Re: [ovirt-devel] Allow access to Cockpit by default after adding a host? Or make it configurable in Engine?
On Fri, Mar 4, 2016 at 1:02 PM, Fabian Deutsch <fdeutsch(a)redhat.com> wrote:
Btw. This question is now asked for Node, but it also affects other
hosts which are running Cockpit.
You can add a line with the cockpit firewall port to the sql script which
defines the ports to be opened in ovirt-engine.
- faian
On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <fdeutsch(a)redhat.com>
wrote:
> Hey,
>
> Node Next will ship Cockpit by default.
>
> When the host is getting installed, Cockpit can be reached by default
> over it's port 9090/tcp.
>
> But after the host was added to Engine, Engine/vdsm is setting up it's
> own iptables rules which then prevent further access to Cockpit.
>
> How do we want users to control the access to Cockpit? So where shall
> users be able to open or close the Cockpit firewall port.
>
> Initially I thought that we can open up the cockpit port by default,
> but this might be a security issue.
> (Brute force attacks to crack user passwords through the web interface).
>
> - fabian
--
Fabian Deutsch <fdeutsch(a)redhat.com>
RHEV Hypervisor
Red Hat
_______________________________________________
Devel mailing list
Devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
Attachments:
- attachment.html (text/html — 2.5 KB)