[ovirt-devel] Allow access to Cockpit by default after adding a host? Or make it configurable in Engine?
Sandro Bonazzola
sbonazzo at redhat.com
Fri Mar 4 12:26:08 UTC 2016
On Fri, Mar 4, 2016 at 1:02 PM, Fabian Deutsch <fdeutsch at redhat.com> wrote:
> Btw. This question is now asked for Node, but it also affects other
> hosts which are running Cockpit.
>
>
You can add a line with the cockpit firewall port to the sql script which
defines the ports to be opened in ovirt-engine.
> - faian
>
> On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <fdeutsch at redhat.com>
> wrote:
> > Hey,
> >
> > Node Next will ship Cockpit by default.
> >
> > When the host is getting installed, Cockpit can be reached by default
> > over it's port 9090/tcp.
> >
> > But after the host was added to Engine, Engine/vdsm is setting up it's
> > own iptables rules which then prevent further access to Cockpit.
> >
> > How do we want users to control the access to Cockpit? So where shall
> > users be able to open or close the Cockpit firewall port.
> >
> > Initially I thought that we can open up the cockpit port by default,
> > but this might be a security issue.
> > (Brute force attacks to crack user passwords through the web interface).
> >
> > - fabian
>
>
>
> --
> Fabian Deutsch <fdeutsch at redhat.com>
> RHEV Hypervisor
> Red Hat
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20160304/402b5a0e/attachment-0001.html>
More information about the Devel
mailing list