OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suggestions for tiny changes in the systemvm templates


Stephan, are you planning PRs for these chances?

On Mon, Jul 2, 2018 at 1:49 PM, Stephan Seitz <s.seitz@xxxxxxxxxxxxxxxxxxx>
wrote:

> Hi!
>
> Having 4.11.1 at the horizon (btw. Thank You!), I've recently built
> packages and systemvm templates and wanted to share some thoughts about the
> systemvm.
>
> Here a few things i came across (I'ld provide a PR, but wanted to discuss
> that in prior)
>
> a) Entropy
> SystemVM are usually VM and VM generally do have problems to gather
> entropy.
> -> We could install rng-tools or (slightly better) haveged by default in
> the templates.
> pro: having a decent entropy pool available. Would improve SSL at all.
> con: well, cost's a few kB and a lightweight daemon running
>
> b) NTP
> At least for isolated networks (say VR / RVR) one usually needs to allow
> tcp/123 udp/123 for NTP to the VM behind.
> -> We could provide broadcast and/or manycast and/or even unicast at the
> VR's NTP by just changing the /etc/ntp.conf
> pro: easier setup of NTP (well, will add Stratum+1) for VM in isolated
> networks. Could also be announced via dhcp?
> con: in case of multi- or manycast a few more packets on the wire
>
> c) Monitoring
> We're using check-mk for monitoring most parts of our infrastructure.
> Thank's to the Cloudstack API we collect indirect (and sometimes very
> abstract) health data of the systemvm running.
> since there's already communication between systemvm and management, we
> thought that implementing the check-mk-agent (listening via xinetd) into
> the template could improve monitoring by
> piggyback the metrics on the management node(s).
> I'ld see that point different, since - even if the check-mk-agent wont do
> anything without getting queried - I don't know if it's feasible to add
> monitoring support for a solution which might be not
> as wide spread as we think here. Anyhow, installation and usage would be
> very simple and (if unused) no impact.
>
>
> cheers,
>
> - Stephan
>
>
>
>
>
>
>
> Mit freundlichen Grüßen,
>
> Stephan Seitz
>
>
> --
> Heinlein Support GmbH
> Schwedter Str. 8/9b, 10119 Berlin
>
> https://www.heinlein-support.de
>
> Tel: 030 / 405051-44
> Fax: 030 / 405051-19
>
> Amtsgericht Berlin-Charlottenburg - HRB 93818 B
> Geschäftsführer: Peer Heinlein - Sitz: Berlin
>
>


-- 
Daan