0

I am trying to change the clean-traffic IP address for a oVirt Guest VM.

It works as long as I reboot the VM. ( Changed from within the Guest Virtual Machine Network Settings )

But for a production environment we want to be able to change these settings on the fly without reboot.

I have tried updating the details within Virsh, however they are not applied immediately. Also if I reboot the guest VM, Ovirt will create a new Virsh XML file. So none of the changes to VM via Virsh are kept.

Is there anyway to alter network filters without rebooting the VM?

In KVM (virsh) you add the following text to the xml of the VM (Guest)

<filterref filter='clean-traffic'> <parameter name='IP' value='x.x.x.x'/> </filterref>

Where x.x.x.x is the IP of the interface. But you need to reboot for it to take effect. I want the clean-traffic filter to take effect immediately rather than after reboot.

In Ovirt we add the filters via GUI like this

Ovirt Add Clean-Traffic IP to VM

But again this only takes effect after reboot initiated by Ovirt. What I want is a way to make this active instantly.

The way it effects us is, if we make an IP change to a VM, then reload the network, we loose connectivity to the world as the new IP does not match the one in the filter. (x.x.x.x) As this is a production environment we cant just reboot peoples servers. Also we may have multiple IP's on one Virtual Nic, which means we may need to add multiple IP's to the filter. Rebooting for every change is not efficient.

Rahim Khoja
  • 133
  • 5

1 Answers1

2

If there is no option to alter the VM settings you require via oVirt itself, you can always write a vdsm hook that will inject the options you need in the XML directly, upon VM start and migration. The XML itself is not stored, it is generated from the data saved in the engine database, when you start the VM.

Another thing to keep in mind - oVirt being a DC level virtualization solution manages the VMs as virtual hardware, so addresses aren't managed - NICs are. Cloud level solutions like openstack actually manage public addresses, but that happens above the VM itself - an IP is assigned and the VM is NATed to it, the VM itself doesn't get that IP internally.

Would be great to understand what it is exactly you are trying to change on the fly, so we can help with the configuration.

From the libvirt documentation:

The goal of the network filtering XML is to enable administrators of a virtualized system to configure and enforce network traffic filtering rules on virtual machines and manage the parameters of network traffic that virtual machines are allowed to send or receive. The network traffic filtering rules are applied on the host when a virtual machine is started. Since the filtering rules cannot be circumvented from within the virtual machine, it makes them mandatory from the point of view of a virtual machine user.

The network filter subsystem allows each virtual machine's network traffic filtering rules to be configured individually on a per interface basis. The rules are applied on the host when the virtual machine is started and can be modified while the virtual machine is running. The latter can be achieved by modifying the XML description of a network filter.

So the filtering rules are applied when a VM starts, not during it's runtime, which means if you want to add or remove a rule, you need to stop/start a VM. Modifications can be done while the machine runs. If you need to make changes to a DOMXML while a VM is running, you can pick a VDSM hook event, write the hook, and inject it. Then simply trigger the event and the hook will be applied.

VDSM hooks and event list can be found here: https://www.ovirt.org/documentation/admin-guide/appe-VDSM_and_Hooks.html

dyasny
  • 18,802
  • 6
  • 49
  • 64