[ovirt-users] Firewall?

Moti Asayag masayag at redhat.com
Thu Jun 5 09:50:09 UTC 2014 


----- Original Message -----
> From: "Gianluca Cecchi" <gianluca.cecchi at gmail.com>
> To: "Livnat Peer" <lpeer at redhat.com>
> Cc: users at ovirt.org
> Sent: Thursday, June 5, 2014 11:34:11 AM
> Subject: Re: [ovirt-users] Firewall?
> 
> On Thu, Jun 5, 2014 at 10:02 AM, Livnat Peer < lpeer at redhat.com > wrote:
> 
> 
> 
> [snip]
> 
> 
> 
> 
> The security group is configured per VM, the rules are configured by the
> system on the node the VM is running on.
> 
> From the user perspective you need to configure a security group policy
> and then associate the VM with the relevant policy, there is also a
> default policy to which all VMs are associated by default.
> 
> To use this feature you need to use the oVirt-Neutron integration -
> http://www.ovirt.org/Features/Detailed_OSN_Integration#Security_groups
> 
> 
> How can I set more than one custom device property?
> 
> For example in my case when I had to use extnet I lose the security groups
> one...
> 
> before
> [root at tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
> CustomDeviceProperties: version: 3.0
> CustomDeviceProperties: version: 3.1
> CustomDeviceProperties: version: 3.2
> CustomDeviceProperties: version: 3.3
> CustomDeviceProperties: {type=interface;prop={ SecurityGroups=^(?:(?:[0-9a-
> fA-F]{8}-(?:[0-9a-fA-F]{4}-){ 3}[0-9a-fA-F]{12},
> *)*[0-9a-fA-F]{8}-(?:[0-9a-fA- F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.4
> 
> then
> [root at tekkaman ovirt-engine]# engine-config -s CustomDeviceProperties='{type=
> interface;prop={extnet=^[a-zA- Z0-9_ ---]+$}}'
> Please select a version:
> 1. 3.0
> 2. 3.1
> 3. 3.2
> 4. 3.3
> 5. 3.4
> 5
> 
> after:
> [root at tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
> CustomDeviceProperties: version: 3.0
> CustomDeviceProperties: version: 3.1
> CustomDeviceProperties: version: 3.2
> CustomDeviceProperties: version: 3.3
> CustomDeviceProperties: {type=interface;prop={extnet=^ [a-zA-Z0-9_ ---]+$}}
> version: 3.4
> 
> # systemctl restart ovirt-engine
> 
> What is the syntax to add extnet without deleting security groups one?
> 

See example on [1], modified a bit to fit you goal:

1. sudo engine-config -g CustomDeviceProperties --cver 3.4
2. Copy the SecurityGroups into variable PREVIOUS_PROPERTIES
   i.e. PREVIOUS_PROPERTIES="SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$" 
3. sudo engine-config -s "CustomDeviceProperties={type=interface;prop={$PREVIOUS_PROPERTIES;extnet=^ [a-zA-Z0-9_ ---]+$}}" --cver=3.4
4. Verify: sudo engine-config -g CustomDeviceProperties --cver 3.4
5. Restart ovirt-engine for changes to reload.

[1] https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof

> Thanks
> Gianluca
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list