On Fri, Sep 13, 2013 at 09:08:10AM -0400, Simo Sorce wrote:
> > 
> > The natural request is to add support for DNS views/split horizon DNS into 
> > FreeIPA, so different names and IP addresses can be served to clients 
> > inside 
> > and outside of the cloud.
> > 
> > Is it enough? What else should we change to make FreeIPA reliable in clouds?
> I do not understand what's the use of views in this case.
> Views are used when you want to assign different IP addresses to the
> same name depending on where the query comes from.

Which can well be useful in cloud -- you might want to access the
other machine of your setup using its internal IP address because it's
cheaper than going through the external interface.

> But here we have different names pointing to different addresses and the
> machine actually know nothing about the external name/IP.

Well, the fact that a name does or does not exist is also a use-case
for views. There probably is little point presenting the internal
names to the external world.

> From the FreeIPA pov, if you use it for infrastructure you should just
> care about internal names.

Isn't it quite the oposite in cloud? The individual machines are
disposable often and all that matters is that there is a machine which
is able to provide a service, on some well-known stable public host
name. Which physical VM serves that service can change rapidly. A one
VM providing the service can change to five with some HA proxy in
front of them.

Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat

Freeipa-devel mailing list

Reply via email to