Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-17875

high-availability firewall service is not added on qdevice node

    • rhel-system-roles-1.23.0-2.3.el9
    • None
    • None
    • rhel-sst-system-roles
    • 14
    • 19
    • None
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Bug Fix
    • Hide
      .The `ha_cluster` system role now correctly configures a firewall on a `qnetd` host

      Previously, when a user configured a `qnetd` host and set the `ha_cluster_manage_firewall` variable to `true` by using the `ha_cluster` system role, the role did not enable high-availability services in the firewall. With this fix, the `ha_cluster` system role now correctly configures a firewall on a `qnetd` host.
      Show
      .The `ha_cluster` system role now correctly configures a firewall on a `qnetd` host Previously, when a user configured a `qnetd` host and set the `ha_cluster_manage_firewall` variable to `true` by using the `ha_cluster` system role, the role did not enable high-availability services in the firewall. With this fix, the `ha_cluster` system role now correctly configures a firewall on a `qnetd` host.
    • Done
    • None

      The ha_cluster_manage_firewall: true attribute does not alter the firewalld configuration for the qdevice node.

      In tasks/main.yml in task "Install and configure HA cluster" the firewall.yml inclusion only applies when the ha_cluster_cluster_present is true which will always be false for the qdevice.

      Looks like the firewall.yml inclusion should also be added in tasks/shell_pcs/pcs-qnetd.yml

      Available firewalld services in qdevice after running the role.

      [root@qdevice ~]#
      [root@qdevice ~]# firewall-cmd --list-services
      cockpit dhcpv6-client ssh
      [root@qdevice ~]#

              rmeggins@redhat.com Richard Megginson
              rmeggins@redhat.com Richard Megginson
              Tomas Jelinek Tomas Jelinek
              Michal Nováček Michal Nováček
              Steven Levine Steven Levine
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: