Hi Gianluca,

I'd like to mention FirewallD support for hosts is oVirt 4.2 feature, so it was available to you even before upgrade to 4.3.

Anyway, if you want to switch firewall type of a cluster, then you need to do that in following steps:

1. Change firewall type in the Edit cluster dialog
    - when done all hosts in the cluster are marked and message "host reinstallation is required" is shown

2. For all hosts in the cluster perform following operations:
    a. Put host into Maintenance
    b. Perform Reinstall on the host from webadmin
    c. Activate the host

In the case you have used custom IPTables rules defined using engine-config, then please take a look at blog post [1], which mentions how to define those custom rules using FirewallD:


The definition of those custom rules needs to be performed even before you start host reinstallation.

Please let us know if you have any issues during the process

Regards,
Martin


On Tue, Mar 5, 2019 at 2:10 PM Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
Hello,
I have updated a 4.2.8 environment to 4.3.1
So far so good, I have updated cluster level and dc level from 4.2 to 4.3

I notice the field "Firewall type" in my cluster and it is currently set to "iptables".
My 3 hosts are CentOS 7.6 plain servers.
My external engine is CentOS 7.6 and already with firewalld

I seem to remember in the long run only firewalld supported also on hosts.
Is this correct and in case is there an ETA/version?
What would be the steps to pass my current hosts to firewalld in case?

Currently I see:
iptables enabled and running
ip6tables disabled
ebtables disabled

Thanks in advance,
Gianluca 
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/D62RXQO2XYCBQVOCTMAMKQ572HKWST23/


--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.