RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2120709 - Use firewall role to configure firewall for SQL Server
Summary: Use firewall role to configure firewall for SQL Server
Keywords:
Status: CLOSED ERRATA
Alias: None
Deadline: 2022-08-29
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: ansible-collection-microsoft-sql
Version: 9.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Sergei Petrosian
QA Contact: Daniel Yeisley
Alexandra Nikandrova
URL:
Whiteboard:
Depends On:
Blocks: 2120714 2129334
TreeView+ depends on / blocked
 
Reported: 2022-08-23 15:06 UTC by Sergei Petrosian
Modified: 2022-11-15 11:33 UTC (History)
2 users (show)

Fixed In Version: ansible-collection-microsoft-sql-1.2.3-1.el9
Doc Type: Enhancement
Doc Text:
The RN description for this BZ is covered as part of BZ#2066337. link: https://bugzilla.redhat.com/show_bug.cgi?id=2066337
Clone Of:
: 2120714 (view as bug list)
Environment:
Last Closed: 2022-11-15 10:29:27 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-132017 0 None None None 2022-08-23 15:16:34 UTC
Red Hat Product Errata RHBA-2022:8154 0 None None None 2022-11-15 10:29:54 UTC

Description Sergei Petrosian 2022-08-23 15:06:58 UTC 
Description of problem:
The microsoft.sql.server role must use the firewall role to automate fireall configuration.

Actual results:
Previously, users needed to configure firewall themselves.

Expected results:
Usesrs provide special variables like `mssql_firewall_configure: true` and `mssql_ha_firewall_configure: true` to make the role 

Additional info:
Fixed in https://github.com/linux-system-roles/mssql/pull/77
Comment 1 Daniel Yeisley 2022-08-30 20:58:03 UTC 
I installed two systems with RHEL-9.1.0-20220830.1 and started the firewall service. I added port 6776 required by the restraint harness.

[root@isvqe-01 ~]# firewall-cmd --list-ports
6776/tcp

The following ansible-collection rpm is installed. 
[root@isvqe-01 Certification]# rpm -qa | grep ansible-collection
ansible-collection-microsoft-sql-1.2.3-1.el9.noarch

The is the yml I used. 
[root@isvqe-01 Certification]# cat site-ha.yml 

---
- hosts: all
  vars:
        ha_cluster_enable_repos: no
        mssql_version: 2019
        mssql_accept_microsoft_odbc_driver_17_for_sql_server_eula: true
        mssql_accept_microsoft_cli_utilities_for_sql_server_eula: true
        mssql_accept_microsoft_sql_server_standard_eula: true
        mssql_password: redhat123!
        mssql_edition: Developer
        mssql_enable_sql_agent: true
        mssql_install_fts: true
        mssql_ha_configure: true
        mssql_manage_firewall: true
        mssql_ha_listener_port: 5022
        mssql_ha_cert_name: mssql_cert
        mssql_ha_master_key_password: "redhat123!"
        mssql_ha_private_key_password: "redhat123!"
        mssql_ha_reset_cert: false
        mssql_ha_endpoint_name: hadr_endpoint
        mssql_ha_ag_name: ag1
        mssql_ha_db_names:
          - ds2
        mssql_ha_login: hacluster
        mssql_ha_login_password: "redhat123!"
        mssql_ha_hacluster_password: "redhat123!"
        mssql_ha_cluster_run_role: true
        mssql_ha_virtual_ip: 192.168.100.201
        ha_cluster_cluster_name: isvqe-cluster
        ha_cluster_hacluster_password: "redhat123!"
        ha_cluster_cluster_properties:
          - attrs:
            - name: cluster-recheck-interval
              value: 2min
            - name: start-failure-is-fatal
              value: true
            - name: stonith-enabled
              value: false
        ha_cluster_resource_primitives:
          - id: mydummy
            agent: ocf:pacemaker:Dummy
          - id: ag_cluster
            agent: ocf:mssql:ag
            instance_attrs:
              - attrs:
                - name: ag_name
                  value: "ag1"
            meta_attrs:
              - attrs:
                - name: failure-timeout
                  value: 80s
          - id: virtualip
            agent: ocf:heartbeat:IPaddr2
            instance_attrs:
              - attrs:
                - name: ip
                  value: 192.168.100.201
            operations:
              - action: monitor
                attrs:
                  - name: interval
                    value: 30s
        ha_cluster_resource_clones:
          - resource_id: ag_cluster
            promotable: yes
            meta_attrs:
              - attrs:
                - name: notify
                  value: true
        ha_cluster_constraints_colocation:
          - resource_leader:
              id: ag_cluster-clone
              role: Promoted
            resource_follower:
              id: virtualip
            options:
              - name: score
                value: INFINITY
        ha_cluster_constraints_order:
          - resource_first:
              id: ag_cluster-clone
              action: promote
            resource_then:
              id: virtualip
              action: start

  roles:
         - role: microsoft.sql.server

I executed my script which created a 2-node cluster using the ansible roles and then executed my test harness against it. 

I saw no issues and the sql server port was added to the firewall.

[root@isvqe-01 Certification]# firewall-cmd --list-ports
1229/tcp 1433/tcp 5022/tcp 6776/tcp
Comment 3 Fedora Update System 2022-09-04 22:45:36 UTC 
FEDORA-2022-c8843968db has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 errata-xmlrpc 2022-11-15 10:29:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-collection-microsoft-sql bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8154
Note You need to log in before you can comment on or make changes to this bug.