Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

added note about how the kvm ebtables protection is only possible whe…

…n there is one KVM virtual machine at a time on each VMM
  • Loading branch information...
commit 0bc6e89a4dc220c060cc86e553f516f3c8a47311 1 parent 9d05e48
@timf timf authored
Showing with 16 additions and 0 deletions.
  1. +16 −0 docs/src/admin/quickstart.html
View
16 docs/src/admin/quickstart.html
@@ -989,6 +989,22 @@
</p>
<p>
+ The Xen ebtables script is configured by default.
+ If you are using KVM, you must configure the "kvm-ebtables-config.sh"
+ script in two places. First in the sudo rules so that it can be invoked
+ (see workspace-control's "sudo.conf" file for details). Second, in
+ workspace-control's "networks.conf" file.
+</p>
+
+<p>
+ <b>Note:</b> currently the KVM ebtables script can only support spoofing
+ protection when there is one KVM virtual machine running at a time on
+ each VMM node (this is the most common deployment configuration for sites
+ supporting science). Nimbus' Xen support allows many guest VMs to be
+ running while also ensuring there is no MAC and IP address spoofing.
+</p>
+
+<p>
You may need to comment out any "requiretty" setting in the sudoers policy:
</p>
Please sign in to comment.
Something went wrong with that request. Please try again.