[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

suggestions for tiny changes in the systemvm templates


Having 4.11.1 at the horizon (btw. Thank You!), I've recently built packages and systemvm templates and wanted to share some thoughts about the systemvm.

Here a few things i came across (I'ld provide a PR, but wanted to discuss that in prior)

a) Entropy
SystemVM are usually VM and VM generally do have problems to gather entropy.
-> We could install rng-tools or (slightly better) haveged by default in the templates.
pro: having a decent entropy pool available. Would improve SSL at all.
con: well, cost's a few kB and a lightweight daemon running

b) NTP
At least for isolated networks (say VR / RVR) one usually needs to allow tcp/123 udp/123 for NTP to the VM behind.
-> We could provide broadcast and/or manycast and/or even unicast at the VR's NTP by just changing the /etc/ntp.conf
pro: easier setup of NTP (well, will add Stratum+1) for VM in isolated networks. Could also be announced via dhcp?
con: in case of multi- or manycast a few more packets on the wire

c) Monitoring
We're using check-mk for monitoring most parts of our infrastructure. Thank's to the Cloudstack API we collect indirect (and sometimes very abstract) health data of the systemvm running.
since there's already communication between systemvm and management, we thought that implementing the check-mk-agent (listening via xinetd) into the template could improve monitoring by
piggyback the metrics on the management node(s).
I'ld see that point different, since - even if the check-mk-agent wont do anything without getting queried - I don't know if it's feasible to add monitoring support for a solution which might be not
as wide spread as we think here. Anyhow, installation and usage would be very simple and (if unused) no impact.


- Stephan

Mit freundlichen Grüßen,

Stephan Seitz

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin


Tel: 030 / 405051-44
Fax: 030 / 405051-19

Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin

Attachment: signature.asc
Description: This is a digitally signed message part