cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject Re: CentOS 7 support
Date Fri, 09 Jan 2015 17:23:31 GMT
Hi Marcus,

No experience with ACS and CentOS 7, but AFAIK the old init scripts should still work, though
ideally we should eventually use proper service files to take advantage of systemd.

Re firewalld, I tried to avoid it as much as I could as I believe it just complicates matters;
I am not necesarilly against it, but just chose to use good old iptables directly, I see it
more of a tool for begineers and it doesn't help if you already know your way around iptables.
I see similar trends of simplifying iptables also in the Ubuntu camp with "ufw".

CentOS 7 includes a package called iptables-services which implements the old behaviour of
loading up rules directly from /etc/sysconfig/iptables as well as making "service iptables
stop|start|save" happen.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Marcus" <shadowsor@gmail.com>
> To: dev@cloudstack.apache.org
> Sent: Friday, 9 January, 2015 16:41:17
> Subject: CentOS 7 support

> Hi guys,
>    I'm going to be evaluating CentOS/EL 7 as a Hypervisor.  The
> primary points of concern are the move from init to systemd and
> dropping iptables(the command) for firewalld, however a cursory look
> indicates that there might be sufficient compatibility layers/wrappers
> built-in.  It may just work out of the box (does anyone have
> experience with this already?), but we will probably want to put a
> plan together for announcing official support. We will also eventually
> want to switch to systemd (mostly a packaging issue), and make the
> necessary changes to the security groups portions to be more firewalld
> friendly, assuming the iptables command will be deprecated (not sure
> if it is). I'm not sure what Ubuntu is doing lately, but we may have
> to support both. There's probably no rush though since the iptables
> command will definitely continue until at least CentOS 8.

Mime
View raw message