Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-17875

high-availability firewall service is not added on qdevice node

    • rhel-system-roles-1.23.0-2.3.el9
    • sst_system_roles
    • 14
    • 19
    • None
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Bug Fix
    • Hide
      .The `ha_cluster` system role now correctly configures a firewall on a `qnetd` host

      Previously, when a user configured a `qnetd` host and set the `ha_cluster_manage_firewall` variable to `true` by using the `ha_cluster` system role, the role did not enable high-availability services in the firewall. With this fix, the `ha_cluster` system role now correctly configures a firewall on a `qnetd` host.
      Show
      .The `ha_cluster` system role now correctly configures a firewall on a `qnetd` host Previously, when a user configured a `qnetd` host and set the `ha_cluster_manage_firewall` variable to `true` by using the `ha_cluster` system role, the role did not enable high-availability services in the firewall. With this fix, the `ha_cluster` system role now correctly configures a firewall on a `qnetd` host.
    • Done
    • None

      The ha_cluster_manage_firewall: true attribute does not alter the firewalld configuration for the qdevice node.

      In tasks/main.yml in task "Install and configure HA cluster" the firewall.yml inclusion only applies when the ha_cluster_cluster_present is true which will always be false for the qdevice.

      Looks like the firewall.yml inclusion should also be added in tasks/shell_pcs/pcs-qnetd.yml

      Available firewalld services in qdevice after running the role.

      [root@qdevice ~]#
      [root@qdevice ~]# firewall-cmd --list-services
      cockpit dhcpv6-client ssh
      [root@qdevice ~]#

            rmeggins@redhat.com Richard Megginson
            rmeggins@redhat.com Richard Megginson
            Tomas Jelinek Tomas Jelinek
            Michal Nováček Michal Nováček
            Steven Levine Steven Levine
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: