By default we should open all ports for the specific cluster (gluster/virt) and if any predefined service isn't found ( is not provided by firewalld or specific package), we should fail the host deploy process. To test: Check that all relevant services for cluster have opened port - enabled firewalld service. Check that for gluster/virt cluster.
Failing on missing service 'cockpit' - gracefull error - verified 2018-01-29 13:42:24,020 p=7576 u=ovirt | TASK [ovirt-host-deploy-firewalld : Enable firewalld rules] ******************** 2018-01-29 13:42:25,528 p=7576 u=ovirt | failed: [10.37.137.139] (item={u'service': u'cockpit'}) => { "changed": false, "item": { "service": "cockpit" } } MSG: ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_SERVICE: 'cockpit' not among existing services Permanent and Non-Permanent(immediate) operation, Services are defined by port/tcp relationship and named as they are in /etc/services (on most systems)
virt: # firewall-cmd --zone=public --list-all ... services: dhcpv6-client ssh cockpit libvirt-tls snmp vdsm ovirt-imageio ovirt-vmconsole ports: 22/tcp 6081/udp ... gluster: # firewall-cmd --zone=public --list-all ... services: ssh dhcpv6-client cockpit libvirt-tls snmp vdsm ovirt-imageio ovirt-vmconsole ctdb glusterfs nfs nrpe ovirt-storageconsole rpc-bind samba ports: 22/tcp 6081/udp 8080/tcp 963/udp 965/tcp ...
This bugzilla is included in oVirt 4.2.1 release, published on Feb 12th 2018. Since the problem described in this bug report should be resolved in oVirt 4.2.1 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.