Static IP for Server-Only Network

[Christian Reiss]

Hey all,

As we are discouraged from modifying the dom0 with new software, i deployed a vm that offers openvpn connectivity. The Dom0 is shielded by firewall from the outside world, the setup is working.

Except - How can I set a static IP in the Dom0 for the xapi1 (Server-Only Network)? Xencenter does not allow me to set any IP (all options greyed out), /etc/network/network-scripts/ifcfg-xapi1 is silently ignored (I guess the device is created after this script is evaluated).

I could do a cron that checks every minute that xapi1 has an ip, but it seems to be a very, very ugly approach.

If I can address this issue then I dont need to modify the Dom0 in any way - except the static ip and iptables rules.

Thanks for your advice - in advance,
Chris.

[Tobias Kreidl]

If that's the case, then you can either put in a delay or perhaps better, create a cron job that monitors the state and runs perhaps every 5 minutes, and turns it on if need be (or just re-issues the command, which should be harmless if already configured).

[Christian Reiss]

It's even worse: xapi1 gets deleted when no vms are running, so even a configured xapi1 will be destroyed sooner or later. Plus, xapi1 will only be created if a vm is running.

I fixed this by running a script every minute to check..

1. if xapi1 exists (if it doesnt, wait 1s).
2. if xapi1 has an ip (if it has, exit),
3. sets xapi1 ip.

This works, a pitty ther is no "real way" to do this.

[Christian Reiss]

Hello all,

is this really unsolveable?

[Tobias Kreidl]

Not sure I fully understand your network plans. Could you try to describe it in a little more detail or draw a diagram, perhaps? Do you have a second, internal network you're wanting to configure?
--Tobias

[Christian Reiss]

Hey there,

thanks for the reply. Its actually not that of an complicated problem. The Server has a physical eth0 interface on which the management interface resides. Now -with XenCenter- I created another "Server Only LAN", on which all the VMs are connected to each other, IP: 10.0.0.0/24. Once VM, say 10.0.0.1 is the gateway routing all packets from 10.0.0.0/24 over eth0 into the net. This all works, no problem here.

Here is the (only) problem: Once the Server-Only LAN has been created, a new interface, xapi1, has been created in the dom0, but without an IP. I want a static IP on the xapi1 interface in the dom0. XenCenter wont let me specify an IP there.

Thanks again for your continued support,
Chris.

[Tobias Kreidl]

Chris,
Sorry, but I'm still confused. The xapi devices don't have IP addresses of their own in dom0. They are just bridge-like devices. Maybe if you post the output oif "brctl show" it might make things more clear.

So, do you have an internal, single-server private net you set up or how have you created this? Could you post a snapshot of your network config as it appears in XenCenter?

--Tobias

[Christian Reiss]

Thanks for your reply.
Here is how to reproduce it. Open XenCenter, go to your Server (XenServer), click Networking, then "Add Network". Chose "Single-Server Private Network", click next. You'll notice you'll have another Network, that has no NIC attached to it.

If you add this network to your VMs, your VMs can communitcate within this network, but this network never leaves the Xen-Host. This works like a charm. One of my VMs has a dhcpd Server on this internal-lan, so every VM has an internal IP.

Now, login to the Dom0. You'll notice a new nic: xapi1.

xapi1 Link encap:Ethernet HWaddr 3A:CD:D8:F2:E7:46
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:155 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13794 (13.4 KiB) TX bytes:0 (0.0 b)

Now, this was created when we did create the Network from within the XenCenter. So far: All VMs are reachable, the dom0 is not. Reason: No ip is set here.

What I want: Make the dom0 join this private-Network.

Accomplished by: ifconfig xapi1 inet 20.0.0.2 netmask 255.255.255.0:

xapi1 Link encap:Ethernet HWaddr 3A:CD:D8:F2:E7:46
inet addr:20.0.0.2 Bcast:20.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:155 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13794 (13.4 KiB) TX bytes:0 (0.0 b)

ping 20.0.0.1
PING 20.0.0.1 (20.0.0.1) 56(84) bytes of data.
64 bytes from 20.0.0.1: icmp_seq=1 ttl=64 time=5.33 ms
64 bytes from 20.0.0.1: icmp_seq=2 ttl=64 time=0.350 ms

Problem: This IP is lost on reboot. I want this IP to be static. See? No brain-teaser, but if I can clarify something more, please let me know what part is still troubling.

Cheers,
Chris.

[Tobias Kreidl]

Chris,
OK. This is really not the intention for such a private network to route that way, but if that's the way you want to do it, all you'd have to do is add that "ifconfig xapi1 inet 20.0.0.2 netmask 255.255.255.0" line at the end of the /etc/rc.local file and that would kick in each time the system reboots. Clearly, it would need to be added to each XenServer, if this is a pool and that service is run on various pool members.

The other option would be to add a separate static route to your VMs so they could get access to your dom0 net, but that's potentially more involved.

--Tobias

Edited by: Tobias Kreidl on Feb 13, 2013 11:10 AM

[Christian Reiss]

Hey,

the line

/sbin/ifconfig xapi1 inet 20.0.0.2 netmask 255.255.255.0

is already at rc.conf, no joy. I am assuming that the xapi1 device is created at a later boot stage.

[Andy Haack]

I see nothing changed or 6 years, faced the same problem and going to use your solution, Christian)