<div dir="ltr">Hi,<div><br></div><div>you are right, we don't have this. I just created this in order to document <a href="http://dev.opennebula.org/issues/3602">http://dev.opennebula.org/issues/3602</a></div><div><br></div><div>Answering your specific question:</div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">What is not clear is about the tm driver. An ssh connection is open from oned admin server to the hypervisors, to run the clone/cp/etc actions. I need to know if the hypervisor will in those actions initiate some SSH connection back to the oned admin server? (we are using ssh, shared, and lvm drivers). We want to block this king of traffic (ssh to oned admin server from the nodes).</blockquote></div><div><br></div><div>The ssh connection to the frontend from the nodes **is** required. It's used in actions like undeploy or stop.</div><div><br></div><div>In any case as you say, creating a reference guide for the connections in OpenNebula would come in very handy.</div><div><br></div><div>cheers,<br>Jaime</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 6, 2015 at 11:07 AM, Madko <span dir="ltr"><<a href="mailto:madko77@gmail.com" target="_blank">madko77@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>Is there any documentation about the ports and network traffic in use with OpenNebula?</div><div><br></div><div>To go in production we need to have a firewall between our oned admin server and the hypervisors nodes. </div><div>So I need to know if there is any network traffic to be initiated (state NEW) from the hypervisor nodes to the oned admin server?</div><div>So far I found the UDP port 4124 for collectd, with metrics comming from the hypervisors.</div><div><br></div><div>What is not clear is about the tm driver. An ssh connection is open from oned admin server to the hypervisors, to run the clone/cp/etc actions. I need to know if the hypervisor will in those actions initiate some SSH connection back to the oned admin server? (we are using ssh, shared, and lvm drivers). We want to block this king of traffic (ssh to oned admin server from the nodes).</div><div><br></div><div>To sum up, here is what we know for sure:</div><div>oned 4124/udp <= nodes</div><div>oned => 22/tcp nodes</div><div><br></div><div>We need to know what traffic and who initiate it. I don't see anything about it in the documentation. If anyone has this information that would be of great help. Untill then I will try to find it out myself by playing with iptables.</div><div><br></div><div>Best regards</div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Jaime Melis<br>Project Engineer<br>OpenNebula - Flexible Enterprise Cloud Made Simple<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a></div></div></div>