{"ostf_sha": "e33390c275e225d648b36997460dc29b1a3c20ae", "auth_required": true, "api": "1.0", "nailgun_sha": "67c4f1c18ab0833175f6dc7f0f9c49c3eb722287", "production": "docker", "fuelmain_sha": "63d0775708b0f5fa4d6d1e09a316d9c26f7e5444", "astute_sha": "b52910642d6de941444901b0f20e95ebbcb2b2e9", "feature_groups": ["experimental"], "release": "5.1", "fuellib_sha": "d699fc178559e98cfd7d53b58478b46553ffe39e"}'
Environment:
- Neutron/GRE
- Ubuntu
Problem:
All networks are assigned to all nodes. In a Neutron-based environment, not all nodes need access to the Public/Floating network - only the controllers do. Having the compute and storage nodes on that network increases the surface attack for attacks and, if compromised, provide carte blanche access to the back-end.
It would be better to configure network interfaces on an as-required basis.
It will be covered with https:/