[Users] simple networking? [SOLVED] mostly

Bob Doolittle bob at doolittle.us.com
Fri Dec 13 20:22:23 UTC 2013 

On 12/13/2013 03:11 PM, Ted Miller wrote:
>
> On 12/13/2013 7:56 AM, Bob Doolittle wrote:
>>
>> On 12/12/2013 11:04 PM, Ted Miller wrote:
>>> ________________________________________
>>> From: users-bounces at ovirt.org <users-bounces at ovirt.org> on behalf of 
>>> Ted Miller <tmiller at hcjb.org>
>>> Sent: Wednesday, November 27, 2013 12:18 PM
>>> To: users at ovirt.org
>>> Subject: [Users] simple networking?
>>>
>>> I am trying to set up a testing network using o-virt, but the 
>>> networking is
>>> refusing to cooperate.  I am testing for possible use in two different
>>> production setups.
>>>
>>> My previous experience has been with VMWare.  I have always set up a 
>>> single
>>> bridged network on each host.  All my hosts, VMs, and non-VM 
>>> computers were
>>> peers on the LAN.  They could all talk to each other, and things 
>>> worked very
>>> well.  There was a firewall/gateway that provided access to the 
>>> Internet, and
>>> hosts, VMs, and could all communicate with the Internet as needed.
>>>
>>> o-virt seems to be compartmentalizing things beyond all reason.
>>> Is there any way to set up simple networking, so ALL computers can 
>>> see each
>>> other?
>>> Is there anywhere that describes the philosophy behind the 
>>> networking setup?
>>> What reason is there that networks are so divided?
>>>
>>> After banging my head against the wall trying to configure just one 
>>> host, I
>>> am very frustrated.  I have spent several HOURS Googling for a coherent
>>> explanation of how/why networking is supposed to work, but only fine 
>>> obscure
>>> references like "letting non-VMs see VM traffic would be a huge 
>>> security
>>> violation".  I have no concept of what king of an installation the 
>>> o-virt
>>> designers have in mind, but it is obviously worlds different from 
>>> what I am
>>> trying to do.
>>>
>>> The best I can tell, o-virt networking works like this (at least 
>>> when you
>>> have only one NIC):
>>> there must be an ovirtmgt network, which cannot be combined with any 
>>> other
>>> network.
>>>        the ovirtmgt network cannot talk to VMs (unless that VM is 
>>> running the
>>> engine)
>>>        the ovirtmgt network can only talk to hosts, not to other 
>>> non-VM computers
>>> a VM network can talk only to VMs
>>>        cannot talk to hosts
>>>        cannot talk to non-VMs
>>> hosts cannot talk to my LAN
>>> hosts cannot talk to VMs
>>> VMs cannot talk to my LAN
>>> All of the above are enforced by a boatload of firewall rules that 
>>> o-virt
>>> puts into every host and VM under its jurisdiction.
>>>
>>> All of the above is inferred from things I Googled, because I can't 
>>> find
>>> anywhere that explains what or how things are supposed to work--only 
>>> things
>>> telling people WHAT THEY CANT DO.  All I see on the mailing lists is 
>>> people
>>> getting their hands slapped because they are trying to do SIMPLE 
>>> SETUPS that
>>> should work, but don't (due to either design restrictions or 
>>> software bugs).
>>>
>>> My use case A:
>>>    * My (2 or 3) hosts have only one physical NIC.
>>>    * My VMs exist to provide services to non-VM computers.
>>>       *  The VMs do not run X-windows, but they provide GUI programs to
>>> non-VMs via "ssh -X" connections.
>>>    * MY VMs need access to storage that is shared with hosts and 
>>> non-VMs on
>>> the LAN.
>>>
>>> Is there some way to TURN OFF network control in o-virt?  My systems 
>>> are
>>> small and static.  I can hand-configure the networking a whole lot 
>>> easier
>>> than I can deal with o-virt (as I have used it so far). Mostly I 
>>> would need
>>> to be able to turn off the firewall rules on both hosts and VMs.
>>>
>>> banging head against wall,
>>> Ted
>>> *********************************************************
>>>
>>> I have spent the last three days getting a Centos 6.5 host running 
>>> under O-virt.
>>>
>>> Since the networking was just a small part of this, I am going to 
>>> open an new thread
>>> to discuss the Centos 6.5 host setup process.  Look for a thread 
>>> titled something like
>>> "Centos 6.5 host configuration" if you want the gory details, or 
>>> want to try if for yourself.
>>>
>>> My biggest problem is that the o-virt GUI is apparently incapable of 
>>> setting
>>> up a bridge in Centos, which turned out to be what I needed. I had 
>>> to set up the
>>> bridge BEFORE adding the host to the ovirt cluster.  If the bridge 
>>> was not set
>>> up ahead of time, the whole installation failed completely.
>>>
>>> The bridge was only one of a list of things that had to be done 
>>> ahead of time, in order
>>> for the process to complete correctly.
>>
>> Ted, I have RHEL 6.5 running in a VM, and it can talk to all my VMs 
>> and hosts on my LAN, and I didn't have to do anything special. I 
>> didn't define any new networks or bridges or anything of the sort, 
>> either in oVirt or on my host or engine. It just worked.
>>
>> I am running RHEL 6.5 on both my engine and my host, as well in this 
>> particular VM.
>>
>> -Bob
> Do you have the Engine on a separate machine, or did you set up the 
> host as an All-In-One?
>
> Did you install 6.5 or upgrade to 6.5?
>

I have two machines for oVirt. One (Intel i5) is Fedora 19 running a VM 
via libvirt (set to come up on boot so I never use libvirt any more 
directly). In that VM is an RHEL 6.5 guest running Engine (upgraded from 
6.4, although I no longer recall if ovirt-engine was installed before or 
after the upgrade). On a separate machine (Intel i7) is RHEL 6.5, 
running Host. Again, I don't remember if it was upgraded from 6.4 before 
or after deploying it as Host.

I installed my Engine in a VM to make it easy to scratch and install a 
new OS in future if necessary.

I can't wait for the self-hosting feature, so I can free up a machine! :)

HTH,
     Bob

More information about the Users mailing list