[ovirt-users] oVirt 3.5 & NAT

Antoni Segura Puimedon asegurap at redhat.com
Mon Oct 27 12:13:30 UTC 2014 


----- Original Message -----
> From: "Phil Daws" <uxbod at splatnix.net>
> To: "Antoni Segura Puimedon" <asegurap at redhat.com>
> Cc: "Dan Kenigsberg" <danken at redhat.com>, users at ovirt.org
> Sent: Monday, October 27, 2014 11:41:56 AM
> Subject: Re: [ovirt-users] oVirt 3.5 & NAT
> 
> Hi Antoni:
> 
> Yes, prior to the reboot it did work okay.  This is how it should look I
> believe:
> 
>     Bridge "ovirtmgmt"
>         Port "mgmt0"
>             Interface "mgmt0"
>                 type: internal
>         Port "ovsbr0"
>             Interface "ovsbr0"
>                 type: internal
> 
> So the bridge would be defined by oVirt then I guess with a custom hook that
> would then be added to the OVS stack ?

exactly! You could just make a hook script that runs an after_network_setup
hook that does the ovs-vsctl for you ;-)

Here you can see the presentation I gave last February at devconf about extending
with configurators and hooks.

http://blog.antoni.me/devconf14/#/8/1

I linked directly to a before_network_setup hook sample, because it works just like
the after_network_setup hook. Instead of logging to systemd, just add that if
'remove' is not in data and network == 'ovirtmgmt', it adds the network bridge to
the vswitch with python's subprocess.call or subprocess.check_output.

You can send it if you want me to take a look ;-)

PS: It is possible to write the hooks in bash, c, perl, etc. But we only have the
convenience read_json methods and such for python. If you wanted to, you could have
a simple bash hook that just checked if there was an ovirtmgmt bridge and it would
add it doing ovs-vsctl in the before_vdsm_start hooking point. That would have the
drawback that changing the ovirtmgmt bridge with oVirt UI would leave it disconnected
again.

> 
> Thanks, Phil
> 
> ----- Original Message -----
> From: "Antoni Segura Puimedon" <asegurap at redhat.com>
> To: "Phil Daws" <uxbod at splatnix.net>
> Cc: "Dan Kenigsberg" <danken at redhat.com>, users at ovirt.org
> Sent: Monday, 27 October, 2014 9:56:38 AM
> Subject: Re: [ovirt-users] oVirt 3.5 & NAT
> 
> 
> 
> ----- Original Message -----
> > From: "Phil Daws" <uxbod at splatnix.net>
> > To: "Antoni Segura Puimedon" <asegurap at redhat.com>
> > Cc: "Dan Kenigsberg" <danken at redhat.com>, users at ovirt.org
> > Sent: Monday, October 27, 2014 10:37:18 AM
> > Subject: Re: [ovirt-users] oVirt 3.5 & NAT
> > 
> > That is what I tried but oVirt appears to overwrite the bridge information
> > on
> > boot :( Thanks, Phil
> 
> But before rebooting, does it work as you intended? If so, you could just
> make
> a vdsm hook that adds ovirtmgmt to the ovs bridge after it is set up. (I
> could
> give more directions into how to do it).
> 
> > 
> > ----- Original Message -----
> > From: "Antoni Segura Puimedon" <asegurap at redhat.com>
> > To: "Phil Daws" <uxbod at splatnix.net>
> > Cc: "Dan Kenigsberg" <danken at redhat.com>, users at ovirt.org
> > Sent: Monday, 27 October, 2014 8:00:33 AM
> > Subject: Re: [ovirt-users] oVirt 3.5 & NAT
> > 
> > 
> > 
> > ----- Original Message -----
> > > From: "Phil Daws" <uxbod at splatnix.net>
> > > To: "Dan Kenigsberg" <danken at redhat.com>
> > > Cc: users at ovirt.org
> > > Sent: Saturday, October 25, 2014 5:02:59 PM
> > > Subject: Re: [ovirt-users] oVirt 3.5 & NAT
> > > 
> > > Hmmm, this is becoming difficult ..
> > > 
> > > I have added into the engine the custom hook and understand how that will
> > > work.  The issue is how can a single NIC use two different bridges ?
> > > Example with OVS would be that one requires:
> > > 
> > > em1 -+ ovirtmgmt (bridge) -> management IP (public)
> > >      + ovs       (bridge) -> firewall IP (public)
> > >                                 |
> > >                                 + vlan 1
> > >                                 + vlan 2
> > > 
> > > this works fine when using OVS and KVM, without oVirt, so there must be a
> > > way
> > > to hook the two together without a Neutron appliance.
> > > 
> > > Any thoughts ? Thanks, Phil.
> > 
> > I haven't tried this, and it may not work, but what happens if you add the
> > ovirtmgmt
> > bridge as a port of the ovs bridge?
> > > 
> > > 
> > > ----- Original Message -----
> > > From: "Dan Kenigsberg" <danken at redhat.com>
> > > To: "Phil Daws" <uxbod at splatnix.net>
> > > Cc: users at ovirt.org
> > > Sent: Wednesday, 22 October, 2014 3:54:46 PM
> > > Subject: Re: [ovirt-users] oVirt 3.5 & NAT
> > > 
> > > On Wed, Oct 22, 2014 at 03:12:09PM +0100, Phil Daws wrote:
> > > > Thanks Dan & Antoni:
> > > > 
> > > > I wonder then if I could replace the standard libvirt defined network
> > > > with
> > > > an OpenVSwitch one like I have on my dev system?  That is just straight
> > > > KVM with OVS integrated.  Maybe a bit more overhead in administration
> > > > but
> > > > possibly less than having to spin up a Neutron Appliance.
> > > 
> > > Once you start to use the vdsm-hook-extnet, all that you need to do is
> > > to replace the libvirt-side definition of the "external network". This
> > > may well be an OpenVSwitch-based network e.g.
> > > http://libvirt.org/formatnetwork.html#elementVlanTag
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > > 
> > 
>

More information about the Users mailing list