[ovirt-users] vdsm hook noipspoof on interface level

Eitan Raviv eraviv at redhat.com
Fri Apr 27 18:51:42 UTC 2018 

Probably an easier solution than implementing a vdsm hook in code, would be
to use network filter parameters in the web-admin UI of the engine.

If the vNic profile of the network on the WAN interface (the one you would
like to restrict IPs on) has a clean-traffic filter, then you can specify a
different set of IPs for any interface using this network.
In the web-admin UI of the engine go to -
     Compute | Virtual machines | <your vm> | Network Interfaces | <your
interface>
     and click  edit.

At the bottom of the edit form you can insert the ip pool for the interface
by specifying several key-value pairs where the key is 'IP' and the value
is the ip address (e.g. 192.168.122.13).

HTH




On Sun, Apr 15, 2018 at 3:24 AM, Peter Hudec <phudec at cnc.sk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Thanks,
>
> this was the last part into my puzzle, HOST INTERFACE params.
>
> The example hook provided in
> https://bugzilla.redhat.com/show_bug.cgi?id=1366905#c8,
> https://bugzilla.redhat.com/attachment.cgi?id=1232201 looks good, but
> it seems to set the IP param on all interfaces too, regardless on
> which interface the NIC PARAM is set.
>
> The hooks should be called per vNIC, as reading the
> https://www.ovirt.org/documentation/admin-guide/appe-VDSM_and_Hooks/#the
> - -vdsm-hook-domain-xml-object,
> the one/several of thees hooks should be used or maybe I'm wrong ;(
>
>         Peter
>
> On 14/04/2018 07:04, Eitan Raviv wrote:
> > You might find the following useful:
> >
> > https://ovirt.org/develop/release-management/features/network/networkf
> ilterparameters/
> >
> >  HTH
> >
> > On Thu, Apr 12, 2018, 14:52 Peter Hudec <phudec at cnc.sk
> > <mailto:phudec at cnc.sk>> wrote:
> >
> > Hi,
> >
> > I would like to restrict of usage IP address on VMs. Thos could be
> > achied by usinf clear-filter instead of vdsm-no-mac-spoofing.
> >
> > I have found noipspoof vdsm hook,
> > https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof.
> >
> > This hook but set the filtering on all interfaces, the setting is
> > on VM level, not interface level. So if the there are more
> > interfaces on all of them. I would like just restrict the WAN
> > interface on multi homed VMs.
> >
> > Peter
> >
> > -- *Peter Hudec* Infraštruktúrny architekt phudec at cnc.sk
> > <mailto:phudec at cnc.sk> <mailto:phudec at cnc.sk
> > <mailto:phudec at cnc.sk>>
> >
> > *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2  35 000
> > 100
> >
> > Mobil:+421 905 997 203 *www.cnc.sk <http://www.cnc.sk>*
> > <http:///www.cnc.sk <http://www.cnc.sk>>
> >
> > _______________________________________________ Users mailing list
> > Users at ovirt.org <mailto:Users at ovirt.org>
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
>
> - --
> *Peter Hudec*
> Infraštruktúrny architekt
> phudec at cnc.sk <mailto:phudec at cnc.sk>
>
> *CNC, a.s.*
> Borská 6, 841 04 Bratislava
> Recepcia: +421 2  35 000 100
>
> Mobil:+421 905 997 203
> *www.cnc.sk* <http:///www.cnc.sk>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlrSm54ACgkQQnvVWOJ3
> 5BDz5A//dqyf9wnvkRCjEmeUkMsN72qL7o+utazM7L8S4sY4Pu6INsPhpy7QtwHw
> fyXbdrU9qy+5ts3g+yoxpsdkTWUk47m/6nQR3fiw0nXJu44/ABl+Hw4g0H3/k86f
> 7sYOYvZ8IfCpL9/2r1VRlP8j7e+CdI8Ltcjppn7PtKhPT03f87p2PT1pJd95DYS+
> GbqZZ6yOAUlePP/808+f7hYxKNz0ek1tf/ZxzLgSJsCl1PsIhKiCBiuze/5hdeL5
> /VNWVSqVXNZdzOZkupxas50f/AH6g4DXniyChqvoTi+D37Wpf5yTxXM5C+Qf36Ok
> 2qZEovxuno51A5l9qIE0n2LQ3I6zJbybdth33sV1uxFK65CWxlfLgbPxb4+9JONF
> 2yozK/DtmGC7Hree2INBGOJA/55fCrccxSMuLW8JbmZqx43uCrE/FBWZhXE6Lx+f
> F5hR5e3kJEWjEtyPKpdtXedmOsb06xvGq+WFOGl8VgaRmNgsuLN/YYy13kRDY+0K
> j//ZX7ZqBaP9TqaW9y1LljTPLGugqVX+uzPdbUvW4vqahNU8mT5Kq1pBrrGPdY+C
> FolC1CLiWixAAhtSXfJihflFUJq+pYkAXDYBNPj/uyuIyeGXABw1UkJqgc0bVAal
> lSAMK2P09xwJ8Db5HpqxXpOHe/s5XdYD8Mj0jebQ2308CPNxfQM=
> =AvLd
> -----END PGP SIGNATURE-----
>



-- 
Eitan Raviv
IRC: erav (#ovirt #vdsm #devel #rhev-dev)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180427/871b57b0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 46077 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180427/871b57b0/attachment.png>

More information about the Users mailing list