Ask Your Question
0

Why disable Firewalld and NetworkManager?

asked 2018-09-14 05:50:58 -0600

iztree gravatar image

Hello I'm new and I'd like to know the reasons to disable firewalld and NetworkManager. Thank you

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by » oldest newest most voted
1

answered 2018-09-14 06:44:41 -0600

Bernd Bausch gravatar image

Because they manage network interfaces and the firewall, and Neutron wants to manage them as well. When there are two managers that don’t know about each other, you can perhaps imagine that the result is chaos.

edit flag offensive delete link more
add a comment
0

answered 2018-12-07 07:14:16 -0600

Joeraid gravatar image

@Bernd Bausch The teacher said he didn't want to bother adding exceptions to every OpenStack application. He didn't say anything about Neutron.

edit flag offensive delete link more

Comments

I don't understand how this relates to the question.

What do you mean by "exception"?

Neutron is not an OpenStack application, but an essential part of OpenStack. Without Neutron, no OpenStack cloud (except if you want to deploy standalone Swift).

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 08:36:29 -0600 )edit

I wasn't trying to answer (I should've worded my comment properly. Sorry for that). I wanted your opinion since the teacher's answer wasn't convincing. Also exceptions means opening ports in the firewall. I got the impression that OpenStack manages several processes and each required an open port.

Joeraid gravatar imageJoeraid ( 2018-12-07 08:58:44 -0600 )edit

Any application that listens for network connections needs an open port, not just OpenStack.

It is true that the number of ports used by OpenStack used to be high. Nowadays though you can deploy most components behind a regular web server.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 09:22:16 -0600 )edit

So was the teacher's answer accurate? Do we disbale the network manager because it was a demo and would find another way to open ports efficiently in a production environment Or because Neutron will take care of that instead.

Joeraid gravatar imageJoeraid ( 2018-12-07 09:34:20 -0600 )edit

NM has nothing to do with opening ports. Indeed Neutron wants to manage the network and would conflict with NM. Or you could see it this way: Neutron is unable to manage network config through NM, and the firewall through firewalld.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 09:40:48 -0600 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-09-14 05:50:58 -0600

Seen: 139 times

Last updated: Dec 07 '18

Related questions

Small Horizon dashboard modifications

Queens OpenStack: Unable to Launch Instance Virtual Machine DHCP issue

How can I change instance's fixed ip

qrouter unable to ping external gateway

how to set up the provider interface in neutron using network manager

Failed to bind port on host

Can ping vm instance but can't ssh (ssh command halts, with no output)

"No route to host" while playing setup-infrastructure.yml

neutron network cannot be seen by nova

3rd Party firewall or security plugin