-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disabling managing firewall - cloudstack-setup-management #4239
Conversation
8f0c7b5
to
21ef12b
Compare
@davidjumani - thx for the PR. I see only comment added, but not really removing the actual code which injects raw iptable rules (iptables -A ....) and which runs the "iptables-save > /etc/sysconfig/iptables" command, and restarts iptables service... I believe we want ZERO management of the iptables, as the rules from the /etc/sysconfig/iptables are overridden by the rules managed by firewalld (which is installed by default on CentOS 7/8) |
We do not want to manage iptables indeed. We (CloudStack) should never touch firewalls. That's up to the admin. |
Thanks @andrijapanicsb @wido Made the changes! |
@blueorangutan package |
@davidjumani a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
Packaging result: ✔centos7 ✔debian. JID-1640 |
LGTM |
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
this needs a test run as changes are in cloudstack-setup-management cc @davidjumani pl kick test when lab is online |
@blueorangutan package |
@DaanHoogland a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
Packaging result: ✔centos7 ✔debian. JID-1707 |
@blueorangutan test |
@davidjumani a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
@davidjumani env fails to deploy |
class sysConfigServerRedhat(sysConfigServer): | ||
def __init__(self, glbEnv): | ||
super(sysConfigServerRedhat, self).__init__(glbEnv) | ||
self.svo = serviceOpsRedhat() | ||
self.services = [firewallConfigServer(self)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@davidjumani I think we should revert the previous behaviour and simply print the statement. Otherwise, env will not deploy. Previously the cloudstack-setup-management would open firewall, now that you've changed it - either (a) document this and fix trillian to open the ports both CentOS/Ubuntu envs, or (b) just print the line for information sake.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rhtyd I was able to deploy a kvm env for basic testing, and everything seems to work. Will look into why it failed this time
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okay @davidjumani when you confirm we'll be able to merge this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's good to go. Env came up and smoke tests ran successfully!
@blueorangutan test |
@davidjumani a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
Trillian test result (tid-2370)
|
cba6231
to
94626f7
Compare
@blueorangutan package |
@davidjumani a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
Packaging result: ✔centos7 ✔debian. JID-1772 |
Just a reminder - pl kick test on centos8 and Ubuntu for this @davidjumani (use Jenkins if BO is limiting, thnx) |
@rhtyd Jenkins was failing. Kicking them off now! |
Trillian test result (tid-2583)
|
@blueorangutan test |
@davidjumani a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
Trillian test result (tid-2584)
|
Trillian test result (tid-2591)
|
@davidjumani can you check the centos7 failures, are those caused by regression or env related? |
Trillian test result (tid-2637)
|
@rhtyd Looking at the logs, the failures are env related issues |
@blueorangutan package |
@DaanHoogland a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
Packaging result: ✔centos7 ✔centos8 ✔debian. JID-2042 |
@blueorangutan test |
@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changes look good, I would like to see another smoke test result set
@blueorangutan test |
@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
Trillian test result (tid-2826)
|
Description
Disabling managing iptables on the management server since the host might be using unsupported firewall management tools
Types of changes