On Thu, Jun 19, 2014 at 04:23:18PM +0800, Punit Dambiwal wrote:
Hi,
I have setup Ovirt with glusterfs...I have some concern about the network part....
1. Is there any way to restrict the Guest VM...so that it can be assign with single ip address...and in anyhow the user can not manipulate the IP address from inside the VM (that means user can not change the ip address inside the VM).
I am afraid that oVirt does not let you do that out-of-the-box. By default, the vdsm-no-mac-spoofing filter is applied to vNICs, which indeed allows IP spoofing. This behavior can be changed by writing a vdsm hook that changes the default filterref to <filterref filter='clean-traffic'> <parameter name='CTRL_IP_LEARNING' value='dhcp'/> </filterref> If your VM is assigned with its address not via dhcp, life is more complicated, since the hook needs to have access to this address before boot. I would love to assist you in writing such a hook; please take the vmfex_dev hook as a reference. To read more about vdsm hooks, please see http://www.ovirt.org/Vdsm_Hooks . Regards, Dan.