[openstack-dev] [tripleo] tripleo-test-cloud-rh1 and bastion host
Paul Belanger
pabelanger at redhat.com
Fri Sep 9 15:38:40 UTC 2016
Greetings,
I would like to start the discussions around the removal of the bastion host
that sits in front of tripleo-test-cloud-rh1. It is my understanding, all
traffic from tripleo-test-cloud-rh1 flows through this linux box. Obviously
this is problematic for a public cloud.
I currently do not know the history of the bastion host, I am hoping this thread
will start discussions around it.
However, my personal preference is to remove the bastion from the pipeline
between internet and tripleo-test-cloud-rh1. My main objection to the host, is
the fact we do packet filtering of traffic flowing between the internet and
tripleo-test-cloud-rh1.
Ideally tripleo-test-cloud-rh1 will simply have an unfiltered network drop on
the public web, this is how we do it today with the infracloud in
#openstack-infra.
This will avoid the need to gain access to a private server (bastion) and need
to manipulate networking traffic.
I'd like for us to try and establish a time frame to make this happen too.
---
Paul
More information about the OpenStack-dev
mailing list