On Fri, Sep 13, 2013 at 09:08:10AM -0400, Simo Sorce wrote: > > > > The natural request is to add support for DNS views/split horizon DNS into > > FreeIPA, so different names and IP addresses can be served to clients > > inside > > and outside of the cloud. > > > > Is it enough? What else should we change to make FreeIPA reliable in clouds? > > I do not understand what's the use of views in this case. > > Views are used when you want to assign different IP addresses to the > same name depending on where the query comes from.
Which can well be useful in cloud -- you might want to access the other machine of your setup using its internal IP address because it's cheaper than going through the external interface. > But here we have different names pointing to different addresses and the > machine actually know nothing about the external name/IP. Well, the fact that a name does or does not exist is also a use-case for views. There probably is little point presenting the internal names to the external world. > From the FreeIPA pov, if you use it for infrastructure you should just > care about internal names. Isn't it quite the oposite in cloud? The individual machines are disposable often and all that matters is that there is a machine which is able to provide a service, on some well-known stable public host name. Which physical VM serves that service can change rapidly. A one VM providing the service can change to five with some HA proxy in front of them. -- Jan Pazdziora | adelton at #ipa*, #brno Principal Software Engineer, Identity Management Engineering, Red Hat _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel