[Engine-devel] [node-devel] Support for stateless nodes
David Jaša
djasa at redhat.com
Thu Feb 23 11:56:59 UTC 2012
Perry Myers píše v St 22. 02. 2012 v 11:54 -0500:
> >> As answered in the other response, there are kernel command line
> >> parameters to set the management_server. Since this will likely be in a
> >> pxe environment, setting the pxe profile to include
> >> management_server=<engine_url> should be fine.
> >>
> > I agree it's a valid solution as long as you assume this is relevant
> > for PXE only use case.
>
> Not necessarily...
>
> Take the ISO/USB Stick and you can embed the kargs into the ISO/USB
> itself so that it always boots with that mgmt server arg
>
> This actually also enables use of 'stateless' combined with static IP
> addressing as well. As you can create a USB Stick and embed the kargs
> for the NIC configuration, rsyslog config, etc, etc.
>
> >> Another solution could be to setup a specific DNS SRV record that points
> >> to the ovirt-engine and have node automatically query that for the
> >> location.
> > This was discussed in the past and for some reason not implemented.
>
> Concerns about security, iirc. Assumption that someone could hijack the
> DNS SRV record and provide a man-in-the-middle oVirt Engine server.
>
What about DNSSEC validation for DNS records in node?
David
> If you're paranoid about security, don't use DNS SRV of course, instead
> use hardcoded kargs as described above. But for some DNS SRV might be
> an ok option
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
More information about the Engine-devel
mailing list