Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4
Affects Version/s: rhel-9.3.0
Component/s: rhel-system-roles
Labels:

Fixed in Build:
rhel-system-roles-1.23.0-2.3.el9

Pool Team:

sst_system_roles

Dev Target Milestone:
14
Internal Target Milestone:
19
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Products:

Red Hat Enterprise Linux

Preliminary Testing:
Pass
Errata Link:
https://errata.devel.redhat.com/advisory/124808

Release Note Type:
Bug Fix
Release Note Text:

Hide
.The `ha_cluster` system role now correctly configures a firewall on a `qnetd` host

Previously, when a user configured a `qnetd` host and set the `ha_cluster_manage_firewall` variable to `true` by using the `ha_cluster` system role, the role did not enable high-availability services in the firewall. With this fix, the `ha_cluster` system role now correctly configures a firewall on a `qnetd` host.

Show
.The `ha_cluster` system role now correctly configures a firewall on a `qnetd` host Previously, when a user configured a `qnetd` host and set the `ha_cluster_manage_firewall` variable to `true` by using the `ha_cluster` system role, the role did not enable high-availability services in the firewall. With this fix, the `ha_cluster` system role now correctly configures a firewall on a `qnetd` host.
Release Note Status:
Done

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The ha_cluster_manage_firewall: true attribute does not alter the firewalld configuration for the qdevice node.

In tasks/main.yml in task "Install and configure HA cluster" the firewall.yml inclusion only applies when the ha_cluster_cluster_present is true which will always be false for the qdevice.

Looks like the firewall.yml inclusion should also be added in tasks/shell_pcs/pcs-qnetd.yml

Available firewalld services in qdevice after running the role.

[root@qdevice ~]#
[root@qdevice ~]# firewall-cmd --list-services
cockpit dhcpv6-client ssh
[root@qdevice ~]#

clones

RHEL-17874 high-availability firewall service is not added on qdevice node

Release Pending

links to

link to github issue

link to github PR

RHEA-2023:124808 rhel-system-roles bug fix and enhancement update

mentioned on

Merge request - System Roles update 1.23.0-2.3

Assignee:: Richard Megginson

Reporter:: Richard Megginson

Developer:: Tomas Jelinek

QA Contact:: Michal Nováček

Doc Contact:: Steven Levine

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/12/01 2:20 PM

Updated:: 2024/04/30 9:51 AM

Resolved:: 2024/04/30 9:51 AM

Dev Target end:: 2023/12/04

Target end:: 2024/01/08

Release Date:: 2024/04/30

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide