Bug 1396584

Summary:	add firewalld service file for corosync
Product:	[Fedora] Fedora	Reporter:	Paolo Bonzini <pbonzini>
Component:	corosync	Assignee:	Jan Friesse <jfriesse>
Status:	CLOSED NOTABUG	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	agk, anprice, jfriesse, jpokorny, pbonzini, steven.dake
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-11-18 21:36:54 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Paolo Bonzini 2016-11-18 16:37:47 UTC

Adding a service file enables configuring firewalld like

   sudo firewall-cmd --zone=public --add-service=corosync --permanent

The file looks should be ini /usr/lib/firewalld/services/corosync.xml and should look like this:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>corosync</short>
  <description>The Corosync Cluster Engine Executive is a Group Communication System with additional features for implementing high availability within applications. Enable this option if your machine is a node in a Corosync cluster.</description>
  <port protocol="udp" port="5404-5406"/>
</service>

Comment 1 Andrew Price 2016-11-18 16:43:40 UTC

There is a high-availability service file in firewalld. Does that suffice?

$ rpm -qf /usr/lib/firewalld/services/high-availability.xml
firewalld-0.4.4.1-1.fc24.noarch
$ cat /usr/lib/firewalld/services/high-availability.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Red Hat High Availability</short>
  <description>This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd.</description>
  <port protocol="tcp" port="2224"/>
  <port protocol="tcp" port="3121"/>
  <port protocol="tcp" port="5403"/>
  <port protocol="udp" port="5404"/>
  <port protocol="udp" port="5405"/>
  <port protocol="tcp" port="21064"/>
</service>

Comment 2 Paolo Bonzini 2016-11-18 21:36:54 UTC

Sure, sorry I missed that.