Why not just assign the host a publicly accessible IP address and restrict SSH by firewall so only the engine (and possibly you) can access through SSH?

James

2016-08-16 23:03 GMT+01:00 Hanson <hanson@andrewswireless.net>:
Hi Guys,

Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring.

Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs).

Is there a way to have the engine do the updates on the node using its internet connection, like a proxy?

For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account.

Thanks,

Hanson

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users