Why not just assign the host a publicly accessible IP address and restrict SSH by firewall so only the engine (and possibly you) can access through SSH?
James 2016-08-16 23:03 GMT+01:00 Hanson <han...@andrewswireless.net>: > Hi Guys, > > Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my > engine on a bond-bridge-publicVlan setup for remote monitoring. > > Understandably, the nodes are complaining that they are failing updates. > (They're on a private vlan, and only configured with IP's in that vlan, the > public vlan doesn't have IP's set on the hosts so they can pass it to VMs). > > Is there a way to have the engine do the updates on the node using its > internet connection, like a proxy? > > For security reasons I like to have the nodes not publicly accessible, as > we see hundreds if not thousands of ssh attempts, and root would probably > be the most attacked account. > > Thanks, > > Hanson > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
