-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John,
I said user reachable addresses rather than public addresses because you could set up VCL to only be used internally, or you could require a VPN to access VCL, allowing internal addresses to be used on the VCL "public" network. For clarity, I'll just start using "public". The requirement that each node have a public address is something leftover from the initial creation of VCL at NCSU where we have quite a number of public addresses. We are aware that many people in the community would like to use NAT to reach the provisioned nodes, and we plan to have the NAT support contributed by a community member included in the next release of VCL (hopefully released somewhere around Feb. 2014). When someone makes a reservation in VCL, VCL provisions the node and then displays information to the user on how to connect to the node. So, for NAT to work, the code has to be modified to be aware of the NAT being done so that it can give the user the correct information about how to connect to the node. Connection is typically done using RDP for Windows reservations and either xRDP or ssh for Linux reservations. It is definitely fine to run the web frontend and the vcld backend code on the same VM. Many people are doing this. You can also have that same VM provision both bare metal nodes and VMs. Josh On Tuesday, October 29, 2013 2:58:27 PM John Peters wrote: > Thanks Josh. > > I guess part of it is my lack of strong networking skills or I'm over > thinking this. Usually companies only have one public or perhaps several > address that they purchase and they then use switches to NAT certain ports > like port 80 to an internal RFC1918 addresses. This is where I'm getting > confused because the VCL front end will have a DNS entry that will route > users to the VCL web front end when they go to myvcl.whatever.com. Can you > clarify on what you mean by user reachable addresses? Won't the switch be > doing the NAT? I also plan on using the web frontend and management node on > same server. The web front end will be a virtual machine running on > vmware5.X. Is it possible for one management node to provision both > baremetal machines and vm machines? > > On Tue, Oct 29, 2013 at 2:11 PM, Josh Thompson <[email protected]>wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > John, > > > > Welcome to the VCL community! Our apologies that the documentation is > > somewhat lacking. > > > > VCL does not do NAT out of the box. There is a JIRA (our bug/feature > > tracking > > system) issue with code attached to add NAT. Out of the box, you'll need > > to > > have user reachable addresses available for each node. > > > > VCL uses two separate networks typically referred to as private and > > public. > > The private network is used by the management node to provision and > > control > > the available nodes. The public network is used so that end users can > > connect > > to a reserved node. You can use RFC1918 addresses on both the private and > > public networks. However, if you do, you'll need some sort of NAT > > available > > for your users to connect to the reserved nodes (unless you are doing all > > of > > this in a private lab where you can still connect to the reserved nodes > > even > > though they aren't technically on a public network). > > > > Back to the DHCP question - if you are planning on doing bare metal > > provisioning, you'll need to set up xCAT for this, which includes setting > > up > > DHCP for the private network. You must have your own DHCP server on the > > management node for the private network so that xCAT can update it to give > > the > > nodes information on how they are to boot. > > > > Let me know if you need any of that clarified. > > > > Josh > > > > On Tuesday, October 29, 2013 1:33:54 PM John Peters wrote: > > > I might have worded it wrong. my vcl frontend will have two nic cards > > > ..what are acceptable addresses for those Nics for private and public. > > > > I'm > > > > > under the impression that one nic will have like a 192.168.X.X but will > > > > be > > > > > connected to public network or users from the outside will go to > > > www.myvlc.whatever > > > and it will be natted to the 192.168.X.X nic of the front end. Am I > > > > getting > > > > > this right? > > > > > > On Tue, Oct 29, 2013 at 12:19 PM, John Peters <[email protected]> > > > > wrote: > > > > Thanks for the Reply, > > > > > > > > Currently, our DHCP server is windows bases, will importing > > > > dhcp.confwork? > > > > > > also, I'm doing this for internal proof of concept so if I can't use > > > > RFC1918 for public how would I test this internally. Sorry, I'm not > > > > much > > > > > > of networking guy, I can run this by the network admin but I'm just > > > > trying to understand how this will work. So each node will need to be > > > > exposed to outside world? I'm not to clear on this..Thank You > > > > > > > > On Tue, Oct 29, 2013 at 11:25 AM, Dmitri Chebotarov > > > > <[email protected]>wrote: > > > >> Hi John > > > >> > > > >> You can use existing DHCPd server. Once you add VCL computers (type: > > > >> virtualmachine) you should get a dhcpd.conf file (for private > > > > addresses), > > > > > >> which you need to import into your existing DHCPd server. This will > > > > allow > > > > > >> your VCL VMs to get the right IP address. > > > >> For public you don't need static DHCP, VCL will connect to a VM and > > > > pull > > > > > >> public address during reservation. > > > >> (I'm not sure you can use 10.10.11 as public, there was something in > > > > the > > > > > >> code excluding RFC1918 addresses…) > > > >> -- > > > >> Thank you, > > > >> > > > >> Dmitri Chebotarov > > > >> VCL Sys Eng, Engineering & Architectural > > > >> Support, TSD - Ent Servers & Messaging > > > >> 223 Aquia Building, Ffx, MSN: 1B5 > > > >> Phone: (703) 993-6175 | Fax: (703) 993-3404 > > > >> > > > >> From: John Peters <[email protected]> > > > >> > > > >> Reply-To: "[email protected]" <[email protected]> > > > >> Date: Tuesday, October 29, 2013 11:02 > > > >> To: "[email protected]" <[email protected]> > > > >> Subject: Newbie Questions > > > >> > > > >> Hello, > > > >> > > > >> I'm just getting started with VCL and I have some questions. First, > > > > Does > > > > > >> the management node have to have DHCP running? I'm assuming this is > > > > used > > > > > >> to give IP's to compute nodes(machines handed out to users?) what > > > >> happens if a DHCP server is already in place but not part of vcl? > > > > Sorry > > > > > >> if I seem confused , as I mentioned I just started looking at this. > > > > I'm > > > > > >> just trying to set up a proof of concept. Currently we have a > > > >> vmwareenvironment which I was thinking of using as the web server and > > > >> management node and the other 3 physical machines as test boxes that > > > >> will be handed out to users and perhaps one virtual machine so I can > > > >> have a mixed environment with one virtual node and 3 physical nodes. > > > > Can > > > > > >> someone help me get started. If my vmwarewebserver and management > > > >> node > > > >> has a 10.10.11.X address which I plan on using for public access to > > > > make > > > > > >> reservations then my private address will need DHCP? > > > > - -- > > - ------------------------------- > > Josh Thompson > > VCL Developer > > North Carolina State University > > > > my GPG/PGP key can be found at pgp.mit.edu > > > > All electronic mail messages in connection with State business which > > are sent to or received by this account are subject to the NC Public > > Records Law and may be disclosed to third parties. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2.0.19 (GNU/Linux) > > > > iEYEARECAAYFAlJv+kYACgkQV/LQcNdtPQOjMgCfSAa+QWYn40FT0+r+fgsmOKOu > > cuUAnRGcT/xdss3WLH7fP6PNPlYdIg8/ > > tUvJ > > -----END PGP SIGNATURE----- - -- - ------------------------------- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJwHEkACgkQV/LQcNdtPQMuWACeKi3Mn76FxbbN6nZ48K/z1jdZ vZ4AnRXsqxZ/GOGg3K6u9WRQkAc3J5lE �wB -----END PGP SIGNATURE-----
