Description of problem: There's a missing backport for ovirt-provider-ovn package which includes the firewalld XML configuration file for RHV version 4.1.1. In addition, please fix the current patch to set file permission mode: 644 (-rw-r--r--) instead of 755 (-rwxr-xr-x) on the XML file. This is what is set on other oVirt supplied XML files (ovirt-https.xml, ovirt-postgres.xml, etc.). Version-Release number of selected component (if applicable): Red Hat Virtualization Manager Version: 4.1.1.2-0.1.el7
Fixed with patches: https://gerrit.ovirt.org/#/c/71585/ https://gerrit.ovirt.org/#/c/72690/
Fix available in: ovirt-provider-ovn-1.0-6.el7ev
-rw-r--r--. 1 root root 216 Jan 23 12:47 ovirt-fence-kdump-listener.xml -rw-r--r--. 1 root root 185 Jan 23 12:47 ovirt-https.xml -rw-r--r--. 1 root root 182 Jan 23 12:47 ovirt-http.xml -rw-r--r--. 1 root root 192 Jan 23 12:47 ovirt-imageio-proxy.xml -rw-r--r--. 1 root root 572 Jan 23 12:47 ovirt-nfs.xml -rw-r--r--. 1 root root 192 Jan 23 12:47 ovirt-postgres.xml -rwxr-xr-x. 1 root root 344 Feb 27 15:20 ovirt-provider-ovn-central.xml -rwxr-xr-x. 1 root root 181 Feb 27 15:20 ovirt-provider-ovn.xml -rw-r--r--. 1 root root 207 Jan 23 12:47 ovirt-vmconsole-proxy.xml -rw-r--r--. 1 root root 206 Jan 23 12:47 ovirt-websocket-proxy.xml File permissions for ovirt-provider-ovn-*.xml files are not set with mode 644.
Included in 1.0-7 build. https://errata.devel.redhat.com/advisory/28277
Marcin, we have 6442 TCP port in ovirt-provider-ovn-central.xml. It's supposed to be port 6642. Please fix.
Verified on: ovirt-provider-ovn-1.1-2.20170531131557.git61bec06.el7.centos.noarch ovirt-provider-ovn-driver-1.1-2.20170531131557.git61bec06.el7.centos.noarch On host: 1. Mo firewalld service file is supplied by ovirt-provider-ovn-driver. 2. openvswitch-ovn-host suppiles service file with port UDP 6081. On central: 1. ovirt-provider-ovn supplies port TCP 9696. 2. openvswitch-ovn-central supplies ports TCP: 6641 & 6642. 3. File permissions on /usr/lib/firewalld/services/ovirt-provider-ovn.xml are 644. NOTE: No OVN functionality tests were done, only checks that the relevant ports are open on the servers. Due to the fact that vdsm is currently do not support firewalld.