<div dir="ltr"><div>Probably an easier solution than implementing a vdsm hook in code, would be to use network filter parameters in the web-admin UI of the engine.<br><br>If the vNic profile of the network on the WAN interface (the one you would like to restrict IPs on) has a clean-traffic filter, then you can specify a different set of IPs for any interface using this network.<br></div><div>In the web-admin UI of the engine go to -<br> Compute | Virtual machines | <your vm> | Network Interfaces | <your interface> <br> and click edit. <br><br>At the bottom of the edit form you can insert the ip pool for the interface by specifying several key-value pairs where the key is 'IP' and the value is the ip address (e.g. 192.168.122.13).<br><br></div><div>HTH<br></div><div><br><img src="cid:ii_jgib768y0_163086e528307a6e" height="390" width="494"><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Apr 15, 2018 at 3:24 AM, Peter Hudec <span dir="ltr"><<a href="mailto:phudec@cnc.sk" target="_blank">phudec@cnc.sk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
Thanks,<br>
<br>
this was the last part into my puzzle, HOST INTERFACE params.<br>
<br>
The example hook provided in<br>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1366905#c8" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/<wbr>show_bug.cgi?id=1366905#c8</a>,<br>
<a href="https://bugzilla.redhat.com/attachment.cgi?id=1232201" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/<wbr>attachment.cgi?id=1232201</a> looks good, but<br>
it seems to set the IP param on all interfaces too, regardless on<br>
which interface the NIC PARAM is set.<br>
<br>
The hooks should be called per vNIC, as reading the<br>
<a href="https://www.ovirt.org/documentation/admin-guide/appe-VDSM_and_Hooks/#the" rel="noreferrer" target="_blank">https://www.ovirt.org/<wbr>documentation/admin-guide/<wbr>appe-VDSM_and_Hooks/#the</a><br>
- -vdsm-hook-domain-xml-object,<br>
the one/several of thees hooks should be used or maybe I'm wrong ;(<br>
<br>
Peter<br>
<span class=""><br>
On 14/04/2018 07:04, Eitan Raviv wrote:<br>
> You might find the following useful:<br>
> <br>
> <a href="https://ovirt.org/develop/release-management/features/network/networkf
ilterparameters/" rel="noreferrer" target="_blank">https://ovirt.org/develop/<wbr>release-management/features/<wbr>network/networkf<br>
ilterparameters/</a><br>
><br>
> HTH<br>
> <br>
> On Thu, Apr 12, 2018, 14:52 Peter Hudec <<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a> <br>
</span><span class="">> <mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>>> wrote:<br>
> <br>
> Hi,<br>
> <br>
> I would like to restrict of usage IP address on VMs. Thos could be <br>
> achied by usinf clear-filter instead of vdsm-no-mac-spoofing.<br>
> <br>
> I have found noipspoof vdsm hook, <br>
> <a href="https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof" rel="noreferrer" target="_blank">https://github.com/oVirt/vdsm/<wbr>tree/master/vdsm_hooks/<wbr>noipspoof</a>.<br>
> <br>
> This hook but set the filtering on all interfaces, the setting is<br>
> on VM level, not interface level. So if the there are more<br>
> interfaces on all of them. I would like just restrict the WAN<br>
> interface on multi homed VMs.<br>
> <br>
> Peter<br>
> <br>
> -- *Peter Hudec* Infraštruktúrny architekt <a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a><br>
</span>> <mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>> <mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a> <br>
<span class="">> <mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>>><br>
> <br>
> *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2 35 000<br>
> 100<br>
> <br>
</span>> Mobil:+421 905 997 203 *<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a> <<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">http://www.cnc.sk</a>>*<br>
> <http:///<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a> <<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">http://www.cnc.sk</a>>><br>
> <br>
> ______________________________<wbr>_________________ Users mailing list <br>
> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org">Users@ovirt.org</a>> <br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
> <br>
<br>
<br>
- -- <br>
<span class="">*Peter Hudec*<br>
Infraštruktúrny architekt<br>
<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a> <mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>><br>
<br>
*CNC, a.s.*<br>
Borská 6, 841 04 Bratislava<br>
Recepcia: +421 2 35 000 100<br>
<br>
Mobil:+421 905 997 203<br>
*<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a>* <http:///<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a>><br>
<br>
</span>-----BEGIN PGP SIGNATURE-----<br>
<br>
iQIzBAEBCgAdFiEEqSUbhuEwhryifN<wbr>eVQnvVWOJ35BAFAlrSm54ACgkQQnvV<wbr>WOJ3<br>
5BDz5A//<wbr>dqyf9wnvkRCjEmeUkMsN72qL7o+<wbr>utazM7L8S4sY4Pu6INsPhpy7QtwHw<br>
fyXbdrU9qy+5ts3g+<wbr>yoxpsdkTWUk47m/<wbr>6nQR3fiw0nXJu44/ABl+Hw4g0H3/<wbr>k86f<br>
7sYOYvZ8IfCpL9/2r1VRlP8j7e+<wbr>CdI8Ltcjppn7PtKhPT03f87p2PT1pJ<wbr>d95DYS+<br>
GbqZZ6yOAUlePP/808+<wbr>f7hYxKNz0ek1tf/<wbr>ZxzLgSJsCl1PsIhKiCBiuze/5hdeL5<br>
/VNWVSqVXNZdzOZkupxas50f/<wbr>AH6g4DXniyChqvoTi+<wbr>D37Wpf5yTxXM5C+Qf36Ok<br>
2qZEovxuno51A5l9qIE0n2LQ3I6zJb<wbr>ybdth33sV1uxFK65CWxlfLgbPxb4+<wbr>9JONF<br>
2yozK/DtmGC7Hree2INBGOJA/<wbr>55fCrccxSMuLW8JbmZqx43uCrE/<wbr>FBWZhXE6Lx+f<br>
F5hR5e3kJEWjEtyPKpdtXedmOsb06x<wbr>vGq+WFOGl8VgaRmNgsuLN/<wbr>YYy13kRDY+0K<br>
j//<wbr>ZX7ZqBaP9TqaW9y1LljTPLGugqVX+<wbr>uzPdbUvW4vqahNU8mT5Kq1pBrrGPdY<wbr>+C<br>
FolC1CLiWixAAhtSXfJihflFUJq+<wbr>pYkAXDYBNPj/<wbr>uyuIyeGXABw1UkJqgc0bVAal<br>
lSAMK2P09xwJ8Db5HpqxXpOHe/<wbr>s5XdYD8Mj0jebQ2308CPNxfQM=<br>
=AvLd<br>
-----END PGP SIGNATURE-----<br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr">Eitan Raviv<br>IRC: erav (#ovirt #vdsm #devel #rhev-dev)<br></div></div></div></div>
</div>