1378013 – [ocp-on-osp] Should disable firewalld if it's running

Bug 1378013 - [ocp-on-osp] Should disable firewalld if it's running

Summary: [ocp-on-osp] Should disable firewalld if it's running

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Jan Provaznik
QA Contact:	Gan Huang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-21 10:05 UTC by Gan Huang
Modified:	2017-03-20 08:40 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-03-20 08:40:38 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Gan Huang 2016-09-21 10:05:35 UTC

Description of problem:
Currently if frewalled is enabled by default in the infra image, the DNS nameserver defined by users can't passed to master and nodes. Then the installation by openshift-ansible would fail.

Version-Release number of selected component (if applicable):
v0.8.0

How reproducible:
Always


Steps to Reproduce:
1. Create a RHEL image which is not official.
1. $ cat ocp.yaml
parameters:
  ssh_key_name: libra 
  infra_image: qe-rhel-20160909
  master_image: qe-rhel-20160909
  node_image: qe-rhel-20160909
  flavor: m1.medium
  external_network: 10.8.172.0/22 
  dns_nameserver: 10.72.17.5,8.8.4.4
  node_count: 1

  #rhn_username: "Your RHN Username"
  #rhn_password: "Your RHN Password"
  #sat6_hostname: ""
  #sat6_organization: ""
  #sat6_activationkey: ""
  rhn_pool: ''

  deployment_type: openshift-enterprise
  domain_name: "example.com"
  master_hostname: "openshift-master"
  node_hostname: "openshift-node"
  ssh_user: cloud-user 
  master_docker_volume_size_gb: 5 
  node_docker_volume_size_gb: 5

resource_registry:
  OOShift::LoadBalancer: loadbalancer_none.yaml 
  OOShift::ContainerPort: sdn_openshift_sdn.yaml
  OOShift::IPFailover: ipfailover_none.yaml
  OOShift::DockerVolume: volume_docker.yaml
  OOShift::DockerVolumeAttachment: volume_attachment_docker.yaml
  OOShift::RegistryVolume: registry_ephemeral.yaml
2. Create the heat stack
3.

Actual results:
openshift-ansible playbook failed because DNS resolution issue. (the name servers defined by user didn't passed to the masters and nodes)
 
Expected results:
Disable firewalld if it's running during cloud-init.

Additional info:

Comment 1 Jan Provaznik 2016-10-05 07:14:24 UTC

upstream patch: https://github.com/redhat-openstack/openshift-on-openstack/pull/256

Comment 2 Gan Huang 2016-10-10 05:43:05 UTC

Now my custom RHEL image works well with this PR. IMO we shouldn't restrict the users to use the official RHEL image only, and create a such image which satifys the requirement should not be very hard. Could we document the System Requirements for the image instead of restricting to use the official image only?

Thanks, Jan!

Comment 3 Jan Provaznik 2016-10-10 08:35:59 UTC

The fix has been included in 0.9.1 (moving to ON_QA).
Gan, it's valid point that a customer will want to use a custom/prebuilt image. I'm not aware of any *special* requirements we expect from the custom image right now. README mentions an option of using prebuilt images (and how to prepare them) - https://github.com/redhat-openstack/openshift-on-openstack#prebuild-images

I'm open to improve "custom image usage" section, though ideally in a separate BZ.

Comment 4 Gan Huang 2016-10-10 10:08:03 UTC

Per comment2, this issue has been fixed. 

Verified with openshift-on-openstack v0.9.1

Note You need to log in before you can comment on or make changes to this bug.