On Mon, Jul 17, 2017 at 10:56 AM, Nelson Lameiras < nelson.lameiras@lyra-network.com> wrote:
Hello, Can any one please help us with the problem described below?
Nir, I'm including you since a quick search on the internet led me to think that you have worked on this part of the project. Please forgive me if I'm off topic.
(I incorrectly used below the expression "patch" when I meant "configure". it's corrected now)
VDSM may indeed change the IP filter. From the function that sets it[1]: def setRpFilterIfNeeded(netIfaceName, hostname, loose_mode): """ Set rp_filter to loose or strict mode if there's no session using the netIfaceName device and it's not the device used by the OS to reach the 'hostname'. loose mode is needed to allow multiple iSCSI connections in a multiple NIC per subnet configuration. strict mode is needed to avoid the security breach where an untrusted VM can DoS the host by sending it packets with spoofed random sources. Arguments: netIfaceName: the device used by the iSCSI session target: iSCSI target object cointaining the portal hostname loose_mode: boolean I think it sets it to strict mode when disconnecting or removing an iSCSI session. Perhaps something in the check we are doing is incorrect? Do you have other sessions open? Y. [1] https://github.com/oVirt/vdsm/blob/321233bea649fb6d1e72baa1b1164c8c1bc852af/...
cordialement, regards,
<https://www.lyra-network.com/> Nelson LAMEIRAS Ingénieur Systèmes et Réseaux / Systems and Networks engineer Tel: +33 5 32 09 09 70 <+33%205%2032%2009%2009%2070> nelson.lameiras@lyra-network.com www.lyra-network.com | www.payzen.eu <https://payzen.eu> <https://www.youtube.com/channel/UCrVl1CO_Jlu3KbiRH-tQ_vA> <https://www.linkedin.com/company/lyra-network_2> <https://twitter.com/LyraNetwork> <https://payzen.eu> ------------------------------ Lyra Network, 109 rue de l'innovation, 31670 Labège, FRANCE
------------------------------ *De: *"Nelson Lameiras" <nelson.lameiras@lyra-network.com> *À: *"ovirt users" <users@ovirt.org> *Envoyé: *Mercredi 7 Juin 2017 14:59:48 *Objet: *[ovirt-users] ISCSI storage with multiple nics on same subnet disabled on host activation
Hello,
In our oVirt hosts, we are using DELL equallogic SAN with each server connecting to SAN via 2 physical interfaces. Since both interfaces share the same network (Equalogic limitation) we must configure sysctl to to allow iSCSI multipath with multiple NICs in the same subnet :
------------------------------------------------------------ --------------------------------
net.ipv4.conf.p2p1.arp_ignore=1 net.ipv4.conf.p2p1.arp_announce=2 net.ipv4.conf.p2p1.rp_filter=2
net.ipv4.conf.p2p2.arp_ignore=1 net.ipv4.conf.p2p2.arp_announce=2 net.ipv4.conf.p2p2.rp_filter=2
------------------------------------------------------------ --------------------------------
This works great in most setups, but for a strange reason, on some of our setups, the sysctl configuration is updated by VDSM when activating a host and the second interface stops working immeadiatly : ------------------------------------------------------------ -------------------------------- vdsm.log
2017-06-07 11:51:51,063+0200 INFO (jsonrpc/5) [storage.ISCSI] Setting strict mode rp_filter for device 'p2p2'. (iscsi:602) 2017-06-07 11:51:51,064+0200 ERROR (jsonrpc/5) [storage.HSM] Could not connect to storageServer (hsm:2392) Traceback (most recent call last): File "/usr/share/vdsm/storage/hsm.py", line 2389, in connectStorageServer conObj.connect() File "/usr/share/vdsm/storage/storageServer.py", line 433, in connect iscsi.addIscsiNode(self._iface, self._target, self._cred) File "/usr/lib/python2.7/site-packages/vdsm/storage/iscsi.py", line 232, in addIscsiNode iscsiadm.node_login(iface.name, target.address, target.iqn) File "/usr/lib/python2.7/site-packages/vdsm/storage/iscsiadm.py", line 337, in node_login raise IscsiNodeError(rc, out, err)
------------------------------------------------------------ --------------------------------
"strict mode" is enforced for second interface, and it no longuer works... Which means - at least - that there is no redundancy in case of hardware faillure and this is not acceptable for our production needs.
What is really strange is that we have another "twin" site on another geographic region with simillar hardware configuration and same oVirt installation, and this problem does not happen. Can this be really random? What can be the root cause of this behaviour? How can I correct it?
our setup: oVirt hostedEngine : Centor 7.3, ovirt 4.1.2 3 physical oVirt nodes centos 7.3, ovirt 4.1.2 SAN DELL Equalogic
cordialement, regards,
<https://www.lyra-network.com/> Nelson LAMEIRAS Ingénieur Systèmes et Réseaux / Systems and Networks engineer Tel: +33 5 32 09 09 70 <+33%205%2032%2009%2009%2070> nelson.lameiras@lyra-network.com www.lyra-network.com | www.payzen.eu <https://payzen.eu> <https://www.youtube.com/channel/UCrVl1CO_Jlu3KbiRH-tQ_vA> <https://www.linkedin.com/company/lyra-network_2> <https://twitter.com/LyraNetwork> <https://payzen.eu> ------------------------------ Lyra Network, 109 rue de l'innovation, 31670 Labège, FRANCE
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
