<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 22, 2017 at 1:26 AM, Edward Clay <span dir="ltr"><<a href="mailto:edward.clay@uk2group.com" target="_blank">edward.clay@uk2group.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#f9faf9"><div><div class="gmail-h5"><div>On Tue, 2017-11-21 at 16:01 -0700, Edward Clay wrote:</div><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div>On Wed, 2017-11-22 at 00:17 +0200, Edward Haas wrote:</div><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 21, 2017 at 6:16 PM, Edward Clay <span dir="ltr"><<a href="mailto:edward.clay@uk2group.com" target="_blank">edward.clay@uk2group.com</a>></span> wrote:<br><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div bgcolor="#f9faf9"><div><div class="gmail-m_-2053534624978131435gmail-h5"><div><br></div><div>On Tue, 2017-11-21 at 09:00 +0200, Edward Haas wrote:</div><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div dir="ltr"><br><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 21, 2017 at 1:24 AM, Edward Clay <span dir="ltr"><<a href="mailto:edward.clay@uk2group.com" target="_blank">edward.clay@uk2group.com</a>></span> wrote:<br><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div bgcolor="#f9faf9"><div><div>Hello,</div><div><br></div><div>We have an issue where hosts are configured with the public facing nework interface as the ovirtmgmt network and it's default route is added to a ovirt created table but not to the main routing table. From my searching I've found this snippet from <a href="https://www.ovirt.org/develop/release-management/features/network/multiple-gateways/" target="_blank">https://www.ovirt.org/develop/<wbr>release-management/features/ne<wbr>twork/multiple-gateways/</a> which seems to explain why I can't ping anything or communicate with any other system needing a default route.</div></div></div><br></blockquote><div><br></div><div>By default, the default route is set on the ovirtmgmt network (the default one, defined on the interface/ip which you added the host to Engine).<br></div><div>Do you have a different network set up which you will like to set the default route on?<br></div><div></div><div> <br></div><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div bgcolor="#f9faf9"><div><div><br></div><div>"And finally, here's the host's main routing table. Any traffic coming in to the host will use the ip rules and an interface's routing table. The main routing table is only used for traffic originating from the host."</div><div><br></div><div>I'm seeing the following main and custom ovirt created tables.</div><div><br></div><div>main:</div><div># ip route show table main</div><div><a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a> via 10.4.16.1 dev enp3s0.106 </div><div><a href="http://10.4.16.0/24" target="_blank">10.4.16.0/24</a> dev enp3s0.106 proto kernel scope link src 10.4.16.15 </div><div><a href="http://1.1.1.0/24" target="_blank">1.1.1.0/24</a> dev PUBLICB proto kernel scope link src 1.1.1.1 <a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a> dev enp6s0 scope link metric 1002 </div><div><a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a> dev enp3s0 scope link metric 1003 </div><div><a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a> dev enp7s0 scope link metric 1004 </div><div><a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a> dev enp3s0.106 scope link metric 1020 </div><div><a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a> dev PRIVATE scope link metric 1022 </div><div><a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a> dev PUBLIC scope link metric 1024 </div><div><br></div><div>table 1138027711</div><div># ip route show table 1138027711</div><div>default via 1.1.1.1 dev PUBLIC</div><div><a href="http://1.1.1.0/24" target="_blank">1.1.1.0/24</a> via 1.1.1.1 dev PUBLIC</div><div><br></div><div>If I manually execute the following command to add the default route as well to the main table I can ping ouside of the local network.</div><div><br></div><div>ip route add <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> via 1.1.1.1 dev PUBLIC</div><div><br></div><div>If I attempt to modify the /etc/sysconfig/network-scripts<wbr>/route-PUBLIC ad reboot the server ad one would think this file is recreated by vdsm on boot.</div><div><br></div><div>What I'm looking for is the correct way to setup a default gateway for the main routing table so the hosts can get OS updates and communicate with the outside world.</div></div></div><br></blockquote><div><br></div><div>Providing the output from "ip addr" may help clear up some things.<br></div><div>It looks like you have on the host the default route set as 10.4.16.1 (on enp3s0.106), could you elaborate what this interface is?<br></div></div></div></div></div></blockquote><div><br></div></div></div><div>We have setup vlan taging to utilize the 2 internetal network interfaces (originally enp6s0 and enp7s0) to be configured with mulitiple networks each. We eventually added 10Gb nics to all servers to improve san glusterfs performance which is enp3s0 which replaced enp6s0 in our setup.</div><div><br></div><div>enp3s0.106 = ovirtmgmt network access to private internal networks only</div><div>enp3s0.206 = private network bridge PRIVATE used for private internal network access for VMs</div><div>enp7s0.606 = is used for public access for both VMs (bridge) and each host/cp/san in our ovirt setup named PUBLIC</div><div><br></div><div># ip addr show</div><div>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1</div><div> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</div><div> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo</div><div> valid_lft forever preferred_lft forever</div><div> inet6 ::1/128 scope host </div><div> valid_lft forever preferred_lft forever</div><div>2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000</div><div> link/ether 00:25:90:38:d6:2c brd ff:ff:ff:ff:ff:ff</div><div> inet6 fe80::225:90ff:fe38:d62c/64 scope link </div><div> valid_lft forever preferred_lft forever</div><div>3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc mq state UP qlen 1000</div><div> link/ether 90:e2:ba:1d:a4:00 brd ff:ff:ff:ff:ff:ff</div><div> inet6 fe80::92e2:baff:fe1d:a400/64 scope link </div><div> valid_lft forever preferred_lft forever</div><div>4: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000</div><div> link/ether 00:25:90:38:d6:2d brd ff:ff:ff:ff:ff:ff</div><div>20: <a href="mailto:enp3s0.106@enp3s0" target="_blank">enp3s0.106@enp3s0</a>: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc noqueue state UP qlen 1000</div><div> link/ether 90:e2:ba:1d:a4:00 brd ff:ff:ff:ff:ff:ff</div><div> inet <a href="http://10.4.16.15/24" target="_blank">10.4.16.15/24</a> brd 10.4.16.255 scope global enp3s0.106</div><div> valid_lft forever preferred_lft forever</div><div>21: <a href="mailto:enp3s0.206@enp3s0" target="_blank">enp3s0.206@enp3s0</a>: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc noqueue master PRIVATEB state UP qlen 1000</div><div> link/ether 90:e2:ba:1d:a4:00 brd ff:ff:ff:ff:ff:ff</div><div>22: PRIVATE: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc noqueue state UP qlen 1000</div><div> link/ether 90:e2:ba:1d:a4:00 brd ff:ff:ff:ff:ff:ff</div><div>23: <a href="mailto:enp7s0.606@enp7s0" target="_blank">enp7s0.606@enp7s0</a>: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc noqueue master PUBLICB state UP qlen 1000</div><div> link/ether 00:25:90:38:d6:2d brd ff:ff:ff:ff:ff:ff</div><div>24: PUBLIC: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc noqueue state UP qlen 1000</div><div> link/ether 00:25:90:38:d6:2d brd ff:ff:ff:ff:ff:ff</div><div> inet <a href="http://1.1.1.10/24" target="_blank">1.1.1.10/24</a> brd 1.1.1.255 scope global PUBLICB</div><div> valid_lft forever preferred_lft forever</div><div>25: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000</div><div> link/ether 0e:32:93:dd:a4:55 brd ff:ff:ff:ff:ff:ff</div><div><br></div><div><br></div><div>So all this being said I just need to reconfigure things in a way that the PUBLIC interface has a default route in the main routing table. Otherwise all ovirt host are unable to communicate with the outside world until I manually add a default route to 1.1.1.1 via the PUBLIC interface. Is that possible.</div></div><br></blockquote><div><br></div><div>It is available in oVirt 4.2 as a network cluster role.<br></div><div>The option to assign a default route role to a network: <a href="https://www.ovirt.org/documentation/admin-guide/chap-Logical_Networks/#designate-a-specific-traffic-type-for-a-logical-network-with-the-manage-networks-window" target="_blank">https://www.ovirt.org/<wbr>documentation/admin-guide/<wbr>chap-Logical_Networks/#<wbr>designate-a-specific-traffic-<wbr>type-for-a-logical-network-<wbr>with-the-manage-networks-<wbr>window</a><br><br></div><div>On 4.1, it is available as a network custom property and its support is limited: See <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1200963#c43" target="_blank">https://bugzilla.redhat.com/<wbr>show_bug.cgi?id=1200963#c43</a> and <a href="https://gerrit.ovirt.org/#/c/66127" target="_blank">https://gerrit.ovirt.org/#/c/<wbr>66127</a><br></div><div>Make sure you do not define two networks with the flag on.<br></div><div><br></div><div><br></div></div></div></div></blockquote><div>Thanks for the prompt reply. I've taken a look at the link you provided for 4.1 and I'm not sure how or where I'm supposed to set thid custom property for the interface. Is the patch mentioned in the link you provide already included in 4.1 or do I need to do something additional to make this work.</div><div><br></div><div>I've attempted to edit an existing host network by clicking "setup host network" but the page times out with a "page unresponsive" I can either exit or wait. Waiting doesn't seem to produce good results. Is this where I would adde/edit this custom property?</div></blockquote><div><br></div></div></div><div>Looks like I should of read a bit harder before replying. I found the following two commands on the ovirt change 66127 page.</div><div><br></div><div><a href="https://gerrit.ovirt.org/#/c/66127/" target="_blank">https://gerrit.ovirt.org/#/c/<wbr>66127/</a></div><span style="color:rgb(53,53,53);font-family:monospace;font-size:small;font-variant-ligatures:normal;white-space:pre-wrap;background-color:rgb(255,255,255)">Note that prior to using a custom property, one has to define it on
Engine by:
sudo engine-config -g CustomDeviceProperties
sudo engine-config -s CustomDeviceProperties='{type=<wbr>interface;prop={default_<wbr>reoute=^(true|false)$}}' --cver=4.0
and restart of ovirt-engine.</span></div></blockquote><div><br></div><div>Note the misspell: It should be "default_route"<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#f9faf9"><span style="color:rgb(53,53,53);font-family:monospace;font-size:small;font-variant-ligatures:normal;white-space:pre-wrap;background-color:rgb(255,255,255)">
</span><div><br></div><div>I've done the above and I can edit the vNIC profile on all networks that have them. The ovirtmgmt network does not have a vNIC profile to edit. Is this theh correct location to make this change? </div></div></blockquote><div><br></div><div>In the commit message, it mentions "management network attachement" and not the vNic profile.<br></div><div>It should appear at the same place you set the IP address for the network on the host.<br><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#f9faf9"><div><br></div><div>How do I make if false for the ovirtmgmt network. The option to add a new vNIC profile to it isn't available.</div><div><br></div><div><br></div><div>Also once this value is set what do I do next?</div><span class="gmail-"><div><br></div><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div> </div><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div bgcolor="#f9faf9"><span class="gmail-m_-2053534624978131435gmail-"><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><div dir="ltr"><div><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div>Thanks,<br></div><div>Edy.<br></div><div><br></div><blockquote type="cite" style="margin:0px 0px 0px 0.8ex;border-left:2px solid rgb(114,159,207);padding-left:1ex"><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></span><span class="gmail-m_-2053534624978131435gmail-HOEnZb"><font color="#888888"><span><pre>-- <br></pre><div><br></div></span></font></span></div></blockquote></div></div></div></blockquote></blockquote></span></div></blockquote></div><br></div></div>