----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "Livnat Peer" <lpeer@redhat.com> Cc: users@ovirt.org Sent: Thursday, June 5, 2014 11:34:11 AM Subject: Re: [ovirt-users] Firewall?
On Thu, Jun 5, 2014 at 10:02 AM, Livnat Peer < lpeer@redhat.com > wrote:
[snip]
The security group is configured per VM, the rules are configured by the system on the node the VM is running on.
From the user perspective you need to configure a security group policy and then associate the VM with the relevant policy, there is also a default policy to which all VMs are associated by default.
To use this feature you need to use the oVirt-Neutron integration - http://www.ovirt.org/Features/Detailed_OSN_Integration#Security_groups
How can I set more than one custom device property?
For example in my case when I had to use extnet I lose the security groups one...
before [root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties CustomDeviceProperties: version: 3.0 CustomDeviceProperties: version: 3.1 CustomDeviceProperties: version: 3.2 CustomDeviceProperties: version: 3.3 CustomDeviceProperties: {type=interface;prop={ SecurityGroups=^(?:(?:[0-9a- fA-F]{8}-(?:[0-9a-fA-F]{4}-){ 3}[0-9a-fA-F]{12}, *)*[0-9a-fA-F]{8}-(?:[0-9a-fA- F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.4
then [root@tekkaman ovirt-engine]# engine-config -s CustomDeviceProperties='{type= interface;prop={extnet=^[a-zA- Z0-9_ ---]+$}}' Please select a version: 1. 3.0 2. 3.1 3. 3.2 4. 3.3 5. 3.4 5
after: [root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties CustomDeviceProperties: version: 3.0 CustomDeviceProperties: version: 3.1 CustomDeviceProperties: version: 3.2 CustomDeviceProperties: version: 3.3 CustomDeviceProperties: {type=interface;prop={extnet=^ [a-zA-Z0-9_ ---]+$}} version: 3.4
# systemctl restart ovirt-engine
What is the syntax to add extnet without deleting security groups one?
See example on [1], modified a bit to fit you goal: 1. sudo engine-config -g CustomDeviceProperties --cver 3.4 2. Copy the SecurityGroups into variable PREVIOUS_PROPERTIES i.e. PREVIOUS_PROPERTIES="SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$" 3. sudo engine-config -s "CustomDeviceProperties={type=interface;prop={$PREVIOUS_PROPERTIES;extnet=^ [a-zA-Z0-9_ ---]+$}}" --cver=3.4 4. Verify: sudo engine-config -g CustomDeviceProperties --cver 3.4 5. Restart ovirt-engine for changes to reload. [1] https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof
Thanks Gianluca
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users