________________________________________
From: users-boun...@ovirt.org <users-boun...@ovirt.org> on behalf of
Ted Miller <tmil...@hcjb.org>
Sent: Wednesday, November 27, 2013 12:18 PM
To: users@ovirt.org
Subject: [Users] simple networking?
I am trying to set up a testing network using o-virt, but the
networking is
refusing to cooperate. I am testing for possible use in two different
production setups.
My previous experience has been with VMWare. I have always set up a
single
bridged network on each host. All my hosts, VMs, and non-VM
computers were
peers on the LAN. They could all talk to each other, and things
worked very
well. There was a firewall/gateway that provided access to the
Internet, and
hosts, VMs, and could all communicate with the Internet as needed.
o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can
see each
other?
Is there anywhere that describes the philosophy behind the
networking setup?
What reason is there that networks are so divided?
After banging my head against the wall trying to configure just one
host, I
am very frustrated. I have spent several HOURS Googling for a coherent
explanation of how/why networking is supposed to work, but only fine
obscure
references like "letting non-VMs see VM traffic would be a huge
security
violation". I have no concept of what king of an installation the
o-virt
designers have in mind, but it is obviously worlds different from
what I am
trying to do.
The best I can tell, o-virt networking works like this (at least
when you
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any
other
network.
the ovirtmgt network cannot talk to VMs (unless that VM is
running the
engine)
the ovirtmgt network can only talk to hosts, not to other
non-VM computers
a VM network can talk only to VMs
cannot talk to hosts
cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that
o-virt
puts into every host and VM under its jurisdiction.
All of the above is inferred from things I Googled, because I can't
find
anywhere that explains what or how things are supposed to work--only
things
telling people WHAT THEY CANT DO. All I see on the mailing lists is
people
getting their hands slapped because they are trying to do SIMPLE
SETUPS that
should work, but don't (due to either design restrictions or
software bugs).
My use case A:
* My (2 or 3) hosts have only one physical NIC.
* My VMs exist to provide services to non-VM computers.
* The VMs do not run X-windows, but they provide GUI programs to
non-VMs via "ssh -X" connections.
* MY VMs need access to storage that is shared with hosts and
non-VMs on
the LAN.
Is there some way to TURN OFF network control in o-virt? My systems
are
small and static. I can hand-configure the networking a whole lot
easier
than I can deal with o-virt (as I have used it so far). Mostly I
would need
to be able to turn off the firewall rules on both hosts and VMs.
banging head against wall,
Ted
*********************************************************
I have spent the last three days getting a Centos 6.5 host running
under O-virt.
Since the networking was just a small part of this, I am going to
open an new thread
to discuss the Centos 6.5 host setup process. Look for a thread
titled something like
"Centos 6.5 host configuration" if you want the gory details, or
want to try if for yourself.
My biggest problem is that the o-virt GUI is apparently incapable of
setting
up a bridge in Centos, which turned out to be what I needed. I had
to set up the
bridge BEFORE adding the host to the ovirt cluster. If the bridge
was not set
up ahead of time, the whole installation failed completely.
The bridge was only one of a list of things that had to be done
ahead of time, in order
for the process to complete correctly.
