Hi,
we have just merged patches [1], which adds the ability to use firewalld
instead of iptables on oVirt hosts.
The type of firewall can be defined per cluster, there is new combo box
'Firewall Type' in 'Cluster Detail' dialog. By default all new clusters
will be created with firewalld enabled, existing clusters needs to be
switched from iptables to firewalld manually and then invoke Reinstall on
all hosts in a cluster. Be aware that firewalld can be enabled only for
hosts with 4.2 capabilities (VDSM >= 4.20.0).
Firewalld deployment is using Ansible role introduced in new
ovirt-ansible-roles package [2], which executes ovirt-host-deploy role [3].
ovirt-ansible-roles package is installed automatically if engine is
installed from RPM, but for development environment installation please
take a look at [4], because ovirt-ansible-roles needs to be installed
manually into development environment prefix.
Please let me or Ondra know if you find any issues.
Thanks
Martin
[1]
https://gerrit.ovirt.org/78504
[2]
https://github.com/ovirt/ovirt-ansible
[3]
https://github.com/oVirt/ovirt-ansible/blob/master/roles/ovirt-host-deplo...
[4]
https://github.com/oVirt/ovirt-engine/blob/master/README.adoc#host-deploy...