6:10 p.m.
--=-BN+oi6eyuvbQD58VIEvQ
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Le mercredi 17 septembre 2014 =C3=A0 15:37 -0400, R P Herrold a =C3=A9crit =
:
On Wed, 17 Sep 2014, Michael Scherer wrote:
=20
> As I said in the past, the plan wouldn't work. To have 2 gears
> communicate, we need to have them setup in a specific way, not just 2
> gears in the same account. If one is moved to another node, we need to
> have a specific triggers on the webserver gear to trigger a potential
> configuration change.=20
=20
Why not just point the two through a pair of keyed access=20
openvpn links, each to a fixed (and routing) central hub?
=20
MySQL will communicate just fine across a network fabric
=20
hub
10.0.0.1 10.0.1.1
/ \
/ \
10.0.0.2 10.0.1.2
gear A gear B
(the wiki) (the MySQL server)
=20
The hub just routes 10.0.1 and 10.0.0 back and forth
=20
Nothing changes, save re-establishment of an openvpn link when=20
a 'spoke' moves
I would slightly be against the idea because :
1) we do not root access in the gears
2) the firewall will likely not be open for that from the gear to
external world
3) one of the main selling point of using openshift online was that we
do not have to manage the platform aspect. Adding openvpn to bypass the
platform is kinda managing a different platform than what we have, and
kinda negate the main advantage of using openshift.=20
4) we would have to manage the hub ( so need to manage 1 more server ),
so we could as well manage mysql and the wiki on the server and that's
it ?
If we must stretch the platform to its limit to make it do what we want,
I think we should accept that what we want is not what we have.=20
Again, i think openshift is a fine product when you use it with software
made for the platform ( ie, aware of the scaling requirement, aware of
the variable for integration, stateless if possible ).=20
But currently, it is:
- not integrated with puppet ( so we have 2 identity store )
- not integrated with icinga ( so it has its own monitoring )
- no backups made by ovirt infra ( but made by openshift ops )
- various space issue ( with a quite complex solution )
We can surely solve each of this with enough hack. I can surely run
puppet inside the gear if I want, running a nagios agent if we want,
make a clever backup script and solve the space issue by reinstalling
everything.=20
But if we go the pain of reinstallation and update, a more standard
setup would be cleaner and easier in the future, by using straight
tarball from upstream, by using standard system to cache the data, etc,
etc.
--=20
Michael Scherer
Open Source and Standards, Sysadmin
--=-BN+oi6eyuvbQD58VIEvQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJUGhTXAAoJEE89Wa+PrSK9GioP/iZAhmCK0rqWUrWOnsxKszNi
ZZF7NCiJD04+ZKmRA4J6u8Ef57d5OCTzJ/srIVlKfMCDWBzaMUG1/8RAEvSBqb3q
Zwu8yWWRyviNOrwpLBbqgKKSc8Lyo+94WsYzNsICKiXat6a6OfYS3u2TzU68vmiS
l+K231zNgvmBys/btUoN9FVJw1tbmLIOR84mqsTBSVo7ry/Mmfb0J4OBpTUm9irl
t0/A54n/DxEhOlrUPOBmDjbIqTDEuu58Mz9iGBuRuevdyxPNLvqhdRTxcmH2hR3V
q5PXqQ1Y+HxVK9hT8tlso1zYIxpnak81bPIr9zXu5SpKAE2ja7gz08i3zyuZUwtR
MEVVnLcFFeqXwoqHNuUqEFbcpvFxNKkuePbzgf6cxYew34dCiXUCAJnmonSvc8ef
lciHRRPtjoiMUVppifFXSGVUTSahnWzodbtMTyv11qIF59JjJYADChPEaet/oZ4j
k5ppIzMteyE0unCkv9SquPl4Y1PXrkCWNoMcXpCivxEJwaHYeTq3nP1uLFvn6Yxt
iaKm1bS68nR7RvQaGQ+4MUCwZlkRtCYtH6sW4SXs4Vjr7oAEe5sW0TxbI9ZNjie1
Oa13jAkbP0OsGARqxMn3LsJdUAmnIFwVfqd95m0GusSfCijqUrqJ+ptHTD7icCFh
hFjUvZO4U+iyXL28YztB
=VyIB
-----END PGP SIGNATURE-----
--=-BN+oi6eyuvbQD58VIEvQ--