This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF Content-Type: multipart/mixed; boundary="ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Luca 'remix_tj' Lorenzetto <lorenzetto.luca@gmail.com> Cc: users <users@ovirt.org> Message-ID: <47cc33fa-b80b-9cc8-a2c0-1ed6b1a73af1@gmail.com> Subject: Re: [ovirt-users] Proper Network Configuration References: <731fe359-8d20-949c-f0fa-50220389cbaf@gmail.com> <CAKuX69rCK_wqQ1k1F4_wKAbh5tPfr4vok1EPuRpo4WY80+7juw@mail.gmail.com> In-Reply-To: <CAKuX69rCK_wqQ1k1F4_wKAbh5tPfr4vok1EPuRpo4WY80+7juw@mail.gmail.com> --ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/03/2017 03:08 AM, Luca 'remix_tj' Lorenzetto wrote:
On Mon, Oct 2, 2017 at 11:49 PM, ~Stack~ <i.am.stack@gmail.com> wrote:
Greetings,
For various reasons I have multiple networks that I am required to wor= k with. I just want to ensure that I've understood the documentation for=
setting up Ovirt correctly.
- First is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible= =2E
- Second is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect.
- Third is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing.
- Fourth is my "public" access.
My Engine host has the "management" and "public" networks. My Hypervisor hosts have the "BMC/ilo", "management", and "storage" networks.
Is there a reason why I should add "public" on the hypervisors? =20 =20 No, you should only plug the network to oVirt but not configure any ip on the hypervisors. =20
Is there a reason why I may need "BMC/ilo" or "storage" on the Engine = host? =20 No, you don't need. I've only management on engine host. The hypervisors, instead have an ip on management and storage network, and no ip on the other networks. For bmc traffic we use routed access through a firewall that is dividing bmc network from the rest of the world. =20 Luca
Thanks for the information, Luca! I appreciate it. --ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm-- --GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ03SxAAoJELkej+ysXJPmXPwP+gLcK/WkNmHq7WRnK5Fe1jez p8/DtJwkcSEKDnu0AwMlDYVafXwEnT+fHxYlA3it8DcrC+uOC6cUQqBhPAzZ/3Ql q24G1zN+qkSMhic4F1SpPh8tdrCVUtdC84khy1XEsTswfsQBMbOSXny1cyHVvL3D CAkvoKg1oOSYJ23udNBDoFLK1MEnwU0ha+z4LNMv0B+C6Z9KHIiipqAsE+6ilx+k 9/DF63mp8SvRYSG6vohh1byKT0v+taiqKxwmSSuuQp6bt2Z0hhqOTbDb+/0VHMjQ 6fzjWvDCn5YMphYNGL+yvl2EyE93tN19WFgy0sP48ewBYSddqxDiH8t1gXZBZ0UV xlsQmllCGzVrWeaQLFE6qBlXnC4iQhcl6kdul7Qmm0ZGYMl12leQ4fgXaqIURbWe G9902kwW/9zr7AMDdegDb6GX1J/9H8wdO58dZZgRsoTUlkwdhbhP5I/BHNqjFmc5 4+LMqwMQhH6WkErkhFubGfqi3HNxlDor2tPllNuKkhj6h33CNTz6LCeAHvHbX6TH 0IG7+ibbvEIxKFiXW7IRuwTcSmgQnCoctKcuwEbECWDEXjvUbaUTwqOCRsgJ63iv hLUktYyKj+/ppMrXMJ7LvL5KukxOxl18ZpgKr9UH1T0s9cGkUYxT6ttQfd5i5WOB fTe1KFsVKHlO4VfYrl5/ =GPOJ -----END PGP SIGNATURE----- --GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF--