Re: [ovirt-users] Upgrade hosts/nodes from engine
Why not just assign the host a publicly accessible IP address and restrict SSH by firewall so only the engine (and possibly you) can access through SSH? James 2016-08-16 23:03 GMT+01:00 Hanson: > Hi Guys, > > Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my > engine on a bond-bridge-publicVlan setup for remote monitoring. > > Understandably, the nodes are complaining that they are failing updates. > (They're on a private vlan, and only configured with IP's in that vlan, the > public vlan doesn't have IP's set on the hosts so they can pass it to VMs). > > Is there a way to have the engine do the updates on the node using its > internet connection, like a proxy? > > For security reasons I like to have the nodes not publicly accessible, as > we see hundreds if not thousands of ssh attempts, and root would probably > be the most attacked account. > > Thanks, > > Hanson > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Upgrade hosts/nodes from engine
I've a similar setup and I use a proxy (Squid) to get out of our private LAN, all you have to do is define a proxy in your yum configuration (/etc/yum.conf) in case of RH/CentOS Systems. rgds, Arsène On 08/17/2016 12:03 AM, Hanson wrote: Hi Guys, Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring. Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs). Is there a way to have the engine do the updates on the node using its internet connection, like a proxy? For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account. Thanks, Hanson ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Upgrade hosts/nodes from engine
Hi, you could install Katello, register your hosts to receive updates through Katello and configure oVirt-Katello integration. You can find more information at http://www.ovirt.org/develop/release-management/features/katellointegration/ Martin Perina On Wed, Aug 17, 2016 at 12:03 AM, Hansonwrote: > Hi Guys, > > Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my > engine on a bond-bridge-publicVlan setup for remote monitoring. > > Understandably, the nodes are complaining that they are failing updates. > (They're on a private vlan, and only configured with IP's in that vlan, the > public vlan doesn't have IP's set on the hosts so they can pass it to VMs). > > Is there a way to have the engine do the updates on the node using its > internet connection, like a proxy? > > For security reasons I like to have the nodes not publicly accessible, as > we see hundreds if not thousands of ssh attempts, and root would probably > be the most attacked account. > > Thanks, > > Hanson > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Upgrade hosts/nodes from engine
Hi Guys, Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring. Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs). Is there a way to have the engine do the updates on the node using its internet connection, like a proxy? For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account. Thanks, Hanson ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users