[ovirt-devel] firewalld on vdsm host

Max Kovgan mkovgan at redhat.com
Fri Nov 13 13:57:00 UTC 2015


Can you point me to the table?
Sounds good exercise in b/w compatibility and slow data/schema migration to
me.
Is there an RFE for it too?
On Nov 12, 2015 5:27 PM, "Sandro Bonazzola" <sbonazzo at redhat.com> wrote:

>
>
> On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeutsch at redhat.com>
> wrote:
>
>> On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken at redhat.com>
>> wrote:
>> > On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
>> >> On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken at redhat.com>
>> wrote:
>> >> > On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
>> >> >> Hey,
>> >> >>
>> >> >> what is the expectation/assumption about firewalld on a CentOS 7
>> host
>> >> >> where you want to install vdsm onto?
>> >> >>
>> >> >> Is vdsm taking care of it?
>> >> >>
>> >> >> I'm asking this, because firewalld seems to be in the default
>> package
>> >> >> (please correct me if I am wrong) set of CentOS 7 and thus installed
>> >> >> by default.
>> >> >
>> >> > As far as I know, Vdsm runs fine in parallel to firewalld on recent
>> >> > el7.1 (there used to be problems in early 7.0 versions).
>> >> >
>> >> > If this is not the case, please file a bug with precise versions!
>> >>
>> >> Bug 1281417 - vdsm host can not be added with firewalld enabled
>> >
>> > Would everything work all right if Vdsm's port (54321) is opened in
>> > firewalld?
>>
>> I did not try this yet - but I strongly assume yes.
>>
>> > It seems that the host CAN be added, but remains in non-responsive mode
>> > due to the firewall being shut. right?
>>
>> Correct, vdsm is up and all. It just seems to be the firewall.
>>
>> Looking at the two bugs:
>> Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld
>> Bug 1281417 - vdsm host can not be added with firewalld enabled
>>
>> I wonder where the firewalld service configuration should happen,
>> currently in host-deploy, but I don#t really see why theer and not in
>> vdsm.
>>
>
> firewalld can't be configured right now by host-deploy being the firewall
> config sotred in the engine database for iptables only.
> We need to add firewalld support in ovirt-engine and in ovirt-host-deploy
> to properly support it.
>
>
>
>
>>
>> - fabian
>> _______________________________________________
>> Devel mailing list
>> Devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/devel
>>
>
>
>
> --
> Sandro Bonazzola
> Better technology. Faster innovation. Powered by community collaboration.
> See how it works at redhat.com
>
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20151113/ecfa691e/attachment.html>


More information about the Devel mailing list