Open Stack

Hi Mike,

I really need to bind loopback IP on my environment, I use the command
"ebtables -t nat -F" will flush the ebtables rule, so I can bind any IP I
wish,
but if I do stop libvirt-bin and start libvir-bin, the security rules will
be applied again,
if I remark no-ip-spoofing & no-arp-spoofing on file
/etc/libvirt/nwfilter/nova-base.xml, after launching a instance, the file
will reset to default,
I think I use the wrong way, Is there any way to ignore the nova-base rule
on /usr/lib/python2.7/dist-packages/nova/virt/libvirt/firewall.py ?

Thanks for you help.
-Jimmy

2012/4/27 Mike Scherbakov <mihgen at gmail.com>

> Jimmy,
> Nova is designed to manage IP addresses.
> That means that even with Flat manager it will be allocating IP addresses
> for you,
>  storing them in DB. The difference btw FlatDHCP is Flat injects
> /etc/network/interfaces to the instance,
> not providing IP by DHCP. So, anti-spoofing rules should be the same (I
> never checked though for Flat).
>
> If you want to provide your own addresses to instances, I believe you will
> need to extend nova code
> to provide your custom IP address in API request, and then if it's not
> already allocated, it should get allocated.
>
> Regards,
>
> On Fri, Apr 27, 2012 at 3:27 PM, Jimmy Tsai <cmingt at gmail.com> wrote:
>
>> Thanks Vish & Mike.
>>
>> It works very well after flush the anti-spoofing rules , I  change the IP
>> address and bind alias IP to an interface,
>> but when I restart nova-network and nova-compute , I can't ping neither
>> the IP I changed nor the instances I haven't changed.
>> I'll try to figure out what happened with that !!
>>
>> Even I change the IP address, I can't not see the correct address on
>> Dashboard, because the record of nova.fixed_ips not changed.
>> I should try with FlatManager to allocate static IP.
>>
>> Thanks,
>> -Jimmy
>>
>>
>> 2012/4/27 Mike Scherbakov <mihgen at gmail.com>
>>
>>>
>>>
>>> On Thu, Apr 26, 2012 at 10:31 PM, Vishvananda Ishaya <
>>> vishvananda at gmail.com> wrote:
>>>
>>>>
>>>> On Apr 25, 2012, at 7:31 PM, Jimmy Tsai wrote:
>>>>
>>>> >
>>>> > Hi everyone,
>>>> >
>>>> > I'm running with Essex 2012.1,
>>>> > and have some questions about the nova network operation,
>>>> >
>>>> > 1. Is it possible manually assigned IP address to a launched
>>>> instance, my situation is :
>>>> > after instance boot up (OS: CentOS 6.2), I changed the
>>>> /etc/sysconfig/network-scripts/ifcfg-eth0 setting
>>>> > from dhcp to static (the same subnet as created by command :
>>>> nova-manage create network....), and restart the network service,
>>>> > And then I couldn't ssh or ping the instance from other server with
>>>> the same subnet.
>>>> > What is the problem ?  I checked the iptables policies on the compute
>>>> host, and find nothing about the DROP packets.
>>>> > I also tried to changed the record from nova.fixed_ips table and
>>>> libvirt.xml of the instance, then reboot the instance, still not worked.
>>>> > I used FlatDHCP  as my network manager.
>>>>
>>>> You can't do this.  Libvirt sets up no mac spoofing and no ip spoofing
>>>> so the ip address needs to match the dhcp'd one. You should be able to
>>>> switch to a static and use the same info that you get from dhcp though.
>>>> >
>>>> > 2. According to the first question, I have another requirement to set
>>>> up a loopback IP address (lo:0) on the running instance, after setting was
>>>> completed,I couldn't ping or ssh the loopback IP from the same subnet, and
>>>> I tried to set a alias IP address with eth0:0, but still not get worked.
>>>> > Any ideas with this ?
>>>>
>>>
>>>> Not sure
>>>>
>>> I guess it's the same issue as with setting a different IP from what
>>> dnsmasq provided. You can try ebtables -F; ebtables -t nat -F to flush
>>> those anti spoofing rules.
>>>
>>
>>>> >
>>>> > 3. Is there any way to use 2 NICs with different subnets on
>>>> instances? I want to separate the network traffic.
>>>> > Now I'm running with one bridged interface (br100), and it works
>>>> well.  In order to backup the large log files,
>>>> > I'm planing to use 2 NICs for the compute hosts, I want use 2 vNICs
>>>> on instance, one for web service and the other for log backup,
>>>> > I think I should create a new network for the second bridged
>>>> interface, but I can't find any document to guild me.
>>>>
>>>> This is definitely possible with FlatManager (You could use
>>>> cloud_config drive and some version of contrib/openstack-config converted
>>>> to work with centos to set up the interfaces)
>>>>
>>>> It was possible at one point with FlatDHCPManager as well by creating
>>>> multiple networks and using a specific combination of config options like
>>>> use_single_default_gateway. I don' t know if anyone has tried this for a
>>>> while so there may be issues with it. You might try creating a second
>>>> network and setting use_single_default_gateway and see what happens.
>>>>
>>> Confirm that it works with Essex release.
>>> If you don't specify  use_single_default_gateway=true your default route
>>> will be jumping from one interface to another. If you both subnets are
>>> covered by --fixed_network, it's fine even without setting
>>> the use_single_default_gateway.
>>>
>>>
>>>> There are plans underway to support this by only dhcping the first
>>>> interface and allowing a guest agent to set up the other interfaces, but it
>>>> isn't in place yet.
>>>>
>>>> Vish
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> Post to     : openstack at lists.launchpad.net
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> More help   : https://help.launchpad.net/ListHelp
>>>>
>>>
>>>
>>>
>>> --
>>> Mike Scherbakov
>>>
>>
>>
>
>
> --
> Mike Scherbakov
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120503/b2dcc1b7/attachment.html>