Bug 1437145

Summary: [RFE] - Blacklist specific NICs for guest agent reporting
Product: [oVirt] ovirt-guest-agent Reporter: marcus young <3vilpenguin>
Component: CoreAssignee: Tomáš Golembiovský <tgolembi>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Matyáš <pmatyas>
Severity: low Docs Contact:
Priority: medium    
Version: 1.0.13CC: bugs, eheftman, lsvaty, michal.skrivanek, tgolembi
Target Milestone: ovirt-4.2.2Keywords: FutureFeature
Target Release: ---Flags: rule-engine: ovirt-4.2+
pmatyas: testing_plan_complete-
ylavi: planning_ack+
rule-engine: devel_ack+
lsvaty: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Previously, it was not possible to exclude from the ovirt-guest-agent the IPs of NICs that the customer does not want to appear in reports. In this release, the customer can create a list of NICs to exclude from the reports. It is supported for Linux systems only, on a per virtual machine basis. A new field called "ignored_nics" has been added to etc/ovirt-guest-agent.conf for defining space-delimited NICs. Note that for existing VMs only, there is a known Manager caching issue whereby the NIC information is not removed as required when the NIC is blacklisted.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-29 11:08:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1546675    
Bug Blocks: 1505740    

Description marcus young 2017-03-29 15:45:04 UTC 
Description of problem:
Software such as docker creates a local adapter. I do not wish to submit the IP information to the oVirt master. I would like to be able to blacklist specific NICs from the agent submission

How reproducible:
always

Steps to Reproduce:
1. Create a local adapter with a range in 172.16.0.0/12
2. Run the agent
3.

Actual results:
2 IP addresses are submitted. The one for eth{#} and the one for the local adapter

Expected results:
Blacklist local adapter

Additional info:

http://lists.ovirt.org/pipermail/devel/2017-March/030053.html
Comment 1 Petr Matyáš 2017-09-04 10:25:11 UTC 
Not in any build yet, please move to ON_QA when this actually is in some build.
Comment 2 Yaniv Lavi 2017-09-04 10:42:06 UTC 
Qe are taking early build to test and as Gil moved this, I'm moving it back.
Comment 3 Petr Matyáš 2017-09-04 12:10:32 UTC 
Testing with ovirt-guest-agent-common-1.0.14-1.el7.noarch from brew, there is package only for el7, so I can't test el6, also it's not present in any build as of now.

I have 'ignored_nics = eth1' in guest agent config in general section but the IP from eth1 set as static with local IP is still reported to guest agent.
Comment 4 Red Hat Bugzilla Rules Engine 2017-09-04 12:10:37 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 5 Michal Skrivanek 2017-09-07 12:41:38 UTC 
This is not ON_QA, it shouldn't have been moved by  Gil Klein 2017-07-27 11:32:29 CEST
Comment 6 Sandro Bonazzola 2017-12-20 13:58:48 UTC 
oVirt 4.2.0 has been released on Dec 20th 2017. Please check if this has been included and move to QE or consider re-targeting this bug to next milestone
Comment 8 Tomáš Golembiovský 2018-01-02 15:25:55 UTC 
I'm little bit late to the game because the automation already retargeted the bug, but yes, it should be ON_QA.
Comment 9 Petr Matyáš 2018-01-02 16:06:46 UTC 
Using version 1.0.14-1

This works for docker0, but when I set eth0 in /etc/ovirt-guest-agent.conf with 'ignored_nics = eth0' in general section it is still reported

        <reported_devices>
            <reported_device href="/ovirt-engine/api/vms/$vm_id/reporteddevices/$id" id="$id">
                <name>eth0</name>
                <description>guest reported data</description>
                <ips>
                    <ip>
                        <address>$ip</address>
                        <version>v4</version>
                    </ip>
                    <ip>
                        <address>$ipv6_ip</address>
                        <version>v6</version>
                    </ip>
                </ips>
                <mac>
                    <address>$mac</address>
                </mac>
                <type>network</type>
            </reported_device>
        </reported_devices>
Comment 10 Tomáš Golembiovský 2018-01-19 17:41:03 UTC 
(In reply to Petr Matyáš from comment #9)
> Using version 1.0.14-1

Try with latest version 1.0.14-3
Comment 11 Petr Matyáš 2018-01-23 12:07:11 UTC 
(In reply to Tomáš Golembiovský from comment #10)
> (In reply to Petr Matyáš from comment #9)
> > Using version 1.0.14-1
> 
> Try with latest version 1.0.14-3

That's not how this works, that's not how any of this works :D

And no, with ovirt-guest-agent-common-1.0.14-3.el7ev.noarch it's still reporting eth0 even when it's defined in /etc/ovirt-guest-agent.conf with 'ignored_nics = eth0'.
Comment 12 Yaniv Kaul 2018-02-17 18:59:40 UTC 
(In reply to Petr Matyáš from comment #11)
> (In reply to Tomáš Golembiovský from comment #10)
> > (In reply to Petr Matyáš from comment #9)
> > > Using version 1.0.14-1
> > 
> > Try with latest version 1.0.14-3
> 
> That's not how this works, that's not how any of this works :D
> 
> And no, with ovirt-guest-agent-common-1.0.14-3.el7ev.noarch it's still
> reporting eth0 even when it's defined in /etc/ovirt-guest-agent.conf with
> 'ignored_nics = eth0'.

Tomáš, can you please take a look at the issue?
Comment 13 Tomáš Golembiovský 2018-02-19 10:20:57 UTC 
It turns out the problem is caching of the data in engine. I'm moving the bug back to QA and I opened a separate bug on engine.
Comment 16 Petr Matyáš 2018-03-19 15:35:33 UTC 
Verified on ovirt-guest-agent-common-1.0.14-3.el7ev

Specific NIC can be blacklisted, however only when GA was not yet started, in ovirt-guest-agent.conf. If it was already running it already reported the data and thus it's saved (cached) in the DB. At least till bug#1546675 is not solved.

You can delete the specific line from the DB (table vm_guest_agent_interfaces) and not have it reported in the engine any more if you like.
Comment 17 Sandro Bonazzola 2018-03-29 11:08:31 UTC 
This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Comment 18 Emma Heftman 2018-04-08 11:36:27 UTC 
Hi Tomas
I'm reviewing the doc text and I'm not sure what to make of the known bug that you discuss. Are you implying that the known bug is a small/irrelevant issue, and that most customers will only be using the feature for new VMs?

Usually, we do not reference other bugs in a specific bug's release note text. Either the issue is a known issue and will be defined as such anyway in it's definition at the time of release, or i simply need to say that currently the feature does is available for new VMs only.
Comment 19 Tomáš Golembiovský 2018-04-16 12:31:53 UTC 
clearing the needinfo, there's nothing more to add here
Comment 20 Michal Skrivanek 2018-04-25 08:47:05 UTC 
well, except that with qemu-guest-agent reporting there is no such blacklisting available and you again get all the interfaces and addresses, including the loopback and 127.0.0.1 which we filter in ovirt-guest-agent by default for a long time