On Fri, Mar 4, 2016 at 1:02 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:

Btw. This question is now asked for Node, but it also affects other
hosts which are running Cockpit.

You can add a line with the cockpit firewall port to the sql script which defines the ports to be opened in ovirt-engine.

- faian

On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:
> Hey,
>
> Node Next will ship Cockpit by default.
>
> When the host is getting installed, Cockpit can be reached by default
> over it's port 9090/tcp.
>
> But after the host was added to Engine, Engine/vdsm is setting up it's
> own iptables rules which then prevent further access to Cockpit.
>
> How do we want users to control the access to Cockpit? So where shall
> users be able to open or close the Cockpit firewall port.
>
> Initially I thought that we can open up the cockpit port by default,
> but this might be a security issue.
> (Brute force attacks to crack user passwords through the web interface).
>
> - fabian

--
Fabian Deutsch <fdeutsch@redhat.com>
RHEV Hypervisor
Red Hat

_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel

Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com