We need a document which describes which services running on the FOSS-Cloud require what access on which network (primarly for the services visible to external clients).
What I'd expect is something like this (here for NTP):
* By default the FOSS-Cloud runs an NTP server on each node which is configured to connect to ch.pool.ntp.org via the PUBLIC network on UDP port 123
* Make sure that this port is open for all FOSS-Cloud nodes or reconfigure the servers in /etc/ntp.conf if internal servers should be used.
* Running a functional NTP on all FOSS-Cloud nodes to keep the time in sync is crucial for the correct function of the cluster.
Similar documentation has to be done for SSH, HTTP and SPICE. Furthermore the FOSS-Cloud nodes may also need RSYNC (or at least HTTP) to sync the tree and fetch updates & packages.
Log in to post a comment.
