MAC spoofing for specific VMs
by Christopher Young
I'm working on some load-balancing solutions and they appear to require MAC
spoofing. I did some searching and reading and as I understand it, you can
disable the MAC spoofing protection through a few methods.
I was wondering about the best manner to enable this for the VMs that
require it and not across the board (if that is even possible). I'd like
to just allow my load-balancer VMs to do what they need to, but keep the
others untouched as a security mechanism.
If anyone has any advice on the best method to handle this scenario, I
would greatly appreciate it. It seems that this might turn into some type
of feature request, though I'm not sure if this is something that has to be
done at the Linux bridge level, the port level, or the VM level. Any
explanations into that would also help in my education.
Thanks,
Chris
8 years, 8 months
python floppy in RunOnce mode
by Giulio Casella
Hi,
I'm trying to boot a vm with non persistent floppy using python ovirt
sdk (the "RunOnce" way in administrator portal), but guest OS can't see
floppy drive. The ultimate goal is to deploy floppy with sysprep
unattend.xml file for windows 7 pools of vm.
Here is a snippet of code I use:
-------------------------------------------------
myvm = api.vms.get(name="vmname")
content="This is file content!"
f=params.File(name="foobar.txt",content=content)
fs=params.Files()
fs.add_file(f)
payload=params.Payload()
payload.set_type("floppy")
payload.set_files(fs)
payloads=params.Payloads()
payloads.add_payload(payload)
thevm=params.VM()
thevm.set_payloads(payloads)
action=params.Action(vm=thevm)
myvm.start(action=action)
xml = ParseHelper.toXml(action)
print xml
-------------------------------------------------
As you can see, for debugging purpose, I print my xml action, and I get:
-------------------------------------------------
<action>
<vm>
<payloads>
<payload type="floppy">
<files>
<file>
<name>foobar.txt</name>
<content>This is file content</content>
</file>
</files>
</payload>
</payloads>
</vm>
</action>
-------------------------------------------------
in the admin portal I can see my vm in "RunOnce" state, but no floppy is
present...
In fact in the vm process command line
(ps -ef | grep qemu-kvm | grep vmname) I can't see -drive option
referring to floppy (I only see 2 "-drive" options, referring to vm
system disk and to a correctly mounted cdrom ISO)
What I'm doing wrong?
(The engine is RHEV-M version 3.4.1-0.31.el6ev)
Thanks in advance,
Giulio
8 years, 11 months
Re: [ovirt-users] Error during hosted-engine-setup for 3.5.1 on F20 (Cannot add the host to cluster ... SSH has failed)
by Bob Doolittle
On 03/09/2015 07:12 AM, Simone Tiraboschi wrote:
>
> ----- Original Message -----
>> From: "Bob Doolittle" <bob(a)doolittle.us.com>
>> To: "Simone Tiraboschi" <stirabos(a)redhat.com>
>> Sent: Monday, March 9, 2015 12:02:49 PM
>> Subject: Re: [ovirt-users] Error during hosted-engine-setup for 3.5.1 on F20 (Cannot add the host to cluster ... SSH
>> has failed)
>>
>> On Mar 9, 2015 5:23 AM, "Simone Tiraboschi" <stirabos(a)redhat.com> wrote:
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Bob Doolittle" <bob(a)doolittle.us.com>
>>>> To: "users-ovirt" <users(a)ovirt.org>
>>>> Sent: Friday, March 6, 2015 9:21:20 PM
>>>> Subject: [ovirt-users] Error during hosted-engine-setup for 3.5.1 on
>> F20 (Cannot add the host to cluster ... SSH has
>>>> failed)
>>>>
>>>> Hi,
>>>>
>>>> I'm following the instructions here:
>> http://www.ovirt.org/Hosted_Engine_Howto
>>>> My self-hosted install failed near the end:
>>>>
>>>> To continue make a selection from the options below:
>>>> (1) Continue setup - engine installation is complete
>>>> (2) Power off and restart the VM
>>>> (3) Abort setup
>>>> (4) Destroy VM and abort setup
>>>>
>>>> (1, 2, 3, 4)[1]: 1
>>>> [ INFO ] Engine replied: DB Up!Welcome to Health Status!
>>>> Enter the name of the cluster to which you want to add the
>> host
>>>> (Default) [Default]:
>>>> [ ERROR ] Cannot automatically add the host to cluster Default: Cannot
>> add
>>>> Host. Connecting to host via SSH has failed, verify that the host is
>>>> reachable (IP address, routable address etc.) You may refer to the
>>>> engine.log file for further details.
>>>> [ ERROR ] Failed to execute stage 'Closing up': Cannot add the host to
>>>> cluster Default
>>>> [ INFO ] Stage: Clean up
>>>> [ INFO ] Generating answer file
>>>> '/var/lib/ovirt-hosted-engine-setup/answers/answers-20150306135624.conf'
>>>> [ INFO ] Stage: Pre-termination
>>>> [ INFO ] Stage: Termination
>>>>
>>>> I can ssh into the engine VM both locally and remotely. There is no
>>>> /root/.ssh directory, however. Did I need to set that up somehow?
>>> It's the engine that needs to open an SSH connection to the host calling
>> it by its hostname.
>>> So please be sure that you can SSH to the host from the engine using its
>> hostname and not its IP address.
>>
>> I'm assuming this should be a password-less login (key-based
>> authentication?).
> Yes, it is.
>
>> As what user?
> root
OK, I see a couple of problems.
First off, I didn't have my deploying-host hostname in the hosts map for my engine.
After adding it to /etc/hosts (both hostname and FQDN), when I try to ssh from root@engine to root@host it is prompting me for a password.
On my engine, ~root/.ssh does not contain any keys.
On my host, ~root/.ssh has authorized_keys, and in it there is a key with the comment "ovirt-engine".
It's possible that I inadvertently removed ~root/.ssh on engine while I was preparing the engine (I started to set up my own no-password logins and then thought better and cleaned up, not realizing that some prior setup affecting that directory had occurred). That would explain the second issue.
How/when does the key for root@engine get populated to the host's ~root/.ssh/authenticated_keys during setup?
-Bob
>
>> -Bob
>>
>>> Till hosted-engine hosts were simply identified by their IP address but
>> than we had some bug report on side effects of that.
>>> So now we generate and sign certs using host hostnames and so the engine
>> should be able to correctly resolve them.
>>>> When I log into the Administration portal, the engine VM does not appear
>>>> under the Virtual machine view (it's empty).
>>> It's cause the setup didn't complete.
>>>
>>>> I've attached what I think are the relevant logs.
>>>>
>>>> Also, when my host reboots, the ovirt-ha-broker and ovirt-ha-agent
>> services
>>>> do not come up automatically. I have to use systemctl to start them
>>>> manually.
>>> It's cause the setup didn't complete.
>>>
>>>> This is a fresh Fedora 20 machine installing a fresh copy of Ovirt
>> 3.5.1.
>>>> What's the cleanest approach to restore/complete sanity of my setup
>> please?
>>> First step is to clarify what went wrong in order to avoid it in the
>> future.
>>> Than, if you want a really sanity environment for production use I'd
>> suggest to redeploy.
>>> So
>>> hosted-engine --vm-poweroff
>>> empty the storage domain share and deploy again
>>>
>>>> Thanks,
>>>> Bob
>>>>
>>>>
>>>> I've linked 3 files to this email:
>>>> server.log (12.4 MB) Dropbox https://db.tt/g5p09AaD
>>>> vdsm.log (3.2 MB) Dropbox https://db.tt/P4572SUm
>>>> ovirt-hosted-engine-setup-20150306123622-tad1fy.log (413 KB) Dropbox
>>>> https://db.tt/XAM9ffhi
>>>> Mozilla Thunderbird makes it easy to share large files over email.
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users(a)ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
8 years, 11 months
[RFI] oVirt 3.6 Planning
by s k
--_3cd0d8bb-5691-4f6b-93af-78e05dc9fe1a_
Content-Type: text/plain; charset="iso-8859-7"
Content-Transfer-Encoding: quoted-printable
On 12/09/14 09:22=2C Itamar Heim wrote:=0A=
> With oVirt 3.5 nearing GA=2C time to ask for "what do you want to see in =
=0A=
> oVirt 3.6"?=0A=
>=0A=
> Thanks=2C=0A=
> Itamar=0A=
> _______________________________________________=0A=
> Users mailing list=0A=
> Users at ovirt.org=0A=
> http://lists.ovirt.org/mailman/listinfo/users=0A=
>=0A=
>
Performance metric similar to what VMware calls "CPU Ready" would be very u=
seful if it was available in the VM details in the admin portal.=20
It would provide great visibility on VM's performance in an environment wit=
h CPU overallocation.
=
--_3cd0d8bb-5691-4f6b-93af-78e05dc9fe1a_
Content-Type: text/html; charset="iso-8859-7"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'><pre style=3D"white-space: pre-w=
rap=3B">On 12/09/14 09:22=2C Itamar Heim wrote:=0A=
>=3B<i> With oVirt 3.5 nearing GA=2C time to ask for "what do you want to=
see in =0A=
</i>>=3B<i> oVirt 3.6"?=0A=
</i>>=3B<i>=0A=
</i>>=3B<i> Thanks=2C=0A=
</i>>=3B<i> Itamar=0A=
</i>>=3B<i> _______________________________________________=0A=
</i>>=3B<i> Users mailing list=0A=
</i>>=3B<i> <a href=3D"http://lists.ovirt.org/mailman/listinfo/users">Use=
rs at ovirt.org</a>=0A=
</i>>=3B<i> <a href=3D"http://lists.ovirt.org/mailman/listinfo/users">htt=
p://lists.ovirt.org/mailman/listinfo/users</a>=0A=
</i>>=3B<i>=0A=
</i>>=3B</pre><pre style=3D"white-space: pre-wrap=3B"><br></pre><pre styl=
e=3D"white-space: pre-wrap=3B">Performance metric similar to what VMware ca=
lls "CPU Ready" would be very useful if it was available in the VM details =
in the admin portal. =3B</pre><pre style=3D"white-space: pre-wrap=3B"><=
br></pre><pre style=3D"white-space: pre-wrap=3B">It would provide great vis=
ibility on VM's performance in an environment with CPU overallocation.</pre=
><pre style=3D"white-space: pre-wrap=3B"><br></pre> </div></body=
>
</html>=
--_3cd0d8bb-5691-4f6b-93af-78e05dc9fe1a_--
9 years
Re: [ovirt-users] [RFI] oVirt 3.6 Planning
by Juan Pablo Lorier
+1 to iso upload from gui
+1 to ceph support (if the way is via Cynder, then integrate Cynder in
Ovirt as you did with neutron to get arround the lack of features in
networking)
I've been asking for several things (with their respective RFEs) and as
versions go by without success, I'm asking again:
- 1049994 [RFE] Allow choosing network interface for gluster domain
traffic
- 1049476 [RFE] Mix untagged and tagged Logical Networks on the same NIC
- 1029489 [RFE] Export not exporting direct lun disk
- 1051002 [RFE] ISO domain should be a simple NFS share containing ISOs
9 years, 1 month
[RFI] oVirt 3.6 Planning
by Itamar Heim
With oVirt 3.5 nearing GA, time to ask for "what do you want to see in
oVirt 3.6"?
Thanks,
Itamar
9 years, 1 month
about LXC and ovirt
by Nathanaël Blanchet
This is a multi-part message in MIME format.
--------------020605060407070503090903
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Hi all,
now rhel7 is out, it will become a part of the ovirt project in a near
future. Given taht official LXC support aims to complete the KVM
virtualization part, is LXC planned to be supported for linux VM by
ovirt, like openvz is with proxmox?
--
Nathanaël Blanchet
Supervision réseau
Pôle exploitation et maintenance
Département des systèmes d'information
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
--------------020605060407070503090903
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1">Hi all,<br>
<br>
now rhel7 is out, it will become a part of the ovirt project in a
near future. Given taht official LXC support aims to complete the
KVM virtualization part, is LXC planned to be supported for linux
VM by ovirt, like openvz is with proxmox?<br>
</font>
<pre class="moz-signature" cols="72">--
Nathanaël Blanchet
Supervision réseau
Pôle exploitation et maintenance
Département des systèmes d'information
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
<a class="moz-txt-link-abbreviated" href="mailto:blanchet@abes.fr">blanchet(a)abes.fr</a> </pre>
</body>
</html>
--------------020605060407070503090903--
9 years, 1 month
[Users] Cant assign Quotas to groups anymore?
by Maurice James
--_c1bf2036-7c19-43f7-bca5-b1f997d755b7_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
3.4.0-0.13.rc.el6See the error below
User admin failed to grant permission for Role QuotaConsumer on Quota Mobil=
ePolicy to User/Group Non interactive user. =
--_c1bf2036-7c19-43f7-bca5-b1f997d755b7_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'><div><span class=3D"gwt-InlineLa=
bel"> =3B3.4.0-0.13.rc.el6</span></div><div>See the error below</div><d=
iv><br></div><div><br></div>User admin failed to grant permission for Role =
QuotaConsumer on Quota MobilePolicy to User/Group Non interactive user. =
</div></body>
</html>=
--_c1bf2036-7c19-43f7-bca5-b1f997d755b7_--
9 years, 2 months
Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
by Daniel Helgenberger
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am
trying this for two days now.
Setup:
Engine; EL6.5
Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart
proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box
with EL6 plain vanilla packages. I wonder if this was ever tested... ?
Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This
is known issue in Foreman [2] as longer DH keys are now used by default
in Foreman / PuppetCA.
A dirty fix confirmed working is adding default DH parameters to the
foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong
data gets me auth errors)- however, I am still not able to add the
external provider. Pressing 'test' results in
(Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log
2014-10-28 23:49:40,860 ERROR
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]
(ajp--127.0.0.1-8702-1) [6a3da4e7] Command
org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw
Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE
(Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling
me API queries by the engine. Did I miss a crucial step in the foreman
setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749
[2] https://tickets.puppetlabs.com/browse/SERVER-17
[3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh
[4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
--
Daniel Helgenberger
m box bewegtbild GmbH
P: +49/30/2408781-22
F: +49/30/2408781-10
ACKERSTR. 19
D-10115 BERLIN
www.m-box.de www.monkeymen.tv
Geschäftsführer: Martin Retschitzegger / Michaela Göllner
Handeslregister: Amtsgericht Charlottenburg / HRB 112767
9 years, 2 months