Proper Network Configuration
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wEg6kdsJlbpnhkD0mpdWdqOEdlJP6oNc1 Content-Type: multipart/mixed; boundary="HkTRrIMlc5sthQGPoqAwgFo6PqOrG1D7i"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users <users@ovirt.org> Message-ID: <731fe359-8d20-949c-f0fa-50220389cbaf@gmail.com> Subject: Proper Network Configuration --HkTRrIMlc5sthQGPoqAwgFo6PqOrG1D7i Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings, For various reasons I have multiple networks that I am required to work with. I just want to ensure that I've understood the documentation for setting up Ovirt correctly. - First is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible. - Second is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect. - Third is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing. - Fourth is my "public" access. My Engine host has the "management" and "public" networks. My Hypervisor hosts have the "BMC/ilo", "management", and "storage" networks. Is there a reason why I should add "public" on the hypervisors? Is there a reason why I may need "BMC/ilo" or "storage" on the Engine hos= t? Thanks! ~Stack~ --HkTRrIMlc5sthQGPoqAwgFo6PqOrG1D7i-- --wEg6kdsJlbpnhkD0mpdWdqOEdlJP6oNc1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ0rRVAAoJELkej+ysXJPm6PYP/3egWmQRTAWJvpGnEMuJtPcE IWxTyNhlWpF4nO+Euihj2f9zCtkgQJ1zt1chhfvgGnNcfX2PplqJDXPJ7oOeVEnS v3sddpgjNXMLHUvz2txsSqGfsQjCQiBQRBmcm3WY7MFH7y4ZZkyzJulA/E257Ogw BUHSefvpvi6DophHoGjyq4dNf4+1fHCorFRqruCK3mDvOAdXc3aCsUWIlELZIkDh zPw+++FFvGlTWtMJHoiTTTmjkQkLYjdBHHy7C1FJwj/DHWnZRHBl4+BXoxTk40GY 1zH9iXALuuBf/edNT7cFS0ScE3n1XCWrHBPcpLWR/mPWFW5Da5WyPPF0glnI1nN0 Qdwl8yreWz/oo8HS8beCYxSvqOro7yqzvdN5yjvQlxgYr9k/cJW81CMqnqMs+uMT iECxWQ5s1ICeBghF2sFvpVnED3yRlqOdxLr/gmBMgGi6fb+x1D6grnT8Hb4o+wDd mUOlx9wvDILtJUaJh/h9FNibrO/oFmxVQtJqsLACxZGcv9x0bz/wNGlswy+MPv8R O38ys9rvq7XQEpEtw/P4uLw2zb03Pnah6UFMredZpY2LdK4KyLNc5bwfoaafCjxW 2mj0WQMx9lAtLquznZaSkd1wouhjmmtBlhlACgTH/019TBzf7oy0pFJcHbXIoxac Je8z0wc4tveMHCK5oVpO =B3Ot -----END PGP SIGNATURE----- --wEg6kdsJlbpnhkD0mpdWdqOEdlJP6oNc1--
On Mon, Oct 2, 2017 at 11:49 PM, ~Stack~ <i.am.stack@gmail.com> wrote:
Greetings,
For various reasons I have multiple networks that I am required to work with. I just want to ensure that I've understood the documentation for setting up Ovirt correctly.
- First is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible.
- Second is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect.
- Third is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing.
- Fourth is my "public" access.
My Engine host has the "management" and "public" networks. My Hypervisor hosts have the "BMC/ilo", "management", and "storage" networks.
Is there a reason why I should add "public" on the hypervisors?
No, you should only plug the network to oVirt but not configure any ip on the hypervisors.
Is there a reason why I may need "BMC/ilo" or "storage" on the Engine host?
No, you don't need. I've only management on engine host. The hypervisors, instead have an ip on management and storage network, and no ip on the other networks. For bmc traffic we use routed access through a firewall that is dividing bmc network from the rest of the world. Luca -- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) "Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente) Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca@gmail.com>
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF Content-Type: multipart/mixed; boundary="ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Luca 'remix_tj' Lorenzetto <lorenzetto.luca@gmail.com> Cc: users <users@ovirt.org> Message-ID: <47cc33fa-b80b-9cc8-a2c0-1ed6b1a73af1@gmail.com> Subject: Re: [ovirt-users] Proper Network Configuration References: <731fe359-8d20-949c-f0fa-50220389cbaf@gmail.com> <CAKuX69rCK_wqQ1k1F4_wKAbh5tPfr4vok1EPuRpo4WY80+7juw@mail.gmail.com> In-Reply-To: <CAKuX69rCK_wqQ1k1F4_wKAbh5tPfr4vok1EPuRpo4WY80+7juw@mail.gmail.com> --ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/03/2017 03:08 AM, Luca 'remix_tj' Lorenzetto wrote:
On Mon, Oct 2, 2017 at 11:49 PM, ~Stack~ <i.am.stack@gmail.com> wrote:
Greetings,
For various reasons I have multiple networks that I am required to wor= k with. I just want to ensure that I've understood the documentation for=
setting up Ovirt correctly.
- First is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible= =2E
- Second is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect.
- Third is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing.
- Fourth is my "public" access.
My Engine host has the "management" and "public" networks. My Hypervisor hosts have the "BMC/ilo", "management", and "storage" networks.
Is there a reason why I should add "public" on the hypervisors? =20 =20 No, you should only plug the network to oVirt but not configure any ip on the hypervisors. =20
Is there a reason why I may need "BMC/ilo" or "storage" on the Engine = host? =20 No, you don't need. I've only management on engine host. The hypervisors, instead have an ip on management and storage network, and no ip on the other networks. For bmc traffic we use routed access through a firewall that is dividing bmc network from the rest of the world. =20 Luca
Thanks for the information, Luca! I appreciate it. --ig7Kju1BOe0qA26oxlvTaHdp9Eb5rDefm-- --GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ03SxAAoJELkej+ysXJPmXPwP+gLcK/WkNmHq7WRnK5Fe1jez p8/DtJwkcSEKDnu0AwMlDYVafXwEnT+fHxYlA3it8DcrC+uOC6cUQqBhPAzZ/3Ql q24G1zN+qkSMhic4F1SpPh8tdrCVUtdC84khy1XEsTswfsQBMbOSXny1cyHVvL3D CAkvoKg1oOSYJ23udNBDoFLK1MEnwU0ha+z4LNMv0B+C6Z9KHIiipqAsE+6ilx+k 9/DF63mp8SvRYSG6vohh1byKT0v+taiqKxwmSSuuQp6bt2Z0hhqOTbDb+/0VHMjQ 6fzjWvDCn5YMphYNGL+yvl2EyE93tN19WFgy0sP48ewBYSddqxDiH8t1gXZBZ0UV xlsQmllCGzVrWeaQLFE6qBlXnC4iQhcl6kdul7Qmm0ZGYMl12leQ4fgXaqIURbWe G9902kwW/9zr7AMDdegDb6GX1J/9H8wdO58dZZgRsoTUlkwdhbhP5I/BHNqjFmc5 4+LMqwMQhH6WkErkhFubGfqi3HNxlDor2tPllNuKkhj6h33CNTz6LCeAHvHbX6TH 0IG7+ibbvEIxKFiXW7IRuwTcSmgQnCoctKcuwEbECWDEXjvUbaUTwqOCRsgJ63iv hLUktYyKj+/ppMrXMJ7LvL5KukxOxl18ZpgKr9UH1T0s9cGkUYxT6ttQfd5i5WOB fTe1KFsVKHlO4VfYrl5/ =GPOJ -----END PGP SIGNATURE----- --GwP3sSPcaVpxoMNLa6aLF6j2vNqEo6DoF--
participants (2)
-
Luca 'remix_tj' Lorenzetto -
~Stack~