Hey, what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto? Is vdsm taking care of it? I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default. - fabian
On Thu, Nov 12, 2015 at 12:08 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
ovirt-host-deploy should take care of disabling firewalld and enabling iptables.
I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default.
- fabian _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
On Thu, Nov 12, 2015 at 2:07 PM, Sandro Bonazzola <sbonazzo@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
ovirt-host-deploy should take care of disabling firewalld and enabling iptables.
Right, thanks. As far as I can tell it can not handle this currently: Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld please also see my simple fix: https://gerrit.ovirt.org/#/c/48491/ Change 48491 - Needs Code-Review presets: Disable firewalld.service by default firewalld is installed and enabled by default on CentOS 7, but vdsm can not handle it. This leads to a situation where a freshy installed CentOS 7 host with the default package set can not be added to Engine. By disabling firewalld.service using a presets file, this add flow should work. Change-Id: Ia17b04259ad28b8c4df4c73c928e23bf6a1222d0 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=995362 Signed-off-by: Fabian Deutsch <fabiand@fedoraproject.org> - fabian
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions). If this is not the case, please file a bug with precise versions!
On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions).
If this is not the case, please file a bug with precise versions!
Bug 1281417 - vdsm host can not be added with firewalld enabled Done. Thanks. fabian
On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions).
If this is not the case, please file a bug with precise versions!
Bug 1281417 - vdsm host can not be added with firewalld enabled
Would everything work all right if Vdsm's port (54321) is opened in firewalld? It seems that the host CAN be added, but remains in non-responsive mode due to the firewall being shut. right? Regards, Dan.
On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions).
If this is not the case, please file a bug with precise versions!
Bug 1281417 - vdsm host can not be added with firewalld enabled
Would everything work all right if Vdsm's port (54321) is opened in firewalld?
I did not try this yet - but I strongly assume yes.
It seems that the host CAN be added, but remains in non-responsive mode due to the firewall being shut. right?
Correct, vdsm is up and all. It just seems to be the firewall. Looking at the two bugs: Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld Bug 1281417 - vdsm host can not be added with firewalld enabled I wonder where the firewalld service configuration should happen, currently in host-deploy, but I don#t really see why theer and not in vdsm. - fabian
On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:
On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions).
If this is not the case, please file a bug with precise versions!
Bug 1281417 - vdsm host can not be added with firewalld enabled
Would everything work all right if Vdsm's port (54321) is opened in firewalld?
I did not try this yet - but I strongly assume yes.
It seems that the host CAN be added, but remains in non-responsive mode due to the firewall being shut. right?
Correct, vdsm is up and all. It just seems to be the firewall.
Looking at the two bugs: Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld Bug 1281417 - vdsm host can not be added with firewalld enabled
I wonder where the firewalld service configuration should happen, currently in host-deploy, but I don#t really see why theer and not in vdsm.
firewalld can't be configured right now by host-deploy being the firewall config sotred in the engine database for iptables only. We need to add firewalld support in ovirt-engine and in ovirt-host-deploy to properly support it.
- fabian _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
On Thu, Nov 12, 2015 at 4:27 PM, Sandro Bonazzola <sbonazzo@redhat.com> wrote:
On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:
On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
I'm asking this, because firewalld seems to be in the default package (please correct me if I am wrong) set of CentOS 7 and thus installed by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions).
If this is not the case, please file a bug with precise versions!
Bug 1281417 - vdsm host can not be added with firewalld enabled
Would everything work all right if Vdsm's port (54321) is opened in firewalld?
I did not try this yet - but I strongly assume yes.
It seems that the host CAN be added, but remains in non-responsive mode due to the firewall being shut. right?
Correct, vdsm is up and all. It just seems to be the firewall.
Looking at the two bugs: Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld Bug 1281417 - vdsm host can not be added with firewalld enabled
I wonder where the firewalld service configuration should happen, currently in host-deploy, but I don#t really see why theer and not in vdsm.
firewalld can't be configured right now by host-deploy being the firewall config sotred in the engine database for iptables only. We need to add firewalld support in ovirt-engine and in ovirt-host-deploy to properly support it.
Thanks, that gives me the bigger picture. - fabian
Can you point me to the table? Sounds good exercise in b/w compatibility and slow data/schema migration to me. Is there an RFE for it too? On Nov 12, 2015 5:27 PM, "Sandro Bonazzola" <sbonazzo@redhat.com> wrote:
On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:
On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
Hey,
what is the expectation/assumption about firewalld on a CentOS 7 host where you want to install vdsm onto?
Is vdsm taking care of it?
I'm asking this, because firewalld seems to be in the default
On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken@redhat.com> wrote: package
(please correct me if I am wrong) set of CentOS 7 and thus installed by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions).
If this is not the case, please file a bug with precise versions!
Bug 1281417 - vdsm host can not be added with firewalld enabled
Would everything work all right if Vdsm's port (54321) is opened in firewalld?
I did not try this yet - but I strongly assume yes.
It seems that the host CAN be added, but remains in non-responsive mode due to the firewall being shut. right?
Correct, vdsm is up and all. It just seems to be the firewall.
Looking at the two bugs: Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld Bug 1281417 - vdsm host can not be added with firewalld enabled
I wonder where the firewalld service configuration should happen, currently in host-deploy, but I don#t really see why theer and not in vdsm.
firewalld can't be configured right now by host-deploy being the firewall config sotred in the engine database for iptables only. We need to add firewalld support in ovirt-engine and in ovirt-host-deploy to properly support it.
- fabian _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
On Fri, Nov 13, 2015 at 2:57 PM, Max Kovgan <mkovgan@redhat.com> wrote:
Can you point me to the table?
You can inspect the code in ovirt-engine/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
Sounds good exercise in b/w compatibility and slow data/schema migration to me. Is there an RFE for it too?
*Bug 995362* <https://bugzilla.redhat.com/show_bug.cgi?id=995362> - ( ovirt_firewalld_support) [RFE] Support firewalld *Bug 1075687* <https://bugzilla.redhat.com/show_bug.cgi?id=1075687> - ( ovirt_setup_firewalld_support) [RFE] Add FirewallD support to hosted-engine setup
On Nov 12, 2015 5:27 PM, "Sandro Bonazzola" <sbonazzo@redhat.com> wrote:
On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeutsch@redhat.com> wrote:
On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken@redhat.com> wrote:
On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote: > Hey, > > what is the expectation/assumption about firewalld on a CentOS 7 host > where you want to install vdsm onto? > > Is vdsm taking care of it? > > I'm asking this, because firewalld seems to be in the default
On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken@redhat.com> wrote: package
> (please correct me if I am wrong) set of CentOS 7 and thus installed > by default.
As far as I know, Vdsm runs fine in parallel to firewalld on recent el7.1 (there used to be problems in early 7.0 versions).
If this is not the case, please file a bug with precise versions!
Bug 1281417 - vdsm host can not be added with firewalld enabled
Would everything work all right if Vdsm's port (54321) is opened in firewalld?
I did not try this yet - but I strongly assume yes.
It seems that the host CAN be added, but remains in non-responsive mode due to the firewall being shut. right?
Correct, vdsm is up and all. It just seems to be the firewall.
Looking at the two bugs: Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld Bug 1281417 - vdsm host can not be added with firewalld enabled
I wonder where the firewalld service configuration should happen, currently in host-deploy, but I don#t really see why theer and not in vdsm.
firewalld can't be configured right now by host-deploy being the firewall config sotred in the engine database for iptables only. We need to add firewalld support in ovirt-engine and in ovirt-host-deploy to properly support it.
- fabian _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
participants (4)
-
Dan Kenigsberg -
Fabian Deutsch -
Max Kovgan -
Sandro Bonazzola