I'm running oVirt + Gluster in HCI config and had similar questions as you when 
building it out.

>- single point of failure in this router (not really - just in case oVirt is 
>badly broken and I need to access internal vlans to recover it)

There is no SPOF if you're doing 3x HCI nodes.  I regularly put 1 of my 3 Nodes 
into Maintenance or shutdown Gluster and have had no SPOFs.  Are you only doing 
a single Node?  If so, the point of failure is ... that 1 node :)

>* have this router as virtual appliance inside oVirt (something like pfSense 
>for example)

I'm running pfSense in hardware still (a Netgate ARM device).  There's plenty 
of opinions on Reddit, StackOverflow, etc. about running any router in VM.  
There's several steps you'd need to take when I looked into it, and if you 
setup pfSense's interfaces as virtio / vhost I'd imagine you'd bump into 
limitations b/c those para devices weren't intended to do things like hardware 
offload, advanced routing, etc.; so you may have to setup PCI passthru / SR-IOV 
to get all of pfSense's routing capabilities.  So I'm keeping pfSense in 
hardware ... though I've thought of creating a backup pfSense instance in VM 
encase of hardware disaster to keep my Internet up in "limp mode" ... but 
creating a cellular Hotspot is my current backup plan :)

> Install all hosts and HE with public addresses 

Why?  The HE is a manager to the cluster and sits on the management network 
(ovirtmgmt), so giving it public IPs would be adding a security risk to the 
setup.  I keep my HE accessible only via local VLAN and that's how most folks 
lock it down.  Are you thinking the HE or HCI includes a load balancer?  
Eitherway, oVirt doesn't, but putting a load balancer in front of VM's and 
giving it your public IP would make more sense for exposing things to the 
Internet ... but I'm assuming too much and don't know what your cluster will be 
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
List Archives: 

Reply via email to