6:29 a.m.
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF
Content-Type: multipart/mixed; boundary="ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm";
protected-headers="v1"
From: ~Stack~ <i.am.stack(a)gmail.com>
To: Luca 'remix_tj' Lorenzetto <lorenzetto.luca(a)gmail.com>
Cc: users <users(a)ovirt.org>
Message-ID: <47cc33fa-b80b-9cc8-a2c0-1ed6b1a73af1(a)gmail.com>
Subject: Re: [ovirt-users] Proper Network Configuration
References: <731fe359-8d20-949c-f0fa-50220389cbaf(a)gmail.com>
<CAKuX69rCK_wqQ1k1F4_wKAbh5tPfr4vok1EPuRpo4WY80+7juw(a)mail.gmail.com>
In-Reply-To: <CAKuX69rCK_wqQ1k1F4_wKAbh5tPfr4vok1EPuRpo4WY80+7juw(a)mail.gmail.com>
--ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 10/03/2017 03:08 AM, Luca 'remix_tj' Lorenzetto wrote:
On Mon, Oct 2, 2017 at 11:49 PM, ~Stack~ <i.am.stack(a)gmail.com>
wrote:
> Greetings,
>
> For various reasons I have multiple networks that I am required to wor=
k
> with. I just want to ensure that I've understood the
documentation for=
> setting up Ovirt correctly.
>
> - First is my BMC/ilo network. The security team wants as few entry
> points into this as possible and wants as much segregation as possible=
=2E
>
> - Second is my "management" access network. For my other machines on
> this network this means admin-SSH/rsyslog/SaltStack configuration
> management/ect.
>
> - Third is my high speed network where my NFS storage sits and
> applications that need the bandwidth do their thing.
>
> - Fourth is my "public" access.
>
> My Engine host has the "management" and "public" networks.
> My Hypervisor hosts have the "BMC/ilo", "management", and
"storage"
> networks.
>
> Is there a reason why I should add "public" on the hypervisors?
=20
=20
No, you should only plug the network to oVirt but not configure any ip
on the hypervisors.
=20
>
> Is there a reason why I may need "BMC/ilo" or "storage" on the
Engine =
host?
=20
No, you don't need. I've only management on engine host. The
hypervisors, instead have an ip on management and storage network, and
no ip on the other networks. For bmc traffic we use routed access
through a firewall that is dividing bmc network from the rest of the
world.
=20
Luca
Thanks for the information, Luca!
I appreciate it.
--ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm--
--GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZ03SxAAoJELkej+ysXJPmXPwP+gLcK/WkNmHq7WRnK5Fe1jez
p8/DtJwkcSEKDnu0AwMlDYVafXwEnT+fHxYlA3it8DcrC+uOC6cUQqBhPAzZ/3Ql
q24G1zN+qkSMhic4F1SpPh8tdrCVUtdC84khy1XEsTswfsQBMbOSXny1cyHVvL3D
CAkvoKg1oOSYJ23udNBDoFLK1MEnwU0ha+z4LNMv0B+C6Z9KHIiipqAsE+6ilx+k
9/DF63mp8SvRYSG6vohh1byKT0v+taiqKxwmSSuuQp6bt2Z0hhqOTbDb+/0VHMjQ
6fzjWvDCn5YMphYNGL+yvl2EyE93tN19WFgy0sP48ewBYSddqxDiH8t1gXZBZ0UV
xlsQmllCGzVrWeaQLFE6qBlXnC4iQhcl6kdul7Qmm0ZGYMl12leQ4fgXaqIURbWe
G9902kwW/9zr7AMDdegDb6GX1J/9H8wdO58dZZgRsoTUlkwdhbhP5I/BHNqjFmc5
4+LMqwMQhH6WkErkhFubGfqi3HNxlDor2tPllNuKkhj6h33CNTz6LCeAHvHbX6TH
0IG7+ibbvEIxKFiXW7IRuwTcSmgQnCoctKcuwEbECWDEXjvUbaUTwqOCRsgJ63iv
hLUktYyKj+/ppMrXMJ7LvL5KukxOxl18ZpgKr9UH1T0s9cGkUYxT6ttQfd5i5WOB
fTe1KFsVKHlO4VfYrl5/
=GPOJ
-----END PGP SIGNATURE-----
--GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF--