[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] RFC: automatic setting of ip_forwarding (or not)



On 10/07/2010 01:57 PM, Justin Clift wrote:
> On 10/07/2010 10:48 PM, Zdenek Styblik wrote:
>> On 10/04/2010 08:13 PM, Laine Stump wrote:
> <snip>
>>> Exactly one of my points. libvirt really wants (no, *needs*) this to be
>>> on for virtual networks, but it's very likely there was a reason for it
>>> being turned off, so the admin should at the very least be alerted that
>>> it's being turned on, or the fact that it's off should be logged in some
>>> way to assure it gets the admin's attention so they can make the proper
>>> judgement call.
>>>
>>
>> Only thing that popped in my head was: admin should read documentation :(
> 
> Is this the kind of behavioural thing that we should have a "reasonable
> default" for, plus allow for it to be configured differently via
> libvirtd.conf?
> 
>   were_special_really_really_really_please_dont_enable_ipforwarding = 1
> 
> :)
>

Umm I don't know, but this feels as being somewhat out of the context.
Ok, I don't think more log bogus will solve anything. Admin should know
what software does; software documentation should clearly state what
software does and does not.
I really don't know what else to say about proposed point :)

> 
>> Once again I'm going to "troll" about this and bundled everything inside
>> one thing. As I've said many times already, I'm pro-external things as
>> DHCP, firewall ... whatever. On the other hand, I realize the point of
>> libvirt might be to ship out-of-the-box solution like it is now.
>> I mean, tell admin what to add if he wants this and that; or make
>> external hooks, or whatever. That's hard to say, because there is no one
>> ultimate solution.
> 
> Using the words "hooks" here makes me wonder if we could do the needed
> work through having network hook scripts in place (with appropriate bits
> to call them), and whether it would be a useful way of doing things.
> (absolutely no idea if it's even feasible. :>)

Well, it might not be terminus technicus. I also see that I have
unfinished point here.
What I meant was and is that eg. DCC has in documentation what rules you
have/should add into your firewall to make DCC to work.
Hooks as external shell or whatever scripts - truly, I don't know,
although that was point of some sort.

Zdenek

-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla turnovfree net
jabber: stybla jabber turnovfree net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]