[ovirt-devel] OVN provider's firewalld services deployment during engine setup

[Leon Goldberg]

Hey,

We're trying to come up with a way to deploy OVN provider's firewalld
services during engine setup. The naive solution of querying the user
during customization and then installing during STAGE_PACKAGES fails as
firewalld configuration happens prior to it.

We thought of a couple of possible solutions we'd like your opinions on
(ordered in perceived level of difficulty):

1) Ship/require the packages with ovirt-engine without requiring user
input. This essentially couples engine with OVN and disregards a future
where OVN doesn't run alongside Engine.

2) Install the packages immediately following user input during
customization. A bit hacky and doesn't conceptually fit the stage of
customization.

3) Move user input to STAGE_INTERNAL_PACKAGES. Feels more disruptive than
#1 to the current otopi flow as STAGE_INTERNAL_PACKAGES is dedicated for
packages that are required for otopi itself to operate. Not only this
doesn't fit conceptually, it introduces user input to a stage that
shouldn't have any.

4) Move firewalld configuration to happen after STAGE_PACKAGES.

5) Refactor to prepare the grounds for OVN/Engine separation. At this point
this feels very ambiguous. We don't yet know how will containers be
accessed (is ssh guaranteed?) in the future or generally how should a
remote installation look like.

Any input/questions are appreciated.

Thanks,
Leon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170612/7f56c445/attachment.html>