<div dir="ltr"><div><div><div><div><div><div><div>Hello!<br></div>I'm sorry for the delay on my response. Thanks Valentin and Stefan for your responses! You were really REALLY helpful. At the time, I didn't know hooks existed!<br>
</div>Even tho it sounds as the more elegant solution, my boss decided we should just route a block of 200 public addresses. Fastest and easiest solution to configure. As we say in Argentina, "lo atamo con alambre" (meaning, we stitched it with wire cables... there, I fixed it)<br>
<br>He also decided I should have no life at all, and assigned me yet more work than I can handle :-D LoL<br></div>I've got a new 20TB debian storage. Researchers here use the PostgreSQL database, and they have asked me to ""merge"" the database service with the cloud. Meaning... they want me to provide the database service from within the cloud. Is that even possible with OpenNebula?<br>
</div>One solution I came up with is to install PostgreSQL on the debian storage, then DNAT the storage:PostgreSQLport so it can be accessible tru the firewall... the problem is: I'm limited on the accounting I can do on this service.<br>
</div>is there some sort of "OpenNebula Plug In" that allows ONE to provide infrastructure services other than VMs? For instance: a PostgreSQL engine or DB?<br></div>Once again, Thank you guys!<br></div>best regards<br>
galimba<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 20, 2014 at 6:57 AM, Stefan Kooman <span dir="ltr"><<a href="mailto:stefan@bit.nl" target="_blank">stefan@bit.nl</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">Quoting Galimba (<a href="mailto:galimba@gmail.com">galimba@gmail.com</a>):<br>
> Hello everyone.<br>
> My name is Sebastian. I'm new to this list and tho I've been a sysadmin for<br>
> several years now, I've only recently dived into Cloud Computing.<br>
> I have successfully installed OpenNebula 4.4 on a local computer behind a<br>
> firewall at my university. I set up two nodes and another dedicated<br>
> computer as a NFS datastore.<br>
> The plan is to provide my research group with the IAAS that OpenNebula<br>
> brings to the table.<br>
> At the moment, I'm dealing with an issue I haven't been able to solve, and<br>
> perhaps some of you could throw me a hint.<br>
> My university assigned me over 100 public ip addresses to provide each VM.<br>
> If I were to plug the cable directly to the OpenNebula box, then I know I<br>
> could create my templates with public ip addresses and then everything<br>
> should be fine. The problem is that I have a firewall in the middle,<br>
> managing all the public ips, and my OpenNebula box is on a LAN behind that<br>
> firewall.<br>
<br>
</div>Question: Do you want to filter the traffic for your vm's on the<br>
"firewall in the middle"?<br>
<br>
If the answer is yes than you might want to use the vm-hook like<br>
Valentin suggested.<br>
<br>
If not then a vlan with public IP's is probably the easiest way to go.<br>
<br>
Another possibility is to use the "Public Cloud" interface from ONE,<br>
specifically: EC2 [1]. It makes use of Elastic IPs. It uses scripting to<br>
handle the mapping of public to private ips. Especially the scripts that<br>
interact with the OpenFlow seem promising [2].<br>
<br>
Yet another way of doing this is to route the block of 100 ip's to a<br>
router/firewall (possible running on ONE) (through a little ip<br>
interconnection block). In that case you don't have to filter on the<br>
"firewall in the middle" and or do NAT (which I think is very ugly). So<br>
like this: public ip -> interconnect-ip - router/firwall -<br>
router-ip-routed-ips -> vm's with public ip. This will also work for<br>
IPv6. Natting IPv6 is possible, but even more ugly ;). You still have<br>
the possibility to do some filtering on the firewall while leaving the<br>
rest of the ports open. If you like GUI's, pfSense is a very nice and<br>
capable firewall (based on OpenBSD's pf) [3]. If you would like to use<br>
pfSense on KVM -> don't use virtio network drivers, broken on KVM (at<br>
least that is our experience, intel e1000 works fine).<br>
<br>
Good luck, and have a fun and bright cloudy day ;),<br>
<br>
Gr. Stefan<br>
<br>
[1]:<br>
<a href="http://docs.opennebula.org/4.6/advanced_administration/public_cloud/ec2qug.html" target="_blank">http://docs.opennebula.org/4.6/advanced_administration/public_cloud/ec2qug.html</a><br>
[2]: <a href="http://community.opennebula.org/ecosystem:onenox" target="_blank">http://community.opennebula.org/ecosystem:onenox</a><br>
[3]: <a href="https://www.pfsense.org/" target="_blank">https://www.pfsense.org/</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
| BIT BV <a href="http://www.bit.nl/" target="_blank">http://www.bit.nl/</a> Kamer van Koophandel 09090351<br>
| GPG: 0xD14839C6 +31 318 648 688 / <a href="mailto:info@bit.nl">info@bit.nl</a><br>
</font></span><br>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.10 (GNU/Linux)<br>
<br>
iF4EAREIAAYFAlOkBaYACgkQTyGgYdFIOcYSbgD/bzTJCtJXvGYmalwWMBKXevVS<br>
LI3F2jPRszntMR/9PBYBAIB7XTZz16GrdJ3tzPvHEgR7HBKLjPpnA/bLlmKd6bSQ<br>
=GB+k<br>
-----END PGP SIGNATURE-----<br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><img src="http://i.imgur.com/6FbpMB1.jpg"><br></div>
</div>