On Thursday, July 7, 2016, Russell Bryant <russ...@ovn.org> wrote: > > On Thu, Jul 7, 2016 at 2:44 PM, Andy Zhou <az...@ovn.org> wrote: > >> On Thu, Jul 7, 2016 at 11:37 AM, Han Zhou <zhou...@gmail.com> wrote: >> >>> Hi Andy, >>> >>> Sorry #1 seems not clear to me. It sounds like a etcd cluster running >>> behind a ovsdb-server cluster? Then what would be the HA mechanism for the >>> ovsdb-server layer? >>> >> >> Yes, your understanding is correct, expect ovsdb-servers do not form a >> cluster, they only connect to etcd servers. >> >> etcd servers form the HA cluster. All ovsdb-servers maintain connections >> to the leader etcd server. OVSDB servers do not store >> transactions, they essentially translate ovsdb protocol into etcd gRPC >> protocol. >> > > Would you be able to run N copies of ovsdb-server in this case? >
Yes, ovsdb-client can connect to any one of them. > > Another consideration is that we'd be able to make use of ovsdb features, > but at the expense of not be able to use etcd features directly. An > example is authorization. This is a v2 API doc, but: > > https://coreos.com/etcd/docs/latest/auth_api.html > > I was thinking we might be able to build a solution for the "Limiting the > impact of a compromised chassis" item in ovn/TODO using etcd capabilities. > If we put ovsdb in front of it, we still have to solve this in ovsdb. > > This is a very good point. May be it is another +1 for #2? Or you have some other approach in mind? > -- > Russell Bryant >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
