Description of problem:
Installation of RHGSWA disable firewall on all machines, there's special playbook for doing this in tendrl-ansible.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install RHGSWA
2. Check firewalld service and iptables
firewalld is disabled and inactive, iptables flushed
firewalld should be set instead of stopped and disabled.
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.
(In reply to Rahul Hinduja from comment #35)
> Based on comment 30 to 34 , moving this bug to verified state. Other issues
> will be tracked separately.
I see that this BZ is in VERIFIED state when:
* upstream documenatation for firewall configuration is not finished,
see BZ 1519237
* description of verification process (eg. comment 17) doesn't refer to
downstream documentation draft nor specifies firewall configuration used
* qe team doesn't have firewall setup automated via playbook, so that qe
team can't even run *every test case* (starting when this BZ was moved
into verified state) with expected firewall setup
For these reason, I'm moving this BZ back in ON_QE and I don't thing we can
move it back to VERIFIED until we:
* reference particular firewall configuration used there
* automate the firewall configuration and make sure every tester uses it
(In reply to Rejy M Cyriac from comment #38)
> THE ONLY ISSUE TO BE VERIFIED AS RESOLVED AT THIS BZ IS ON THE 'ACT OF
> INSTALLATION OF RHGS WEB ADMINISTRATION DISABLING FIREWALL BY DEFAULT.
> THIS WAS THE ONLY CONCERN RAISED BY PRODUCT SECURITY, AND CONVEYED TO THE
> PRODUCT STAKEHOLDERS TO RESOLVE, BEFORE SHIPPING THE WEB ADMINISTRATION
To make this more clear, I reorganized BZs according to your description so that:
* this BZ is blocked by 1519722, because I don't see how we could on one hand
claim that firewalld should not be disabled, and on the other hand keep a
workaround which disables the firewalld in suggested installation script
* there is a firewall tracker BZ 1520343, which keeps track of all the other
firewall BZs for RHGS WA now
* BZs were linked so that's easier to track what depends on what
> * this BZ is blocked by 1519722, because I don't see how we could on one hand
> claim that firewalld should not be disabled, and on the other hand keep a
> workaround which disables the firewalld in suggested installation script
BZ 1519722 is in VERIFIED state now
> * there is a firewall tracker BZ 1520343, which keeps track of all the other
> firewall BZs for RHGS WA now
This is a tracker bug and to be addressed in subsequent releases. BZ 1520343 is not targeted for 3.3.1
> * BZs were linked so that's easier to track what depends on what
Considering these moving the bug to verified state.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.