10:38 p.m.
On Mon, Jul 17, 2017 at 10:56 AM, Nelson Lameiras <
nelson.lameiras(a)lyra-network.com> wrote:
Hello, Can any one please help us with the problem described below?
Nir, I'm including you since a quick search on the internet led me to
think that you have worked on this part of the project. Please forgive me
if I'm off topic.
(I incorrectly used below the expression "patch" when I meant
"configure".
it's corrected now)
VDSM may indeed change the IP filter. From the function that sets it[1]:
def setRpFilterIfNeeded(netIfaceName, hostname, loose_mode):
"""
Set rp_filter to loose or strict mode if there's no session using the
netIfaceName device and it's not the device used by the OS to reach the
'hostname'.
loose mode is needed to allow multiple iSCSI connections in a multiple
NIC
per subnet configuration. strict mode is needed to avoid the security
breach where an untrusted VM can DoS the host by sending it packets with
spoofed random sources.
Arguments:
netIfaceName: the device used by the iSCSI session
target: iSCSI target object cointaining the portal hostname
loose_mode: boolean
I think it sets it to strict mode when disconnecting or removing an iSCSI
session.
Perhaps something in the check we are doing is incorrect? Do you have other
sessions open?
Y.
[1]
https://github.com/oVirt/vdsm/blob/321233bea649fb6d1e72baa1b1164c8c1bc852...
cordialement, regards,
<https://www.lyra-network.com/>
Nelson LAMEIRAS
Ingénieur Systèmes et Réseaux / Systems and Networks engineer
Tel: +33 5 32 09 09 70 <+33%205%2032%2009%2009%2070>
nelson.lameiras(a)lyra-network.com
www.lyra-network.com | www.payzen.eu <https://payzen.eu>
<https://www.youtube.com/channel/UCrVl1CO_Jlu3KbiRH-tQ_vA>
<https://www.linkedin.com/company/lyra-network_2>
<https://twitter.com/LyraNetwork>
<https://payzen.eu>
------------------------------
Lyra Network, 109 rue de l'innovation, 31670 Labège, FRANCE
------------------------------
*De: *"Nelson Lameiras" <nelson.lameiras(a)lyra-network.com>
*À: *"ovirt users" <users(a)ovirt.org>
*Envoyé: *Mercredi 7 Juin 2017 14:59:48
*Objet: *[ovirt-users] ISCSI storage with multiple nics on same subnet
disabled on host activation
Hello,
In our oVirt hosts, we are using DELL equallogic SAN with each server
connecting to SAN via 2 physical interfaces. Since both interfaces share
the same network (Equalogic limitation) we must configure sysctl to to
allow iSCSI multipath with multiple NICs in the same subnet :
------------------------------------------------------------
--------------------------------
net.ipv4.conf.p2p1.arp_ignore=1
net.ipv4.conf.p2p1.arp_announce=2
net.ipv4.conf.p2p1.rp_filter=2
net.ipv4.conf.p2p2.arp_ignore=1
net.ipv4.conf.p2p2.arp_announce=2
net.ipv4.conf.p2p2.rp_filter=2
------------------------------------------------------------
--------------------------------
This works great in most setups, but for a strange reason, on some of our
setups, the sysctl configuration is updated by VDSM when activating a host
and the second interface stops working immeadiatly :
------------------------------------------------------------
--------------------------------
vdsm.log
2017-06-07 11:51:51,063+0200 INFO (jsonrpc/5) [storage.ISCSI] Setting strict mode
rp_filter for device 'p2p2'. (iscsi:602)
2017-06-07 11:51:51,064+0200 ERROR (jsonrpc/5) [storage.HSM] Could not connect to
storageServer (hsm:2392)
Traceback (most recent call last):
File "/usr/share/vdsm/storage/hsm.py", line 2389, in connectStorageServer
conObj.connect()
File "/usr/share/vdsm/storage/storageServer.py", line 433, in connect
iscsi.addIscsiNode(self._iface, self._target, self._cred)
File "/usr/lib/python2.7/site-packages/vdsm/storage/iscsi.py", line 232, in
addIscsiNode
iscsiadm.node_login(iface.name, target.address, target.iqn)
File "/usr/lib/python2.7/site-packages/vdsm/storage/iscsiadm.py", line 337,
in node_login
raise IscsiNodeError(rc, out, err)
------------------------------------------------------------
--------------------------------
"strict mode" is enforced for second interface, and it no longuer works...
Which means - at least - that there is no redundancy in case of hardware
faillure and this is not acceptable for our production needs.
What is really strange is that we have another "twin" site on another
geographic region with simillar hardware configuration and same oVirt
installation, and this problem does not happen.
Can this be really random?
What can be the root cause of this behaviour? How can I correct it?
our setup:
oVirt hostedEngine : Centor 7.3, ovirt 4.1.2
3 physical oVirt nodes centos 7.3, ovirt 4.1.2
SAN DELL Equalogic
cordialement, regards,
<https://www.lyra-network.com/>
Nelson LAMEIRAS
Ingénieur Systèmes et Réseaux / Systems and Networks engineer
Tel: +33 5 32 09 09 70 <+33%205%2032%2009%2009%2070>
nelson.lameiras(a)lyra-network.com
www.lyra-network.com | www.payzen.eu <https://payzen.eu>
<https://www.youtube.com/channel/UCrVl1CO_Jlu3KbiRH-tQ_vA>
<https://www.linkedin.com/company/lyra-network_2>
<https://twitter.com/LyraNetwork>
<https://payzen.eu>
------------------------------
Lyra Network, 109 rue de l'innovation, 31670 Labège, FRANCE
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
