Bug 1456558
Summary: | iptables support deprecation | ||
---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Sandro Bonazzola <sbonazzo> |
Component: | Setup.Core | Assignee: | Ido Rosenzwig <irosenzw> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | samuel macko <smacko> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 4.2.0 | CC: | bugs, didi, lsvaty, melewis, sbonazzo, ylavi |
Target Milestone: | ovirt-4.2.0 | Keywords: | Documentation |
Target Release: | 4.2.0 | Flags: | rule-engine:
ovirt-4.2+
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Deprecated Functionality | |
Doc Text: |
With this update, iptables has been deprecated in favor of firewalld. In Red Hat Virtualization 4.2 it is still possible to use iptables but iptables will not be supported in future releases.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-02-12 10:12:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sandro Bonazzola
2017-05-29 15:03:16 UTC
Please clarify whether we want to keep the current modular code that allows having different managers, or drop this intention. Latter doesn't have to mean actively changing lots of code, but it does change how we do future changes to do the code, including current bug but definitely not limited to it. Also please clarify if we want to keep full support for iptables in 4.2, or if it's ok to allow new additions to the firewall to work only with firewalld. This affects e.g. bug 1432354. Also, whether we want to keep the current detailed instructions provided if the user does not want to, or cannot have (e.g. dev env) automatic firewall configuration. Please note that these are currently provided by all available providers - iptables, firewalld, and the always-available "human" (list of protocols/ports). Last point, in particular, implies we might need to basically keep everything working as-is, and current bug can be as little as some notification to the user plus setting 'OVESETUP_CONFIG/validFirewallManagers' to be only 'firewalld' - perhaps only downstream - same way we set it to only 'iptables' in RHEL6 days - see bug 1023316. In 4.2 we need to tell people iptables will be dropped but it still needs to work. So I think we should keep current modular code, keeping full support for it, just warning we'll drop in next version. Verified in ovirt version 4.2.1.2-0.1.el7. Info during upgrade/installation: --== NETWORK CONFIGURATION ==-- ... NOTICE: iptables is deprecated and will be removed in future releases ... This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017. Since the problem described in this bug report should be resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |