Why not just assign the host a publicly accessible IP address and restrict
SSH by firewall so only the engine (and possibly you) can access through
SSH?
James
2016-08-16 23:03 GMT+01:00 Hanson <hanson(a)andrewswireless.net>:
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my
engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing updates.
(They're on a private vlan, and only configured with IP's in that vlan, the
public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
Is there a way to have the engine do the updates on the node using its
internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible, as
we see hundreds if not thousands of ssh attempts, and root would probably
be the most attacked account.
Thanks,
Hanson
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users