Hi List,
Are you really using firewalld and network-manager on Centos 7 production servers or old way disabling network manager and using pure iptables like on C6?
-- Eero
As i start to deploy test images of C7 I think about this same question. Part of me wants to keep the simplicity of the old method, but then someone else somewhere mentioned that the systemd stuff relies on network-manager to work better, so I don't know that keeping the old methods is better. I do dislike the new NIC naming, and that's tied to network-manager too, but I was hoping others would have more feedback about which way is better in the long run.
On Tue, Jul 15, 2014 at 5:59 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
Hi List,
Are you really using firewalld and network-manager on Centos 7 production servers or old way disabling network manager and using pure iptables like on C6?
-- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
2014-07-15 21:20 GMT+03:00 Jeremy Hoel jthoel@gmail.com:
As i start to deploy test images of C7 I think about this same question. Part of me wants to keep the simplicity of the old method, but then someone else somewhere mentioned that the systemd stuff relies on network-manager to work better, so I don't know that keeping the old methods is better. I do dislike the new NIC naming, and that's tied to network-manager too, but I was hoping others would have more feedback about which way is better in the long run.
Some-one said that is recommended way to use network manager and firewalld, but I still need to learn those tools first..
-- Eero
Hello Eero Volotinen,
On Tue, Jul 15, 2014 at 08:59:14PM +0300, Eero Volotinen wrote:
Hi List,
Are you really using firewalld and network-manager on Centos 7 production servers or old way disabling network manager and using pure iptables like on C6?
I tried to disable NetworkManager, but then ran into the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=1105770
Instead of adjusting the file, I have now switched over to NetworkManager (even for local static routes).
For iptables I'd rather stay with static rules, so iptables is the right thing for me...
(Next item is tuned, which also looks a bit overkill to keep running.)
Best regards,
Florian La Roche
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 15.07.2014 20:25, Florian La Roche wrote:
(Next item is tuned, which also looks a bit overkill to keep running.)
Is there something different in el7 compared to el6 ? Because tuned is already part of the game since at least el 6.5!
On Tue, Jul 15, 2014 at 08:37:15PM +0200, Sven Kieske wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 15.07.2014 20:25, Florian La Roche wrote:
(Next item is tuned, which also looks a bit overkill to keep running.)
Is there something different in el7 compared to el6 ? Because tuned is already part of the game since at least el 6.5!
Most of my installs are older than 6.5 and tuned seems to be not installed on my CentOS-6 machines. Looking at CentOS-7 most of my installs should be ok with a static configuration that will not change over the machine lifetime.
Back to the nasty NetworkManager bug in https://bugzilla.redhat.com/show_bug.cgi?id=1105770 : The bug was already reported in January 2012, but ignored for 18 months by the NM gods. Just check this report: https://bugzilla.redhat.com/show_bug.cgi?id=771673
best regards,
Florian La Roche
Back to the nasty NetworkManager bug in
https://bugzilla.redhat.com/show_bug.cgi?id=1105770 : The bug was already reported in January 2012, but ignored for 18 months by the NM gods. Just check this report: https://bugzilla.redhat.com/show_bug.cgi?id=771673
Yeah, still waiting redhat to fix QT bug: https://bugzilla.redhat .com/show_bug.cgi?id=1098949
A bit slow feeling ..
-- Eero
On 07/15/2014 08:25 PM, Florian La Roche wrote:
Hello Eero Volotinen,
On Tue, Jul 15, 2014 at 08:59:14PM +0300, Eero Volotinen wrote:
Hi List,
Are you really using firewalld and network-manager on Centos 7 production servers or old way disabling network manager and using pure iptables like on C6?
I tried to disable NetworkManager, but then ran into the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=1105770
Instead of adjusting the file, I have now switched over to NetworkManager (even for local static routes).
For iptables I'd rather stay with static rules, so iptables is the right thing for me...
(Next item is tuned, which also looks a bit overkill to keep running.)
Best regards,
Florian La Roche
NetworkManager does not fully support Bridge interfaces, so since I use (one for now) C7 server for KVM host, I disabled it and use network instead.
I will also use shorewall instead of Firewalld, at least until I can understand how it works (stupid looking thing without obvious way of using it).
Don't know what is the "official" way, but I build my cloud instances without firewalld and networkmanager. It's also how Fedora build the cloud images, e.g. https://git.fedorahosted.org/cgit/cloud-kickstarts.git/tree/generic/fedora-2...
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro
----- Original Message -----
From: "Eero Volotinen" eero.volotinen@iki.fi To: "CentOS" centos@centos.org Sent: Tuesday, 15 July, 2014 6:59:14 PM Subject: [CentOS] FirewallD and Network manager on production servers (C7)
Hi List,
Are you really using firewalld and network-manager on Centos 7 production servers or old way disabling network manager and using pure iptables like on C6?
-- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Eero Volotinen -
Florian La Roche -
Jeremy Hoel -
Ljubomir Ljubojevic -
Nux! -
Sven Kieske