Hi Guys, Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring. Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs). Is there a way to have the engine do the updates on the node using its internet connection, like a proxy? For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account. Thanks, Hanson
Hi, you could install Katello, register your hosts to receive updates through Katello and configure oVirt-Katello integration. You can find more information at http://www.ovirt.org/develop/release-management/features/katellointegration/ Martin Perina On Wed, Aug 17, 2016 at 12:03 AM, Hanson <hanson@andrewswireless.net> wrote:
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
Is there a way to have the engine do the updates on the node using its internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account.
Thanks,
Hanson
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I've a similar setup and I use a proxy (Squid) to get out of our private LAN, all you have to do is define a proxy in your yum configuration (/etc/yum.conf) in case of RH/CentOS Systems. rgds, Arsène On 08/17/2016 12:03 AM, Hanson wrote:
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
Is there a way to have the engine do the updates on the node using its internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account.
Thanks,
Hanson
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Why not just assign the host a publicly accessible IP address and restrict SSH by firewall so only the engine (and possibly you) can access through SSH? James 2016-08-16 23:03 GMT+01:00 Hanson <hanson@andrewswireless.net>:
Hi Guys,
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring.
Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
Is there a way to have the engine do the updates on the node using its internet connection, like a proxy?
For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account.
Thanks,
Hanson
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (4)
-
Arsène Gschwind -
Hanson -
James Michels -
Martin Perina