Re: [ovirt-users] Ovirt and Shorewall
Hello All,
thanks for the replies.
As far as I can tell with limited experience, Firewalld is supported on
both engine-setup and
when adding a Centos7 host.
I made a first attempt to translate the resulting Firewalld rules to a
Shorewalld setup, this failed.
I will look into this further.
Greetings, J.
2015-11-01 10:20 GMT+01:00 Yedidyah Bar David <d...@redhat.com>:
> On Fri, Oct 30, 2015 at 7:03 PM, Jiri Belka <jbe...@redhat.com> wrote:
> >> From: "Johan Vermeulen" <jameslas...@gmail.com>
> >> To: "users" <users@ovirt.org>
> >> Sent: Wednesday, October 28, 2015 4:13:49 PM
> >> Subject: [ovirt-users] Ovirt and Shorewall
> >
> >> Hello All,
> >
> >> I'm still experimenting with Ovirt-setup.
> >> Because Centos/Rhel7 now have Firewalld, and because I still have some
> >> Centos6
> >> machines with Iptables, I was kinda hoping to use Shorewall on both.
> >
> >> Is there any support/documentation for this in the Ovirt-world?
> >
> > On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules
> > as xml file into firewalld directory.
> >
> > It is open-source, check engine-setup source and maybe you can propose
> > diffs for another fw frontend support.
>
> engine-setup supports firewalld, and the code is designed to be
> extensible so that we can add support for other firewall managers,
> even with an external plugin packaged separately. Never tried this
> myself, though.
>
> engine-setup affects only the firewall on the machine running the engine
> itself.
>
> Support for the engine, so that it properly populates the firewall on
> the hosts, is a different matter. There is [1] to track this for
> firewalld.
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=995362
>
> Best,
> --
> Didi
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt and Shorewall
On Fri, Oct 30, 2015 at 7:03 PM, Jiri Belka <jbe...@redhat.com> wrote:
>> From: "Johan Vermeulen" <jameslas...@gmail.com>
>> To: "users" <users@ovirt.org>
>> Sent: Wednesday, October 28, 2015 4:13:49 PM
>> Subject: [ovirt-users] Ovirt and Shorewall
>
>> Hello All,
>
>> I'm still experimenting with Ovirt-setup.
>> Because Centos/Rhel7 now have Firewalld, and because I still have some
>> Centos6
>> machines with Iptables, I was kinda hoping to use Shorewall on both.
>
>> Is there any support/documentation for this in the Ovirt-world?
>
> On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules
> as xml file into firewalld directory.
>
> It is open-source, check engine-setup source and maybe you can propose
> diffs for another fw frontend support.
engine-setup supports firewalld, and the code is designed to be
extensible so that we can add support for other firewall managers,
even with an external plugin packaged separately. Never tried this
myself, though.
engine-setup affects only the firewall on the machine running the engine
itself.
Support for the engine, so that it properly populates the firewall on
the hosts, is a different matter. There is [1] to track this for
firewalld.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=995362
Best,
--
Didi
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt and Shorewall
> From: "Johan Vermeulen" <jameslas...@gmail.com>
> To: "users" <users@ovirt.org>
> Sent: Wednesday, October 28, 2015 4:13:49 PM
> Subject: [ovirt-users] Ovirt and Shorewall
> Hello All,
> I'm still experimenting with Ovirt-setup.
> Because Centos/Rhel7 now have Firewalld, and because I still have some
> Centos6
> machines with Iptables, I was kinda hoping to use Shorewall on both.
> Is there any support/documentation for this in the Ovirt-world?
On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules
as xml file into firewalld directory.
It is open-source, check engine-setup source and maybe you can propose
diffs for another fw frontend support.
j.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Ovirt and Shorewall
Hello All, I'm still experimenting with Ovirt-setup. Because Centos/Rhel7 now have Firewalld, and because I still have some Centos6 machines with Iptables, I was kinda hoping to use Shorewall on both. Is there any support/documentation for this in the Ovirt-world? Many thanks, J. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
