Description of problem: Installation of RHGSWA disable firewall on all machines, there's special playbook for doing this in tendrl-ansible. Version-Release number of selected component (if applicable): tendrl-ansible-1.5.4-1.el7rhgs.noarch How reproducible: 100% Steps to Reproduce: 1. Install RHGSWA 2. Check firewalld service and iptables 3. Actual results: firewalld is disabled and inactive, iptables flushed Expected results: firewalld should be set instead of stopped and disabled. Additional info:
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.
(In reply to Rahul Hinduja from comment #35) > Based on comment 30 to 34 , moving this bug to verified state. Other issues > will be tracked separately. I see that this BZ is in VERIFIED state when: * upstream documenatation for firewall configuration is not finished, see BZ 1519237 * description of verification process (eg. comment 17) doesn't refer to downstream documentation draft nor specifies firewall configuration used * qe team doesn't have firewall setup automated via playbook, so that qe team can't even run *every test case* (starting when this BZ was moved into verified state) with expected firewall setup For these reason, I'm moving this BZ back in ON_QE and I don't thing we can move it back to VERIFIED until we: * reference particular firewall configuration used there * automate the firewall configuration and make sure every tester uses it
(In reply to Rejy M Cyriac from comment #38) > THE ONLY ISSUE TO BE VERIFIED AS RESOLVED AT THIS BZ IS ON THE 'ACT OF > INSTALLATION OF RHGS WEB ADMINISTRATION DISABLING FIREWALL BY DEFAULT. > THIS WAS THE ONLY CONCERN RAISED BY PRODUCT SECURITY, AND CONVEYED TO THE > PRODUCT STAKEHOLDERS TO RESOLVE, BEFORE SHIPPING THE WEB ADMINISTRATION > COMPONENT. Ack. To make this more clear, I reorganized BZs according to your description so that: * this BZ is blocked by 1519722, because I don't see how we could on one hand claim that firewalld should not be disabled, and on the other hand keep a workaround which disables the firewalld in suggested installation script * there is a firewall tracker BZ 1520343, which keeps track of all the other firewall BZs for RHGS WA now * BZs were linked so that's easier to track what depends on what
> * this BZ is blocked by 1519722, because I don't see how we could on one hand > claim that firewalld should not be disabled, and on the other hand keep a > workaround which disables the firewalld in suggested installation script BZ 1519722 is in VERIFIED state now > * there is a firewall tracker BZ 1520343, which keeps track of all the other > firewall BZs for RHGS WA now This is a tracker bug and to be addressed in subsequent releases. BZ 1520343 is not targeted for 3.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1520343#c3 https://bugzilla.redhat.com/show_bug.cgi?id=1460574#c7 > * BZs were linked so that's easier to track what depends on what Considering these moving the bug to verified state.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3478