[ovirt-users] Re: Hardering oVirt Engine

2018-06-19 Thread Punaatua PK 
> On Sun, May 27, 2018 at 5:33 AM, Punaatua PK  wrote:
> 
> 
> If https is enabled, the webhook uses the https url to communicate. What
> does "gluster-eventsapi status" on any of the gluster nodes return?
> 
[root@test ~]# gluster-eventsapi status
Webhooks:
http://engine.local.com:80/ovirt-engine/services/glusterevents

+--+-+---+
| NODE | NODE STATUS | GLUSTEREVENTSD STATUS |
+--+-+---+
| 10.17.14.153 |  UP |OK |
| 10.17.14.152 |  UP |OK |
|  localhost   |  UP |OK |
+--+-+---+

The webhook is configured with http not https. I think i can modify it to https 
but i dont know if gluster event api can handle https
(the CA may be asked)
> 
> The periodic jobs are run by the Quartz scheduler.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/X5FM3O4E7CDE3WWEV3RMSWG74BVC5QKX/

[ovirt-users] Re: Hardering oVirt Engine

2018-06-19 Thread Sahina Bose 
On Sun, May 27, 2018 at 5:33 AM, Punaatua PK  wrote:

> Hello,
>
> we are subject to PCI-DSS. I have some questions. We currently have setup
> oVirt in our environnement.
> We created 2 Datacenter.
> - one with a cluster with hosted engine on gluster (Hyperconverged env)
> which represents the "LAN" part
> - one with a cluster with gluster storage wich is the DMZ
>
> In PCI-DSS we have to secure communication (use HTTPs as much as
> possible). I did saw that ovirt-ha-agent (on hosted-engine capable host)
> check the status of the engine by sending GET request on the hosted-engine
> on port 80 (the same check that hosted-engine --vm-status did in fact).
> Since ovirt 4.2.2, with the introduction of gluster eventing, a new flow
> (HTTP post resquest) is needed from gluster nodes to the engine. (In my
> case, it's a flow from the DMZ to the LAN part in HTTP (non secure)
>

If https is enabled, the webhook uses the https url to communicate. What
does "gluster-eventsapi status" on any of the gluster nodes return?


> Here is my question. Is it possible to "hardering" this part of the engine
> ?
>
> Another question out of PCI scope. Events like warning and error in the
> dashboard are clean each days. I tried to find which process did that (look
> into /etc/cron.daily, root crontab, etc) on the engine
> without succes. Is there any maintenance task that is run periodicaly ?
> Could we have the list of all the engine's task ? (regulary check the
> status of host, vm, storage) also the frequency ?
>

The periodic jobs are run by the Quartz scheduler.


> I would appreciate the help. (Great great product ovirt !) Thank you for
> your jobs ! We did manage KVM hypervisor as standalone machine without all
> the power that libvirt provides. No need to spend lot of money into
> licencing product (VSphere and co)
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YKSYGNMAEIJK5LP33QF3ECG2ABCKSJVF/

[ovirt-users] Re: Hardering oVirt Engine

2018-05-30 Thread Punaatua PK 
Any ideas anyone ? At least, could you please provide your opinion ?

Regards,
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KPQUWIXEU6TVSZAZIQOCGWV4SEKFC5QH/