1:42 a.m.
Hello,
I'm trying to setup a new ovirt install and have run into some general issues that I
hope someone can help with.
I'm somewhat new to ovirt (but not virtualization).
First off, I've been doing lots of reading and I can't seem to find what the
generally accepted method is for firewalling access between networks and VMs is in ovirt?
I see references to network filters, but no obvious ways to set ports or modify the
configuration beyond a set list of general good-practice policies (no arp spoofing, etc).
What do people use in a production environment? Trunk out to an external firewall and do
the filtering there? Run iptables or some rules locally in each VM? Or just run pfSense
or other firewall software as another VM and manage it there?
And lastly, I'm trying to setup a new interface using the external ovn provider but am
having problems.
I can define the external provider network just fine (not connected to physical network),
but can't seem to actually use it.
When I create a new VM and assign the new network to an associated interface, the VM fails
to start.
The error I get is:
"VM testvm is down with error. Exit message: Cannot get interface MTU on
'br-int': No such device."
Am I missing something obvious here?
I'm running oVirt 4.2.7 with the latest oVirt Node on a few hosts (also 4.2.7).
All my configuration has been via the web interface so far.
Sincerely,
3:08 p.m.
Hello,
The problem with ovn ( 'br-int': No such device) occurs because you are
missing an ovs bridge named "br-int" on your host.
This is the integration bridge used by ovn to create its logical networks.
This is normally created by default during ovs/ovn installation. Please try
adding this manually:
ovs-vsctl add-br br-int
You can check if it exists using:
ovs-vsctl show
Once added the vm should start fine.
The network filters which you can define in ovirt are the libvirt network
filters (https://libvirt.org/formatnwfilter.html)
Afaik there is not "default" firewall solution advised for ovirt. I will
check if there are any good practices described, but I have not seen any so
far.
Marcin
On Tue, Nov 13, 2018 at 11:43 PM <davidk(a)riavera.com> wrote:
Hello,
I'm trying to setup a new ovirt install and have run into some general
issues that I hope someone can help with.
I'm somewhat new to ovirt (but not virtualization).
First off, I've been doing lots of reading and I can't seem to find what
the generally accepted method is for firewalling access between networks
and VMs is in ovirt? I see references to network filters, but no obvious
ways to set ports or modify the configuration beyond a set list of general
good-practice policies (no arp spoofing, etc).
What do people use in a production environment? Trunk out to an external
firewall and do the filtering there? Run iptables or some rules locally in
each VM? Or just run pfSense or other firewall software as another VM and
manage it there?
And lastly, I'm trying to setup a new interface using the external ovn
provider but am having problems.
I can define the external provider network just fine (not connected to
physical network), but can't seem to actually use it.
When I create a new VM and assign the new network to an associated
interface, the VM fails to start.
The error I get is:
"VM testvm is down with error. Exit message: Cannot get interface MTU on
'br-int': No such device."
Am I missing something obvious here?
I'm running oVirt 4.2.7 with the latest oVirt Node on a few hosts (also
4.2.7).
All my configuration has been via the web interface so far.
Sincerely,
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGPKRCARFQO...
2200
days inactive
2201
days old
1 comments
2 participants
participants (2)
-
davidk@riavera.com -
Marcin Mirecki