Bug 1454694 - ovirt-provider-ovn-central firewalld service is no longer needed
Summary: ovirt-provider-ovn-central firewalld service is no longer needed
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-provider-ovn
Classification: oVirt
Component: provider
Version: 1.0.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ovirt-4.2.0
: ---
Assignee: Marcin Mirecki
QA Contact: Mor
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-23 10:57 UTC by Mor
Modified: 2017-12-20 10:56 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-12-20 10:56:17 UTC
oVirt Team: Network
Embargoed:
rule-engine: ovirt-4.2+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 77505 0 master MERGED Removing ovirt-provider-ovn-central firewalld service 2017-05-31 13:12:52 UTC

Description Mor 2017-05-23 10:57:33 UTC
Description of problem:
ovirt-provider-ovn supplies firewalld configuration that should be supplied by openvswitch-ovn-central.

Version-Release number of selected component (if applicable):
oVirt Engine Version: 4.2.0-0.0.master.20170522205719.git160e419.el7.centos

How reproducible:
100%

Actual results:

ovirt-provider-ovn creates /usr/lib/firewalld/services/ovirt-provider-ovn-central.xml, with content:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ovirt-provider-ovn-central</short>
  <description>Firewall service for ovn central. This is a stopgap
   until OVN will take care of handling the opening of the firewall
   ports itself.</description>
  <port protocol="tcp" port="6641"/>
  <port protocol="tcp" port="6642"/>
</service>

When we already have /usr/lib/firewalld/services/ovn-central-firewall-service.xml created by openvswitch-ovn-central, with content:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ovn-central-firewall-service</short>
  <description>Firewall service for ovn central</description>
  <port protocol="tcp" port="6641"/>
  <port protocol="tcp" port="6442"/>
</service>

** ignore the second port: 6442, i will open a second bug for OVS team. **

Expected results:
firewalld configuration for OVS related components should be supplied by the openvswitch-ovn-central package.

Comment 1 Mor 2017-06-06 08:12:48 UTC
Verified on: 4.2.0-0.0.master.20170605153216.gita063574.el7.centos

Comment 2 Sandro Bonazzola 2017-12-20 10:56:17 UTC
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017.

Since the problem described in this bug report should be
resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.