[CentOS-virt] Slightly OT: Centos KVM Host/Guest functions and LVM considerations

Fri Sep 16 19:20:24 UTC 2011
Eric Shubert <ejs at shubes.net>

On 09/16/2011 11:11 AM, Ed Heron wrote:
> On Fri, 2011-09-16 at 10:46 -0700, Eric Shubert wrote:
>> ...
>> Now, take all of your ideal logical servers (and the networking which
>> ties them all together), and make them VMs on your host. I've done this,
>> and these are the VMs I presently have (the list is still evolving):
>> .) net (IPCop distro, provides network services, WAN/DMZ/LAN)
>> .) web (DMZ/STOR)
>> .) ftp (DMZ/STOR)
>> .) mail (DMZ/STOR)
>> .) domain control (LAN/STOR)
>> .) storage (LAN/STOR)
>>
>> One aspect that we haven't touched on is network topology. I have 2 nics
>> in the host, one for WAN and one for LAN. These are both bridged to the
>> appropriate subnet. I also have host-only subnets for DMZ and STORage.
>> The DMZ is used with IPCop port forwarding giving access to services
>> from the internet. The STOR subnet is sort of a backplane, used by
>> servers to access the storage VM, which provides access to user data via
>> SMB, NFS, AFP, and SQL. All user data is accessed via this storage VM,
>> which has access to raw (non-virtual) storage.
>> ...
>
>    If I'm understanding you, if you split this out to multiple physical
> hosts, you would need to convert DMZ and STOR from virtual to physical
> segments; increasing the number of required network interfaces in each
> host to 4.

Correct. I have done this with DMZ to provide wireless access (putting a 
wireless router on the DMZ).

> Are you concerned that your hosts are connected to WAN without a
> firewall?

I am not concerned. The only machine connected/accessible to WAN is the 
IPCop VM. Everything from/to the WAN goes through IPCop.

> I assume you bridge the interface without assigning IP
> address?

Right, there is no IP address (169.254.x.x or 0.0.0.0) on the WAN 
interface of the host. The WAN interface on the host is not accessible, 
only bridged to IPCop red/wan interface.

> What software do you use for storage. I'd think having the host
> handle integrated storage would be simpler, but, of course, that doesn't
> scale to multiple hosts...

I simply use a linux host, with nfs, samba, netatalk and mysql. Whatever 
you prefer would do.

Although the host handles the physical i/o, I still like having a 
separate storage VM. I think it simplifies things a bit when it comes to 
monitoring and tuning, and it's better security-wise too. I don't think 
it's a good idea to have any more services than needed running on the host.

Thanks for the questions. I'm sure I left out a few things. ;)

-- 
-Eric 'shubes'