On 03/04/13 11:03, Sam Stoelinga wrote: > To prevent this happening to somebody else we could do the following: > 1. In the documentation explicitly tell the user that when you enable > multi_host that you can't use vncserver_listen=0.0.0.0 > 2. Do some sanity checks on nova.conf options, if we notice that > vncserver_listen: 0.0.0.0 and multi_host true, we don't allow starting > the nova-compute service and give a clear error message saying that it's > stupid to do something like that and what the user should do instead.
I'm probably missing something here, but would a simple firewall not work? #2 seems drastic to me, and #1 could be amended to mention the need for a firewall instead.. Kiall Mac Innes HP Cloud Services - DNSaaS Mobile: +353 86 345 9333 Landline: +353 1 524 2177 GPG: E9498407 _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
