On Fri, Sep 13, 2013 at 09:08:10AM -0400, Simo Sorce wrote:
> > The natural request is to add support for DNS views/split horizon DNS into
> > FreeIPA, so different names and IP addresses can be served to clients
> > inside
> > and outside of the cloud.
> > Is it enough? What else should we change to make FreeIPA reliable in clouds?
> I do not understand what's the use of views in this case.
> Views are used when you want to assign different IP addresses to the
> same name depending on where the query comes from.
Which can well be useful in cloud -- you might want to access the
other machine of your setup using its internal IP address because it's
cheaper than going through the external interface.
> But here we have different names pointing to different addresses and the
> machine actually know nothing about the external name/IP.
Well, the fact that a name does or does not exist is also a use-case
for views. There probably is little point presenting the internal
names to the external world.
> From the FreeIPA pov, if you use it for infrastructure you should just
> care about internal names.
Isn't it quite the oposite in cloud? The individual machines are
disposable often and all that matters is that there is a machine which
is able to provide a service, on some well-known stable public host
name. Which physical VM serves that service can change rapidly. A one
VM providing the service can change to five with some HA proxy in
front of them.
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
Freeipa-devel mailing list