Re: [ovirt-users] MAC spoofing for specific VMs
Does anyone see a reason why simply installing the EL7 latest rpm for
this on an ovirt node/RHEV-H system would not work or would be a bad
solution to getting this working with ovirt-node/RHEV-H? I don't want
to do something that is either lost on reboot or would cause issues in
the future.
Thoughts?
On Tue, May 12, 2015 at 2:24 PM, Christopher Young
<mexigabacho(a)gmail.com> wrote:
Yep. I had found that and applied it. Great solution! I actually
wrote
about it to the zen load balancer list. I will add it here for
semi-documentation:
------
just wanted to follow-up so that it is documented on how to get this
working on oVirt/RHEV. I had to install a VDSM hook to allow mac-spoofing
as a VM custom property like so (on each node):
yum install vdsm-hook-macspoof
That requires a restart of vdsmd on the node as well as a process on the
oVirt/RHEV engine:
engine-config -s "UserDefinedVMProperties=macspoof=(true|false)"
Which then requires a restart of the oVirt/RHEV engine.
After that, there will be an available custom properly on the VM called
'macspoof' that can be set to 'true'. Once I did this and
shutdown/powered
on the VMs, the cluster setup now completes successfully. You learn
something every day.
Thanks for pointing me in the right direction. The one thing I wish I had
on these VMs is the ovirt-guest-agent which would likely work except that
Debian 6 doesn't seem to have python-ethtool package/deps. If there are any
plans to update the version of Debian that ZLB is based on, let me know.
-----
On Tue, May 12, 2015 at 5:43 AM, Dan Kenigsberg <danken(a)redhat.com> wrote:
>
> On Mon, May 11, 2015 at 02:12:22PM -0400, Christopher Young wrote:
> > I'm working on some load-balancing solutions and they appear to require
> > MAC
> > spoofing. I did some searching and reading and as I understand it, you
> > can
> > disable the MAC spoofing protection through a few methods.
> >
> > I was wondering about the best manner to enable this for the VMs that
> > require it and not across the board (if that is even possible). I'd
> > like
> > to just allow my load-balancer VMs to do what they need to, but keep the
> > others untouched as a security mechanism.
> >
> > If anyone has any advice on the best method to handle this scenario, I
> > would greatly appreciate it. It seems that this might turn into some
> > type
> > of feature request, though I'm not sure if this is something that has to
> > be
> > done at the Linux bridge level, the port level, or the VM level. Any
> > explanations into that would also help in my education.
>
> You can enable mac spoofing per VM or per vNIC using vdsm-hook-macspoof.
> See more details on the hook's README file
>
>
>
https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/macspoof/R...