oVirt Blog

oVirt conference 2019 report

  oVirt conference 2019 is the 4th event organized in Italy by the oVirt Italia community, founded by Stefano Stagnaro with the help of Gianluca Cecchi, Simone Tiraboschi, and Sandro Bonazzola. The event was organized with the help of Extraordy, a Red Hat partner that delivers official Red Hat training in Italy. The conference has been sponsored and hosted by Oracle thanks to Simon Coter, Director of Product Management for Oracle Linux and Virtualization. The conference You can see the recordings of the morning sessions here:  Stefano introduced the conference and Simon Coter set expectations on the event neutrality […]

oVirt and CentOS Stream

Progress cannot be made without change. As technologists, we recognize this every day. Most of the time, these changes are iterative: progressive additions of features to projects like oVirt. Sometimes those changes are small, and sometimes not. And that’s, of course, just talking about our project. But one of the biggest strengths of our community’s software is that we are not alone, and because of that, changes to other projects have ripple effects that can affect our own, even in positive ways. This week, our collaborators in the CentOS Project have announced a change in the way their software is […]

Top 7 things to look forward to at oVirt Conference

oVirt Conference in Rome is around the corner and it’s time to plan for it. Here are the top 7 reasons why you should attend this outstanding open source infrastructure event: Discover all the new features of the last stable oVirt 4.3 release directly from Principal Software Engineers. Hear about what’s coming next in the community and the roadmap for the upcoming 4.4 release. Build your skills and expertise with Red Hat learning paths and certifications. Have a glimpse of the major advantages offered by Oracle Linux Virtualization Manager and Red Hat Virtualization commercial solutions based on oVirt code. Get […]

Security group support in OVN external networks

In this post I will introduce and showcase how security groups can be used to enable certain scenarios.
Security groups allow fine-grained access control to – and from – the oVirt VMs attached to external OVN networks.
The Networking API v2 defines security groups as a white list of rules – the user specifies in it which traffic is allowed. That means, that when the rule list is empty, neither incoming nor outgoing traffic is allowed (from the VMs perspective).
A demo recording of the security group feature can be found below.

Federate oVirt engine authentication to OpenID Connect infrastructure

In this post I will introduce how to integrate OIDC with oVirt engine using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider.
As OIDC is not integrated into oVirt directly, we use Apache to do the OIDC authentication for us. The mod_auth_openidc module nicely covers all needed functionality.


Integrate with external OpenID Connect Identity Provider (IDP) to provide Single Sign-On (SSO) across products that use the IDP for authenticating users. We currently have oVirt SSO for providing unified […]

oVirt and OKD

This is a series of posts to demonstrate how to install OKD 3.11 on oVirt and what you can do with it. Part I – How to install OKD 3.11 on oVirt How to install OKD 3.11 on oVirt (4.2 and up) Installing OKD or Kubernetes on oVirt has many advantages, and it’s also gotten a lot easier these days. Admins and users who want to take container platform management for a spin, on oVirt, will be encouraged by this. Few of the advantages are: Virtualizing the control plane for Kubernetes – provide HA/backup/affinity capabilities to the controllers and allowing […]

oVirt SAML with keyloak using 389ds user federation

In this post I will introduce how simple it is to integrate SAML with oVirt using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider.
As SAML is not integrated into oVirt directly, we use Apache to do the SAML authentication for us. The mod_auth_mellon module nicely covers all needed functionality.

mod_auth_mellon configuration
First we need to configure oVirt’s apache. SSH to the oVirt engine and create a directory where we’ll store all SAML related certificates.

ssh root@engine
yum […]

Skydive With oVirt

Skydive network is an open source real-time network topology and protocols analyzer providing a comprehensive way of understanding what is happening in your network infrastructure.
The common use cases will be, troubleshooting, monitoring, SDN integration and much more.
It has features such as:

Topology capturing – Captures network topology, interface, bridge and more
Flow capture – Distributed probe, L2-L4 classifier, GRE, VXLAN, GENEVE, MPLS/GRE, MPLS/UDP tunnelling support
Extendable – Support for external SDN Controllers or container based infrastructure, OpenStack. Supports extensions through API

Benefit to oVirt users
Skydive allows oVirt administrators to see the network […]

Upgraded DPDK support in oVirt

DPDK (Data Plane Development Kit) is a set of open-source high-performance packet processing libraries and user space drivers.

oVirt support for DPDK was introduced in 2017, and is now enhanced in terms of deployment via Ansible and usage via Open Virtual Network.

While still experimental, OVN-DPDK in oVirt is now available in version 4.2.

What’s new?

Ansible DPDK host setup

Host configuration for DPDK usage is now automated using Ansible. This primarly includes:

Hugepages configuration – hugepage size and quantity in the kernel.
CPU partitioning.
Binding NICs to userspace drivers. […]