[ovirt-devel] Allow access to Cockpit by default after adding a host? Or make it configurable in Engine?

Fabian Deutsch fdeutsch at redhat.com
Fri Mar 4 12:01:46 UTC 2016


Hey,

Node Next will ship Cockpit by default.

When the host is getting installed, Cockpit can be reached by default
over it's port 9090/tcp.

But after the host was added to Engine, Engine/vdsm is setting up it's
own iptables rules which then prevent further access to Cockpit.

How do we want users to control the access to Cockpit? So where shall
users be able to open or close the Cockpit firewall port.

Initially I thought that we can open up the cockpit port by default,
but this might be a security issue.
(Brute force attacks to crack user passwords through the web interface).

- fabian



More information about the Devel mailing list