Bug 1421032
Summary: | Ansible Redeploy certificates changes iptables/firewalld configuration | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Ruben Romero Montes <rromerom> |
Component: | Installer | Assignee: | Scott Dodson <sdodson> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Johnny Liu <jialiu> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 3.4.1 | CC: | aos-bugs, jokerman, mmccomas, pep, rromerom |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-06-12 11:49:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ruben Romero Montes
2017-02-10 07:19:46 UTC
As far as I know, 3.4 official openshift-ansible installer only support iptables [1], firewalld will be supported in 3.5. 3.4 install always enable iptables and mark firewalld. This should be an expected behavior. How could you set up the env using firewalld? Or after you set up env, manually mark iptables service and enable firewalld, and manually add iptable rule via firewalld, then when you redeploy certificates, iptables is enabled and firewalld is marked again. Is that your case? If yes, are you opening this bug to ask installer not touch user's customized setting (enable firewalld and mark iptables) when redeploying certificates, right? [1]: https://github.com/openshift/openshift-ansible/blob/openshift-ansible-3.4.60-1/roles/os_firewall/defaults/main.yml#L7 Hi Johnny, Yes, that is my situation. I installed openshift using the community playbooks and then I executed the openshift 3.4 playbooks inside the master. I know now why I started having the problems. But as you suggested, I don't think the certificates playbook shoult try to align this configuration related to iptables/firewalld. Is there any reason for that? Thanks Ruben This should no longer be the case as we reverted the changes to default to firewalld. Can you please try with the latest code? Hi Scott, I will not be able to test it because of time constraints. But if you say this change has been reverted we can close it as "CURRENTRELEASE". Thank you for your help. |