[ovirt-devel] firewalld on vdsm host

Sandro Bonazzola sbonazzo at redhat.com
Fri Nov 13 14:22:31 UTC 2015 

On Fri, Nov 13, 2015 at 2:57 PM, Max Kovgan <mkovgan at redhat.com> wrote:

> Can you point me to the table?
>
You can inspect the code
in ovirt-engine/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql


> Sounds good exercise in b/w compatibility and slow data/schema migration
> to me.
> Is there an RFE for it too?
>

*Bug 995362* <https://bugzilla.redhat.com/show_bug.cgi?id=995362> - (
ovirt_firewalld_support) [RFE] Support firewalld
*Bug 1075687* <https://bugzilla.redhat.com/show_bug.cgi?id=1075687> - (
ovirt_setup_firewalld_support) [RFE] Add FirewallD support to hosted-engine
setup



> On Nov 12, 2015 5:27 PM, "Sandro Bonazzola" <sbonazzo at redhat.com> wrote:
>
>>
>>
>> On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeutsch at redhat.com>
>> wrote:
>>
>>> On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <danken at redhat.com>
>>> wrote:
>>> > On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote:
>>> >> On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <danken at redhat.com>
>>> wrote:
>>> >> > On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote:
>>> >> >> Hey,
>>> >> >>
>>> >> >> what is the expectation/assumption about firewalld on a CentOS 7
>>> host
>>> >> >> where you want to install vdsm onto?
>>> >> >>
>>> >> >> Is vdsm taking care of it?
>>> >> >>
>>> >> >> I'm asking this, because firewalld seems to be in the default
>>> package
>>> >> >> (please correct me if I am wrong) set of CentOS 7 and thus
>>> installed
>>> >> >> by default.
>>> >> >
>>> >> > As far as I know, Vdsm runs fine in parallel to firewalld on recent
>>> >> > el7.1 (there used to be problems in early 7.0 versions).
>>> >> >
>>> >> > If this is not the case, please file a bug with precise versions!
>>> >>
>>> >> Bug 1281417 - vdsm host can not be added with firewalld enabled
>>> >
>>> > Would everything work all right if Vdsm's port (54321) is opened in
>>> > firewalld?
>>>
>>> I did not try this yet - but I strongly assume yes.
>>>
>>> > It seems that the host CAN be added, but remains in non-responsive mode
>>> > due to the firewall being shut. right?
>>>
>>> Correct, vdsm is up and all. It just seems to be the firewall.
>>>
>>> Looking at the two bugs:
>>> Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld
>>> Bug 1281417 - vdsm host can not be added with firewalld enabled
>>>
>>> I wonder where the firewalld service configuration should happen,
>>> currently in host-deploy, but I don#t really see why theer and not in
>>> vdsm.
>>>
>>
>> firewalld can't be configured right now by host-deploy being the firewall
>> config sotred in the engine database for iptables only.
>> We need to add firewalld support in ovirt-engine and in ovirt-host-deploy
>> to properly support it.
>>
>>
>>
>>
>>>
>>> - fabian
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/devel
>>>
>>
>>
>>
>> --
>> Sandro Bonazzola
>> Better technology. Faster innovation. Powered by community collaboration.
>> See how it works at redhat.com
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/devel
>>
>


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20151113/2c3d1d08/attachment-0001.html>

More information about the Devel mailing list