Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1141739

Summary: [Doc] firewalld needs to be disabled on network and compute nodes when using ovs
Product: Red Hat OpenStack Reporter: Jeff Dexter <jdexter>
Component: doc-Installation_and_Configuration_GuideAssignee: Martin Lopes <mlopes>
Status: CLOSED CURRENTRELEASE QA Contact: Ruediger Landmann <rlandman>
Severity: high Docs Contact:
Priority: high    
Version: 5.0 (RHEL 7)CC: benglish, ddomingo, jdexter, mlopes, nyechiel, rlandman, yeylon
Target Milestone: ---Keywords: Documentation, Triaged
Target Release: 5.0 (RHEL 7)   
Hardware: x86_64   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-15 23:49:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Dexter 2014-09-15 11:03:56 UTC 
This section should also ask for firewalld being disabled, as we do for networkmanager
for now.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Installation_and_Configuration_Guide/sect-Common_Networking_Configuration.html#Configuring_the_Firewall4

It should be disabled for either compute or network nodes. It will create
behavior like the one you're seeing in the compute nodes (ovs agent reloads
iptables manually via iptables-save iptables-restore), and the same
for network node.

   For the API servers it should be safe to use firewalld as long as all
the API ports, and RPC ports are allowed as necessary.
Comment 12 Martin Lopes 2014-10-02 04:46:22 UTC 
Ready for QA once package is completed.
Comment 14 Bruce Reeler 2014-10-07 03:04:05 UTC 
Peer review comments:

In 7.4.2. Disable firewalld:
Suggest replacing
"Disable the firewalld service for Compute and Networking (neutron) nodes running..."
with
"Disable the firewalld service for Compute and OpenStack Networking nodes running..."


Checked doc for firewall-cmd commands that might not have been removed, none found. OK.
Comment 15 Martin Lopes 2014-10-07 04:27:05 UTC 
Fixed. Ready for QA once package has been created.
Comment 18 Martin Lopes 2014-10-19 23:11:55 UTC 
Setting to verified.