Bug 2222809

Summary: should have option to disable conflicting services
Product: Red Hat Enterprise Linux 8 Reporter: Rich Megginson <rmeggins>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: David Jež <djez>
Severity: unspecified Docs Contact: Gabi Fialová <gfialova>
Priority: unspecified    
Version: 8.9CC: djez, gfialova, jharuda, lmanasko, myllynen, rhel-cs-system-management-subsystem-qe, spetrosi, vdanek
Target Milestone: rcKeywords: Triaged
Target Release: 8.9   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:firewall
Fixed In Version: rhel-system-roles-1.22.0-0.16.el8 Doc Type: Enhancement
Doc Text:
.The `firewall` RHEL System Role has an option to disable conflicting services, and it no longer fails if `firewalld` is masked Previously, the `firewall` System Role failed when the `firewalld` service was masked on the role run or in the presence of conflicting services. This update brings two notable enhancements: The `linux-system-roles.firewall` role always attempts to install, unmask, and enable the `firewalld` service on role run. You can now add a new variable `firewall_disable_conflicting_services` to your playbook to disable known conflicting services, for example, `iptables.service`, `nftables.service`, and `ufw.service`. The `firewall_disable_conflicting_services` variable is set to `false` by default. To disable conflicting services, set the variable to `true`.
 Story Points: ---
Clone Of: 2222761 Environment:
Last Closed: 2023-11-14 15:31:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2222761    
Bug Blocks:    

Description Rich Megginson 2023-07-13 19:11:54 UTC 
+++ This bug was initially created as a clone of Bug #2222761 +++

When using the firewall role only the firewalld service, not nftables, should be running to avoid any conflicts. While it's trivial to disable/mask nftables in a separate task it would be nice to have the role to do the same and thus avoid any risk for issues.  See https://github.com/linux-system-roles/firewall/issues/136 and https://github.com/linux-system-roles/firewall/pull/154
Comment 8 errata-xmlrpc 2023-11-14 15:31:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:6946
Comment 9 Red Hat Bugzilla 2024-03-14 04:26:01 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days