I'm working on the cumulus install and the dns requirements are a bit silly. I'm going to keep emailing the list with steps I think we should take to simplify the cumulus cloud. Right now it is huge, has tons of requirements (I know some of these will go away as kerberos goes away), and tons of moving parts. So my first suggestion, get rid of the dns requirements. My team right now has a ton of turnover, and as I recall correctly the last large company I worked for had lots of turnover as well meaning simplicity is highly valued. So what do I suggest? non-fqdn searches like how puppet is initially setup. When you run puppet for the first time it auto contacts 'puppet'.searchdomain. This is simple, predictable and can be explained to a junior admin in about 15 seconds. -Mike
On Thu, 9 Apr 2009 11:33:04 -0500 (CDT) Mike McGrath <mmcgrath at redhat.com> wrote:> I'm working on the cumulus install and the dns requirements are a bit > silly. I'm going to keep emailing the list with steps I think we should > take to simplify the cumulus cloud. Right now it is huge, has tons of > requirements (I know some of these will go away as kerberos goes away), and > tons of moving parts. > > So my first suggestion, get rid of the dns requirements. My team right now > has a ton of turnover, and as I recall correctly the last large company I > worked for had lots of turnover as well meaning simplicity is highly > valued. > > So what do I suggest? non-fqdn searches like how puppet is initially > setup. When you run puppet for the first time it auto contacts > 'puppet'.searchdomain. This is simple, predictable and can be explained > to a junior admin in about 15 seconds.Wooo.. I like that idea. Will require node changes though.. don't think it can make it for this release but I'd like to see that on the list.. Ian
On Thu, 2009-04-09 at 11:33 -0500, Mike McGrath wrote:> So my first suggestion, get rid of the dns requirements.Just to be clear: with DNS requirements you mean the need for those SRV records, right ? That can indeed be avoided by looking up 'ovirt' or whatever in the default domain. Working forward and reverse DNS for the server and the nodes will always be a requirement, since both krb5 and any other auth mechanism (say x509) would need that. David