On Sun, May 27, 2018 at 5:33 AM, Punaatua PK <punaatua...@gmail.com> wrote:
> Hello, > > we are subject to PCI-DSS. I have some questions. We currently have setup > oVirt in our environnement. > We created 2 Datacenter. > - one with a cluster with hosted engine on gluster (Hyperconverged env) > which represents the "LAN" part > - one with a cluster with gluster storage wich is the DMZ > > In PCI-DSS we have to secure communication (use HTTPs as much as > possible). I did saw that ovirt-ha-agent (on hosted-engine capable host) > check the status of the engine by sending GET request on the hosted-engine > on port 80 (the same check that hosted-engine --vm-status did in fact). > Since ovirt 4.2.2, with the introduction of gluster eventing, a new flow > (HTTP post resquest) is needed from gluster nodes to the engine. (In my > case, it's a flow from the DMZ to the LAN part in HTTP (non secure) > If https is enabled, the webhook uses the https url to communicate. What does "gluster-eventsapi status" on any of the gluster nodes return? > Here is my question. Is it possible to "hardering" this part of the engine > ? > > Another question out of PCI scope. Events like warning and error in the > dashboard are clean each days. I tried to find which process did that (look > into /etc/cron.daily, root crontab, etc) on the engine > without succes. Is there any maintenance task that is run periodicaly ? > Could we have the list of all the engine's task ? (regulary check the > status of host, vm, storage) also the frequency ? > The periodic jobs are run by the Quartz scheduler. > I would appreciate the help. (Great great product ovirt !) Thank you for > your jobs ! We did manage KVM hypervisor as standalone machine without all > the power that libvirt provides. No need to spend lot of money into > licencing product (VSphere and co) > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YKSYGNMAEIJK5LP33QF3ECG2ABCKSJVF/