Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-84951

Add `includes` when defining a custom service

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • rhel-system-roles
    • 0
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Enhancement
    • Hide
      .The `firewall` RHEL system role now supports including other services

      With this enhancement, you can include other services when you use the `firewall` RHEL system role to create `firewalld` service definitions. For example, you can create a service `webserver` that includes the `http` and `https` services. If you then enable the `webserver` service, `firewalld` open the ports defined in `http` and `https` services. For further details, see link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/automating_system_administration_by_using_rhel_system_roles/assembly_configuring-firewalld-using-system-roles_automating-system-administration-by-using-rhel-system-roles#creating-a-custom-firewalld-service-by-using-the-firewall-rhel-system-role_assembly_configuring-firewalld-using-system-roles[Creating a custom firewalld service by using the firewall RHEL system role].
      Show
      .The `firewall` RHEL system role now supports including other services With this enhancement, you can include other services when you use the `firewall` RHEL system role to create `firewalld` service definitions. For example, you can create a service `webserver` that includes the `http` and `https` services. If you then enable the `webserver` service, `firewalld` open the ports defined in `http` and `https` services. For further details, see link: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/automating_system_administration_by_using_rhel_system_roles/assembly_configuring-firewalld-using-system-roles_automating-system-administration-by-using-rhel-system-roles#creating-a-custom-firewalld-service-by-using-the-firewall-rhel-system-role_assembly_configuring-firewalld-using-system-roles [Creating a custom firewalld service by using the firewall RHEL system role].
    • Done
    • Done
    • Done
    • Not Required
    • None

      *What would you like to be added*:

      Allow for `includes` when defining a custom service (https://firewalld.org/documentation/man-pages/firewalld.service.html), e.g.

      ```yml

      • name: Run firewall role
        ansible.builtin.include_role:
        name: fedora.linux_system_roles.firewall
        vars:
        firewall_disable_conflicting_services: true
        firewall:
      • service: custom
        short: Custom
        description: Custom service
        port: 2222/tcp
        includes: [http, https]
        state: present
        permanent: true
        ```

      Currently `includes` are silently ignored.

      An example is e.g. the predefined firewalld service `freeipa-4` (https://github.com/firewalld/firewalld/blob/main/config/services/freeipa-4.xml)

      *Why is this needed*:

      This makes firewalld services more explicit and easier / quicker to read when there are many non-standard ports.

              rmeggins@redhat.com Richard Megginson
              rmeggins@redhat.com Richard Megginson
              Richard Megginson Richard Megginson
              David Jez David Jez
              Marc Muehlfeld Marc Muehlfeld
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: