[Ovirt-devel] Get rid of dns requirements

[Mike McGrath]

On Thu, 9 Apr 2009, Hugh O. Brock wrote:

> On Thu, Apr 09, 2009 at 07:57:29PM +0000, David Lutterkort wrote:
> > On Thu, 2009-04-09 at 11:33 -0500, Mike McGrath wrote:
> > > So my first suggestion, get rid of the dns requirements.
> >
> > Just to be clear: with DNS requirements you mean the need for those SRV
> > records, right ? That can indeed be avoided by looking up 'ovirt' or
> > whatever in the default domain.
> >
> > Working forward and reverse DNS for the server and the nodes will always
> > be a requirement, since both krb5 and any other auth mechanism (say
> > x509) would need that.
>
> Yeah Mike I have a ton of sympathy here and I really want to make it
> as simple as possible to set things up. Maybe defaults in the absence
> of SRV records is a good way to go.
>
> However as David says, we absolutely have to have some kind of
> mechanism for authentication and encryption between the server and the
> nodes. That can be krb5, or PKI (which I would prefer when it becomes
> available for us, because anything is better than kerberos), but if we
> try to do anything else (say, passing around ssh keys) we're going to
> wind up reimplementing our own certificate management system
> anyway. So at least for the cluster(s) of machines that are managed by
> oVirt, working DNS is going to be a hard requirement. We've tried to
> simplify this as much as possible by providing a DNS server for the
> admin network with the install.
>
> I am, as always, open to suggestions for other ways to simplify
> things...
>

Forward dns is an obvious need, well not really one could use IP's.  But
lots of systems (puppet from my example earlier) do not have that hard
requirement.  I guess if I had to compare it to a competitor like
enomalism which does not have such a requirement.  Why do we have it and
what does it give us that enomalism is missing out on.

	-Mike