On Thu, Nov 12, 2015 at 4:27 PM, Sandro Bonazzola <sbona...@redhat.com> wrote: > > > On Thu, Nov 12, 2015 at 3:06 PM, Fabian Deutsch <fdeut...@redhat.com> wrote: >> >> On Thu, Nov 12, 2015 at 2:57 PM, Dan Kenigsberg <dan...@redhat.com> wrote: >> > On Thu, Nov 12, 2015 at 02:42:32PM +0100, Fabian Deutsch wrote: >> >> On Thu, Nov 12, 2015 at 2:36 PM, Dan Kenigsberg <dan...@redhat.com> >> >> wrote: >> >> > On Thu, Nov 12, 2015 at 12:08:07PM +0100, Fabian Deutsch wrote: >> >> >> Hey, >> >> >> >> >> >> what is the expectation/assumption about firewalld on a CentOS 7 >> >> >> host >> >> >> where you want to install vdsm onto? >> >> >> >> >> >> Is vdsm taking care of it? >> >> >> >> >> >> I'm asking this, because firewalld seems to be in the default >> >> >> package >> >> >> (please correct me if I am wrong) set of CentOS 7 and thus installed >> >> >> by default. >> >> > >> >> > As far as I know, Vdsm runs fine in parallel to firewalld on recent >> >> > el7.1 (there used to be problems in early 7.0 versions). >> >> > >> >> > If this is not the case, please file a bug with precise versions! >> >> >> >> Bug 1281417 - vdsm host can not be added with firewalld enabled >> > >> > Would everything work all right if Vdsm's port (54321) is opened in >> > firewalld? >> >> I did not try this yet - but I strongly assume yes. >> >> > It seems that the host CAN be added, but remains in non-responsive mode >> > due to the firewall being shut. right? >> >> Correct, vdsm is up and all. It just seems to be the firewall. >> >> Looking at the two bugs: >> Bug 995362 - (ovirt_firewalld_support) [RFE] Support firewalld >> Bug 1281417 - vdsm host can not be added with firewalld enabled >> >> I wonder where the firewalld service configuration should happen, >> currently in host-deploy, but I don#t really see why theer and not in >> vdsm. > > > firewalld can't be configured right now by host-deploy being the firewall > config sotred in the engine database for iptables only. > We need to add firewalld support in ovirt-engine and in ovirt-host-deploy to > properly support it.
Thanks, that gives me the bigger picture. - fabian _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel