[Users] simple networking?

Ted Miller tmiller at hcjb.org
Wed Nov 27 17:18:09 UTC 2013 

I am trying to set up a testing network using o-virt, but the networking is 
refusing to cooperate.  I am testing for possible use in two different 
production setups.

My previous experience has been with VMWare.  I have always set up a single 
bridged network on each host.  All my hosts, VMs, and non-VM computers were 
peers on the LAN.  They could all talk to each other, and things worked very 
well.  There was a firewall/gateway that provided access to the Internet, and 
hosts, VMs, and could all communicate with the Internet as needed.

o-virt seems to be compartmentalizing things beyond all reason.
Is there any way to set up simple networking, so ALL computers can see each 
other?
Is there anywhere that describes the philosophy behind the networking setup?
What reason is there that networks are so divided?

After banging my head against the wall trying to configure just one host, I 
am very frustrated.  I have spent several HOURS Googling for a coherent 
explanation of how/why networking is supposed to work, but only fine obscure 
references like "letting non-VMs see VM traffic would be a huge security 
violation".  I have no concept of what king of an installation the o-virt 
designers have in mind, but it is obviously worlds different from what I am 
trying to do.

The best I can tell, o-virt networking works like this (at least when you 
have only one NIC):
there must be an ovirtmgt network, which cannot be combined with any other 
network.
      the ovirtmgt network cannot talk to VMs (unless that VM is running the 
engine)
      the ovirtmgt network can only talk to hosts, not to other non-VM computers
a VM network can talk only to VMs
      cannot talk to hosts
      cannot talk to non-VMs
hosts cannot talk to my LAN
hosts cannot talk to VMs
VMs cannot talk to my LAN
All of the above are enforced by a boatload of firewall rules that o-virt 
puts into every host and VM under its jurisdiction.

All of the above is inferred from things I Googled, because I can't find 
anywhere that explains what or how things are supposed to work--only things 
telling people WHAT THEY CANT DO.  All I see on the mailing lists is people 
getting their hands slapped because they are trying to do SIMPLE SETUPS that 
should work, but don't (due to either design restrictions or software bugs).

My use case A:
  * My (2 or 3) hosts have only one physical NIC.
  * My VMs exist to provide services to non-VM computers.
     *  The VMs do not run X-windows, but they provide GUI programs to 
non-VMs via "ssh -X" connections.
  * MY VMs need access to storage that is shared with hosts and non-VMs on 
the LAN.

Is there some way to TURN OFF network control in o-virt?  My systems are 
small and static.  I can hand-configure the networking a whole lot easier 
than I can deal with o-virt (as I have used it so far). Mostly I would need 
to be able to turn off the firewall rules on both hosts and VMs.

banging head against wall,
Ted

More information about the Users mailing list