To access the
administrator services, Cisco VIM 2.2 provides source IP based filtering of
network requests on the management node. These services include SSH and Kibana
dashboard access. When the services are configured all admin network requests
made to the management node are dropped, except those from white listed
addresses in the configuration.
Reconfiguring
administrator source network supports the following options:
-
Set
administrator source network list: Network addresses can be added or deleted
from the configuration; the list is replaced in whole during a reconfigure
operation.
-
Remove
administrator source network list: If the
admin_source_networks option is removed, then the source
address will not filter the incoming admin service requests.
The following
section needs to be configured in the Setup_data.yaml file:
admin_source_networks: # optional, host based firewall to white list admin's source IP
- 10.0.0.0/8
- 172.16.0.0/12
 Note |
The operator
should to be careful while updating the source networks. If the list is
mis-configured, operators may lock themselves out of access to the management
node through SSH. If this happens, an operator must log into the management
node through the console port to repair the configuration.
|
To initiate the
integration, copy the
setupdata into a local directory by running the
following command:
[root@mgmt1 ~]# cd /root/
[root@mgmt1 ~]# mkdir MyDir
[root@mgmt1 ~]# cd MyDir
[root@mgmt1 ~]# cp /root/openstack-configs/setup_data.yaml <my_setup_data.yaml>
Update the
setupdata by running the following command:
[root@mgmt1 ~]# vi my_setup_data.yaml (update the setup_data to include SwiftStack info)
Run the
reconfiguration command as follows:
[root@mgmt1 ~]# cd ~/installer-xxxx
[root@mgmt1 ~]# ciscovim –-setupfile ~/MyDir/<my_setup_data.yaml> reconfigure