[ovirt-users] Hook to add firewall rules

Yedidyah Bar David didi at redhat.com
Wed Nov 23 07:13:36 UTC 2016


On Tue, Nov 22, 2016 at 9:22 PM, Robert Story <rstory at tislabs.com> wrote:
> On Tue, 22 Nov 2016 10:56:50 +0200 Yedidyah wrote:
> YBD> On Mon, Nov 21, 2016 at 9:45 PM, Claude Durocher
> YBD> <claude.durocher at cptaq.gouv.qc.ca> wrote:
> YBD> > Ok, i've configured my custom iptable rules with "engine-config --get
> YBD> > IPTablesConfigSiteCustom" on the engine. Now, how do I apply this on already
> YBD> > deployed nodes?
> YBD>
> YBD> Move to maintenance, reinstall?
> YBD>
> YBD> I do not think there is another way. But I also do not think oVirt
> YBD> will overwrite your conf by any other process, so you can also simply
> YBD> do this manually. Didn't try this myself.
>
> I seem to recall the engine-config option being added because engine would
> overwrite iptables config on every upgrade.

I think you are right, for upgrades done from the engine - not 'yum update'.
'Move to maintenance and reinstall' and 'Upgrade from the engine' are actually
almost the exact same thing, from the engine's POV. Thanks for the comment.

Best,
-- 
Didi



More information about the Users mailing list