Ask Your Question
0

Why disable Firewalld and NetworkManager?

asked 2018-09-14 05:50:58 -0500

iztree gravatar image

Hello I'm new and I'd like to know the reasons to disable firewalld and NetworkManager. Thank you

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by » oldest newest most voted
2

answered 2018-09-14 06:44:41 -0500

Bernd Bausch gravatar image

Because they manage network interfaces and the firewall, and Neutron wants to manage them as well. When there are two managers that don’t know about each other, you can perhaps imagine that the result is chaos.

edit flag offensive delete link more
add a comment
1

answered 2018-12-07 07:14:16 -0500

Joeraid gravatar image

@Bernd Bausch The teacher said he didn't want to bother adding exceptions to every OpenStack application. He didn't say anything about Neutron.

edit flag offensive delete link more

Comments

I don't understand how this relates to the question.

What do you mean by "exception"?

Neutron is not an OpenStack application, but an essential part of OpenStack. Without Neutron, no OpenStack cloud (except if you want to deploy standalone Swift).

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 08:36:29 -0500 )edit

I wasn't trying to answer (I should've worded my comment properly. Sorry for that). I wanted your opinion since the teacher's answer wasn't convincing. Also exceptions means opening ports in the firewall. I got the impression that OpenStack manages several processes and each required an open port.

Joeraid gravatar imageJoeraid ( 2018-12-07 08:58:44 -0500 )edit

Any application that listens for network connections needs an open port, not just OpenStack.

It is true that the number of ports used by OpenStack used to be high. Nowadays though you can deploy most components behind a regular web server.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 09:22:16 -0500 )edit

So was the teacher's answer accurate? Do we disbale the network manager because it was a demo and would find another way to open ports efficiently in a production environment Or because Neutron will take care of that instead.

Joeraid gravatar imageJoeraid ( 2018-12-07 09:34:20 -0500 )edit
1

NM has nothing to do with opening ports. Indeed Neutron wants to manage the network and would conflict with NM. Or you could see it this way: Neutron is unable to manage network config through NM, and the firewall through firewalld.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 09:40:48 -0500 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-09-14 05:50:58 -0500

Seen: 680 times

Last updated: Dec 07 '18

Related questions

linux bridge not forwarding packets to tap interface

Openvswitch stops responding with higher CPU load [closed]

OpenStack gives me ERROR, after devstack installation

Instance eth1 down while OpenStack dashboard says it's up

Network config when testing on nested environment

how to configure multiple interfaces to virtual machine instance using compute nova (multinic support) [closed]

All network test cases are skipped when I run tempest

filewalld service is unrecognized in Centos.

Neutron/openvswitch not working, how to debug

openstack rocky configure private network