[Ovirt-devel] Some architecture diagrams

Daniel P. Berrange berrange at redhat.com
Fri Feb 15 15:23:59 UTC 2008 

On Fri, Feb 15, 2008 at 03:15:46PM +0000, Richard W.M. Jones wrote:
> Daniel P. Berrange wrote:
> >Attached are a couple of diagrams we're thinking about adding to the 
> >website
> >to show the logical & physical architecture of oVirt.  Yes, they're missing
> >iSCSI storage server, but that's a simple addition. Comments... ?
> 
> It's not clear from the diagram that (a) the FreeIPA server must be a 
> separate guest (or separate machine) and (b) it needs to have a steady 
> IP address and be available to other machines on the network.  In 
> particular requirement (b) tends to rule out using qemu or KVM (for me, 
> because I've never really worked out how to get user networking to have 
> an IP address which isn't on the private 192.168.122.* network).

You ned to bridge the KVM guest to the real LAN, rather than using the
virtual networking. Option 2, in this doc:

http://www.watzmann.net/blog/index.php/2007/04/27/networking_with_kvm_and_libvirt

Then you're guests just talk to the real LAN dhcp server where you can
assign permanent addresses.

In terms of separate guest / machine for FreeIPA, this is really a deployment
choice.  I think it'll be most trouble-free if you keep FreeIPA and the oVirt
WUI in separate virtual machines. I should be possible to run them in the
same VM with suitably clever Apache config, but unless you're really familiar
with this I think it'll cause more development pain. 

The physical diagram is intended to show the minimal recommended dev
setup - 2 physical machines. 1 for running guests, and 1 for running the
admin console & associated services like FreIPA, iSCSI, DHCP, DHNS.

We need a second version of the physical diagram to show a 'production'
level setup, with multiple managed nodes for running guests, and each
of oVirt WUI, FreeIPA, iSCSI running on separate hosts.

> I'm unclear on why FreeIPA needs to be its own machine though.  Can we 
> not set it up so it uses just its own port number by default?

In theory yes, but we were having some trouble with mod_kerberos wrt to
the service principles. I think its doable, but we need to spend more
time poking the apache configs.

Dan
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

More information about the ovirt-devel mailing list