[ovirt-users] Promiscuous Mode

clint at theboggios.com clint at theboggios.com
Sat Mar 5 20:09:30 UTC 2016


On 2016-03-05 13:34, combuster wrote:
> Correct procedure would be:
> 
> 1. On each of your ovirt nodes run:
> 
> yum install vdsm-hook-macspoof
> 
> 2. On the engine run:
> 
> sudo engine-config -s "UserDefinedVMProperties=macspoof=^(true|false)$"
> 
> 3. Edit OpenVPN virtual machine settings and add a custom property
> containing macspoof keyword and set the value "true" for it.
> 
> If you want to remove filtering for a single interface, then replace
> steps 2 and 3 as outlined in the README.
> 
> Kind regards,
> 
> Ivan
> 
> On 03/05/2016 08:21 PM, clint at theboggios.com wrote:
>> On 2016-03-05 13:13, combuster wrote:
>>> Ignore the link (minor accident while pasting). Yum will download the
>>> appropriate one from the repos.
>>> 
>>> On 03/05/2016 08:09 PM, combuster wrote:
>>> 
>>>> Just the hook rpm (vdsm-hook-macspoof [1]).
>>>> 
>>>> Ivan
>>>> 
>>>> On 03/05/2016 08:02 PM, Christopher Young wrote:
>>>> 
>>>> I had a related question on this.
>>>> 
>>>> When it comes to ovirt-node or rhev-h, is there anything required to
>>>> be installed on the hypervisor hosts themselves?
>>>> 
>>>> Thanks,
>>>> 
>>>> Chris
>>>> On Mar 5, 2016 1:47 PM, "combuster" <combuster at gmail.com> wrote:
>>>> Hi Clint, you might want to check the macspoof hook features here:
>>>> 
>>>> https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof [2]
>>>> 
>>>> This should override arp/spoofing filtering, that might be the
>>>> cause of your issues with OpenVPN setup (first guess).
>>>> 
>>>> On 03/05/2016 07:30 PM, Clint Boggio wrote:
>>>> I am deploying an OpenVPN server in my OVirt environment and I've
>>>> come to a dead stop with the developer support on a topic related to
>>>> OVirt configuration.
>>>> 
>>>> The developer wants me to put the VM's underlying NIC into
>>>> promiscuous mode.
>>>> 
>>>> I've seen this in a VMware environment and I know what they are
>>>> asking me to do, and I'm wondering if there is a clear way to do
>>>> this in my OVirt environment.
>>>> 
>>>> I found "port mirroring" but no "promiscuous mode"
>>>> 
>>>> Cheers and thank you !
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users [3]
>>>> 
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users [3]
>>> 
>>> 
>>> 
>>> Links:
>>> ------
>>> [1]
>>> http://resources.ovirt.org/pub/ovirt-3.5/rpm/el7Server/noarch/vdsm-hook-macspoof-4.16.10-0.el7.noarch.rpm 
>>> [2] https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof
>>> [3] http://lists.ovirt.org/mailman/listinfo/users
>> 
>> 
>> Thank you very much. Reading the README it appears that there is a 
>> series of commands to run on the engine to make the options to remove 
>> filtering from the vNIC, or the whole VM available. What purpose is 
>> filled by the two scripts that are included in the git, and where do I 
>> put them so that they will be utilized if that's even necessary ?


Ivan, because of YOU, I get me weekend back ! It works and OVPN is up 
and running.

Thank you SO MUCH !



More information about the Users mailing list