mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-03 01:17:41 +03:00
b1ef4332e5
This feature let's cloud admin to proxy VM connections to any service through the hypervisor. VMs uses a link local IP that is forwarded to a local proxy. This simplifies VM network requirements, e.g. to access gateway, vaults, configuration services etc... Implementation: - Use network namespaces to isolate VNET networking. ip netns command is executed through a wrapper to limit sudo access to commands. - Add tproxy.rb app to manage a group of daemons on HV nodes. - Use unix sockets for communication between proxy peers. "Inner" proxy runs in the netns without any network access. "Outer" proxy handles HV connections to services. - Use OpenNebulaNetwork.conf + 'onehost sync -f' for configuration. Proxy can be defined per network.
3 lines
138 B
Plaintext
3 lines
138 B
Plaintext
oneadmin ALL=(ALL:ALL) NOPASSWD: ONE_CEPH, ONE_NET, ONE_OVS, ONE_LVM, ONE_MEM, ONE_VGPU
|
|
oneadmin ALL=(ALL:ALL) NOPASSWD:SETENV: ONE_NETNS
|