[Users] ovirt and NAT/Internal Networks

Dead Horse deadhorseconsulting at gmail.com
Wed Apr 25 15:14:48 EDT 2012 

Did some further refining and testing on this.

I found that all that needed to be done to create a NAT or private network
for your ovirt guests is (in this example we create a NAT network):

1) Login into your ovirt nodes (all will need to have this created
consistently across them.
2) connect to qemu/libvirt with "virsh"
3) virsh# connect qemu:///system
4) username is: vdsm at rhevh
5) password is found in the file /etc/pki/vdsm/keys/libvirt_password
6) Create a network  xml definition like so (in this example NAT):
<network>
    <name>nat</name>
    <uuid>b09d09a8-ebbd-476d-9045-e66012c9e83d</uuid>
    <forward mode='nat'/>
    <bridge name='natbr0' stp='on' delay='0' />
    <mac address='52:54:00:9D:82:DE'/>
    <ip address='192.168.1.1' netmask='255.255.255.0'>
        <dhcp>
            <range start='192.168.1.2' end='192.168.1.250' />
        </dhcp>
    </ip>
</network>
7) Save the network definition at /etc/libvirt/qemu/networks (EX:
/etc/libvirt/qemu/networks/nat.xml)
8) Add the network: virsh# net-define /etc/libvirt/qemu/networks/nat.xml)
9) Set the network to autostart: virsh# net-autostart nat.xml
10) If this is NAT you will need to enable packet forwarding in
/etc/sysctl.conf (EG: set net.ipv4.ip_forward = 1)
11) If you don't want the reboot the host for this to take effect do: echo
'1' > /proc/sys/net/ipv4/ip_forward
12) In the ovirt UI select the cluster which contains the hosts on which
you created the network
13) Create a new logical network with the same name as the bridge name
element from the above xml.(EX: natbr0)
14) Remember to enable STP in this case since this is a private or NAT
network
15) The logical network will be show as non-operational, so we will need to
manually online the network.
    --> vdsm/ovirt network creation seems to be tied to host physical
interfaces and does not look at virtual interfaces in this case vdsm kicks
in and finds natbr0 and consequently creates vdsm-natbr0 and natbr0-nic but
does nothing more to report it back to the ovirt engine. (ovirt developers
feel free to comment on this...)
16) Thus since ovirt does not detect that natbr0 exists and is actually
online we need to make a quick database modification to force it online so
it can actually be used.
17) We first need to find out the UUID of natbr0 interface
18) type the following: psql -U postgres engine -c "SELECT network.id FROM
public.network WHERE network.name = '<natbr0';" (remember to substitute the
name you used for the network)
20) This returns you the UUID of the network
21) Next we need to online the network now that we know it's UUID
22) type the following: psql -U postgres engine -c "update network_cluster
set status='1' where network_id='<the network uuid returned from the
previous command goes here>';"
23) You should now be able to attach guest vnics to your newly created NAT
or private network.

oVirt developers, any hope of getting this supported officially as part of
ovirt? It seems like it would be relatively easy since the functionality
exists in libvirt, and vdsm seems to be aware but the hooks into the
engine/UI are what seem to be missing.

- DHC

On Mon, Apr 23, 2012 at 4:49 PM, Dead Horse
<deadhorseconsulting at gmail.com>wrote:

> I have tried to create a NAT network within ovirt for guests to use via
> libvirt/virsh as the vdsm at rhevh on an ovirt node.
> Something like this:
>
> virsh # net-info nat
> Name            nat
> UUID            b09d09a8-ebbd-476d-9045-e66012c9e83d
> Active:         yes
> Persistent:     yes
> Autostart:      yes
> Bridge:         natbr0
>
> virsh # net-list --all
> Name                 State      Autostart
> -----------------------------------------
> nat                  active     yes
> vdsm-natbr0          active     yes
> vdsm-ovirtmgmt       active     yes
>
> virsh #
>
> virsh # net-edit nat
> <network>
>   <name>nat</name>
>   <uuid>b09d09a8-ebbd-476d-9045-e66012c9e83d</uuid>
>   <forward mode='nat'/>
>   <bridge name='natbr0' stp='on' delay='0' />
>   <mac address='52:54:00:9D:82:DE'/>
>   <ip address='192.168.122.1' netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.122.2' end='192.168.122.254' />
>     </dhcp>
>   </ip>
> </network>
>
> Set net.ipv4.ip_forward = 1 in sysctl.conf
>
> This is basically the default libvirt NAT network. Connecting a VM
> directly to it via cli (qemu-kvm) works perfectly fine on the ovirt host
> itself but the ovirt manager UI does not seem to pick up on it or allow for
> creation of such a network for guests to use.
> Since the ovirt manager UI did not allow I dug into the database and added
> entries which seem to have been necessary by hand to the following engine
> database tables:
> table: network
> table: network_cluster
> table: vds_interface
> table: vds_interface_statistics
>
> The result was the network did show up under cluster logical networks.
> However the network still does not show up under the host Network
> Interfaces UI. Was able to create VM and attach the natbr0 network to it
> and NAT was indeed working. (EG: DNSmasq assigned address). The guest was
> able to communicate out and without extensive testing things seemed to work.
>
> This was very painful to do (and hacky). Thus it would be very nice if
> since this is OOB functionality of libvirt/KVM, if ovirt would allow for it
> to be used. The ability to provide NAT or internal networks to guests would
> quite useful.
>
> - DHC
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20120425/131b6810/attachment-0002.html>

More information about the Users mailing list