Bug 1243716

Summary: Disable firewalld for RHGS 3.1 through post-script of redhat-storage-server
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Prasanth <pprakash>
Component: redhat-storage-serverAssignee: Bala.FA <barumuga>
Status: CLOSED WONTFIX QA Contact: Prasanth <pprakash>
Severity: urgent Docs Contact:
Priority: urgent    
Version: rhgs-3.1CC: amainkar, annair, asrivast, dpati, nlevinki, nsathyan, pprakash, rcyriac, vagarwal
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-16 12:04:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Prasanth 2015-07-16 07:03:34 UTC 
Description of problem:

Disable firewalld for RHGS 3.1 through post-script of redhat-storage-server pacakge.

Version-Release number of selected component (if applicable):
RHGSS-3.1-RHEL-7-20150714.n.1-RHGSS-x86_64-dvd1.iso
redhat-storage-server-3.1.0.1-2.el7rhgs.noarch

How reproducible:


Steps to Reproduce:
1. Install using ISO RHGSS-3.1-RHEL-7-20150714.n.1-RHGSS-x86_64-dvd1.iso
or
2. do a layered install of RHGS-3.1 on RHEL-7


Actual results: firewalld service is enabled by default in a RHGS-3.1 el7 based ISO installation or on a layered installation. However, all the required ports are not opened by default and as a result 'gluster peer probe' and other operations fails unless and until all the required ports are opened manually. See https://bugzilla.redhat.com/show_bug.cgi?id=1243277 for more details

####
-bash-4.2# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Wed 2015-07-15 02:36:04 EDT; 24h ago
 Main PID: 620 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─620 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
####


Expected results: So as decided in the meeting, we need to disable the firewalld service for now until we have BZ 1243277 fixed.


Additional info:
Comment 1 Rejy M Cyriac 2015-07-16 12:04:00 UTC 
Decision at RHGS 3.1 Blocker BZ Status Check meeting on 18 July 2015 :

should not change the security characteristics of the RHEL platform, so cannot have firewalld disabled at RHGS-3.1-RHEL7 install

admin needs to manually configure the firewall based on list of RHGS 3.1 required ports documented

Closing this BZ.