[Users] Otopi pre-seeded answers and firewall settings
Yedidyah Bar David
didi at redhat.com
Wed Mar 26 07:51:02 UTC 2014
> From: "Giuseppe Ragusa" <giuseppe.ragusa at hotmail.com>
> To: "Yedidyah Bar David" <didi at redhat.com>
> Cc: "Users at ovirt.org" <users at ovirt.org>
> Sent: Tuesday, March 25, 2014 11:49:36 PM
> Subject: RE: [Users] Otopi pre-seeded answers and firewall settings
> Hi Didi,
> many thanks for your invaluable help!
> I'll try your suggestion
> (/etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf) asap and then I
> will report back.
> By the way: I have a really custom iptables setup (multiple separated
> networks on hypervisor hosts), so I suppose it's best to hand tune firewall
> rules and then leave them alone (I pre-configure them, so the setup
> procedure won't be impeded in its communication needs anyway AND I will
> always guarantee the most stringent filtering possible with default deny
> ecc.).
I now asked Sandro and he told me the obvious: In the "New Host" form there is a checkbox for that :-)
In hosted-engine we do not support that, it's always set - ' override_iptables=True ' in [1].
You can open a bug if you want, to make this configurable.
It might make sense to use the value input in the question about iptables, but these are different issues.
[1] http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py
--
Didi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140326/f9ab1906/attachment-0001.html>
More information about the Users
mailing list