Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1456558 - iptables support deprecation
iptables support deprecation
Status: CLOSED CURRENTRELEASE
Product: ovirt-engine
Classification: oVirt
Component: Setup.Core (Show other bugs)
4.2.0
Unspecified Unspecified
high Severity medium (vote)
: ovirt-4.2.0
: 4.2.0
Assigned To: Ido Rosenzwig
samuel macko
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-29 11:03 EDT by Sandro Bonazzola
Modified: 2018-02-12 05:12 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Deprecated Functionality
Doc Text:
With this update, iptables has been deprecated in favor of firewalld. In Red Hat Virtualization 4.2 it is still possible to use iptables but iptables will not be supported in future releases.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-02-12 05:12:08 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Integration
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑4.2+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 79444 master MERGED packaging: setup: Add iptables deprecation message to the user 2017-08-09 05:47 EDT

  None (edit)
Description Sandro Bonazzola 2017-05-29 11:03:16 EDT 
We are deprecating iptables in favor of firewalld.
It will still be possible to use iptables in 4.2 but we need to warn it won't be supported in future releases.
Comment 1 Yedidyah Bar David 2017-06-01 01:53:27 EDT 
Please clarify whether we want to keep the current modular code that allows having different managers, or drop this intention. Latter doesn't have to mean actively changing lots of code, but it does change how we do future changes to do the code, including current bug but definitely not limited to it.

Also please clarify if we want to keep full support for iptables in 4.2, or if it's ok to allow new additions to the firewall to work only with firewalld. This affects e.g. bug 1432354.

Also, whether we want to keep the current detailed instructions provided if the user does not want to, or cannot have (e.g. dev env) automatic firewall configuration. Please note that these are currently provided by all available providers - iptables, firewalld, and the always-available "human" (list of protocols/ports).

Last point, in particular, implies we might need to basically keep everything working as-is, and current bug can be as little as some notification to the user plus setting 'OVESETUP_CONFIG/validFirewallManagers' to be only 'firewalld' - perhaps only downstream - same way we set it to only 'iptables' in RHEL6 days - see bug 1023316.
Comment 2 Sandro Bonazzola 2017-06-14 10:08:55 EDT 
In 4.2 we need to tell people iptables will be dropped but it still needs to work.
So I think we should keep current modular code, keeping full support for it, just warning we'll drop in next version.
Comment 3 samuel macko 2018-01-23 05:42:00 EST 
Verified in ovirt version 4.2.1.2-0.1.el7.

Info during upgrade/installation:
    --== NETWORK CONFIGURATION ==--

    ...
    NOTICE: iptables is deprecated and will be removed in future releases
    ...
Comment 4 Sandro Bonazzola 2018-02-12 05:12:08 EST 
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017.

Since the problem described in this bug report should be
resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.