Hi,

we have just merged patches [1], which adds the ability to use firewalld instead of iptables on oVirt hosts.

The type of firewall can be defined per cluster, there is new combo box 'Firewall Type' in 'Cluster Detail' dialog. By default all new clusters will be created with firewalld enabled, existing clusters needs to be switched from iptables to firewalld manually and then invoke Reinstall on all hosts in a cluster. Be aware that firewalld can be enabled only for hosts with 4.2 capabilities (VDSM >= 4.20.0).

Firewalld deployment is using Ansible role introduced in new ovirt-ansible-roles package [2], which executes ovirt-host-deploy role [3]. ovirt-ansible-roles package is installed automatically if engine is installed from RPM, but for development environment installation please take a look at [4], because ovirt-ansible-roles needs to be installed manually into development environment prefix.

Please let me or Ondra know if you find any issues.

Thanks

Martin

[1] https://gerrit.ovirt.org/78504
[2] https://github.com/ovirt/ovirt-ansible
[3] https://github.com/oVirt/ovirt-ansible/blob/master/roles/ovirt-host-deploy/README.md
[4] https://github.com/oVirt/ovirt-engine/blob/master/README.adoc#host-deploy-via-ansible