>
> Well, there's nothing much beyond the hook's README
> http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/extnet/README;h=0778dbb3ef85c5ae179fb0f6c9ceeabc268abe89;hb=HEAD
> You should start by defining a libvirt network, and then mark a vNIC
> profile with a custom propery so that the network is used by vNICs.
>
> As a very first stage, you may define the libvirt network on top of your
> existing br0 bridge
> (http://libvirt.org/formatnetwork.html#examplesBridge) so oVirt can
> consume your networking setup.
>
Hmm do we really need a libvirt bridge or cant we go simply with a regular virtual brdige as i already use?
all i want is connect ovirts vlan nic to existing interfaces.
iam aware tat then many configs has to be done manually, but thats fine for now
> But who creates that VPN connection? Who supplies the credentials?
well this is manually, only once per host no desire for automation here, ive automated scripts for that but i usually use an offline pc as a signing device.
>
> How does this work, if they are both behind NAT?
Well they are not and they are, its a routed NAT combo :)
Lets say i have 2 server - we would have then 3 internal networks -
1 - VPN conncting and routing between physical hosts
2&3 - Each hosts internal bridge subnet which does routing
NAT comes in when we go outside - usually Portforward - which is handy to save IPs
So think of every Host not only as an Hypervisor but also as an Network Node
upside and reson for this is:
1, i can use one ext ip for several vms if they need different ports. atm i can save over 3/4 of ext ips.
2, also i do not need to manage the firewall on every vm only on the hosts
3, Additional Security by having all Daemons whatsoever only bound to internal Interfaces.
>
> You'd like to automate the creation of NAT rules? VPN creation?
well i would like to automate port based nat and firewallrules thats the dream. VPN as described i dont really but but hey who knows if someone else want it.
Actually i think (even im not gonna need it) would be a nice feature for many - specielly these days
only portforwarding/and or complete nat on the host would make live easier. however most importingly is that i get the thing running.
even it means manual config on each host
my issues with ovirt where simple that i couldn find a way to assign the needed interfaces. so if i simply manually specify whats going on it should be enough
btw i took a look at openqrm and they have alreaey adressed many of those needs like puppet, dhcp , dns and nat translation over ip pools and stuff. still my setup seems to strange for them either lol
i think (if understand the readme correctly its exactly whats extnet is doing) the best way would be simply allow to specify custom interface names.
that way we can build custom configs on our hosts how ever strange we want em
Since you have todo it only for each physical host its not THAT evil todo and you can write easy scripts todo that for you.
But what would be Handy in any case - no matter which setup or regular Ovirt setup and iam really missing is a Firewall config.
Perfect dream would be something Visual with objects like Firewall Builder (dev stopped sadly) , i think i saw something webbased in some opensource firewall distros too.
I mean we have to config FIrewalls for the Hosts in anycase - of course i know this would be a monster to implement fully
just dreaming :))