Re: [ovirt-users] MAC spoofing for specific VMs
On Thu, Mar 10, 2016 at 04:57:01PM -0500, Christopher Young wrote: > Does anyone see a reason why simply installing the EL7 latest rpm for > this on an ovirt node/RHEV-H system would not work or would be a bad > solution to getting this working with ovirt-node/RHEV-H? I don't want > to do something that is either lost on reboot or would cause issues in > the future. > > Thoughts? I do not see a problem in that, but please note that we plan a fully-fledged integration of this feature in our next release. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] MAC spoofing for specific VMs
Does anyone see a reason why simply installing the EL7 latest rpm for this on an ovirt node/RHEV-H system would not work or would be a bad solution to getting this working with ovirt-node/RHEV-H? I don't want to do something that is either lost on reboot or would cause issues in the future. Thoughts? On Tue, May 12, 2015 at 2:24 PM, Christopher Youngwrote: > Yep. I had found that and applied it. Great solution! I actually wrote > about it to the zen load balancer list. I will add it here for > semi-documentation: > > -- > just wanted to follow-up so that it is documented on how to get this > working on oVirt/RHEV. I had to install a VDSM hook to allow mac-spoofing > as a VM custom property like so (on each node): > > yum install vdsm-hook-macspoof > > That requires a restart of vdsmd on the node as well as a process on the > oVirt/RHEV engine: > > engine-config -s "UserDefinedVMProperties=macspoof=(true|false)" > > Which then requires a restart of the oVirt/RHEV engine. > > After that, there will be an available custom properly on the VM called > 'macspoof' that can be set to 'true'. Once I did this and shutdown/powered > on the VMs, the cluster setup now completes successfully. You learn > something every day. > > Thanks for pointing me in the right direction. The one thing I wish I had > on these VMs is the ovirt-guest-agent which would likely work except that > Debian 6 doesn't seem to have python-ethtool package/deps. If there are any > plans to update the version of Debian that ZLB is based on, let me know. > > - > > On Tue, May 12, 2015 at 5:43 AM, Dan Kenigsberg wrote: >> >> On Mon, May 11, 2015 at 02:12:22PM -0400, Christopher Young wrote: >> > I'm working on some load-balancing solutions and they appear to require >> > MAC >> > spoofing. I did some searching and reading and as I understand it, you >> > can >> > disable the MAC spoofing protection through a few methods. >> > >> > I was wondering about the best manner to enable this for the VMs that >> > require it and not across the board (if that is even possible). I'd >> > like >> > to just allow my load-balancer VMs to do what they need to, but keep the >> > others untouched as a security mechanism. >> > >> > If anyone has any advice on the best method to handle this scenario, I >> > would greatly appreciate it. It seems that this might turn into some >> > type >> > of feature request, though I'm not sure if this is something that has to >> > be >> > done at the Linux bridge level, the port level, or the VM level. Any >> > explanations into that would also help in my education. >> >> You can enable mac spoofing per VM or per vNIC using vdsm-hook-macspoof. >> See more details on the hook's README file >> >> >> https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/macspoof/README;h=6bd11c1cb8ba2603d432fc8826eeb35738136c92;hb=79781a1945ceff6849a6a2b66cb5c4a1a5f8d874 > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] MAC spoofing for specific VMs
- Original Message - From: Christopher Young mexigaba...@gmail.com To: users@ovirt.org Sent: Monday, May 11, 2015 8:12:22 PM Subject: [ovirt-users] MAC spoofing for specific VMs I'm working on some load-balancing solutions and they appear to require MAC spoofing. I did some searching and reading and as I understand it, you can disable the MAC spoofing protection through a few methods. I was wondering about the best manner to enable this for the VMs that require it and not across the board (if that is even possible). I'd like to just allow my load-balancer VMs to do what they need to, but keep the others untouched as a security mechanism. If anyone has any advice on the best method to handle this scenario, I would greatly appreciate it. It seems that this might turn into some type of feature request, though I'm not sure if this is something that has to be done at the Linux bridge level, the port level, or the VM level. Any explanations into that would also help in my education. You can do it with vdsm-hook-macspoof. You need to install it on all the involved host than you can control its behavior at VM level and also at device/interface level. Please follow the instruction here at VM-level hooks section to create a custom property to control it: http://www.ovirt.org/Vdsm_Hooks#VM-level_hooks Thanks, Chris ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] MAC spoofing for specific VMs
Yep. I had found that and applied it. Great solution! I actually wrote about it to the zen load balancer list. I will add it here for semi-documentation: -- just wanted to follow-up so that it is documented on how to get this working on oVirt/RHEV. I had to install a VDSM hook to allow mac-spoofing as a VM custom property like so (on each node): yum install vdsm-hook-macspoof That requires a restart of vdsmd on the node as well as a process on the oVirt/RHEV engine: engine-config -s UserDefinedVMProperties=macspoof=(true|false) Which then requires a restart of the oVirt/RHEV engine. After that, there will be an available custom properly on the VM called 'macspoof' that can be set to 'true'. Once I did this and shutdown/powered on the VMs, the cluster setup now completes successfully. You learn something every day. Thanks for pointing me in the right direction. The one thing I wish I had on these VMs is the ovirt-guest-agent which would likely work except that Debian 6 doesn't seem to have python-ethtool package/deps. If there are any plans to update the version of Debian that ZLB is based on, let me know. - On Tue, May 12, 2015 at 5:43 AM, Dan Kenigsberg dan...@redhat.com wrote: On Mon, May 11, 2015 at 02:12:22PM -0400, Christopher Young wrote: I'm working on some load-balancing solutions and they appear to require MAC spoofing. I did some searching and reading and as I understand it, you can disable the MAC spoofing protection through a few methods. I was wondering about the best manner to enable this for the VMs that require it and not across the board (if that is even possible). I'd like to just allow my load-balancer VMs to do what they need to, but keep the others untouched as a security mechanism. If anyone has any advice on the best method to handle this scenario, I would greatly appreciate it. It seems that this might turn into some type of feature request, though I'm not sure if this is something that has to be done at the Linux bridge level, the port level, or the VM level. Any explanations into that would also help in my education. You can enable mac spoofing per VM or per vNIC using vdsm-hook-macspoof. See more details on the hook's README file https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/macspoof/README;h=6bd11c1cb8ba2603d432fc8826eeb35738136c92;hb=79781a1945ceff6849a6a2b66cb5c4a1a5f8d874 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] MAC spoofing for specific VMs
On Mon, May 11, 2015 at 02:12:22PM -0400, Christopher Young wrote: I'm working on some load-balancing solutions and they appear to require MAC spoofing. I did some searching and reading and as I understand it, you can disable the MAC spoofing protection through a few methods. I was wondering about the best manner to enable this for the VMs that require it and not across the board (if that is even possible). I'd like to just allow my load-balancer VMs to do what they need to, but keep the others untouched as a security mechanism. If anyone has any advice on the best method to handle this scenario, I would greatly appreciate it. It seems that this might turn into some type of feature request, though I'm not sure if this is something that has to be done at the Linux bridge level, the port level, or the VM level. Any explanations into that would also help in my education. You can enable mac spoofing per VM or per vNIC using vdsm-hook-macspoof. See more details on the hook's README file https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/macspoof/README;h=6bd11c1cb8ba2603d432fc8826eeb35738136c92;hb=79781a1945ceff6849a6a2b66cb5c4a1a5f8d874 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] MAC spoofing for specific VMs
I'm working on some load-balancing solutions and they appear to require MAC spoofing. I did some searching and reading and as I understand it, you can disable the MAC spoofing protection through a few methods. I was wondering about the best manner to enable this for the VMs that require it and not across the board (if that is even possible). I'd like to just allow my load-balancer VMs to do what they need to, but keep the others untouched as a security mechanism. If anyone has any advice on the best method to handle this scenario, I would greatly appreciate it. It seems that this might turn into some type of feature request, though I'm not sure if this is something that has to be done at the Linux bridge level, the port level, or the VM level. Any explanations into that would also help in my education. Thanks, Chris ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users