Dmitri, Andy and I talked through this some. Here is what we thought probably makes the most sense. Andy can correct anything I may have wrong.
* add a new table (I'll name it networkl2 - as in network layer 2) that will
define the available layer 2 networks
* remove the virtualswitch* fields from the vmprofile table
* add a field to the vmprofile table named privatenetworkid that points to an
entry in networkl2 and is the network to be used as the private network
* add another table named networkl2map that allows additional layer 2 networks
to be mapped to vmprofiles and to images
* add a field to the imagemeta table that is a bool which (when set to 1)
prevents layer 2 networks assigned to a vmprofile from being applied for that
image
schema for tables:
networkl2
id - unsigned smallint - id of entry
name - varchar(255) - name of network, will be used as vSwitch names
vlanid - unsigned smallint, NULL - id of VLAN for this network; set to NULL to
use primary VLAN
networkl2map
networkl2id - unsigned smallint - reference to networkl2.id
maptype - enum('vmprofile','image')
mapid - unsigned smallint - reference to vmprofile.id or image.id
vmprofile.privatenetworkid - unsigned smallint - reference to networkl2.id
imagemeta.skipvmprofilenetworks - unsigned tinyint(1), default 0
This method would make the image.project field unused for VM images.
There would need to be some UI changes to allow entries in networkl2map to be
managed, both from the Virtual Hosts->VM Host Profiles and the
Manage Images->Edit Image Profiles parts of the site.
To use this for the situation you've described, you would have 3 entries in
networkl2 - private, public, protected. In your vmprofile table, you would
have privatenetworkid set to the id of "private" for each vmprofile. You
would have an entry in networkl2map for each of your vmprofiles that maps
"public" to the profile. For a special image, you would have an entry in the
imagemeta table for it that would have imagemeta.skipvmprofilenetworks set to
1 (this would keep "public" from being assigned), and an entry in networkl2map
that assigns "protected" to it.
Does all of that make sense?
Josh
On Tuesday, May 21, 2013 3:10:06 PM Dmitri Chebotarov wrote:
> I've been using projects for a while now to add additional networks to
> reservations running on VMWARE. I'm working on adding the same
> functionality to KVM as well, with option to connect public access network
> (eth1) to a custom network.
> On May 21, 2013, at 10:53 , Aaron Peeler <[email protected]> wrote:
> > Yes this might make sense.
> >
> > Currently you can use the project field in the image profile to add in
> > an additional VLAN for vm's(only if it exists on the vmhost). The name
> > should match the name of the vlan. This provides a 3rd network
> > connection instead of either private/(protected or public).
> >
> > Aaron
> >
> > On Fri, May 17, 2013 at 2:49 PM, Dmitri Chebotarov <[email protected]>
wrote:
> >> Hi
> >>
> >> Currently VM host profile defines two networks - Private (VM Network 0,
> >> management) and Public (VM Network 1, user access). Both networks are
> >> mandatory and each VM will always have these two networks.
> >>
> >> Would it make sense to move Public Network (VM Network 1) definition from
> >> VM Host profile to Image profile? Each VM would still have VM Network 0
> >> (management), but in would be possible to place an Image into a
> >> different access network (private/protected).
> >>
> >>
> >> --
> >> Thank you,
> >>
> >> Dmitri Chebotarov
> >> VCL Sys Eng, Engineering & Architectural Support, TSD - Ent Servers &
> >> Messaging 223 Aquia Building, Ffx, MSN: 1B5
> >> Phone: (703) 993-6175 | Fax: (703) 993-3404
>
> --
> Thank you,
>
> Dmitri Chebotarov
> VCL Sys Eng, Engineering & Architectural Support, TSD - Ent Servers &
> Messaging 223 Aquia Building, Ffx, MSN: 1B5
> Phone: (703) 993-6175 | Fax: (703) 993-3404
--
-------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University
[email protected]
919-515-5323
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
signature.asc
Description: This is a digitally signed message part.
