Re: [Engine-devel] Gluster IPTable configuration

From: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; To: "Andrew Cathrow" <acathrow(a)redhat.com&gt; Cc: engine-devel(a)ovirt.org, "Shireesh Anjal" <sanjal(a)redhat.com&gt;, "Mike Burns" <mburns(a)redhat.com&gt; Sent: Monday, September 3, 2012 5:09:34 PM Subject: Re: [Engine-devel] Gluster IPTable configuration ----- Original Message ----- > From: "Andrew Cathrow" <acathrow(a)redhat.com&gt; > To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; > Cc: engine-devel(a)ovirt.org, "Shireesh Anjal" <sanjal(a)redhat.com&gt;, > "Mike Burns" <mburns(a)redhat.com&gt; > Sent: Monday, September 3, 2012 11:57:57 PM > Subject: Re: [Engine-devel] Gluster IPTable configuration <snip> > Right now we just overwrite the existing iptables configuration > with > our own, so if a user already added a rule to their host - eg. for > a > monitoring agent the we stomp over it. > Adding our rules as a custom chain means that we don't need to Here I lost you... :) I thought ovirt-engine is the master and ovirt-hypervisor is a slave. This derives that all management activities of slave is done by master...

There should be no setting at slave that master is not aware of. This also enables you to duplicate hipervisor, recover configuration or push mass configuration change.

In your above case, this rule for monitoring agent may be added at master repository and pushed to slaves belongs to specific group, just like the gluster case.

The template mechanism is what enable you to create a custom configuration per environment.

Using push and not re-integrate derives much simpler and deterministic implementation. But maybe I did not understand some of the fundamental concepts of the architecture. Regards, Alon.