Bug 1537993

Summary: ovirt-host-deploy-ansible fails to deploy 4.1 hosts with firewalld option enabled
Product: [oVirt] ovirt-engine Reporter: Sandro Bonazzola <sbonazzo>
Component: Host-DeployAssignee: Martin Perina <mperina>
Status: CLOSED NOTABUG QA Contact: Pavel Stehlik <pstehlik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.2.1.2CC: bugs
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-24 10:23:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sandro Bonazzola 2018-01-24 09:19:39 UTC 
Description of problem:
Try to deploy a 4.1 host in a 4.1 compatible cluster with firewalld enabled.
ovirt-host-deploy-ansible fails with following log:

2018-01-24 10:15:11,017 p=4675 u=ovirt |  TASK [ovirt-host-deploy-firewalld : Check if VDSM version is supported for FirewallD] ***
2018-01-24 10:15:11,044 p=4675 u=ovirt |  fatal: [testhost.home]: FAILED! => {
    "changed": false
}

firewalld option should be probably disabled when 4.1 compatibility is selected.
Comment 1 Martin Perina 2018-01-24 10:23:32 UTC 
As mentioned in Doc Text of BZ995362: firewalld is not a cluster level feature, it can be installed on cluster level 4.x, but all the hosts have to be upgraded to 4.2 prior to that

iptables is deprecated since introduction of RHEL 7, so we really need to persuade customers to switch to iptables.

Also it needs to mentioned, that cluster type is not changed automatically for upgrades (4.1/4.0 clusters will stay with iptables after upgrade). Only if you create new 4.1/4.0 cluster in 4.2 engine, it will have firewalld set by default (can be changed during cluster creation).