[ovs-dev] [PATCH] OVN: Document how to use firewalld service files

Tue Oct 24 21:34:46 UTC 2017

On Tue, Oct 24, 2017 at 09:10:09AM -0500, Mark Michelson wrote:
> Firewalld service files for OVN have been in the source for several
> months. This adds instructions for how to use these service files with
> firewalld.
> 
> Signed-off-by: Mark Michelson <mmichels at redhat.com>

Thanks a lot for the documentation!  I folded in the following minor
typographical improvements and applied this to master.

--8<--------------------------cut here-------------------------->8--

diff --git a/Documentation/howto/firewalld.rst b/Documentation/howto/firewalld.rst
index b78d8e3b4b88..b76a4d2b7dc7 100644
--- a/Documentation/howto/firewalld.rst
+++ b/Documentation/howto/firewalld.rst
@@ -37,8 +37,9 @@ Installation
 ------------
 
 If you have installed OVN from an RPM, then the service files for firewalld
-will automatically be installed in /usr/lib/firewalld/services. Installation
-from RPM includes installation from the yum or dnf package managers.
+will automatically be installed in ``/usr/lib/firewalld/services``.
+Installation from RPM includes installation from the yum or dnf package
+managers.
 
 If you have installed OVN from source, then from the top level source
 directory, issue the following commands to copy the firewalld service files:
@@ -57,18 +58,14 @@ Activation
 Assuming you are already running firewalld, you can issue the following
 commands to enable the OVN services.
 
-On the central server (the one running ovn-northd), issue the following
-
-::
+On the central server (the one running ``ovn-northd``), issue the following::
 
 $ firewall-cmd --zone=public --add-service=ovn-central-firewall-service
 
 This will open TCP ports 6641 and 6642, allowing for remote connections to the
 northbound and southbound databases.
 
-On the OVN hosts (the ones running ovn-controller), issue the following
-
-::
+On the OVN hosts (the ones running ``ovn-controller``), issue the following::
 
 $ firewall-cmd --zone=public --add-service=ovn-host-firewall-service
 
@@ -79,16 +76,16 @@ Variations
 ----------
 
 When installing the XML service files, you have the choice of copying them to
-/etc/firewalld/services or /usr/lib/firewalld/services. The former is
+``/etc/firewalld/services`` or ``/usr/lib/firewalld/services``. The former is
 recommened since the latter can be overwritten if firewalld is upgraded.
 
 The above commands assumed your underlay network interfaces are in the
 "public" firewalld zone. If your underlay network interfaces are in a separate
 zone, then adjust the above commands accordingly.
 
-The \-\-permanent option may be passed to the above firewall-cmd invocations
+The ``--permanent`` option may be passed to the above firewall-cmd invocations
 in order for the services to be permanently added to the firewalld
-configuration. This way it is not necessary to re-issue the commands eaach
+configuration. This way it is not necessary to re-issue the commands each
 time the firewalld service restarts.
 
 The ovn-host-firewall-service only opens port 6081. This is because the
@@ -106,5 +103,5 @@ more secure environment, it is a good idea to do the following
 
 * Use tools such as iptables or nftables to restrict access to known hosts.
 * Use SSL for all remote connections to OVN databases.
-* Use role based access control for connections to the OVN southbound
+* Use role-based access control for connections to the OVN southbound
   database.
