[ovirt-users] dns vm and ovirt
Hi all, I'd need some piece of good practice about dealing a DNS server in or out of ovirt. Until now we never wanted to integrate the DNS vm into ovirt because of the strong dependency. if the DNS server fails for any reason, it becomes difficult ot join the webadmin (except with a static etc hosts) and the nodes may become unvailable if they had been configured with fqdn. We could consider a DNS failover setup, but in a self hosted engine setup (and more globally an hyperconverged setup) , it doesn't make sense of setting up a stand alone DNS vm outside of ovirt. So what about imitating engine vm status in a hosted engine setup? Is there a way to install the DNS vm outside of ovirt but on the ovirt host (and why not in a HA mode)? Second option could be installing the named service on the hosted engine vm? Any suggestion or return of experience would be much appreciated. -- Nathanaël Blanchet Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanc...@abes.fr ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] dns vm and ovirt
On 03/16/2018 07:58 AM, Nathanaël Blanchet wrote: Hi all, I'd need some piece of good practice about dealing a DNS server in or out of ovirt. Until now we never wanted to integrate the DNS vm into ovirt because of the strong dependency. if the DNS server fails for any reason, it becomes difficult ot join the webadmin (except with a static etc hosts) and the nodes may become unvailable if they had been configured with fqdn. We could consider a DNS failover setup, but in a self hosted engine setup (and more globally an hyperconverged setup) , it doesn't make sense of setting up a stand alone DNS vm outside of ovirt. So what about imitating engine vm status in a hosted engine setup? Is there a way to install the DNS vm outside of ovirt but on the ovirt host (and why not in a HA mode)? Second option could be installing the named service on the hosted engine vm? Any suggestion or return of experience would be much appreciated. You are wise to think of this as a dependency problem. When dealing with any "in band" vs. "out of band" type of scenario you want to properly address how things work "without" the dependency. So.. for example, you could maintain a static host table setup for your ovirt nodes. Thus, they could find each other without DNS. Also, those nodes might have an external DNS configured for lookups (something you don't own) just so things like updates can happen. There are risks to everything. Putting key (normally) out of band infrastructure into your oVirt, including the engine, always involves more risk. With that said, if you think about you key infrastructure being as a separate oVirt datacenter, it would have things like the "static host" maps and such. Some of the infrastructure VMs housed there could include the engine for the "general" datacenters (the ones not providing VMs for key infrastructure). This these "general" purpose datacenters would house the normal VMs and use potentially VMs out of the "infrastructure" datacenter. Does that make sense? It's not unlike how a lot of cloud providers operate. In fact, one well known provider used to house their core cloud infrastructure in VMware and use "cheaper" hypervisors for their cloud clients. Summary: static confs for infrastructure ovirt datacenter containing key core infrastructure VMs (including things like DNS, DHCP, Active Directory, and oVirt engines) used by general purpose ovirt datacenters. Obviously the infrastructure datacenter becomes very important, much like your base network and should be thought of as "first" priority, much like the network. And much like the network, depends on some kickstarter static configs. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] dns vm and ovirt
Thanks for precious advices! So it means that people who thought about hosted engine feature didn't get into your philosophy of running the engine into a second datacenter Le 16/03/2018 à 16:48, Christopher Cox a écrit : On 03/16/2018 07:58 AM, Nathanaël Blanchet wrote: Hi all, I'd need some piece of good practice about dealing a DNS server in or out of ovirt. Until now we never wanted to integrate the DNS vm into ovirt because of the strong dependency. if the DNS server fails for any reason, it becomes difficult ot join the webadmin (except with a static etc hosts) and the nodes may become unvailable if they had been configured with fqdn. We could consider a DNS failover setup, but in a self hosted engine setup (and more globally an hyperconverged setup) , it doesn't make sense of setting up a stand alone DNS vm outside of ovirt. So what about imitating engine vm status in a hosted engine setup? Is there a way to install the DNS vm outside of ovirt but on the ovirt host (and why not in a HA mode)? Second option could be installing the named service on the hosted engine vm? Any suggestion or return of experience would be much appreciated. You are wise to think of this as a dependency problem. When dealing with any "in band" vs. "out of band" type of scenario you want to properly address how things work "without" the dependency. So.. for example, you could maintain a static host table setup for your ovirt nodes. Thus, they could find each other without DNS. Also, those nodes might have an external DNS configured for lookups (something you don't own) just so things like updates can happen. There are risks to everything. Putting key (normally) out of band infrastructure into your oVirt, including the engine, always involves more risk. With that said, if you think about you key infrastructure being as a separate oVirt datacenter, it would have things like the "static host" maps and such. Some of the infrastructure VMs housed there could include the engine for the "general" datacenters (the ones not providing VMs for key infrastructure). This these "general" purpose datacenters would house the normal VMs and use potentially VMs out of the "infrastructure" datacenter. Does that make sense? It's not unlike how a lot of cloud providers operate. In fact, one well known provider used to house their core cloud infrastructure in VMware and use "cheaper" hypervisors for their cloud clients. Summary: static confs for infrastructure ovirt datacenter containing key core infrastructure VMs (including things like DNS, DHCP, Active Directory, and oVirt engines) used by general purpose ovirt datacenters. Obviously the infrastructure datacenter becomes very important, much like your base network and should be thought of as "first" priority, much like the network. And much like the network, depends on some kickstarter static configs. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Nathanaël Blanchet Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanc...@abes.fr ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] dns vm and ovirt
On 03/16/2018 12:28 PM, Nathanaël Blanchet wrote: Thanks for precious advices! So it means that people who thought about hosted engine feature didn't get into your philosophy of running the engine into a second datacenter Again, strictly a "risk" thing. Hosted engine is by definition a "chicken and egg" thing. It's great for learning and for lab... but if you're going to run production, I'd at least consider the latter option I presented. With that said, we run dedicated engines today, not hosted. Remember, ovirt nodes run even while the engine is down. So you can tolerate an engine outage for a time period, just can't have reliability in case of node failures, etc. So for us, most of the risk is in rebuilding a new engine if we have to... but certainly considered a "rare" case. Putting key infrastructure inside the very thing that needs the key infrastructure to run is just fraught with problems. Everything has costs and typically, the more robust/reliable your setup, the more it's going to cost. I just wanted to present an "in between" style setup that gives you more reliability, but perhaps not the "best", while keeping costs way down. To me, if you're running any datacenter cluster (for example), you need to have a minimum of 3 nodes. People might not like that, but it's my minimum for reliability and flexibility. So... if wanted to use VMs for core infrastructure, that's 3 nodes. That core infrastructure datacenter might have a hosted engine, but likely also has "static definitions". It's part of the "core", at least several parts of it are. But the idea is it could hold: DNS, DHCP, Active Directory/LDAP, files shares (even storage domains for other datacenters), etc. Obviously a "core" failure is a "core" failure and thus needs the same treatment as whatever you consider to be "core" today. (thus on total "outage" bring up, you bring up the core, which now includes this core infrastructure datacenter... your core "tests" are run to verify, and then the rest is brought up) Then each general production datacenter cluster would have 3 nodes with the engine(s) being a VM(s) off the infrastructure datacenter using core infrastructure off that infrastructure datacenter as well. Again, this is very much like most cloud service providers today. Again, just ideas, mainly thinking on the "cheap", though some might not think so (you'll just have to trust me, what I'm presenting here is incredibly cheap for the reliability and flexibility it provides). Just my opinion. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users