[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] firewalld in atomic host
- From: Dusty Mabe <dusty dustymabe com>
- To: Colin Walters <walters verbum org>, atomic-devel <atomic-devel projectatomic io>, Fedora Cloud SIG <cloud lists fedoraproject org>
- Subject: Re: [atomic-devel] firewalld in atomic host
- Date: Fri, 21 Apr 2017 15:29:16 -0400
On 04/21/2017 03:18 PM, Colin Walters wrote:
> On Fri, Apr 21, 2017, at 10:16 AM, Dusty Mabe wrote:
>> NOTE: if you respond to this message please 'reply-all'.
>>
>> I'd like to discuss firewalld on atomic host.
>
> I think there here are two cases:
>
> AH-as-Kube/OpenShift host: In this I'd turn the conversation around - do
> Kube/OpenShift want to depend on firewalld? This has come up before,
> see https://bugzilla.redhat.com/show_bug.cgi?id=1403331
I'm not sure about kube. One thing we could do is ship firewalld and not enable
it. We don't enable iptables either (at least in our cloud images). Then k8s/openshift
can use whichever one they choose, right?
>
> Standalone/"pet" AH: I think that package layering solves
> this today (and other "pet" cases), and ideally we would also provide a container.
Yeah, I just don't think I can honestly recommend people reboot their instance.
Once livefs is here my worries go away and we probably aren't even having this
conversation.
>
> Basically I don't have a definitive answer myself, but hopefully at
> least the above bz link is useful.
>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]