Appendix A. Changing the Permissions for the Local ISO Domain
If the Manager was configured during setup to provide a local ISO domain, that domain can be attached to one or more data centers, and used to provide virtual machine image files. By default, the access control list (ACL) for the local ISO domain provides read and write access for only the Manager machine. Virtualization hosts require read and write access to the ISO domain in order to attach the domain to a data center. Use this procedure if network or host details were not available at the time of setup, or if you need to update the ACL at any time.
While it is possible to allow read and write access to the entire network, it is recommended that you limit access to only those hosts and subnets that require it.
Changing the Permissions for the Local ISO Domain
- Log in to the Manager machine.
Edit the /etc/exports file, and add the hosts, or the subnets to which they belong, to the access control list:
/var/lib/exports/iso 10.1.2.0/255.255.255.0(rw) host01.example.com(rw) host02.example.com(rw)
The example above allows read and write access to a single /24 network and two specific hosts.
/var/lib/exports/isois the default file path for the ISO domain. See the
exports(5)man page for further formatting options.
Apply the changes:
# exportfs -ra
Note that if you manually edit the /etc/exports file after running
engine-cleanup later will not undo the changes.