oVirt Blog

oVirt and CentOS Stream

Progress cannot be made without change. As technologists, we recognize this every day. Most of the time, these changes are iterative: progressive additions of features to projects like oVirt. Sometimes those changes are small, and sometimes not. And that’s, of course, just talking about our project. But one of the biggest strengths of our community’s software is that we are not alone, and because of that, changes to other projects have ripple effects that can affect our own, even in positive ways. This week, our collaborators in the CentOS Project have announced a change in the way their software is […]

Top 7 things to look forward to at oVirt Conference

oVirt Conference in Rome is around the corner and it’s time to plan for it. Here are the top 7 reasons why you should attend this outstanding open source infrastructure event: Discover all the new features of the last stable oVirt 4.3 release directly from Principal Software Engineers. Hear about what’s coming next in the community and the roadmap for the upcoming 4.4 release. Build your skills and expertise with Red Hat learning paths and certifications. Have a glimpse of the major advantages offered by Oracle Linux Virtualization Manager and Red Hat Virtualization commercial solutions based on oVirt code. Get […]

Security group support in OVN external networks

In this post I will introduce and showcase how security groups can be used to enable certain scenarios.
Security groups allow fine-grained access control to – and from – the oVirt VMs attached to external OVN networks.
The Networking API v2 defines security groups as a white list of rules – the user specifies in it which traffic is allowed. That means, that when the rule list is empty, neither incoming nor outgoing traffic is allowed (from the VMs perspective).
A demo recording of the security group feature can be found below.

Federate oVirt engine authentication to OpenID Connect infrastructure

In this post I will introduce how to integrate OIDC with oVirt engine using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider.
As OIDC is not integrated into oVirt directly, we use Apache to do the OIDC authentication for us. The mod_auth_openidc module nicely covers all needed functionality.


Integrate with external OpenID Connect Identity Provider (IDP) to provide Single Sign-On (SSO) across products that use the IDP for authenticating users. We currently have oVirt SSO for providing unified […]

oVirt and OKD

This is a series of posts to demonstrate how to install OKD 3.11 on oVirt and what you can do with it. Part I – How to install OKD 3.11 on oVirt How to install OKD 3.11 on oVirt (4.2 and up) Installing OKD or Kubernetes on oVirt has many advantages, and it’s also gotten a lot easier these days. Admins and users who want to take container platform management for a spin, on oVirt, will be encouraged by this. Few of the advantages are: Virtualizing the control plane for Kubernetes – provide HA/backup/affinity capabilities to the controllers and allowing […]

oVirt SAML with keyloak using 389ds user federation

In this post I will introduce how simple it is to integrate SAML with oVirt using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider.
As SAML is not integrated into oVirt directly, we use Apache to do the SAML authentication for us. The mod_auth_mellon module nicely covers all needed functionality.

mod_auth_mellon configuration
First we need to configure oVirt’s apache. SSH to the oVirt engine and create a directory where we’ll store all SAML related certificates.

ssh root@engine
yum […]

Skydive With oVirt

Skydive network is an open source real-time network topology and protocols analyzer providing a comprehensive way of understanding what is happening in your network infrastructure.
The common use cases will be, troubleshooting, monitoring, SDN integration and much more.
It has features such as:

Topology capturing – Captures network topology, interface, bridge and more
Flow capture – Distributed probe, L2-L4 classifier, GRE, VXLAN, GENEVE, MPLS/GRE, MPLS/UDP tunnelling support
Extendable – Support for external SDN Controllers or container based infrastructure, OpenStack. Supports extensions through API

Benefit to oVirt users
Skydive allows oVirt administrators to see the network […]

Upgraded DPDK support in oVirt

DPDK (Data Plane Development Kit) is a set of open-source high-performance packet processing libraries and user space drivers.

oVirt support for DPDK was introduced in 2017, and is now enhanced in terms of deployment via Ansible and usage via Open Virtual Network.

While still experimental, OVN-DPDK in oVirt is now available in version 4.2.

What’s new?

Ansible DPDK host setup

Host configuration for DPDK usage is now automated using Ansible. This primarly includes:

Hugepages configuration – hugepage size and quantity in the kernel.
CPU partitioning.
Binding NICs to userspace drivers. […]

Build oVirt Reports Using Grafana

Grafana, The open platform for beautiful analytics and monitoring,
recently added support for PostgreSQL.

It in now possible to connect Grafana to oVirt DWH,
in order to visualize and monitor the oVirt environment.

Grafana dashboard example

Adding a Read-Only User to the History Database

You may want to add a read only user to connect the history database :

Note: In oVirt 4.2 we ship postgres 9.5 through the Software Collection.

In order to run psql you will need to run:

# su – postgres
$ scl enable rh-postgresql95 — psql ovirt_engine_history

Your Container Volumes Served By oVirt

Note: < 5 minutes read

When running a virtualization workload on oVirt, a VM disk is ‘natively’ a disk somewhere on your network-storage.
Entering containers world, on Kubernetes(k8s) or OpenShift, there are many options specifically because the workload can be totally stateless, i.e
they are stored on a host supplied disk and can be removed when the container is terminated. The more interesting case is stateful workloads i.e apps that persist data (think DBs, web servers/services, etc). k8s/OpenShift designed an API to dynamically provision the container storage (volume in k8s terminology).

See the resources section for more details. […]