[Ovirt-devel] Some networking and provisioning questions
Hugh O. Brock
hbrock at redhat.com
Mon Mar 16 20:05:12 UTC 2009
Hi oVirt folks. We just finished a conversation about oVirt network
and provisioning configuration and I thought it would be useful to put
it out in the community for discussion. You can refer to the diagrams
at http://ovirt.org/page/ArchDiagrams for background.
oVirt quick network meeting summary
Problem: With the current SSL setup for httpd, you can't reach the UI
from the server's public (web) interface. In effect, Apache is only
listening on the admin network, which works fine for configuring the
node but doesn't work at all for users browsing to the UI.
Solution: Change the installer so that it will define both public and
admin networks, such that we can correctly redirect http requests on
the public network to port 443 on the public network. This is underway
and will be done before the 0.97 release (i.e. today).
Problem: With the current network architecture, VMs have no direct
access to the admin network. However, the provisioning system
(cobbler) only operates over the admin network (on which it provisions
nodes). It is therefore impossible to PXE a VM except in the
degenerate case where the admin network and the VM network is the
same.
Solution: Several possible:
* Provision only via cobbler-managed ISOs, ditch PXE altogether
other than for node boot
* Set up a two-stage provisioning process for VMs -- all VMs have
two nics, one on the admin network and one on the VM network, but
we firewall the admin network post-install. Seems impossibly
complex.
* Have cobbler listen on the VM network as well as the admin network
(or have two cobblers, one for each network). If the VM network is
public (i.e. the internet) this seems like a very strange
idea... on the other hand even if the VM network is publicly
routable you could still PXE VMs locally. Not sure if this is
sensible or not.
* Set up a separate, private "provisioning" network, on which all
VMs would have a permanent NIC, and run a separate cobbler server
on it.
I'm inclined to go with solution 1, but I'm willing to be convinced
otherwise.
Suggestions?
Take care,
--Hugh
More information about the ovirt-devel
mailing list