-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: unmask firewalld on run, disable conflicting services #154
fix: unmask firewalld on run, disable conflicting services #154
Conversation
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## main #154 +/- ##
=======================================
Coverage 53.62% 53.62%
=======================================
Files 2 2
Lines 800 800
=======================================
Hits 429 429
Misses 371 371
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
This may have become too complex to be just a bug fix, but if we are disabling nftables, I figured it would make sense to disable all known conflicting services and make it an argument for the role to reduce overhead in the cases where doing so is not necessary. I can additionally separate the two fixes into separate PRs if necessary. |
I think it's fine to have a single pr |
Role will now always attempt to unmask on role run add variable 'firewall_disable_conflicting_services' to enable the disabling of conflicting services - Set to false by default - Requires that services are enumerated on managed nodes, which can introduce potentially unnecessary runtime overhead Update README to document the following behavior of the system role: - linux-system-roles.firewall will attempt to install, unmask, and enable firewalld - linux-system-roles.firewall can attempt to disable directly conflicting services to firewalld - and that is enabled by setting the variable 'firewall_disable_conflicting_services' to true - list of conflicting services present in vars/main.yml test cases for these changes in tests/tests_default.yml Addresses GitHub Issues: linux-system-roles#103, linux-system-roles#136
d95da37
to
b17a74a
Compare
List out conflicting services checked for in README, move some instruction in the introduction down to relevant variable.
[citest] |
[citest] |
We need to move the test from tests_default.yml - that test is only intended to run the role with no parameters. If you can alter another test, please do, otherwise, we will require a new test file. |
Return tests_default.yml to its original state Move tests for unmasking firewalld and removing conflicting services to tests_startup_conflicts.yml
Done. (new test file created, tests_default.yml reverted) |
[citest] |
Enhancement:
Role will now always attempt to unmask on role execution
add variable 'firewall_disable_conflicting_services' to give the option of disabling of known conflicting services
Update README to document the following behavior of the system role:
test cases for these changes in tests/tests_default.yml
Reason:
role currently fails if firewalld was masked on run
conflicting services have the potential to cause errors on role run
Result:
Issue Tracker Tickets (Jira or BZ if any):