[Freeipa-devel] [RFC] Improve FreeIPA usability in cloud environments
Jan Pazdziora
jpazdziora at redhat.com
Mon Sep 23 07:37:34 UTC 2013
On Fri, Sep 13, 2013 at 09:08:10AM -0400, Simo Sorce wrote:
> >
> > The natural request is to add support for DNS views/split horizon DNS into
> > FreeIPA, so different names and IP addresses can be served to clients inside
> > and outside of the cloud.
> >
> > Is it enough? What else should we change to make FreeIPA reliable in clouds?
>
> I do not understand what's the use of views in this case.
>
> Views are used when you want to assign different IP addresses to the
> same name depending on where the query comes from.
Which can well be useful in cloud -- you might want to access the
other machine of your setup using its internal IP address because it's
cheaper than going through the external interface.
> But here we have different names pointing to different addresses and the
> machine actually know nothing about the external name/IP.
Well, the fact that a name does or does not exist is also a use-case
for views. There probably is little point presenting the internal
names to the external world.
> From the FreeIPA pov, if you use it for infrastructure you should just
> care about internal names.
Isn't it quite the oposite in cloud? The individual machines are
disposable often and all that matters is that there is a machine which
is able to provide a service, on some well-known stable public host
name. Which physical VM serves that service can change rapidly. A one
VM providing the service can change to five with some HA proxy in
front of them.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-devel
mailing list