM computers were 
peers on the LAN.  They could all talk to each other, and things worked very 
well.  There was a firewall/gateway that provided access to the Internet, and 
hosts, VMs, and could all communicate with the Internet as needed.


o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can see each 
other?

Is there anywhere that describes the philosophy behind the networking setup?
What reason is there that networks are so divided?

After banging my head against the wall trying to configure just one host, I 
am very frustrated.  I have spent several HOURS Googling for a coherent 
explanation of how/why networking is supposed to work, but only fine obscure 
references like "letting non-VMs see VM traffic would be a huge security 
violation".  I have no concept of what king of an installation the o-virt 
designers have in mind, but it is obviously worlds different from what I am 
trying to do.


The best I can tell, o-virt networking works like this (at least when you 
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any other 
network.
 the ovirtmgt network cannot talk to VMs (unless that VM is running the 
engine)

 the ovirtmgt network can only talk to hosts, not to other non-VM computers
a VM network can talk only to VMs
 cannot talk to hosts
 cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that o-virt 
puts into every host and VM under its jurisdiction.


All of the above is inferred from things I Googled, because I can't find 
anywhere that explains what or how things are supposed to work--only things 
telling people WHAT THEY CANT DO.  All I see on the mailing lists is people 
getting their hands slapped because they are trying to do SIMPLE SETUPS that 
should work, but don't (due to either design restrictions or software bugs).


My use case A:
 * My (2 or 3) hosts have only one physical NIC.
 * My VMs exist to provide services to non-VM computers.
*  The VMs do not run X-windows, but they provide GUI programs to 
non-VMs via "ssh -X" connections.
 * MY VMs need access to storage that is shared with hosts and non-VMs on 
the LAN.


Is there some way to TURN OFF network control in o-virt?  My systems are 
small and static.  I can hand-configure the networking a whole lot easier 
than I can deal with o-virt (as I have used it so far). Mostly I would need 
to be able to turn off the firewall rules on both hosts and VMs.


banging head against wall,
Ted

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users