[Ovirt-devel] Ovirt Host Tasks
Hugh O. Brock
hbrock at redhat.com
Mon Mar 17 19:29:43 UTC 2008
On Mon, Mar 17, 2008 at 03:02:20PM -0400, Perry N. Myers wrote:
>
> I'm all for getting rid of static config support. The fundamental question
> is, how many people would require static IP config (as opposed to static
> DHCP reservations)? If that is a significant number of potential users, it
> makes sense to support it.
>
> We can always take the approach of: implement stateless/DHCP support only
> and then if we get feedback from enough folks that static addressing is
> important enough we can try to add it in later.
>
> Unless I hear major objections, this is how I'll proceed.
Yeah, that works for me.
> I don't like the idea of having a separate PXE image for each individual
> host unless -absolutely- necessary. So we shouldn't encourage this.
>
> So here are some assumptions we would should make:
>
> * DHCP only
> * keytab/SSL cert stored in TPM if available
> * If TPM not available, keytab/SSL cert stored on local storage (USB/disk)
> * If no persistent storage available, just attach the smallest thumb drive
> that you have to the box. (i.e. *make* persistent storage available)
Yeah that works for me too with the caveat that we should allow Avahi
conf as well I think...
>> Hadn't thought about using TPM for the keytab, that's a neat idea. I'm
>> a bit leery of using any local HDD on the machine for it though.
>
> Why? Are you ok with using USB storage but not ok with using HDD storage?
Good question. Seems to me that ideally you want your keytab stored on
read-only storage (i.e. a cdrom or a usb key with a read-only
switch or TPM)... which isn't really possible for local HDD storage. Maybe
this is stupidly paranoid or just doesn't make any sense though.
Let me know,
--H
More information about the ovirt-devel
mailing list