add support for a private network
if a bunch of servers have a private network, we should support the ability to use this private network.
unlike the public network, were we auto-detect most everything, i think we can make the private network more of a pain to set up and require that everything is configured right.
here is a possible example:
{ "network": { "private": { "name": "seattle", "ip_address": "10.0.0.1", "mask": "255.255.255.0", "interface": "eth1" } } "ssh": { "bind": "private" } }
the rules for a private network should be like this:
- ignore private network on AWS or OpenStack, since they already have a private network.
- the node configuration can explicitly bind any particular service to the private network. doing so might mess up the infrastructure, because remote nodes will not be able to connect.
- if you are a node that needs to communicate with another node, and if that node has a private network with the same name as you, then use the private network for all connections (by modifying /etc/hosts).
possible problems:
- this example only supports a single private network, and not adding any number of additional networks. i think this is acceptable.
- eventually, we want to do IPsec for all connections between all nodes. when we use IPsec, do we want it to use new non-public IPs? this might be tricky.
(from redmine: created on 2013-07-06)