On Thu, Jun 19, 2014 at 04:23:18PM +0800, Punit Dambiwal wrote: > Hi, > > I have setup Ovirt with glusterfs...I have some concern about the network > part.... > > 1. Is there any way to restrict the Guest VM...so that it can be assign > with single ip address...and in anyhow the user can not manipulate the IP > address from inside the VM (that means user can not change the ip address > inside the VM).
I am afraid that oVirt does not let you do that out-of-the-box. By default, the vdsm-no-mac-spoofing filter is applied to vNICs, which indeed allows IP spoofing. This behavior can be changed by writing a vdsm hook that changes the default filterref to <filterref filter='clean-traffic'> <parameter name='CTRL_IP_LEARNING' value='dhcp'/> </filterref> If your VM is assigned with its address not via dhcp, life is more complicated, since the hook needs to have access to this address before boot. I would love to assist you in writing such a hook; please take the vmfex_dev hook as a reference. To read more about vdsm hooks, please see http://www.ovirt.org/Vdsm_Hooks . Regards, Dan. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users