Ask Your Question

Why disable Firewalld and NetworkManager?

asked 2018-09-14 05:50:58 -0500

iztree gravatar image

Hello I'm new and I'd like to know the reasons to disable firewalld and NetworkManager. Thank you

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted

answered 2018-09-14 06:44:41 -0500

Because they manage network interfaces and the firewall, and Neutron wants to manage them as well. When there are two managers that don’t know about each other, you can perhaps imagine that the result is chaos.

edit flag offensive delete link more

answered 2018-12-07 07:14:16 -0500

Joeraid gravatar image

@Bernd Bausch The teacher said he didn't want to bother adding exceptions to every OpenStack application. He didn't say anything about Neutron.

edit flag offensive delete link more


I don't understand how this relates to the question.

What do you mean by "exception"?

Neutron is not an OpenStack application, but an essential part of OpenStack. Without Neutron, no OpenStack cloud (except if you want to deploy standalone Swift).

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 08:36:29 -0500 )edit

I wasn't trying to answer (I should've worded my comment properly. Sorry for that). I wanted your opinion since the teacher's answer wasn't convincing. Also exceptions means opening ports in the firewall. I got the impression that OpenStack manages several processes and each required an open port.

Joeraid gravatar imageJoeraid ( 2018-12-07 08:58:44 -0500 )edit

Any application that listens for network connections needs an open port, not just OpenStack.

It is true that the number of ports used by OpenStack used to be high. Nowadays though you can deploy most components behind a regular web server.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 09:22:16 -0500 )edit

So was the teacher's answer accurate? Do we disbale the network manager because it was a demo and would find another way to open ports efficiently in a production environment Or because Neutron will take care of that instead.

Joeraid gravatar imageJoeraid ( 2018-12-07 09:34:20 -0500 )edit

NM has nothing to do with opening ports. Indeed Neutron wants to manage the network and would conflict with NM. Or you could see it this way: Neutron is unable to manage network config through NM, and the firewall through firewalld.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 09:40:48 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2018-09-14 05:50:58 -0500

Seen: 1,069 times

Last updated: Dec 07 '18