Re: [ovirt-users] Upgrade hosts/nodes from engine

2016-08-17 Thread James Michels 
Why not just assign the host a publicly accessible IP address and restrict
SSH by firewall so only the engine (and possibly you) can access through
SSH?

James

2016-08-16 23:03 GMT+01:00 Hanson :

> Hi Guys,
>
> Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my
> engine on a bond-bridge-publicVlan setup for remote monitoring.
>
> Understandably, the nodes are complaining that they are failing updates.
> (They're on a private vlan, and only configured with IP's in that vlan, the
> public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
>
> Is there a way to have the engine do the updates on the node using its
> internet connection, like a proxy?
>
> For security reasons I like to have the nodes not publicly accessible, as
> we see hundreds if not thousands of ssh attempts, and root would probably
> be the most attacked account.
>
> Thanks,
>
> Hanson
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade hosts/nodes from engine

2016-08-17 Thread Arsène Gschwind 
I've a similar setup and I use a proxy (Squid) to get out of our private 
LAN, all you have to do is define a proxy in your yum configuration 
(/etc/yum.conf) in case of RH/CentOS Systems.


rgds,
Arsène


On 08/17/2016 12:03 AM, Hanson wrote:

Hi Guys,

Quick question, I have my nodes on a bond-bridge-privateVlan setup, 
and my engine on a bond-bridge-publicVlan setup for remote monitoring.


Understandably, the nodes are complaining that they are failing 
updates. (They're on a private vlan, and only configured with IP's in 
that vlan, the public vlan doesn't have IP's set on the hosts so they 
can pass it to VMs).


Is there a way to have the engine do the updates on the node using its 
internet connection, like a proxy?


For security reasons I like to have the nodes not publicly accessible, 
as we see hundreds if not thousands of ssh attempts, and root would 
probably be the most attacked account.


Thanks,

Hanson

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade hosts/nodes from engine

2016-08-17 Thread Martin Perina 
Hi,

you could install Katello, register your hosts to receive updates through
Katello and configure oVirt-Katello integration. You can find more
information at
http://www.ovirt.org/develop/release-management/features/katellointegration/

Martin Perina


On Wed, Aug 17, 2016 at 12:03 AM, Hanson  wrote:

> Hi Guys,
>
> Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my
> engine on a bond-bridge-publicVlan setup for remote monitoring.
>
> Understandably, the nodes are complaining that they are failing updates.
> (They're on a private vlan, and only configured with IP's in that vlan, the
> public vlan doesn't have IP's set on the hosts so they can pass it to VMs).
>
> Is there a way to have the engine do the updates on the node using its
> internet connection, like a proxy?
>
> For security reasons I like to have the nodes not publicly accessible, as
> we see hundreds if not thousands of ssh attempts, and root would probably
> be the most attacked account.
>
> Thanks,
>
> Hanson
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Upgrade hosts/nodes from engine

2016-08-16 Thread Hanson 

Hi Guys,

Quick question, I have my nodes on a bond-bridge-privateVlan setup, and 
my engine on a bond-bridge-publicVlan setup for remote monitoring.


Understandably, the nodes are complaining that they are failing updates. 
(They're on a private vlan, and only configured with IP's in that vlan, 
the public vlan doesn't have IP's set on the hosts so they can pass it 
to VMs).


Is there a way to have the engine do the updates on the node using its 
internet connection, like a proxy?


For security reasons I like to have the nodes not publicly accessible, 
as we see hundreds if not thousands of ssh attempts, and root would 
probably be the most attacked account.


Thanks,

Hanson

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users