[ovirt-users] Re: Quick question regarding FQDN
On Tue, Nov 12, 2019 at 9:45 AM Dominik Holler wrote: > > > > On Mon, Nov 11, 2019 at 12:34 PM Christian Reiss > wrote: >> >> Hey folks, >> >> for production use quality it is recommended to have backend (storage) >> and front end seperated. Let' assume: >> >> - 85.0.0.0/24 public IP block >> - 10.100.0.0/24 private IPs for DC internal usage >> - 10.200.0.0/24 private IPs for storage only LAN >> >> and running, as per recommendation 3 nodes: >> >> - node01: >> - fqdn: node01.dc-example.com >> - fqdn storage: node02.storage.example.com >> - no public IP >> - 10.100.0.1 primary IP >> - 10.200.0.1 storage IP >> >> - node02: >> - fqdn: node02.dc-example.com >> - fqdn storage: node02.storage.example.com >> - no public IP >> - 10.100.0.2 primary IP >> - 10.200.0.2 storage IP >> >> - node03: >> - fqdn: node03.dc-example.com >> - fqdn storage: node02.storage.example.com >> - no public IP >> - 10.100.0.3 primary IP >> - 10.200.0.3 storage IP >> >> The storage network is its own physical network with 10gig that only >> connects those three servers. How can I specify which IP to use for >> storage, which for frontend traffic? >> >> I am assuming this as the controller and all admins should be able to >> reach the nodes via frontend, which is not the storage one. >> >> Okay, I am lost. Whats the real solution here? >> Or is "frontend" no-ip, just VM traffic and "backend" is the 10gig >> storage "Only" where all the FQDN reside? >> > > I am unsure about the meaning of "frontend" and "backend" in this context. > In oVirt there is the concept of network roles, please find details in > https://www.ovirt.org/documentation/admin-guide/chap-Logical_Networks.html#explanation-of-settings-in-the-manage-networks-window > > I recommend to configure only a single interface each host with > 10.100.0.0/24 private IPs for DC internal usage > before adding the host to oVirt, and keep this as management network. > If hosted engine is used, the network connection for storage has to be > configured already on the first host, > before the hosted engine deployment is started. > After the hosts are added to oVirt, I recommend to create a logical network > without VM usage in oVirt, > attach this network to the 10gig NIC on each host, and configure an IP > address from > 10.200.0.0/24 private IPs for storage only LAN > If you storage is gluster, the related network role should be assigned to > this logical network. > > The Engine's VM (or the Engine host, if not using hosted Engine) should have > a network interface on > 85.0.0.0/24 public IP block > > If you want to enable users from outside > 10.100.0.0/24 private IPs for DC internal usage > to access spice or VNC consoles of the VMs, each host requires to be attached > to a new logical > network with the role "Display" and an IP address from > 85.0.0.0/24 public IP block > > Does this answer your question? Just a short addition: You should create DNS records (A+PTR, perhaps as applicable) for each IP address separately, and use these names everywhere. E.g.: >> - node01: >> - fqdn: node01.dc-example.com >> - fqdn storage: node02.storage.example.com This name ^^^, >> - no public IP >> - 10.100.0.1 primary IP >> - 10.200.0.1 storage IP Should point at this address ^^^, and used wherever you should provide the name to access the storage interface of this host (e.g. in gluster conf and elsewhere). This way, if one day you need to change your IP addresses for any reason, you just need to update the DNS, and all the rest should be automatically updated. In practice I never played with gluster, no idea if indeed it's automatic (and might require a restart) or it's more involved. Best regards, > > > >> >> Thanks for clarification, >> -Chris. >> >> -- >> Christian Reiss - em...@christian-reiss.de /"\ ASCII Ribbon >> supp...@alpha-labs.net \ /Campaign >> X against HTML >> WEB alpha-labs.net / \ in eMails >> >> GPG Retrieval https://gpg.christian-reiss.de >> GPG ID ABCD43C5, 0x44E29126ABCD43C5 >> GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5 >> >> "It's better to reign in hell than to serve in heaven.", >>John Milton, Paradise lost. >> ___ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/EGET3LTPKJNOURRBURS65MT76LMT6DK5/ > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to
[ovirt-users] Re: Quick question regarding FQDN
On Mon, Nov 11, 2019 at 12:34 PM Christian Reiss wrote: > Hey folks, > > for production use quality it is recommended to have backend (storage) > and front end seperated. Let' assume: > > - 85.0.0.0/24 public IP block > - 10.100.0.0/24 private IPs for DC internal usage > - 10.200.0.0/24 private IPs for storage only LAN > > and running, as per recommendation 3 nodes: > > - node01: > - fqdn: node01.dc-example.com > - fqdn storage: node02.storage.example.com > - no public IP > - 10.100.0.1 primary IP > - 10.200.0.1 storage IP > > - node02: > - fqdn: node02.dc-example.com > - fqdn storage: node02.storage.example.com > - no public IP > - 10.100.0.2 primary IP > - 10.200.0.2 storage IP > > - node03: > - fqdn: node03.dc-example.com > - fqdn storage: node02.storage.example.com > - no public IP > - 10.100.0.3 primary IP > - 10.200.0.3 storage IP > > The storage network is its own physical network with 10gig that only > connects those three servers. How can I specify which IP to use for > storage, which for frontend traffic? > > I am assuming this as the controller and all admins should be able to > reach the nodes via frontend, which is not the storage one. > > Okay, I am lost. Whats the real solution here? > Or is "frontend" no-ip, just VM traffic and "backend" is the 10gig > storage "Only" where all the FQDN reside? > > I am unsure about the meaning of "frontend" and "backend" in this context. In oVirt there is the concept of network roles, please find details in https://www.ovirt.org/documentation/admin-guide/chap-Logical_Networks.html#explanation-of-settings-in-the-manage-networks-window I recommend to configure only a single interface each host with 10.100.0.0/24 private IPs for DC internal usage before adding the host to oVirt, and keep this as management network. If hosted engine is used, the network connection for storage has to be configured already on the first host, before the hosted engine deployment is started. After the hosts are added to oVirt, I recommend to create a logical network without VM usage in oVirt, attach this network to the 10gig NIC on each host, and configure an IP address from 10.200.0.0/24 private IPs for storage only LAN If you storage is gluster, the related network role should be assigned to this logical network. The Engine's VM (or the Engine host, if not using hosted Engine) should have a network interface on 85.0.0.0/24 public IP block If you want to enable users from outside 10.100.0.0/24 private IPs for DC internal usage to access spice or VNC consoles of the VMs, each host requires to be attached to a new logical network with the role "Display" and an IP address from 85.0.0.0/24 public IP block Does this answer your question? > Thanks for clarification, > -Chris. > > -- > Christian Reiss - em...@christian-reiss.de /"\ ASCII Ribbon > supp...@alpha-labs.net \ /Campaign > X against HTML > WEB alpha-labs.net / \ in eMails > > GPG Retrieval https://gpg.christian-reiss.de > GPG ID ABCD43C5, 0x44E29126ABCD43C5 > GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5 > > "It's better to reign in hell than to serve in heaven.", >John Milton, Paradise lost. > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/EGET3LTPKJNOURRBURS65MT76LMT6DK5/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FD3BGFSA2ZVSFHIFQ67SEJN2PBRUILX6/
[ovirt-users] Re: Quick question regarding FQDN
Hello Christian, That recommendation is for the hyper-converged installation as the nodes are also the storage servers so you would choose the storage addresses when setting up the gluster network. The other thing is you may have to setup a display network proxy if your clients can't reach nodes. Regards, Paul S. From: Christian Reiss Sent: 11 November 2019 11:31 To: users Subject: [ovirt-users] Quick question regarding FQDN Hey folks, for production use quality it is recommended to have backend (storage) and front end seperated. Let' assume: - 85.0.0.0/24 public IP block - 10.100.0.0/24 private IPs for DC internal usage - 10.200.0.0/24 private IPs for storage only LAN and running, as per recommendation 3 nodes: - node01: - fqdn: node01.dc-example.com - fqdn storage: node02.storage.example.com - no public IP - 10.100.0.1 primary IP - 10.200.0.1 storage IP - node02: - fqdn: node02.dc-example.com - fqdn storage: node02.storage.example.com - no public IP - 10.100.0.2 primary IP - 10.200.0.2 storage IP - node03: - fqdn: node03.dc-example.com - fqdn storage: node02.storage.example.com - no public IP - 10.100.0.3 primary IP - 10.200.0.3 storage IP The storage network is its own physical network with 10gig that only connects those three servers. How can I specify which IP to use for storage, which for frontend traffic? I am assuming this as the controller and all admins should be able to reach the nodes via frontend, which is not the storage one. Okay, I am lost. Whats the real solution here? Or is "frontend" no-ip, just VM traffic and "backend" is the 10gig storage "Only" where all the FQDN reside? Thanks for clarification, -Chris. -- Christian Reiss - em...@christian-reiss.de /"\ ASCII Ribbon supp...@alpha-labs.net \ /Campaign X against HTML WEB alpha-labs.net / \ in eMails GPG Retrieval https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgpg.christian-reiss.dedata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C10740de9320c48fbdc1f08d7669b31e3%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637090689055392493sdata=01npgnFxYPrXvTPpM6EqHiWTlxrBYHAO7E4m4CYVg8c%3Dreserved=0 GPG ID ABCD43C5, 0x44E29126ABCD43C5 GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5 "It's better to reign in hell than to serve in heaven.", John Milton, Paradise lost. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fsite%2Fprivacy-policy%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C10740de9320c48fbdc1f08d7669b31e3%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637090689055402486sdata=iZ7TOgwp94a7ehjBiPFthu7RLfyei%2BPXWf2%2BIKulgE8%3Dreserved=0 oVirt Code of Conduct: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C10740de9320c48fbdc1f08d7669b31e3%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637090689055402486sdata=B2zYZkSFsTEoGIMyvbS%2FsWGBkpgl0NeCpkWg9u7rHYI%3Dreserved=0 List Archives: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FEGET3LTPKJNOURRBURS65MT76LMT6DK5%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C10740de9320c48fbdc1f08d7669b31e3%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637090689055402486sdata=K4HNHfG1xXAN%2FCtNX2DlHyrQ4OWhIXOigdz6fFBm1Ws%3Dreserved=0 To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3AJ764K5IJLW4TB5WV75ZIDY4P3QU5QZ/