[Server-devel] xs-config's networking layout

Jerry Vonau jvonau at shaw.ca
Tue Jul 27 15:50:32 EDT 2010 

On Tue, 2010-07-27 at 14:28 -0300, Martin Langhoff wrote:
> On Fri, Jul 23, 2010 at 7:53 PM, Jerry Vonau <jvonau at shaw.ca> wrote:
> > I was looking a the xs-config package
> 
> Great -- apologies for the delay on this feedback, I've spent a week
> workign on-site with extremely bad internet access (yikes! was good
> last time I was there!)
> 
> >, I was thinking the next course of
> > action is to split out the AA hardware support into an optional
> > sub-package, along with it's supporting networking files, that frees us
> > to change things around a little bit.
> 
> Yeah, I am thinking along the same lines, but with a twist or two on
> what you propose.
> 
> > The split that I was thinking was:
> >
> > 1) xs-config: would handle http, moodle-xs, ejabbard, pgsql-xs, rssh,
> > git and related common config files that make up the xs's core net
> > services, and not required to provide net access to the rest of the lan.
> 
> Yes! - xs-config should install all the service control files, but
> with different names from the standard. Init scripts and config
> files/dirs all prefixed with xs (/etc/init.d/xs-named +
> /etc/xs-named/<files> ).
> 
That is what I was thinking.

> Note that I would put _all_ the services in here -- including those
> that you list in your point #2. Services naturally are not enabled by
> default (we do that from our kickstart for the 'real' XS.)
> 
We could enable the services from within the rpm for these core services
also.       

> > I'm thinking that the default services could be bound to 0.0.0.0/0 here.
> 
> Here we *must* do something else. We need a way to set the WAN IP addr
> and the LAN IP addr and have things come up right.
> 

In the single interface model there would be only one ip address (other
that lo) available for the services to bind too. This address may be
dhcp assigned, the ip address may not be known in advance, with the
required name resolution supplied by an outside source. Out of the box
default for most service is to bind to all interfaces. The only time we
really need to worry about binding the services to a specific internal
ip address is when there is an external interface present. 

> > 2) xs-inet: adds support for the second interface, squid, named, dhcpd,
> > iptables, would add onto the above base install, providing internet
> > access for the lan. This rpm would require the above one, and we use git
> > here to change the binding of the above services to support the regular
> > xs network  layout. We could just lock down the external interfaces with
> > iptables here, and not change the config files, but I'd rather do both.
> > Any thoughts on that?
> 
> I would do "xs-network" and add all the interface munging (eth0,
> eth1). We drop all the bonding magic. We drop AA support for good.
> 
Everybody is going to have a LAN interface, should we just name it as
such? That would be just a matter of renaming the ifcfg-eth1 file to
ifcfg-LAN. Could do the same for ifcfg-eth0 which would become
ifcfg-WAN. Just a thought...  

> Whether we use git or something else to keep track of ifcfg-ethX and
> friends is something to be explored.
> 
> My basic thought for this package is that it installs the bits and
> pieces to munge your network setup, but it doesn't do it. It will only
> do it when requested (or configured) to do it, via commandline and/or
> init script.
> 

Once you need to support 2 interfaces, that is when the services need to
be bound to the internal interface, and the need to munge the config
files appears. Think this could just be sed replacements for the above
xs-config's files coming from the xs-network rpm. The config files that
are needed to support internet access (named, dhcpd, iptables) would be
added at this point and enabled by the rpm, with squid left as optional
as it is now. By installing this rpm you would be providing the request
needed to activate the internet access for the LAN.

> > 3) xs-AA: adds the AA related files, and would require the xs-inet rpm
> 
> We better forget about AA.
> 
What's an AA? lol..

> Instead, 'xs-network' should probably include the tools needed to run
> the usual "2 NICs" setup, but also run on XO-1 and XO-1.5 setting up
> the WLAN to use hostap.
> 
Yes, that is the plan, but the hostap is not on my plate yet, 
but will keep that in mind. 

> > Am I on the right track? or is there another plan?
> > Any other thoughts or feedback?
> 
> I like it. I think we should start with the xs-config part which is
> the sane one :-)
> 
> Segregate insanity into its own limited box...
> 
I try to keep mine in a chroot-jail... lol..

At the end of the day my goal is have the same layout as now, less the
AA/bounding stuff when you install the xs-network rpm. This xs-network
rpm would require the xs-config rpm to build on, but not be required to
have a XS serve-up idmgr, moodle and friends from a single interface. 

Jerry

 


   

Jerry

More information about the Server-devel mailing list