Hi, you are right, we don't have this. I just created this in order to document http://dev.opennebula.org/issues/3602
Answering your specific question: What is not clear is about the tm driver. An ssh connection is open from > oned admin server to the hypervisors, to run the clone/cp/etc actions. I > need to know if the hypervisor will in those actions initiate some SSH > connection back to the oned admin server? (we are using ssh, shared, and > lvm drivers). We want to block this king of traffic (ssh to oned admin > server from the nodes). The ssh connection to the frontend from the nodes **is** required. It's used in actions like undeploy or stop. In any case as you say, creating a reference guide for the connections in OpenNebula would come in very handy. cheers, Jaime On Fri, Feb 6, 2015 at 11:07 AM, Madko <madk...@gmail.com> wrote: > Hi, > > Is there any documentation about the ports and network traffic in use with > OpenNebula? > > To go in production we need to have a firewall between our oned admin > server and the hypervisors nodes. > So I need to know if there is any network traffic to be initiated (state > NEW) from the hypervisor nodes to the oned admin server? > So far I found the UDP port 4124 for collectd, with metrics comming from > the hypervisors. > > What is not clear is about the tm driver. An ssh connection is open from > oned admin server to the hypervisors, to run the clone/cp/etc actions. I > need to know if the hypervisor will in those actions initiate some SSH > connection back to the oned admin server? (we are using ssh, shared, and > lvm drivers). We want to block this king of traffic (ssh to oned admin > server from the nodes). > > To sum up, here is what we know for sure: > oned 4124/udp <= nodes > oned => 22/tcp nodes > > We need to know what traffic and who initiate it. I don't see anything > about it in the documentation. If anyone has this information that would be > of great help. Untill then I will try to find it out myself by playing with > iptables. > > Best regards > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > -- Jaime Melis Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | jme...@opennebula.org
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org