To access the
administrator services, Cisco VIM 2.0 provides source IP based filtering of
network requests on the management node. These services include SSH and Kibana
dashboard access. When the services are configured all admin network requests
made to the management node are dropped, except those from white listed
addresses in the configuration.
Reconfiguring
administrator source network supports the following options:
-
Set administrator
source network list: Network addresses can be added or deleted from the
configuration; the list is replaced in whole during a reconfigure operation.
-
Remove
administrator source network list: If the
admin_source_networks option is removed, then the source
address will not filter the incoming admin service requests.
The following section
needs to be configured in the Setup_data.yaml file:
admin_source_networks: # optional, host based firewall to white list admin's source IP
- 10.0.0.0/8
- 172.16.0.0/12
Note |
The operator should
to be careful while updating the source networks. If the list is
mis-configured, operators may lock themselves out of access to the management
node through SSH. If this happens, an operator must log into the management
node through the console port to repair the configuration.
|
To initiate the
integration, copy the
setupdata
into a local directory by running the
following command:
[root@mgmt1 ~]# cd /root/
[root@mgmt1 ~]# mkdir MyDir
[root@mgmt1 ~]# cd MyDir
[root@mgmt1 ~]# cp /root/openstack-configs/setup_data.yaml <my_setup_data.yaml>
Update the
setupdata
by running the following command:
[root@mgmt1 ~]# vi my_setup_data.yaml (update the setup_data to include SwiftStack info)
Run the
reconfiguration command as follows:
[root@mgmt1 ~]# cd ~/installer-xxxx
[root@mgmt1 ~]# ./ciscovimclient/ciscovim –-setupfile ~/MyDir/<my_setup_data.yaml> reconfigure