On Fri, Mar 4, 2016 at 1:26 PM, Sandro Bonazzola <[email protected]> wrote: > > > On Fri, Mar 4, 2016 at 1:02 PM, Fabian Deutsch <[email protected]> wrote: >> >> Btw. This question is now asked for Node, but it also affects other >> hosts which are running Cockpit. >> > > You can add a line with the cockpit firewall port to the sql script which > defines the ports to be opened in ovirt-engine.
Yep. My main question was just if we want to open it by default or not. But Oved's suggestpion is good. We already have the checkbox to ask wheteher engine/vdsm should manage the firewall. If yes, the cockpit should also be opened. - fabian > > >> >> - faian >> >> On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <[email protected]> >> wrote: >> > Hey, >> > >> > Node Next will ship Cockpit by default. >> > >> > When the host is getting installed, Cockpit can be reached by default >> > over it's port 9090/tcp. >> > >> > But after the host was added to Engine, Engine/vdsm is setting up it's >> > own iptables rules which then prevent further access to Cockpit. >> > >> > How do we want users to control the access to Cockpit? So where shall >> > users be able to open or close the Cockpit firewall port. >> > >> > Initially I thought that we can open up the cockpit port by default, >> > but this might be a security issue. >> > (Brute force attacks to crack user passwords through the web interface). >> > >> > - fabian >> >> >> >> -- >> Fabian Deutsch <[email protected]> >> RHEV Hypervisor >> Red Hat >> _______________________________________________ >> Devel mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/devel > > > > > -- > Sandro Bonazzola > Better technology. Faster innovation. Powered by community collaboration. > See how it works at redhat.com -- Fabian Deutsch <[email protected]> RHEV Hypervisor Red Hat _______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
