[CentOS-virt] Slightly OT: Centos KVM Host/Guest functions and LVM considerations
ejs at shubes.net
Fri Sep 16 15:20:24 EDT 2011
On 09/16/2011 11:11 AM, Ed Heron wrote:
> On Fri, 2011-09-16 at 10:46 -0700, Eric Shubert wrote:
>> Now, take all of your ideal logical servers (and the networking which
>> ties them all together), and make them VMs on your host. I've done this,
>> and these are the VMs I presently have (the list is still evolving):
>> .) net (IPCop distro, provides network services, WAN/DMZ/LAN)
>> .) web (DMZ/STOR)
>> .) ftp (DMZ/STOR)
>> .) mail (DMZ/STOR)
>> .) domain control (LAN/STOR)
>> .) storage (LAN/STOR)
>> One aspect that we haven't touched on is network topology. I have 2 nics
>> in the host, one for WAN and one for LAN. These are both bridged to the
>> appropriate subnet. I also have host-only subnets for DMZ and STORage.
>> The DMZ is used with IPCop port forwarding giving access to services
>> from the internet. The STOR subnet is sort of a backplane, used by
>> servers to access the storage VM, which provides access to user data via
>> SMB, NFS, AFP, and SQL. All user data is accessed via this storage VM,
>> which has access to raw (non-virtual) storage.
> If I'm understanding you, if you split this out to multiple physical
> hosts, you would need to convert DMZ and STOR from virtual to physical
> segments; increasing the number of required network interfaces in each
> host to 4.
Correct. I have done this with DMZ to provide wireless access (putting a
wireless router on the DMZ).
> Are you concerned that your hosts are connected to WAN without a
I am not concerned. The only machine connected/accessible to WAN is the
IPCop VM. Everything from/to the WAN goes through IPCop.
> I assume you bridge the interface without assigning IP
Right, there is no IP address (169.254.x.x or 0.0.0.0) on the WAN
interface of the host. The WAN interface on the host is not accessible,
only bridged to IPCop red/wan interface.
> What software do you use for storage. I'd think having the host
> handle integrated storage would be simpler, but, of course, that doesn't
> scale to multiple hosts...
I simply use a linux host, with nfs, samba, netatalk and mysql. Whatever
you prefer would do.
Although the host handles the physical i/o, I still like having a
separate storage VM. I think it simplifies things a bit when it comes to
monitoring and tuning, and it's better security-wise too. I don't think
it's a good idea to have any more services than needed running on the host.
Thanks for the questions. I'm sure I left out a few things. ;)
More information about the CentOS-virt