Bug 1378013

Summary: [ocp-on-osp] Should disable firewalld if it's running
Product: OpenShift Container Platform Reporter: Gan Huang <ghuang>
Component: InstallerAssignee: Jan Provaznik <jprovazn>
Status: CLOSED CURRENTRELEASE QA Contact: Gan Huang <ghuang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.3.0CC: aos-bugs, jokerman, jprovazn, mmccomas, scollier, sgordon
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-20 08:40:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Gan Huang 2016-09-21 10:05:35 UTC 
Description of problem:
Currently if frewalled is enabled by default in the infra image, the DNS nameserver defined by users can't passed to master and nodes. Then the installation by openshift-ansible would fail.

Version-Release number of selected component (if applicable):
v0.8.0

How reproducible:
Always


Steps to Reproduce:
1. Create a RHEL image which is not official.
1. $ cat ocp.yaml
parameters:
  ssh_key_name: libra 
  infra_image: qe-rhel-20160909
  master_image: qe-rhel-20160909
  node_image: qe-rhel-20160909
  flavor: m1.medium
  external_network: 10.8.172.0/22 
  dns_nameserver: 10.72.17.5,8.8.4.4
  node_count: 1

  #rhn_username: "Your RHN Username"
  #rhn_password: "Your RHN Password"
  #sat6_hostname: ""
  #sat6_organization: ""
  #sat6_activationkey: ""
  rhn_pool: ''

  deployment_type: openshift-enterprise
  domain_name: "example.com"
  master_hostname: "openshift-master"
  node_hostname: "openshift-node"
  ssh_user: cloud-user 
  master_docker_volume_size_gb: 5 
  node_docker_volume_size_gb: 5

resource_registry:
  OOShift::LoadBalancer: loadbalancer_none.yaml 
  OOShift::ContainerPort: sdn_openshift_sdn.yaml
  OOShift::IPFailover: ipfailover_none.yaml
  OOShift::DockerVolume: volume_docker.yaml
  OOShift::DockerVolumeAttachment: volume_attachment_docker.yaml
  OOShift::RegistryVolume: registry_ephemeral.yaml
2. Create the heat stack
3.

Actual results:
openshift-ansible playbook failed because DNS resolution issue. (the name servers defined by user didn't passed to the masters and nodes)
 
Expected results:
Disable firewalld if it's running during cloud-init.

Additional info:
Comment 1 Jan Provaznik 2016-10-05 07:14:24 UTC 
upstream patch: https://github.com/redhat-openstack/openshift-on-openstack/pull/256
Comment 2 Gan Huang 2016-10-10 05:43:05 UTC 
Now my custom RHEL image works well with this PR. IMO we shouldn't restrict the users to use the official RHEL image only, and create a such image which satifys the requirement should not be very hard. Could we document the System Requirements for the image instead of restricting to use the official image only?

Thanks, Jan!
Comment 3 Jan Provaznik 2016-10-10 08:35:59 UTC 
The fix has been included in 0.9.1 (moving to ON_QA).
Gan, it's valid point that a customer will want to use a custom/prebuilt image. I'm not aware of any *special* requirements we expect from the custom image right now. README mentions an option of using prebuilt images (and how to prepare them) - https://github.com/redhat-openstack/openshift-on-openstack#prebuild-images

I'm open to improve "custom image usage" section, though ideally in a separate BZ.
Comment 4 Gan Huang 2016-10-10 10:08:03 UTC 
Per comment2, this issue has been fixed. 

Verified with openshift-on-openstack v0.9.1