12:03 a.m.
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and
my engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing updates.
(They're on a private vlan, and only configured with IP's in that vlan,
the public vlan doesn't have IP's set on the hosts so they can pass it
to VMs).
Is there a way to have the engine do the updates on the node using its
internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible,
as we see hundreds if not thousands of ssh attempts, and root would
probably be the most attacked account.
Thanks,
Hanson
8:59 a.m.
Hi,
you could install Katello, register your hosts to receive updates through
Katello and configure oVirt-Katello integration. You can find more
information at
http://www.ovirt.org/develop/release-management/features/katellointegration/
Martin Perina
On Wed, Aug 17, 2016 at 12:03 AM, Hanson <hanson(a)andrewswireless.net> wrote:
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my
engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing updates.
(They're on a private vlan, and only configured with IP's in that vlan, the
public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
Is there a way to have the engine do the updates on the node using its
internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible, as
we see hundreds if not thousands of ssh attempts, and root would probably
be the most attacked account.
Thanks,
Hanson
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
9:21 a.m.
I've a similar setup and I use a proxy (Squid) to get out of our private
LAN, all you have to do is define a proxy in your yum configuration
(/etc/yum.conf) in case of RH/CentOS Systems.
rgds,
Arsène
On 08/17/2016 12:03 AM, Hanson wrote:
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup,
and my engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing
updates. (They're on a private vlan, and only configured with IP's in
that vlan, the public vlan doesn't have IP's set on the hosts so they
can pass it to VMs).
Is there a way to have the engine do the updates on the node using its
internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible,
as we see hundreds if not thousands of ssh attempts, and root would
probably be the most attacked account.
Thanks,
Hanson
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
10:34 a.m.
Why not just assign the host a publicly accessible IP address and restrict
SSH by firewall so only the engine (and possibly you) can access through
SSH?
James
2016-08-16 23:03 GMT+01:00 Hanson <hanson(a)andrewswireless.net>:
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my
engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing updates.
(They're on a private vlan, and only configured with IP's in that vlan, the
public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
Is there a way to have the engine do the updates on the node using its
internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible, as
we see hundreds if not thousands of ssh attempts, and root would probably
be the most attacked account.
Thanks,
Hanson
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3128
days inactive
3129
days old
3 comments
4 participants
participants (4)
-
Arsène Gschwind -
Hanson -
James Michels -
Martin Perina