[ovirt-devel] Allow access to Cockpit by default after adding a host? Or make it configurable in Engine?
Fabian Deutsch
fdeutsch at redhat.com
Fri Mar 4 13:31:17 UTC 2016
On Fri, Mar 4, 2016 at 1:24 PM, Oved Ourfali <oourfali at redhat.com> wrote:
> I'd open it by default, if the user asks to configure the firewall.
> We ask that on host bootstrapping, so one can choose not to let us configure
> the firewall if he controls his own firewall configuration.
True - we can couple it with that decision when adding a host.
https://bugzilla.redhat.com/show_bug.cgi?id=1314781
- fabian
> On Mar 4, 2016 14:02, "Fabian Deutsch" <fdeutsch at redhat.com> wrote:
>>
>> Btw. This question is now asked for Node, but it also affects other
>> hosts which are running Cockpit.
>>
>> - faian
>>
>> On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <fdeutsch at redhat.com>
>> wrote:
>> > Hey,
>> >
>> > Node Next will ship Cockpit by default.
>> >
>> > When the host is getting installed, Cockpit can be reached by default
>> > over it's port 9090/tcp.
>> >
>> > But after the host was added to Engine, Engine/vdsm is setting up it's
>> > own iptables rules which then prevent further access to Cockpit.
>> >
>> > How do we want users to control the access to Cockpit? So where shall
>> > users be able to open or close the Cockpit firewall port.
>> >
>> > Initially I thought that we can open up the cockpit port by default,
>> > but this might be a security issue.
>> > (Brute force attacks to crack user passwords through the web interface).
>> >
>> > - fabian
>>
>>
>>
>> --
>> Fabian Deutsch <fdeutsch at redhat.com>
>> RHEV Hypervisor
>> Red Hat
>> _______________________________________________
>> Devel mailing list
>> Devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/devel
>>
>>
>
--
Fabian Deutsch <fdeutsch at redhat.com>
RHEV Hypervisor
Red Hat
More information about the Devel
mailing list