Can't tell you right now off the top of my head, but try to do it from
the UI to your liking, then see in management-server.log and api.log
what calls are being done and try to do the same from a cloudmonkey/api
script later for your automation.
---
Nux
www.nux.ro [1]
On 2022-10-19 09:02, jordan j wrote:
Thank you Nux,
That is fine as long as I can configure Advanced Zone + Security
Groups, have one flat network and have a VR providing DNS, DHCP and
USERDATA.
And that is built on top of XCP-NG.
btw is there any example cli code on how to create an advanced zone
with security groups enabled?
I created a script that deploys such a zone + mgm and guest network +
pod + cluster and joins a host but as soon as i go to networks and try
to deploy one i don't see the network offering for Shared Network with
Security groups.
When I deploy the same config from the GUI I can see that offering.
I wonder what enables/disables ACS showing network offerings in the
network pane.
Regards,
Jordan
On Tue, Oct 18, 2022 at 3:29 PM Nux <n...@li.nux.ro> wrote:
Jordan,
If you want Security Groups, then what you want is either a Basic zone
(better avoided) or an Advanced Zone with Security Groups.
Please note, an advanced zone with SG will use flat networks and the VR
does not do any routing or other advanced services - like load
balanced, firewall etc.
---
Nux
www.nux.ro [1]
On 2022-10-18 13:26, jordan j wrote:
Thanks Wei,
that has already been increased to 20 . The question is the hypervisor
interfaces per vm as each network uses 1.
@Nux in regards to the security groups for XCP-NG is this only for
Basic Zone or Advanced zoning too?
Documentation says KVM only for advanced zoning.
regards,
Jordan
On Tue, Oct 18, 2022 at 3:21 PM Wei ZHOU <ustcweiz...@gmail.com> wrote:
Hi jordan,
There is a global configuration `vpc.max.networks` to manage it.
Kind regards,
Wei
On Tue, 18 Oct 2022 at 14:15, jordan j <yordan...@gmail.com> wrote:
Thanks Nux,
Great thing i will play with that :)
I am experimenting with VPC designs and as I was making some test
networks
i stumpbed that a VPC cannot have more than 5 networks (VM has 7
interfaces
max - 2 for mgm and public, 5 for guest)?
As far as i know KVM Supports the most per vm - 28 where vmware does
10 (as
far as i remember) so it seems pretty possible for one to exceed that
amount of networks.
What if I want to have 20 or 100 networks inside a vpc? Is there a
technical setup that allows that?
Regards,
Jordan
On Tue, Oct 18, 2022 at 3:01 PM Nux <n...@li.nux.ro> wrote:
Hello,
AFAIK you can have a security group zone with XCP, though you must
make
sure you use bridges for your network, not openvswitch.
---
Nux
www.nux.ro [1]
On 2022-10-17 11:26, jordan j wrote:
> Hey everyone,
>
> Do you have any proposals for securing vms within the same
> network?
> I know security groups feature is only available in KVM but we
> are
> using XCP-NG for our ACS environment.
>
> Best regards,
> Jordan
Links:
------
[1] http://www.nux.ro
