[ovirt-users] ovirtmgmt network security

Luca 'remix_tj' Lorenzetto lorenzetto.luca at gmail.com
Mon Oct 30 20:27:38 UTC 2017 

Glad to hear it!

You're welcome!

Il 30 ott 2017 9:13 PM, "Istvan Buki" <buki.istvan at gmail.com> ha scritto:

> On Mon, Oct 30, 2017 at 10:50 AM, Alona Kaplan <alkaplan at redhat.com>
> wrote:
>
>> Hi Istvan,
>>
>> I agree with Luca. You can remove nic1.
>> 'ovirtmgmt' network is not mandatory on the vm, you can run the vm with
>> no vnics (vitrual nics) at all.
>> The 'ovirtmgmt' network is used for communication between the engine and
>> the host.
>> Whether the vm using the 'ovirtmgmt' network or not won't affect the
>> management capabilities.
>>
>> You said that the vm nic with 'ovirtmgmt' was automatically added when
>> you added the vm.
>> It is strange and shouldn't behave this way. Are you sure that in the add
>> vm dialog you didn't choose it as the network of nic1? (you could leave
>> this section in the dialog unfilled, it is not mandatory).
>>
>> BTW, if you don't want any VM to use the 'ovirtmgmt' network you can go
>> to the edit network dialog of 'ovirtmgmt' (in the Network main tab) and
>> uncheck the 'vm network' checkbox.
>>
>> Hope it helps you,
>> Alona.
>>
>>
> Hi Alona,
>
> Yes, removing nic1 was the solution I was looking for.
>
> You are right, I probably added nic1 during the creation of the VM. This
> is my first ovirt install and I'm a little bit overwhelmed by all the
> details one has to know to create a system that is reliable and efficient.
> Fortunately, thanks to people like you and Luca, I'll be able to overcome
> the initial difficulties.
>
>
> Istvan
>
> On Mon, Oct 30, 2017 at 11:26 AM, Luca 'remix_tj' Lorenzetto <
>> lorenzetto.luca at gmail.com> wrote:
>>
>>> On Mon, Oct 30, 2017 at 8:45 AM, Istvan Buki <buki.istvan at gmail.com>
>>> wrote:
>>> > Hello,
>>> >
>>> > thank you for your patience for trying to let me see the light.
>>> >
>>> > Indeed I don't understand what you are explaining. Maybe if I give you
>>> more
>>> > concrete details it will help.
>>> >
>>> > My internal network is 192.168.196.0
>>> > My DMZ network is 192.168.188.0
>>> >
>>> > ovirt-engine is running on a centos server with IP 192.168.186.3
>>> > ovirt host is on a centos server with IP 192.168.186.4
>>> >
>>> > On the host I created a VM that I want to be in the DMZ. When I
>>> created the
>>> > VM, nic 1 was automatically added and is linked to the ovirtmgmt
>>> network.
>>> > In the VM nic1 becomes eth0 and was assigned an IP address with DHCP
>>> > 192.168.186.167.
>>> >
>>> > After that I added a host device to that VM using passthrough. This
>>> device
>>> > is called ens7 in the VM and I gave IP 192.186.188.4.
>>> > That device is directly connected to my physical DMZ switch and from
>>> there
>>> > to the firewall.
>>> > This part is OK.
>>> >
>>> > My problem is that through eth0 my VM has access to my internal
>>> network.
>>> > Removing the device seems impossible because this is ovirtmgmt network.
>>> > I can not change or remove the IP of my host because it would not be
>>> > reachable anymore on my internal network.
>>> >
>>> > Maybe the solution is obvious but I can't see it. I'm running in
>>> circle with
>>> > this problem and it makes me crazy.
>>> >
>>>
>>>
>>>
>>> Hi Istvan,
>>>
>>> why are you using device passthrough?
>>>
>>> Anyway. If you don't need the VM to access to ovirtmgmt, remove nic1.
>>> As far as i can understand, you're directly communicating through DMZ.
>>>
>>> Luca
>>>
>>>
>>> --
>>> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
>>> calcoli che potrebbero essere affidati a chiunque se si usassero delle
>>> macchine"
>>> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>>>
>>> "Internet è la più grande biblioteca del mondo.
>>> Ma il problema è che i libri sono tutti sparsi sul pavimento"
>>> John Allen Paulos, Matematico (1945-vivente)
>>>
>>> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
>>> lorenzetto.luca at gmail.com>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20171030/9d7981ba/attachment.html>

More information about the Users mailing list