Yedidyah Bar David has posted comments on this change. Change subject: packaging: setup: update firewall for all services ......................................................................
Patch Set 3: > from what I understand from this patch we touch the firewall services even if > component is not enabled. Not sure what exactly is "enabled". For websocket-proxy the condition is: self.environment[osetupcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG] For postgresql it is: self.environment[osetupcons.DBEnv.HOST] == 'localhost' The first is selected by the user and can (with some more effort) be disabled later by the user. The second, I think, is obvious. That said, I have no idea why we need direct access from outside to the database. Is it only for putting dwh/reports on a different machine? Is it a common scenario? If not, it's (much, imo) more secure to open access manually when setting up these. -- To view, visit http://gerrit.ovirt.org/20737 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: If3c1a634b2e8539ebd604205b5487290c8d8a1a9 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yedidyah Bar David <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Ofer Schreiber <[email protected]> Gerrit-Reviewer: Sandro Bonazzola <[email protected]> Gerrit-Reviewer: Yedidyah Bar David <[email protected]> Gerrit-HasComments: No _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
