Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 89D9310473 for ; Fri, 9 Jan 2015 17:24:30 +0000 (UTC) Received: (qmail 18621 invoked by uid 500); 9 Jan 2015 17:24:31 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 18572 invoked by uid 500); 9 Jan 2015 17:24:31 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 18557 invoked by uid 99); 9 Jan 2015 17:24:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Jan 2015 17:24:30 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of nux@li.nux.ro designates 31.193.175.196 as permitted sender) Received: from [31.193.175.196] (HELO mailserver.lastdot.org) (31.193.175.196) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Jan 2015 17:24:25 +0000 Received: from localhost (localhost [IPv6:::1]) by mailserver.lastdot.org (Postfix) with ESMTP id EC5F52C9541 for ; Fri, 9 Jan 2015 17:23:32 +0000 (GMT) Received: from mailserver.lastdot.org ([IPv6:::1]) by localhost (mailserver.lastdot.org [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id eA6VeRfsS2fs for ; Fri, 9 Jan 2015 17:23:32 +0000 (GMT) Received: from localhost (localhost [IPv6:::1]) by mailserver.lastdot.org (Postfix) with ESMTP id D0AE32C9542 for ; Fri, 9 Jan 2015 17:23:31 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.9.2 mailserver.lastdot.org D0AE32C9542 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=li.nux.ro; s=C605E3A6-F3C6-11E3-AEB0-DFF9218DCAC4; t=1420824211; bh=fLzEBoZ+GS8ZQvRrUNoreFgj/4mjc/IxnfL26UHByGg=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding; b=o0f0PzOhP0hGFV+vp7Tumy29+r7ipmB/NEENW5BA+ti0ojrUvfyAD/tPk5mS/wi0+ HCLiUzzJimL3lNKkNYEsONHGmI8iIFBfviLbuA78Aq5SNwoEPNda/iwsoonSrcuuEu Yt4ppKbR3nmmKOJ4csZs7NFlZbbrCqjCVSva99Oo= X-Virus-Scanned: amavisd-new at mailserver.lastdot.org Received: from mailserver.lastdot.org ([IPv6:::1]) by localhost (mailserver.lastdot.org [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id SYUjsW-JcsjA for ; Fri, 9 Jan 2015 17:23:31 +0000 (GMT) Received: from mailserver.lastdot.org (mailserver.lastdot.org [31.193.175.196]) by mailserver.lastdot.org (Postfix) with ESMTP id 8B06F2C9541 for ; Fri, 9 Jan 2015 17:23:31 +0000 (GMT) Date: Fri, 9 Jan 2015 17:23:31 +0000 (GMT) From: Nux! To: dev@cloudstack.apache.org Message-ID: <1566146475.16230.1420824210995.JavaMail.zimbra@li.nux.ro> In-Reply-To: References: Subject: Re: CentOS 7 support MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Zimbra 8.6.0_GA_1153 (ZimbraWebClient - FF34 (Linux)/8.6.0_GA_1153) Thread-Topic: CentOS 7 support Thread-Index: SgEkFdicr0vdtIS12N1xK+a4YiqtWg== X-Virus-Checked: Checked by ClamAV on apache.org Hi Marcus, No experience with ACS and CentOS 7, but AFAIK the old init scripts should still work, though ideally we should eventually use proper service files to take advantage of systemd. Re firewalld, I tried to avoid it as much as I could as I believe it just complicates matters; I am not necesarilly against it, but just chose to use good old iptables directly, I see it more of a tool for begineers and it doesn't help if you already know your way around iptables. I see similar trends of simplifying iptables also in the Ubuntu camp with "ufw". CentOS 7 includes a package called iptables-services which implements the old behaviour of loading up rules directly from /etc/sysconfig/iptables as well as making "service iptables stop|start|save" happen. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Marcus" > To: dev@cloudstack.apache.org > Sent: Friday, 9 January, 2015 16:41:17 > Subject: CentOS 7 support > Hi guys, > I'm going to be evaluating CentOS/EL 7 as a Hypervisor. The > primary points of concern are the move from init to systemd and > dropping iptables(the command) for firewalld, however a cursory look > indicates that there might be sufficient compatibility layers/wrappers > built-in. It may just work out of the box (does anyone have > experience with this already?), but we will probably want to put a > plan together for announcing official support. We will also eventually > want to switch to systemd (mostly a packaging issue), and make the > necessary changes to the security groups portions to be more firewalld > friendly, assuming the iptables command will be deprecated (not sure > if it is). I'm not sure what Ubuntu is doing lately, but we may have > to support both. There's probably no rush though since the iptables > command will definitely continue until at least CentOS 8.