Alon Bar-Lev has posted comments on this change. Change subject: hosted-engine: configure gluster for HC ......................................................................
Patch Set 1: (1 comment) https://gerrit.ovirt.org/#/c/39678/1/src/plugins/ovirt-host-deploy/hosted-engine/glusterd.py File src/plugins/ovirt-host-deploy/hosted-engine/glusterd.py: Line 63: continue Line 64: elif line.find('base-port') != -1: Line 65: continue Line 66: elif line.find('end-volume') == 0: Line 67: content.append(' option rpc-auth-allow-insecure on') > in EL7 libvirt migration range is configurable, and it also checks prior to the entire idea of port range is something that should not have been used at least in the past 15 years (since the portmapper era). I do not think there is a difference between range1 or (range1, range2) both in security aspects and maintenance. one can argue that in local machine selinux can limit specific type to specific range, however, remote system cannot assume that this is the case as it cannot actually verify that. I prefer not to touch configuration of system components unless actually required, especially in these components that do not support conf.d structure and require editing configuration files instead of drop-in configurations. Line 68: content.append(' option base-port 49217') Line 69: content.append(line) Line 70: Line 71: self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( -- To view, visit https://gerrit.ovirt.org/39678 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I2bded0891309a2d38daef76bac93c7c7a4b0602a Gerrit-PatchSet: 1 Gerrit-Project: ovirt-host-deploy Gerrit-Branch: master Gerrit-Owner: Sandro Bonazzola <[email protected]> Gerrit-Reviewer: Allon Mureinik <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Doron Fediuck <[email protected]> Gerrit-Reviewer: Federico Simoncelli <[email protected]> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Lev Veyde <[email protected]> Gerrit-Reviewer: Michal Skrivanek <[email protected]> Gerrit-Reviewer: Michal Skrivanek <[email protected]> Gerrit-Reviewer: Sahina Bose <[email protected]> Gerrit-Reviewer: Sandro Bonazzola <[email protected]> Gerrit-Reviewer: Simone Tiraboschi <[email protected]> Gerrit-Reviewer: Vijay Bellur <[email protected]> Gerrit-Reviewer: Yedidyah Bar David <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
