On Thu, Nov 12, 2015 at 4:27 PM, Sandro Bonazzola <sbonazzo(a)redhat.com> wrote:
On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeutsch(a)redhat.com> wrote:
>
> On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken(a)redhat.com> wrote:
> > On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
> >> On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken(a)redhat.com>
> >> wrote:
> >> > On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
> >> >> Hey,
> >> >>
> >> >> what is the expectation/assumption about firewalld on a CentOS 7
> >> >> host
> >> >> where you want to install vdsm onto?
> >> >>
> >> >> Is vdsm taking care of it?
> >> >>
> >> >> I'm asking this, because firewalld seems to be in the default
> >> >> package
> >> >> (please correct me if I am wrong) set of CentOS 7 and thus
installed
> >> >> by default.
> >> >
> >> > As far as I know, Vdsm runs fine in parallel to firewalld on recent
> >> > el7.1 (there used to be problems in early 7.0 versions).
> >> >
> >> > If this is not the case, please file a bug with precise versions!
> >>
> >> Bug 1281417 - vdsm host can not be added with firewalld enabled
> >
> > Would everything work all right if Vdsm's port (54321) is opened in
> > firewalld?
>
> I did not try this yet - but I strongly assume yes.
>
> > It seems that the host CAN be added, but remains in non-responsive mode
> > due to the firewall being shut. right?
>
> Correct, vdsm is up and all. It just seems to be the firewall.
>
> Looking at the two bugs:
> Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld
> Bug 1281417 - vdsm host can not be added with firewalld enabled
>
> I wonder where the firewalld service configuration should happen,
> currently in host-deploy, but I don#t really see why theer and not in
> vdsm.
firewalld can't be configured right now by host-deploy being the firewall
config sotred in the engine database for iptables only.
We need to add firewalld support in ovirt-engine and in ovirt-host-deploy to
properly support it.
Thanks, that gives me the bigger picture.
- fabian