[Server-devel] xs-config's networking layout

Martin Langhoff martin.langhoff at gmail.com
Tue Jul 27 13:28:11 EDT 2010


On Fri, Jul 23, 2010 at 7:53 PM, Jerry Vonau <jvonau at shaw.ca> wrote:
> I was looking a the xs-config package

Great -- apologies for the delay on this feedback, I've spent a week
workign on-site with extremely bad internet access (yikes! was good
last time I was there!)

>, I was thinking the next course of
> action is to split out the AA hardware support into an optional
> sub-package, along with it's supporting networking files, that frees us
> to change things around a little bit.

Yeah, I am thinking along the same lines, but with a twist or two on
what you propose.

> The split that I was thinking was:
>
> 1) xs-config: would handle http, moodle-xs, ejabbard, pgsql-xs, rssh,
> git and related common config files that make up the xs's core net
> services, and not required to provide net access to the rest of the lan.

Yes! - xs-config should install all the service control files, but
with different names from the standard. Init scripts and config
files/dirs all prefixed with xs (/etc/init.d/xs-named +
/etc/xs-named/<files> ).

Note that I would put _all_ the services in here -- including those
that you list in your point #2. Services naturally are not enabled by
default (we do that from our kickstart for the 'real' XS.)

> I'm thinking that the default services could be bound to 0.0.0.0/0 here.

Here we *must* do something else. We need a way to set the WAN IP addr
and the LAN IP addr and have things come up right.

> 2) xs-inet: adds support for the second interface, squid, named, dhcpd,
> iptables, would add onto the above base install, providing internet
> access for the lan. This rpm would require the above one, and we use git
> here to change the binding of the above services to support the regular
> xs network  layout. We could just lock down the external interfaces with
> iptables here, and not change the config files, but I'd rather do both.
> Any thoughts on that?

I would do "xs-network" and add all the interface munging (eth0,
eth1). We drop all the bonding magic. We drop AA support for good.

Whether we use git or something else to keep track of ifcfg-ethX and
friends is something to be explored.

My basic thought for this package is that it installs the bits and
pieces to munge your network setup, but it doesn't do it. It will only
do it when requested (or configured) to do it, via commandline and/or
init script.

> 3) xs-AA: adds the AA related files, and would require the xs-inet rpm

We better forget about AA.

Instead, 'xs-network' should probably include the tools needed to run
the usual "2 NICs" setup, but also run on XO-1 and XO-1.5 setting up
the WLAN to use hostap.

> Am I on the right track? or is there another plan?
> Any other thoughts or feedback?

I like it. I think we should start with the xs-config part which is
the sane one :-)

Segregate insanity into its own limited box...

cheers,


m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Server-devel mailing list