<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 4, 2016 at 1:02 PM, Fabian Deutsch <span dir="ltr"><<a href="mailto:fdeutsch@redhat.com" target="_blank">fdeutsch@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Btw. This question is now asked for Node, but it also affects other<br>
hosts which are running Cockpit.<br>
<br></blockquote><div><br></div><div>You can add a line with the cockpit firewall port to the sql script which defines the ports to be opened in ovirt-engine.</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
- faian<br>
<span class="im HOEnZb"><br>
On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <<a href="mailto:fdeutsch@redhat.com">fdeutsch@redhat.com</a>> wrote:<br>
> Hey,<br>
><br>
> Node Next will ship Cockpit by default.<br>
><br>
> When the host is getting installed, Cockpit can be reached by default<br>
> over it's port 9090/tcp.<br>
><br>
> But after the host was added to Engine, Engine/vdsm is setting up it's<br>
> own iptables rules which then prevent further access to Cockpit.<br>
><br>
> How do we want users to control the access to Cockpit? So where shall<br>
> users be able to open or close the Cockpit firewall port.<br>
><br>
> Initially I thought that we can open up the cockpit port by default,<br>
> but this might be a security issue.<br>
> (Brute force attacks to crack user passwords through the web interface).<br>
><br>
> - fabian<br>
<br>
<br>
<br>
</span><span class="HOEnZb"><font color="#888888">--<br>
Fabian Deutsch <<a href="mailto:fdeutsch@redhat.com">fdeutsch@redhat.com</a>><br>
RHEV Hypervisor<br>
Red Hat<br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/devel</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">Sandro Bonazzola<br>Better technology. Faster innovation. Powered by community collaboration.<br>See how it works at <a href="http://redhat.com" target="_blank">redhat.com</a><br></div></div></div></div>
</div></div>