Back to bug 2222761
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-07-13 16:17:33 UTC | Pool ID | sst_system_roles_rhel_9 | |
| RHEL Program Management | 2023-07-13 16:17:43 UTC | Keywords | Triaged | |
| Red Hat One Jira (issues.redhat.com) | 2023-07-13 16:17:55 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-162310 | |
| Rich Megginson | 2023-07-13 16:21:17 UTC | Target Release | --- | 9.3 |
| Status | NEW | ASSIGNED | ||
| Link ID | Github linux-system-roles/firewall/pull/154 | |||
| Doc Type | If docs needed, set a value | Enhancement | ||
| Rich Megginson | 2023-07-13 16:22:13 UTC | CC | myllynen | |
| Rich Megginson | 2023-07-13 19:10:51 UTC | Status | ASSIGNED | POST |
| Rich Megginson | 2023-07-13 19:11:54 UTC | Blocks | 2222809 | |
| Rich Megginson | 2023-07-13 19:32:17 UTC | Flags | needinfo?(djez) needinfo?(jharuda) needinfo?(vdanek) | |
| CC | djez, jharuda, vdanek | |||
| Jakub Haruda | 2023-07-18 17:52:20 UTC | QA Contact | rhel-cs-system-management-subsystem-qe | jharuda |
| Flags | needinfo?(jharuda) | |||
| Rich Megginson | 2023-07-21 17:30:57 UTC | Fixed In Version | rhel-system-roles-1.22.0-0.16.el9 | |
| Status | POST | MODIFIED | ||
| errata-xmlrpc | 2023-07-21 17:32:45 UTC | Status | MODIFIED | ON_QA |
| Jakub Haruda | 2023-07-27 15:04:53 UTC | Status | ON_QA | VERIFIED |
| Rich Megginson | 2023-08-10 13:38:20 UTC | Doc Type | Enhancement | Bug Fix |
| Doc Text | Enhancement: Role will now always attempt to unmask on role execution add variable 'firewall_disable_conflicting_services' to give the option of disabling of known conflicting services - Set to false by default Update README to document the following behavior of the system role: - linux-system-roles.firewall will attempt to install, unmask, and enable firewalld - linux-system-roles.firewall can attempt to disable directly conflicting services to firewalld - and that is enabled by setting the variable 'firewall_disable_conflicting_services' to true - list of conflicting services present in vars/main.yml test cases for these changes in tests/tests_default.yml Reason: role currently fails if firewalld was masked on run conflicting services have the potential to cause errors on role run - set to false by default due to runtime overhead associated with disabling conflicting services. An example of where this overhead may be a problem is our integration tests that have no need to use the feature. - Reason for specific implementation - ansible.builtin.service module fails when run to manage services that are not installed on the system, causing errors. While ignoring errors is a potential solution, it seemed like an improper solution as it would not be able to differentiate between an installed service that failing to be stopped and disabled vs a disable that failed due to not being installed. Result: - role no longer fails if firewalld is masked - users have the option to disable conflicting services (iptables.service, nftables.service, ufw.service respectively) Issue Tracker Tickets (Jira or BZ if any): - Addresses GitHub Issues: #103, #136 |
|||
| Rich Megginson | 2023-08-10 14:18:29 UTC | Doc Type | Bug Fix | Enhancement |
Back to bug 2222761