On Thu, Dec 12, 2019 at 10:06 AM Pavel Nakonechnyi <pa...@gremwell.com> wrote:
> On Wednesday, 11 December 2019 16:37:50 CET Dominik Holler wrote: > > On Wed, Dec 11, 2019 at 1:21 PM Pavel Nakonechnyi <pa...@gremwell.com> > > > > > > Are there plans to introduce such support? (or explicitly not to..) > > > > The feature is tracked in > > https://bugzilla.redhat.com/1782056 > > > > If you would comment on the bug about your use case and why the feature > > would be helpful in your scenario, this might help to push the feature. > > > > Great, thanks, added a comment. > > Thanks for helping to adjust oVirt! > > > > Is it possible to somehow manually configure such tunneling for > existing > > > virtual networks? (even in a limited way) > > > > I would be interested to know, how far we are away from the flow > described > > in > > http://docs.openvswitch.org/en/stable/tutorials/ovn-ipsec/ . > > I expect that the openvswitch-ipsec package is missing. Any input on this > > is welcome. > > > > Could you direct me to the part of oVirt system which handles OVS tunnels > creation? > > It seems that at some point oVirt issues a command similar to the > following > one: > > `ovs-vsctl add-port br-int ovn-xxx-0 -- set interface ovn-xxx-0 \ > type=geneve options:csum=true key=flow options:remote_ip=1.1.1.1` > > I was not able to identify were the corresponding code is located. :( > > When I tried to do a bad thing, manual deletion of such tunnel interface: > > `ovs-vsctl del-port br-int ovn-xxx-0` > > it was immediately re-created or just was not deleted.. Still have to > experiment with that.. > > Yes, for VM OVS networking, oVirt does not use OVS directly, instead, OVN is doing the work. During adding or reinstalling a host, https://github.com/oVirt/ovirt-engine/tree/ovirt-engine-4.3/packaging/playbooks/roles/ovirt-provider-ovn-driver is triggered. This triggers https://github.com/oVirt/ovirt-provider-ovn/blob/master/driver/vdsm_tool/ovn_config.py and https://github.com/oVirt/ovirt-provider-ovn/blob/master/driver/scripts/setup_ovn_controller.sh while the latter is really doing the work. I expect that this file has to be extended by the call from http://docs.openvswitch.org/en/stable/tutorials/ovn-ipsec/#configuring-ovn-ipsec Maybe the http://docs.openvswitch.org/en/stable/tutorials/ovn-ipsec/#enabling-ovn-ipsec can be done in a first try manually. The weak point I expect is that the package openvswitch-ipsec might be missing in our repos, details in http://docs.openvswitch.org/en/stable/tutorials/ipsec/#install-ovs-ipsec . In a first step, this package can be built manually. Any feedback on this would be very helpful, thanks for having a look! > > -- > WBR, Pavel > +32478910884 > > > >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XSPAI2YDBXBEYB43P4EIAZMQPRDBTZY2/
