Back to bug 2222809
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-07-13 19:11:54 UTC | Pool ID | sst_system_roles_rhel_8 | |
| Red Hat One Jira (issues.redhat.com) | 2023-07-13 19:13:56 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-162330 | |
| Rich Megginson | 2023-07-13 19:16:12 UTC | Target Release | --- | 8.9 |
| Status | NEW | POST | ||
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Rich Megginson | 2023-07-13 19:31:44 UTC | Flags | needinfo?(djez) needinfo?(jharuda) needinfo?(vdanek) | |
| CC | djez, jharuda, vdanek | |||
| David Jež | 2023-07-19 15:30:07 UTC | QA Contact | rhel-cs-system-management-subsystem-qe | djez |
| Jakub Haruda | 2023-07-21 15:59:23 UTC | Flags | needinfo?(jharuda) | |
| Rich Megginson | 2023-07-21 17:28:26 UTC | Fixed In Version | rhel-system-roles-1.22.0-0.16.el8 | |
| Status | POST | MODIFIED | ||
| errata-xmlrpc | 2023-07-21 17:34:00 UTC | Status | MODIFIED | ON_QA |
| Rich Megginson | 2023-08-10 14:18:36 UTC | Doc Text | Enhancement: Role will now always attempt to unmask on role execution add variable 'firewall_disable_conflicting_services' to give the option of disabling of known conflicting services - Set to false by default Update README to document the following behavior of the system role: - linux-system-roles.firewall will attempt to install, unmask, and enable firewalld - linux-system-roles.firewall can attempt to disable directly conflicting services to firewalld - and that is enabled by setting the variable 'firewall_disable_conflicting_services' to true - list of conflicting services present in vars/main.yml test cases for these changes in tests/tests_default.yml Reason: role currently fails if firewalld was masked on run conflicting services have the potential to cause errors on role run - set to false by default due to runtime overhead associated with disabling conflicting services. An example of where this overhead may be a problem is our integration tests that have no need to use the feature. - Reason for specific implementation - ansible.builtin.service module fails when run to manage services that are not installed on the system, causing errors. While ignoring errors is a potential solution, it seemed like an improper solution as it would not be able to differentiate between an installed service that failing to be stopped and disabled vs a disable that failed due to not being installed. Result: - role no longer fails if firewalld is masked - users have the option to disable conflicting services (iptables.service, nftables.service, ufw.service respectively) Issue Tracker Tickets (Jira or BZ if any): - Addresses GitHub Issues: #103, #136 | |
| Doc Type | Bug Fix | Enhancement | ||
| David Jež | 2023-08-11 13:46:25 UTC | Flags | needinfo?(djez) | |
| Status | ON_QA | VERIFIED |
Back to bug 2222809