Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Deploy Oracle Linux Virtualization Manager using the Open Virtualization Network Provider on Oracle Cloud Infrastructure

Introduction

In this tutorial, we will walk through a scenario where a team aims to increase the utilization of a fleet of bare metal nodes by extending their existing on-premises Oracle Linux Virtualization Manager environment into Oracle Cloud Infrastructure (OCI). By integrating Oracle Cloud’s networking capabilities with Open Virtual Network (OVN), you can bridge connectivity between on-premises resources and Oracle Linux Virtualization Manager deployed virtual machines (VMs) in OCI through FastConnect.

Note: This tutorial is only for testing and evaluation purposes; Oracle Linux Virtualization Manager support for OCI is under development and actually not supported to manage OCI systems. The use of OVN with Oracle Linux Virtualization Manager is under technology preview, indicating that a feature is still under development.

Solution Overview and Deployment

Solution Overview

We will need a new VCN (10.0.0.0/16) with the following resources:

• One public subnet (10.0.11.0/24) used for the primary VNIC of the hosted-engine.
• One private subnet (10.0.12.0/24) used for the primary VNIC of the Oracle Linux Kernel-based Virtual Machine (KVM) hosts.
• Virtual Local Area Network (VLAN) 1000 (10.0.10.0/24) used for the communication between Oracle Linux Virtualization Manager hosted engine and KVM hosts.
• VLAN 1001 (10.0.20.0/24) used to expand the OVN virtual networks into OCI.
• One NAT Gateway.
• One Internet Gateway.
• One private route table (0.0.0.0/0 through NAT gateway) and associate it with the private subnet and VLAN 1001.
• One public route table (0.0.0.0/0 through internet gateway) and associate it with the public subnet.
• Security lists should allow:
  • All egress connections (0.0.0.0/0) all protocols.
  • All ingress connections from VCN CIDR (10.0.0.0/16).
  • Ingress connection for all protocols from client PC.

Solution deployment

• Create one VM instance (recommended configuration: VM.Standard.E5.Flex with 2 OCPUs/24GB RAM) running Oracle Linux 8 for the hosted engine. Attach a secondary VNIC to the VM instance, and connect it to the VLAN 1000.

• Create two BM instances (recommended configuration: BM.Standard.E5.192) running Oracle Linux 8 that will be used as KVM hosts. Attach two secondary VNICs to each of the BM hosts and connect them to the VLANs 1000 and 1001.

Objectives

• Run Oracle Linux Virtualization Manager Release 4.5 in OCI and enable VMs to access the Internet through the OCI NAT gateway.

Prerequisites

• Oracle Linux Virtualization Manager hosted engine can run on a VM (VM.Standard.E5.Flex with 2 OCPUs/24GB RAM - tested).

• Oracle Linux Kernel-based Virtual Machine (KVM) hosts can run on Bare Metal (BM) hosts (BM.Standard.E5.192 - tested).

• All the BM resources should be created in the same availability domain (AD).

• All hosts can run Oracle Linux 8 (Oracle-Linux-8.10-2024.09.30-0 - tested).

Task 1: Set up Oracle Linux Virtualization Manager Hosted Engine

We will start by configuring the secondary interface. The current interface status should look like (ignore the private IP address on the primary VNIC):

[root@olvm-he opc]# ifconfig
    enp0s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9000
            inet 10.0.11.189  netmask 255.255.255.0  broadcast 10.0.11.255
            inet6 fe80::17ff:fe10:3ae0  prefixlen 64  scopeid 0x20<link>
            ether 02:00:17:10:3a:e0  txqueuelen 1000  (Ethernet)
            RX packets 10199  bytes 176890375 (168.6 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 6954  bytes 1777090 (1.6 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            ether 02:00:17:11:02:0c  txqueuelen 1000  (Ethernet)
            RX packets 19  bytes 6498 (6.3 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 166  bytes 28164 (27.5 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 80  bytes 6320 (6.1 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 80  bytes 6320 (6.1 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Configure the second interface, enp1s0, in VLAN 1000:

[root@olvm-he opc]# nmcli connection add type ethernet con-name enp1s0 ifname enp1s0 ipv4.method manual ipv4.address '10.0.10.5/24' ipv4.gateway '10.0.10.1'

Now, install Oracle Linux Virtualization Manager Release 4.5.

1. Enable the ol8_baseos_latest repository.

   [root@olvm-he opc]# dnf config-manager --enable ol8_baseos_latest
   

2. Install the Oracle Linux Virtualization Manager Release 4.5 package, which automatically enables or disables the required repositories.

   [root@olvm-he opc]# dnf install -y oracle-ovirt-release-45-el8
   

3. Run the dnf command to verify that the required repositories are enabled.

   [root@olvm-he opc]# dnf clean all
   [root@olvm-he opc]# dnf repolist
   

   The following repositories must be enabled:

   • ol8_baseos_latest
   • ol8_appstream
   • ol8_kvm_appstream
   • ovirt-4.5
   • ovirt-4.5-extra
   • ol8_gluster_appstream
   • (For VDSM) ol8_UEKR7

4. Run the following command to enable any missing repository.

   [root@olvm-he opc]# dnf config-manager --enable <repository-name> 
   

5. Run the following command if your host is running UEK R7.

   dnf install -y kernel-uek-modules-extra
   

6. Run the ovirt-engine command to install the manager.

   dnf install -y ovirt-engine --allowerasing
   

7. Run the following command to configure the engine.

   engine-setup
   

For each configuration step, you may check the recommendations on the official installation documentation. For more information, see Engine Configuration Options.

Task 2: Access the Oracle Linux Virtualization Manager Web Console

If Oracle Linux Virtualization Manager is installed successfully, you should see the web access information being displayed in the console.

http://olvm-he.olvm.defaultvcn.oraclevcn.com:80/ovirt-engine
https://olvm-he.olvm.defaultvcn.oraclevcn.com:443/ovirt-engine.

Notes:

• By default, the Oracle VCN domain is not publicly resolvable.
• Make sure the security list/NSG configured for the instance allows ingress connections on port 443.

To access the Oracle Linux Virtualization Manager hosted engine web console, you can add a DNS record to the local Operating System (OS) hosts file C:\Windows\System32\drivers\etc\hosts.

<VM-public-IP> olvm-he.olvm.defaultvcn.oraclevcn.com

You can authenticate with admin@ovirt username and the configured password.

Task 3: Set up the Oracle Linux Kernel-based Virtual Machine (KVM) Hosts

We are starting with the first KVM host. To configure the second host, you need to SSH into the second BM host and run the same commands. Note to update the MAC and IP addresses when you set up the VLAN 1000 interface.

1. Confirm the KVM host has two secondary VNICs, connected to the VLANs 1000 and 1001.

   

2. Set up the secondary VNIC in VLAN 1000.

   [root@kvm-1 opc]# nmcli connection add type vlan con-name ens340np0.1000 ifname ens340np0.1000 vlan.parent ens340np0 vlan.id 1000
   [root@kvm-1 opc]# nmcli connection modify ens340np0.1000 ethernet.cloned-mac-address 02:00:17:14:AA:20 ipv4.addresses '10.0.10.11/24' ipv4.gateway '10.0.10.1' ipv4.method manual
   

   Note:

   • 02:00:17:14:AA:20 is the MAC address of the VLAN 1000 VNIC for the first KVM host (make sure to use the correct MAC address when you set up the interface ens340np0.1000 on the second KVM host).
   • 10.0.10.11/24 is the IP address we will use for the first KVM host in VLAN 1000.
   • 10.0.10.12/24 is the IP address we will use for the second KVM host in VLAN 1000.

3. Enable the ol8_baseos_latest repository.

   [root@kvm-1 opc]# dnf config-manager --enable ol8_baseos_latest
   

4. Install the Oracle Linux Virtualization Manager Release 4.5 package, which automatically enables or disables the required repositories.

   [root@kvm-1 opc]# dnf install -y oracle-ovirt-release-45-el8
   

5. Run the dnf command to verify that the required repositories are enabled.

   [root@kvm-1 opc]# dnf clean all
   [root@kvm-1 opc]# dnf repolist
   

   The following repositories must be enabled:

   • ol8_baseos_latest
   • ol8_appstream
   • ol8_kvm_appstream
   • ovirt-4.5
   • ovirt-4.5-extra
   • ol8_gluster_appstream
   • (For VDSM) ol8_UEKR7

6. Run the following command to enable any missing repository.

   [root@kvm-1 opc]# dnf config-manager --enable <repository-name>
   

7. Run the following command if your host is running UEK R7.

   [root@kvm-1 opc]# dnf install -y kernel-uek-modules-extra
   

8. Activate the cockpit web console and open the firewall port.

   [root@kvm-1 opc]# systemctl enable --now cockpit.socket
   [root@kvm-1 opc]# firewall-cmd --permanent --zone=public --add-service=cockpit
   [root@kvm-1 opc]# firewall-cmd --reload
   

Task 4: Set up the DNS Private Zone

1. Create a new private DNS zone in OCI. For more information, see Creating a Private DNS Zone.

   • The zone can be named olvm.demo.
   • Attach the zone to the DNS private view of the VCN.

2. Create two DNS records for the two KVM hosts and publish the changes.

   A 10.0.10.11 kvm1.olvm.demo
   A 10.0.10.12 kvm2.olvm.demo
   

   

Task 5: Add the KVM hosts to Oracle Linux Virtualization Manager

1. Connect to the Oracle Linux Virtualization Manager web console.

2. Update the ovirtmgmt network to use VLAN 1000.

   1. Navigate to Network and Networks.

   2. Select ovirtmgmt and click Edit.

   3. Select Enable VLAN tagging, enter 1000 and click Ok.

3. Add the KVM hosts.

   1. Navigate to Compute and Hosts.

   2. Click New and enter the following information.

      • Name: Enter kvm1.olvm.demo.
      • Hostname: Enter kvm1.olvm.demo.
      • Authentication: Select SSH Public Key.

      Add the public SSH key to the /root/.ssh/authorized_keys file on the KVM host and remove the existing content.

   3. Click Ok.

   

Task 6: Add the Oracle Linux Virtualization Manager Certificate Authorities (CA) to the Browser Trusted Root Certificate Authorities List

1. Download the CA certificate from the following address: https://<OLVM-hosted-engine-FQDN>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA.

2. Navigate to the browser Settings, Certificates and import the Oracle Linux Virtualization Manager CA to the trusted root certificate authorities list.

Task 7: Create a New Storage Domain

1. Create a new OCI Block Volume within the same availability domain as the KVM hosts.

   

2. Attach the block volume to the first KVM host and select Read/write - shareable as Access.

   

3. Attach the same block volume to the second KVM host and select Read/Write - shareable as Access.

4. Create a new storage domain in Oracle Linux Virtualization Manager.

   1. Go to the Oracle Linux Virtualization Manager web console, navigate to Storage and Domains.

   2. Click New Domain and enter the following information.

      • Name: Enter iscsi-datavol.
      • Storage Type: Select iSCSI.
      • Host: Enter kvm1.private.zone.
      • Address: Enter 169.254.2.2.
      • Port: Enter 3260.

   3. Click Login All.

   4. Expand the discovered target and click Add for the Lun ID.

   5. Click Ok to create the new domain.

Task 8: Upload a New Operating System Image

1. Go to the Oracle Linux Virtualization Manager web console, navigate to Storage and Disks.

2. Click Upload and Start.

3. Provide the OS ISO image. Select the iscsi-datavol storage domain and click Ok. For more information, see Get Ubuntu Server.

   

Task 9: Set up Open Virtual Network (OVN) Networking

1. Go to the Oracle Linux Virtualization Manager web console, navigate to Network, Networks and click New.

2. Enter the following information.

   • Name: Select Default.
   • Select Create on external provider.
   • External Provider: Enter ovirt-provider-ovn.
   • Network Port Security: Select Disabled.

   

3. Select Subnets and create a new subnet with the following information.

   • Name: Select default.
   • CIDR: Enter 10.0.150.0/24.
   • Gateway: Enter 10.0.150.1.

   

4. Click Ok.

Task 10: Provision a New Virtual Machine in Oracle Linux Virtualization Manager

1. Go to the Oracle Linux Virtualization Manager web console, navigate to Compute, Virtual Machines and click New.

2. Enter the following information.

   • Name: Enter vm1.
   • In Instance Images, click Create and enter Size to be 15GB.
   • nic1: Select Default/Default.

3. Click Show Advanced Options, enter the following information and click Ok.

   • Boot Options: Attach CD - ubuntu-24.04.1-live-server-amd64.iso.

   

4. Wait for the disk to be created, select the created VM, click Run and wait for the VM to start.

5. To connect to the VM console, navigate to Console, Console Options, select NoVNC, click Ok and then click Console.

   Proceed installing the OS, note that at stage, Internet is not available.

Task 11: Connect the Open Virtual Network to OCI VCN

In the following image you can see an illustration of the logical network we need to define in Oracle Linux Virtualization Manager.

The access to the OCI VLAN 1001 is provided through a distributed gateway port. For more information, see How to create an Open Virtual Network distributed gateway router.

1. Configure the third VNICs on the KVM hosts.

   nmcli connection add type vlan con-name ens340np0.1001 ifname ens340np0.1001 vlan.parent ens340np0 vlan.id 1001
      
   nmcli connection modify ens340np0.1001 ethernet.cloned-mac-address <VNIC-MAC> ipv4.method disabled ipv6.method disabled
      
   # replace the <VNIC-MAC> with the MAC address associated with the VNIC connected to VLAN 1001.
   

2. Run the following commands from the Oracle Linux Virtualization Manager engine to display the current setup.

   [root@olvm-he opc]# ovn-nbctl show
   switch 9364e7ce-87a9-4bc4-b044-b973e3288bcd (ovirt-Default-72198b26-61c3-4448-b13e-b72bb29f57ea)
       port 35bfefc5-8a7e-4f17-b508-587d764875ba
           addresses: ["56:6f:4b:b2:00:01 dynamic"]
   [root@olvm-he opc]# ovn-sbctl show
   Chassis kvm2.olvm.demo
       hostname: kvm-2.kvmhosts.defaultvcn.oraclevcn.com
       Encap geneve
           ip: "10.0.10.12"
           options: {csum="true"}
   Chassis kvm1.olvm.demo
       hostname: kvm-1.kvmhosts.defaultvcn.oraclevcn.com
       Encap geneve
           ip: "10.0.10.11"
           options: {csum="true"}
       Port_Binding "35bfefc5-8a7e-4f17-b508-587d764875ba"
   

3. Create the logical router named router.

   [root@olvm-he opc]# ovn-nbctl lr-add router
   

4. Create router port for connection to the Oracle Linux Virtualization Manager Default bridge.

   [root@olvm-he opc]# ovn-nbctl lrp-add router router-ovirt-default 40:44:00:00:00:03 10.0.150.1/24
   

5. Connect the Default bridge to the router.

   [root@olvm-he opc]# ovn-nbctl lsp-add ovirt-Default-72198b26-61c3-4448-b13e-b72bb29f57ea ovirt-default-router
   [root@olvm-he opc]# ovn-nbctl lsp-set-type ovirt-default-router router
   [root@olvm-he opc]# ovn-nbctl lsp-set-addresses ovirt-default-router router
   [root@olvm-he opc]# ovn-nbctl lsp-set-options ovirt-default-router router-port=router-ovirt-default
   

6. Run the following command to display the logical network.

   [root@olvm-he opc]# ovn-nbctl show
   switch 9364e7ce-87a9-4bc4-b044-b973e3288bcd (ovirt-Default-72198b26-61c3-4448-b13e-b72bb29f57ea)
       port ovirt-default-router
           type: router
           router-port: router-ovirt-default
       port 35bfefc5-8a7e-4f17-b508-587d764875ba
           addresses: ["56:6f:4b:b2:00:01 dynamic"]
   router b4bd08bc-d8c0-43c8-b27e-83e6e1f3b940 (router)
       port router-ovirt-default
           mac: "40:44:00:00:00:03"
           networks: ["10.0.150.1/24"]
   

7. Create the logical bridge named public.

   [root@olvm-he opc]# ovn-nbctl ls-add public
   

8. Prepare to connect the local KVM hosts port to the logical bridge public through the provider network.

   [root@olvm-he opc]# ovn-nbctl lsp-add public ln-public
   [root@olvm-he opc]# ovn-nbctl lsp-set-type ln-public localnet
   [root@olvm-he opc]# ovn-nbctl lsp-set-addresses ln-public unknown
   [root@olvm-he opc]# ovn-nbctl lsp-set-options ln-public network_name=provider
   

9. Connect the router to the public logical bridges using a distributed router port.

   [root@olvm-he opc]# ovn-nbctl lrp-add router router-public 02:00:17:0F:D1:16 10.0.20.10/24
   [root@olvm-he opc]# ovn-nbctl lsp-add public public-router
   [root@olvm-he opc]# ovn-nbctl lsp-set-type public-router router
   [root@olvm-he opc]# ovn-nbctl lsp-set-addresses public-router router
   [root@olvm-he opc]# ovn-nbctl lsp-set-options public-router router-port=router-public
   

10. Schedule the router port (higher priority for the first KVM host).

    [root@olvm-he opc]# ovn-nbctl lrp-set-gateway-chassis router-public kvm1.olvm.demo 20
    [root@olvm-he opc]# ovn-nbctl lrp-set-gateway-chassis router-public kvm2.olvm.demo 15
    

11. Check the configuration of the router port.

    [root@olvm-he opc]# ovn-nbctl lrp-get-gateway-chassis router-public
    router-public-kvm1.olvm.demo    20
    router-public-kvm2.olvm.demo    15
    

12. Define next hop for 0.0.0.0/0 through OCI VLAN gateway.

    [root@olvm-he opc]# ovn-nbctl lr-route-add router "0.0.0.0/0" 10.0.20.1
    

13. Run the following command to see the configuration summary.

    [root@olvm-he opc]# ovn-nbctl show
    switch a7ce3f64-44e2-4a60-993b-b2d230a13212 (public)
        port public-router
            type: router
            router-port: router-public
        port ln-public
            type: localnet
            addresses: ["unknown"]
    switch 9364e7ce-87a9-4bc4-b044-b973e3288bcd (ovirt-Default-72198b26-61c3-4448-b13e-b72bb29f57ea)
        port ovirt-default-router
            type: router
            router-port: router-ovirt-default
        port 35bfefc5-8a7e-4f17-b508-587d764875ba
            addresses: ["56:6f:4b:b2:00:01 dynamic"]
    router b4bd08bc-d8c0-43c8-b27e-83e6e1f3b940 (router)
        port router-ovirt-default
            mac: "40:44:00:00:00:03"
            networks: ["10.0.150.1/24"]
        port router-public
            mac: "02:00:17:0F:D1:16"
            networks: ["10.0.20.10/24"]
            gateway chassis: [kvm1.olvm.demo kvm2.olvm.demo]
    [root@olvm-he opc]# ovn-sbctl show
    Chassis kvm2.olvm.demo
        hostname: kvm-2.kvmhosts.defaultvcn.oraclevcn.com
        Encap geneve
            ip: "10.0.10.12"
            options: {csum="true"}
    Chassis kvm1.olvm.demo
        hostname: kvm-1.kvmhosts.defaultvcn.oraclevcn.com
        Encap geneve
            ip: "10.0.10.11"
            options: {csum="true"}
        Port_Binding cr-router-public
        Port_Binding "35bfefc5-8a7e-4f17-b508-587d764875ba"
    

    We can confirm by seeing Port_Binding cr-router-public under kvm1.olvm.demo section that the router port is associated with the first KVM host.

14. Map local interfaces of the KVM hosts, connected to VLAN 1001, to the provider network.

    [root@kvm-1 opc]# ovs-vsctl set open . external-ids:ovn-cms-options="enable-chassis-as-gw=true"
    [root@kvm-1 opc]# ovs-vsctl set open . external-ids:ovn-bridge-mappings=provider:br-provider
    [root@kvm-1 opc]# ovs-vsctl --may-exist add-br br-provider
    [root@kvm-1 opc]# ovs-vsctl --may-exist add-port br-provider ens340np0.1001
    [root@kvm-1 opc]# ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings=br-provider:02:00:17:0F:D1:16
        
    [root@kvm-2 opc]# ovs-vsctl set open . external-ids:ovn-cms-options="enable-chassis-as-gw=true"
    [root@kvm-2 opc]# ovs-vsctl set open . external-ids:ovn-bridge-mappings=provider:br-provider
    [root@kvm-2 opc]# ovs-vsctl --may-exist add-br br-provider
    [root@kvm-2 opc]# ovs-vsctl --may-exist add-port br-provider ens340np0.1001
    [root@kvm-2 opc]# ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings=br-provider:02:00:17:08:08:A5
    

15. The OCI VLAN is delivering frames only to the MAC addresses associated with the VLAN connected devices.

    If we are not using NAT, in the event the owner of the logical router port is changed, we need to update the logical router port MAC address to match the MAC address of the active chassis.

    The following service takes care of this operation. Update the Open Virtual Network SB database with the chassis MAC address mappings (required for the switchover controller functionality.)

    [root@olvm-he opc]# ovn-sbctl set chassis kvm1.olvm.demo external_ids:ovn-chassis-mac-mappings=br-provider:02:00:17:0F:D1:16 #replace with the MAC address of the VLAN1001 VNIC on KVM1 host
    [root@olvm-he opc]# ovn-sbctl set chassis kvm2.olvm.demo external_ids:ovn-chassis-mac-mappings=br-provider:02:00:17:08:08:A5 #replace with the MAC address of the the VLAN1001 VNIC on KVM2 host
    

16. Create the file named /usr/share/ovirt-provider-ovn/ovn_ha_gw_controller.py with the following content.

    import logging
    import os
    import sys
    import traceback
        
    from ovsdbapp.backend.ovs_idl import connection
    from ovsdbapp.backend.ovs_idl import idlutils
    from ovsdbapp.schema.ovn_southbound import impl_idl as impl_sbidl
    from ovsdbapp.schema.ovn_northbound import impl_idl as impl_nbidl
    from ovsdbapp.backend.ovs_idl import event as row_event
    from threading import Event
        
        
    stdout_handler = logging.StreamHandler(stream=sys.stdout)
        
    logging.basicConfig(
        level=logging.INFO, 
        format='%(processName)s %(threadName)s:	%(asctime)s - %(name)s - %(module)s - %(levelname)s - %(message)s',
        handlers = [stdout_handler]
    )
        
    logger = logging.getLogger('main')
        
        
    OVN_MONITORED_LOGICAL_PORT = os.environ.get('OVN_MONITORED_LOGICAL_PORT', '')
        
    if not OVN_MONITORED_LOGICAL_PORT:
        logger.info("No distributed router port name found. Check if the `OVN_MONITORED_LOGICAL_PORT` is defined.")
        sys.exit(1)
        
    conn_sb = "unix:/var/run/ovn/ovnsb_db.sock"
    conn_nb = "unix:/var/run/ovn/ovnnb_db.sock"
        
    class PortBindingEvent(row_event.RowEvent):
        """
        Port_Binding event
        """
        
        def __init__(self, monitored_logical_port):
            table = 'Port_Binding'
            self.monitored_logical_port = monitored_logical_port
            events = (self.ROW_UPDATE)
            super().__init__(events, table, None)
            self.event_name = self.__class__.__name__
        
        def match_fn(self, event, row, old):
            try:
                # Check if the event is for the distributed gateway port.
                if row.logical_port != self.monitored_logical_port:
                    return False
        
                # Check if chassis data is present and the chassis field was modified.
                logger.debug(f"Event match_fn with row: {row.__repr__} | old: {old.__dict__}")
                if len(row.chassis) and old._data.get("chassis", None):
                    logger.info(f"The monitored router port has been allocated to a new chassis: {row.chassis[0].name}")
                    return True
        
            except Exception as e:
                logger.error(traceback.format_exc())
            return False
        
        def run(self, event, row, old):
            # Determine the MAC address that should be used in the new chassis
            chassis_config = api_sb.db_get("Chassis", row.chassis[0].name, "other_config").execute()
            logger.debug(f"current chassis_config: {chassis_config}")
        
            # Fetching the new chassis MAC address
            new_chassis_mac = chassis_config.get("ovn-chassis-mac-mappings", "")[-17:]
            logger.debug(f"New chassis MAC: {new_chassis_mac}")
            if not new_chassis_mac:
                logger.error('The chassis MAC mappings has not been defined in the OVN SB database.')
                logger.error('Please update the chassis MAP mappings using the command:')
                logger.error('ovn-sbctl set chassis <chassis-name> external_ids:ovn-chassis-mac-mappings="<ext-br>:02:00:17:04:C2:99"')
                logger.error('Could not update the distributed routed port MAC address.')
                return
        
            # Fetching the distributed port name
            port_name = row.options.get('distributed-port')
            logger.debug(f"Port Name: {port_name}")
        
            # Updating the router port MAC Address
            api_nb.db_set("Logical_Router_Port", port_name, ("mac", new_chassis_mac)).execute()
            logger.info(f"MAC address for the router port {port_name} has been updated to: {new_chassis_mac}")
        
    class BaseOvnSbIdl(connection.OvsdbIdl):
        def __init__(self, remote, schema, **kwargs):
        
            event = PortBindingEvent(OVN_MONITORED_LOGICAL_PORT)
            self.notify_handler = row_event.RowEventHandler()
            self.notify_handler.watch_event(event)
        
            super(BaseOvnSbIdl, self).__init__(remote, schema, **kwargs)
        
        def notify(self, event, row, updates=None):
            self.notify_handler.notify(event, row, updates)
        
        
    i_sb = BaseOvnSbIdl.from_server(conn_sb, 'OVN_Southbound')
    i_nb = connection.OvsdbIdl.from_server(conn_nb, 'OVN_Northbound')
        
    # The ovsdbapp Connection object
    try:
        c_sb = connection.Connection(idl=i_sb, timeout=3)
        c_nb = connection.Connection(idl=i_nb, timeout=3)
    except Exception as e:
        logger.error(f'Unable to connect to the OVN databases: {traceback.format_exc()}')
        sys.exit(1)
        
    # The OVN_Northbound API implementation object
        
    api_sb = impl_sbidl.OvnSbApiIdlImpl(c_sb)
    api_nb = impl_nbidl.OvnNbApiIdlImpl(c_nb)
        
    logger.info(f'Started monitoring the distributed logical port: {OVN_MONITORED_LOGICAL_PORT}')
        
    Event().wait()
    

17. Create the file named /etc/systemd/system/ovn-ha-gateway-controller.service with the following content.

    [Unit]
    Description=oVirt HA Gateway port controller
    Requires=ovsdb-server.service
    After=ovsdb-server.service
        
    [Service]
    Environment="OVN_MONITORED_LOGICAL_PORT=cr-router-port"
    Type=simple
    ExecStart=/usr/libexec/platform-python /usr/share/ovirt-provider-ovn/ovn_ha_gw_controller.py
    ExecStop=
    Restart=always
    RestartSec=10
        
    [Install]
    WantedBy=multi-user.target
    Enable and start the service.
    

18. Start the service.

    systemctl enable ovn-ha-gateway-controller.service
    systemctl start ovn-ha-gateway-controller.service
    

Task 12: Finalize OCI Networking Configuration.

The packets from the VM1 should be able to reach OCI VLAN 1001. Our plan is to enable these packets to reach the Internet.

1. You should attach a route table to the VLAN with the rule: (Route 0.0.0.0/0 through NAT gateway).

   

2. For the traffic returning from the Internet towards the VM1, we need to handle the routing for CIDR 10.0.150.0/24. We need to define an external IP for VLAN 1001. This is the IP address associated with the logical router port, 10.0.20.10.

   

   With this IP address defined, we will create a new routing table with the rule: ( Route 10.0.150.0/24 through 10.0.20.10)

   

3. Now, we can associate this new route with the NAT gateway and forward the packets to reach VM1.

   

   At this stage we should be able to reach the Internet from the VM1.

   

Related Links

• Oracle Cloud Infrastructure Documentation

• Oracle Linux Virtualization Manager

• ovn-nbctl(8) — Linux manual page

• ovn-sbctl(8) — Linux manual page

• How to create an Open Virtual Network distributed gateway router

Acknowledgments

• Author - Andrei Ilas (Master Principal Cloud Architect)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Deploy Oracle Linux Virtualization Manager using the Open Virtualization Network Provider on Oracle Cloud Infrastructure

G19480-02

December 2024

Copyright ©2024,

Oracle and/or its affiliates.