1313160 – [RFE]Allow firewalld for Openshift installation

Bug 1313160 - [RFE]Allow firewalld for Openshift installation

Summary: [RFE]Allow firewalld for Openshift installation

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Scott Dodson
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-01 06:42 UTC by Jaspreet Kaur
Modified:	2019-10-10 11:22 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	Feature: Firewalld support at installation time. Reason: Improved firewall management Result: OCP 3.5 running on RHEL will allow the use of firewalld by setting os_firewall_use_firewalld=true Atomic Host will continue to default to iptables as firewalld is not available there.
Clone Of:
Environment:
Last Closed:	2017-05-05 12:38:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	3018991	0	None	None	None	2018-06-22 18:53:50 UTC

Description Jaspreet Kaur 2016-03-01 06:42:38 UTC

1. Proposed title of this feature request  
 Allow firewalld for Openshift installation
    
      
3. What is the nature and description of the request?  
At present firewalld is not supported for Openshift installation and it has to be disabled before starting installation. The request is to allow firewalld along with iptables i.e either one can be used.

      
4. Why does the customer need this? (List the business requirements here)  
Our company base system uses and depends on firewalld. We cannot disable firewalld without breaking essentials parts of the base system. Hence, it is necessary for us to enable firewalld

      
5. How would the customer like to achieve this? (List the functional requirements here)

firewalld should be enabled and supported with Openshift Enterprise 3

      
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  

Yes we are ready to test after enabling firewalld.


7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  

No.


8. Does the customer have any specific timeline dependencies and which release would they like to target?

ASAP   
      
9. Is the sales team involved in this request and do they have any additional input? 

no, but is a POC
      
10. List any affected packages or components.  
      
11. Would the customer be able to assist in testing this functionality if implemented?  

yes

Comment 10 Gan Huang 2017-03-03 06:30:31 UTC

In fresh 3.5 installs, firewalld will be used by default with RHEL, and iptables will still be used on Atomic Host due to BZ#1403331.

We can also use iptables with RHEL in fresh installs by specifying the following in inventory hosts:

[OSEv3:vars]
os_firewall_use_firewalld=False

I'm going to move verified as firewalld is already supported in 3.5. Feel free to move back if anything else is needed.

Comment 14 Scott Dodson 2017-05-05 12:38:22 UTC

It's possible to use firewalld now by setting os_firewall_use_firewalld=true however it's not currently the default and may or may not ever become the default. I'm going to mark this as CLOSED CURRENTRELEASE because the initial request is to allow it not to make it the default.

Note You need to log in before you can comment on or make changes to this bug.