ovirt-shell – some examples

oVirt is commonly managed via Engine WebAdmin interface. The reason is simple: it is very easy and intuitive. The official oVirt Administration manual shows the web interface as example too.

However, I can’t always rely on a web browser. There are sometimes that I have just the terminal. Because of my needs, I started to experiment the ovirt-shell alternative. For the basic tasks, I didn’t find problems: start vm, migrate vm, set a host in maintenance state, update some vm attribute… Below I will show some examples of the commands I’ve tried.

First, how can I connect?

[root@engine ~]# ovirt-shell -l https://engine.example.com/api -u admin@internal
Password:

You will see something like this:

===================================================
 >>> connected to oVirt manager 3.4.0.0 <<<
===================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++
Welcome to oVirt shell
+++++++++++++++++++++++++++++++++++++++++++++++++++
[oVirt shell (connected)]#

Once connected, it’s possible use double <TAB> to see possible commands:

[oVirt shell (connected)]# <TAB> <TAB>
EOF     add          clear   console    echo file history list remove show   summary 
action  capabilities connect disconnect exit help info    ping shell  status update

In case of doubt, the commands could be prefixed with ‘help’. For instance ‘help show host’. I won’t paste here the output of the commands because they are too big and I think you can see it by your own. Check some examples I used with descriptions:

Show details of VM web01.example.com:

show vm web01.example.com

Start VM web01.example.com:

action vm web01.example.com start

Run once VM web01.example.com in stateless mode:

action vm web01.example.com start --vm-stateless

Shutdown gracefully VM web01.example.com:

action vm web01.example.com shutdown

Migrate VM web01.example.com to any host:

action vm web01.example.com migrate

Migrate VM web01.example.com.br to host node01.example.com:

action vm web01.example.com migrate --host-name node01.example.com

Put host node02.example.com in maintenance mode:

action host node02.example.com deactivate

Activate host node03.example.com:

action host node03.example.com activate

List all VMs running on host node01.example.com:

list vms --query 'host=node01.example.com'

Edit VM web01.example.com to  boot firstly via PXE and then HD:

update vm web01.example.com --os-boot 'boot.dev=network,boot.dev=hd'

You can run just one command without get the ovirt-shell prompt:

ovirt-shell -l https://engine.example.com/api -u admin@internal -E show vm web01.example.com

If you want to run a series of commands, write them in a file and use the ‘-f’ option:

ovirt-shell -l https://engine.example.com/api -u admin@internal  -f cmds.txt

For more information, check the official page of CLI, in other words, ovirt-shell.

oVirt host – iptables

When you add a new host to your oVirt Engine, your iptables rules are overwritten by oVirt deploy. The new rules might not meet your needs. But you can change this.

oVirt 3.4

Using engine-config command in Engine host, get the default rules:

sudo engine-config -g IPTablesConfig
 IPTablesConfig:
 # oVirt default firewall configuration. Automatically generated by vdsm bootstrap script.
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -i lo -j ACCEPT
 # vdsm
 -A INPUT -p tcp --dport @VDSM_PORT@ -j ACCEPT
 # SSH
 -A INPUT -p tcp --dport @SSH_PORT@ -j ACCEPT
 # snmp
 -A INPUT -p udp --dport 161 -j ACCEPT

@CUSTOM_RULES@

# Reject any other input traffic
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
 COMMIT

To set new rules, copy the lines returned above and add your rules just after @CUSTOM_RULES@, for example:

sudo engine-config -s IPTablesConfig="
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -i lo -j ACCEPT
 # vdsm
 -A INPUT -p tcp --dport @VDSM_PORT@ -j ACCEPT
 # SSH
 -A INPUT -p tcp --dport @SSH_PORT@ -j ACCEPT
 # snmp
 -A INPUT -p udp --dport 161 -j ACCEPT

@CUSTOM_RULES@
 -A INPUT -m comment --comment 'new rule '-j LOG --log-prefix='new rule '

# Reject any other input traffic
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
 COMMIT"

oVirt 3.5

New version has a proper variable for this. Follow the example:

sudo engine-config --set IPTablesConfigSiteCustom="
-A INPUT -m comment --comment 'new rule '-j LOG --log-prefix='new rule '
"

That new rule will be set in place of @CUSTOM_RULES@.

Internal/Isolated networks on oVirt

For those who are accustomed with virt-manager administration and operation, create an isolated network among the VMs seems to be a very easy task. But oVirt haven’t so direct configuration. In fact, we need some commands on terminal. I must tell you this post is valid only when you have just one host hypervisior. With 2 or more, external connectivity is inevitable.

In order to create an internal network you can use dummy module. First of all, make sure your server loads dummy module at startup.
Create /etc/sysconfig/modules/dummy.modules:

modprobe dummy &gt; /dev/null 2&amp;1
exit 0

Manually, you can run modprobe to load in runtime. It will appear a dummy0 network interface. Done this, create /etc/sysconfig/network-scripts/ifcfg-dummy0 with this content:

DEVICE=dummy0
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
PROMISC=yes

Now comes the oVirt configuration. In webadmin portal, go to the ‘Network’ tab and click new:

New network
New network

The definition could be simple. Just give a name and match ‘VM network‘:

New network
New network

With the virtual switch created, we need to link our dummy interface on it. Go to the network configuration of host:

Configure network on host
Configure network on host
Configure network on host
Configure network on host

Drag internal network and drop in dummy0 interface

Configure network on host
Configure network on host

Check ‘Save network configuration’ and click OK.

Configure network on host
Configure network on host

Now, for each virtual machine you want to use internal network, you can create a virtual NIC and attach to internal virtual switch.

Configure network on guest
Configure network on guest

It was tested on oVirt 3.4 setup in all-in-one mode.