[ovirt-users] Promiscuous Mode

Christopher Young mexigabacho at gmail.com
Sun Mar 6 03:17:39 UTC 2016 

That may work for me.  I'll look into it.  This is going to be a
production environment (I had previously been running OVirt for over a
year with success, but my hypervisors were standard EL7 servers vs.
OVirtnode/RHEV-H) so I'm looking for the most "official", clean
solution.

I will open a ticket with RH on that one, but if anyone knows of an
alternative or any reason why I should do something different, please
let me know.

Many thanks,

Chris

On Sat, Mar 5, 2016 at 4:47 PM, combuster <combuster at gmail.com> wrote:
> I haven't tried it, but here is a guide on how to add a hook to ovirt-node:
>
> http://www.ovirt.org/develop/developer-guide/vdsm/hook/qemucmdline/
>
>
> On 03/05/2016 09:48 PM, Christopher Young wrote:
>>
>> Question:
>>
>> There is no yum functionality on ovirt-node/RHEV-H, so how does one go
>> about this in that scenario?
>>
>> On Sat, Mar 5, 2016 at 3:32 PM, combuster <combuster at gmail.com> wrote:
>>>
>>> It's great to know that it's working.
>>>
>>> Best of luck Clint.
>>>
>>>
>>> On 03/05/2016 09:09 PM, clint at theboggios.com wrote:
>>>>
>>>> On 2016-03-05 13:34, combuster wrote:
>>>>>
>>>>> Correct procedure would be:
>>>>>
>>>>> 1. On each of your ovirt nodes run:
>>>>>
>>>>> yum install vdsm-hook-macspoof
>>>>>
>>>>> 2. On the engine run:
>>>>>
>>>>> sudo engine-config -s "UserDefinedVMProperties=macspoof=^(true|false)$"
>>>>>
>>>>> 3. Edit OpenVPN virtual machine settings and add a custom property
>>>>> containing macspoof keyword and set the value "true" for it.
>>>>>
>>>>> If you want to remove filtering for a single interface, then replace
>>>>> steps 2 and 3 as outlined in the README.
>>>>>
>>>>> Kind regards,
>>>>>
>>>>> Ivan
>>>>>
>>>>> On 03/05/2016 08:21 PM, clint at theboggios.com wrote:
>>>>>>
>>>>>> On 2016-03-05 13:13, combuster wrote:
>>>>>>>
>>>>>>> Ignore the link (minor accident while pasting). Yum will download the
>>>>>>> appropriate one from the repos.
>>>>>>>
>>>>>>> On 03/05/2016 08:09 PM, combuster wrote:
>>>>>>>
>>>>>>>> Just the hook rpm (vdsm-hook-macspoof [1]).
>>>>>>>>
>>>>>>>> Ivan
>>>>>>>>
>>>>>>>> On 03/05/2016 08:02 PM, Christopher Young wrote:
>>>>>>>>
>>>>>>>> I had a related question on this.
>>>>>>>>
>>>>>>>> When it comes to ovirt-node or rhev-h, is there anything required to
>>>>>>>> be installed on the hypervisor hosts themselves?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Chris
>>>>>>>> On Mar 5, 2016 1:47 PM, "combuster" <combuster at gmail.com> wrote:
>>>>>>>> Hi Clint, you might want to check the macspoof hook features here:
>>>>>>>>
>>>>>>>> https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof [2]
>>>>>>>>
>>>>>>>> This should override arp/spoofing filtering, that might be the
>>>>>>>> cause of your issues with OpenVPN setup (first guess).
>>>>>>>>
>>>>>>>> On 03/05/2016 07:30 PM, Clint Boggio wrote:
>>>>>>>> I am deploying an OpenVPN server in my OVirt environment and I've
>>>>>>>> come to a dead stop with the developer support on a topic related to
>>>>>>>> OVirt configuration.
>>>>>>>>
>>>>>>>> The developer wants me to put the VM's underlying NIC into
>>>>>>>> promiscuous mode.
>>>>>>>>
>>>>>>>> I've seen this in a VMware environment and I know what they are
>>>>>>>> asking me to do, and I'm wondering if there is a clear way to do
>>>>>>>> this in my OVirt environment.
>>>>>>>>
>>>>>>>> I found "port mirroring" but no "promiscuous mode"
>>>>>>>>
>>>>>>>> Cheers and thank you !
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at ovirt.org
>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users [3]
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at ovirt.org
>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users [3]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Links:
>>>>>>> ------
>>>>>>> [1]
>>>>>>>
>>>>>>>
>>>>>>> http://resources.ovirt.org/pub/ovirt-3.5/rpm/el7Server/noarch/vdsm-hook-macspoof-4.16.10-0.el7.noarch.rpm
>>>>>>> [2] https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof
>>>>>>> [3] http://lists.ovirt.org/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you very much. Reading the README it appears that there is a
>>>>>> series of commands to run on the engine to make the options to remove
>>>>>> filtering from the vNIC, or the whole VM available. What purpose is
>>>>>> filled
>>>>>> by the two scripts that are included in the git, and where do I put
>>>>>> them so
>>>>>> that they will be utilized if that's even necessary ?
>>>>
>>>>
>>>>
>>>> Ivan, because of YOU, I get me weekend back ! It works and OVPN is up
>>>> and
>>>> running.
>>>>
>>>> Thank you SO MUCH !
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>
>

More information about the Users mailing list