Hello Leon,
On 04/27/2017 11:27 AM, Leon Goldberg wrote:
> Hey,
>
> We're looking to start making use of firewalld in oVirt. I've gathered a
> list of the missing services, and would like your take on which services
> should be provided by firewalld and which should be provided by the
> relevant 3rd parties.
>
ovirt specific service files starting with "ovirt-" can be added to firewalld
upstream. The use of the ovirt prefix makes sure that these service files will
not collide with other service names and also show that these services are used
for ovirt or part of it.
> ovirt-imageio (tcp/54322, PR:
github.com/t-woerner/firewalld/pull/212/)
> serial consoles (tcp/2223)
> ovn host tunnels (udp/6081)
> gluster swift (tcp/8080)
> tcp/39543, tcp/55863 ("status") -- gluster ports
> nlockmgr (udp/963, tcp/965)
> ctdbd (tcp/4379)
> nrpe (tcp/5666)
There seems to be only one registered port here that is used for the registered
service: ctdbd (tcp/4379)
Is it possible to group the needed port numbers together like for example in
the freeipa services?
> Some of the ports aren't standardized and their name only serves as an
> indication to their use in oVirt; we'd like to know how to treat those as
> well in your opinions.
>
This is also a good point to group them together in an ovirt service or several
ovirt-X services.
> Thanks,
> Leon
>
Regards,
Thomas