Browse files

added note about how the kvm ebtables protection is only possible whe…

…n there is one KVM virtual machine at a time on each VMM
  • Loading branch information...
timf committed Dec 31, 2009
1 parent 9d05e48 commit 0bc6e89a4dc220c060cc86e553f516f3c8a47311
Showing with 16 additions and 0 deletions.
  1. +16 −0 docs/src/admin/quickstart.html
@@ -988,6 +988,22 @@ <h4>* Configure sudo:</h4>
Also note that there is a specific ebtables script for xen and kvm.
+ The Xen ebtables script is configured by default.
+ If you are using KVM, you must configure the ""
+ script in two places. First in the sudo rules so that it can be invoked
+ (see workspace-control's "sudo.conf" file for details). Second, in
+ workspace-control's "networks.conf" file.
+ <b>Note:</b> currently the KVM ebtables script can only support spoofing
+ protection when there is one KVM virtual machine running at a time on
+ each VMM node (this is the most common deployment configuration for sites
+ supporting science). Nimbus' Xen support allows many guest VMs to be
+ running while also ensuring there is no MAC and IP address spoofing.
You may need to comment out any "requiretty" setting in the sudoers policy:

0 comments on commit 0bc6e89

Please sign in to comment.