[Ovirt-devel] Some architecture diagrams
Daniel P. Berrange
berrange at redhat.com
Fri Feb 15 15:23:59 UTC 2008
On Fri, Feb 15, 2008 at 03:15:46PM +0000, Richard W.M. Jones wrote:
> Daniel P. Berrange wrote:
> >Attached are a couple of diagrams we're thinking about adding to the
> >website
> >to show the logical & physical architecture of oVirt. Yes, they're missing
> >iSCSI storage server, but that's a simple addition. Comments... ?
>
> It's not clear from the diagram that (a) the FreeIPA server must be a
> separate guest (or separate machine) and (b) it needs to have a steady
> IP address and be available to other machines on the network. In
> particular requirement (b) tends to rule out using qemu or KVM (for me,
> because I've never really worked out how to get user networking to have
> an IP address which isn't on the private 192.168.122.* network).
You ned to bridge the KVM guest to the real LAN, rather than using the
virtual networking. Option 2, in this doc:
http://www.watzmann.net/blog/index.php/2007/04/27/networking_with_kvm_and_libvirt
Then you're guests just talk to the real LAN dhcp server where you can
assign permanent addresses.
In terms of separate guest / machine for FreeIPA, this is really a deployment
choice. I think it'll be most trouble-free if you keep FreeIPA and the oVirt
WUI in separate virtual machines. I should be possible to run them in the
same VM with suitably clever Apache config, but unless you're really familiar
with this I think it'll cause more development pain.
The physical diagram is intended to show the minimal recommended dev
setup - 2 physical machines. 1 for running guests, and 1 for running the
admin console & associated services like FreIPA, iSCSI, DHCP, DHNS.
We need a second version of the physical diagram to show a 'production'
level setup, with multiple managed nodes for running guests, and each
of oVirt WUI, FreeIPA, iSCSI running on separate hosts.
> I'm unclear on why FreeIPA needs to be its own machine though. Can we
> not set it up so it uses just its own port number by default?
In theory yes, but we were having some trouble with mod_kerberos wrt to
the service principles. I think its doable, but we need to spend more
time poking the apache configs.
Dan
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the ovirt-devel
mailing list