Hi Mike, I really need to bind loopback IP on my environment, I use the command "ebtables -t nat -F" will flush the ebtables rule, so I can bind any IP I wish, but if I do stop libvirt-bin and start libvir-bin, the security rules will be applied again, if I remark no-ip-spoofing & no-arp-spoofing on file /etc/libvirt/nwfilter/nova-base.xml, after launching a instance, the file will reset to default, I think I use the wrong way, Is there any way to ignore the nova-base rule on /usr/lib/python2.7/dist-packages/nova/virt/libvirt/firewall.py ?
Thanks for you help. -Jimmy 2012/4/27 Mike Scherbakov <mih...@gmail.com> > Jimmy, > Nova is designed to manage IP addresses. > That means that even with Flat manager it will be allocating IP addresses > for you, > storing them in DB. The difference btw FlatDHCP is Flat injects > /etc/network/interfaces to the instance, > not providing IP by DHCP. So, anti-spoofing rules should be the same (I > never checked though for Flat). > > If you want to provide your own addresses to instances, I believe you will > need to extend nova code > to provide your custom IP address in API request, and then if it's not > already allocated, it should get allocated. > > Regards, > > On Fri, Apr 27, 2012 at 3:27 PM, Jimmy Tsai <cmi...@gmail.com> wrote: > >> Thanks Vish & Mike. >> >> It works very well after flush the anti-spoofing rules , I change the IP >> address and bind alias IP to an interface, >> but when I restart nova-network and nova-compute , I can't ping neither >> the IP I changed nor the instances I haven't changed. >> I'll try to figure out what happened with that !! >> >> Even I change the IP address, I can't not see the correct address on >> Dashboard, because the record of nova.fixed_ips not changed. >> I should try with FlatManager to allocate static IP. >> >> Thanks, >> -Jimmy >> >> >> 2012/4/27 Mike Scherbakov <mih...@gmail.com> >> >>> >>> >>> On Thu, Apr 26, 2012 at 10:31 PM, Vishvananda Ishaya < >>> vishvana...@gmail.com> wrote: >>> >>>> >>>> On Apr 25, 2012, at 7:31 PM, Jimmy Tsai wrote: >>>> >>>> > >>>> > Hi everyone, >>>> > >>>> > I'm running with Essex 2012.1, >>>> > and have some questions about the nova network operation, >>>> > >>>> > 1. Is it possible manually assigned IP address to a launched >>>> instance, my situation is : >>>> > after instance boot up (OS: CentOS 6.2), I changed the >>>> /etc/sysconfig/network-scripts/ifcfg-eth0 setting >>>> > from dhcp to static (the same subnet as created by command : >>>> nova-manage create network....), and restart the network service, >>>> > And then I couldn't ssh or ping the instance from other server with >>>> the same subnet. >>>> > What is the problem ? I checked the iptables policies on the compute >>>> host, and find nothing about the DROP packets. >>>> > I also tried to changed the record from nova.fixed_ips table and >>>> libvirt.xml of the instance, then reboot the instance, still not worked. >>>> > I used FlatDHCP as my network manager. >>>> >>>> You can't do this. Libvirt sets up no mac spoofing and no ip spoofing >>>> so the ip address needs to match the dhcp'd one. You should be able to >>>> switch to a static and use the same info that you get from dhcp though. >>>> > >>>> > 2. According to the first question, I have another requirement to set >>>> up a loopback IP address (lo:0) on the running instance, after setting was >>>> completed,I couldn't ping or ssh the loopback IP from the same subnet, and >>>> I tried to set a alias IP address with eth0:0, but still not get worked. >>>> > Any ideas with this ? >>>> >>> >>>> Not sure >>>> >>> I guess it's the same issue as with setting a different IP from what >>> dnsmasq provided. You can try ebtables -F; ebtables -t nat -F to flush >>> those anti spoofing rules. >>> >> >>>> > >>>> > 3. Is there any way to use 2 NICs with different subnets on >>>> instances? I want to separate the network traffic. >>>> > Now I'm running with one bridged interface (br100), and it works >>>> well. In order to backup the large log files, >>>> > I'm planing to use 2 NICs for the compute hosts, I want use 2 vNICs >>>> on instance, one for web service and the other for log backup, >>>> > I think I should create a new network for the second bridged >>>> interface, but I can't find any document to guild me. >>>> >>>> This is definitely possible with FlatManager (You could use >>>> cloud_config drive and some version of contrib/openstack-config converted >>>> to work with centos to set up the interfaces) >>>> >>>> It was possible at one point with FlatDHCPManager as well by creating >>>> multiple networks and using a specific combination of config options like >>>> use_single_default_gateway. I don' t know if anyone has tried this for a >>>> while so there may be issues with it. You might try creating a second >>>> network and setting use_single_default_gateway and see what happens. >>>> >>> Confirm that it works with Essex release. >>> If you don't specify use_single_default_gateway=true your default route >>> will be jumping from one interface to another. If you both subnets are >>> covered by --fixed_network, it's fine even without setting >>> the use_single_default_gateway. >>> >>> >>>> There are plans underway to support this by only dhcping the first >>>> interface and allowing a guest agent to set up the other interfaces, but it >>>> isn't in place yet. >>>> >>>> Vish >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~openstack >>>> Post to : openstack@lists.launchpad.net >>>> Unsubscribe : https://launchpad.net/~openstack >>>> More help : https://help.launchpad.net/ListHelp >>>> >>> >>> >>> >>> -- >>> Mike Scherbakov >>> >> >> > > > -- > Mike Scherbakov >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
