Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pre-flight check to make sure no firewalld service is enabled #3067

Closed
thomasdanan opened this issue Jan 26, 2021 · 1 comment · Fixed by #3069
Closed

Pre-flight check to make sure no firewalld service is enabled #3067

thomasdanan opened this issue Jan 26, 2021 · 1 comment · Fixed by #3069
Assignees
@TeddyAndrieux
Labels
priority:urgent Any issue we should jump in as soon as possible severity:major Major impact on live deployments (e.g. some non-critical feature is not working at all) topic:deployment Bugs in or enhancements to deployment stages topic:networking Networking-related issues
Milestone
MetalK8s 2.8.0

Comments

@thomasdanan
Copy link
Contributor

Component:

'kubernetes'

Why this is needed:

When firewalld service is running it may conflict with the routing expected by Kubernetes

What should be done:

We should have a preflight check to check the firewalld is not running and is not enabled. If it is, the bootstrap script should abort during the pre-flight check phase and display the reason

Implementation proposal (strongly recommended):

Test plan:
@thomasdanan thomasdanan added topic:networking Networking-related issues topic:deployment Bugs in or enhancements to deployment stages priority:urgent Any issue we should jump in as soon as possible severity:major Major impact on live deployments (e.g. some non-critical feature is not working at all) labels Jan 26, 2021
@NicolasT
Copy link
Contributor

Note: we should not silently disable the service. Disabling it should be a conscious decision/action by the operator.

@TeddyAndrieux TeddyAndrieux self-assigned this Jan 27, 2021
TeddyAndrieux added a commit that referenced this issue Jan 27, 2021
@TeddyAndrieux
salt: Add a check about conflicting services for MetalK8s
2e7404b 
If some service are started on the host where we want to deploy MetalK8s
the installation may not work properly (e.g.: firewalld)
Add a new function to check that those service are not started on the
host before deploying all the MetalK8s components.
NOTE: We do not automatically stop the service from the host since those
services may have been started for good reason, so just ask the user to
remove those packages

Fixes: #3067
TeddyAndrieux added a commit that referenced this issue Jan 27, 2021
@TeddyAndrieux
salt: Add a check about conflicting services for MetalK8s
f7cc29a 
If some service are started on the host where we want to deploy MetalK8s
the installation may not work properly (e.g.: firewalld)
Add a new function to check that those service are not started on the
host before deploying all the MetalK8s components.
NOTE: We do not automatically stop the service from the host since those
services may have been started for good reason, so just ask the user to
remove those packages

Fixes: #3067
@TeddyAndrieux TeddyAndrieux mentioned this issue Jan 27, 2021
Merged
TeddyAndrieux added a commit that referenced this issue Jan 27, 2021
@TeddyAndrieux
salt: Add a check about conflicting services for MetalK8s
2e6a49c 
If some service are started on the host where we want to deploy MetalK8s
the installation may not work properly (e.g.: firewalld)
Add a new function to check that those service are not started on the
host before deploying all the MetalK8s components.
NOTE: We do not automatically stop the service from the host since those
services may have been started for good reason, so just ask the user to
remove those packages

Fixes: #3067
TeddyAndrieux added a commit that referenced this issue Jan 27, 2021
@TeddyAndrieux
salt: Add a check about conflicting services for MetalK8s
100e912 
If some service are started on the host where we want to deploy MetalK8s
the installation may not work properly (e.g.: firewalld)
Add a new function to check that those service are not started on the
host before deploying all the MetalK8s components.
NOTE: We do not automatically stop the service from the host since those
services may have been started for good reason, so just ask the user to
remove those packages

Fixes: #3067
@thomasdanan thomasdanan added this to the MetalK8s 2.8.0 milestone Feb 1, 2021
TeddyAndrieux added a commit that referenced this issue Feb 3, 2021
@TeddyAndrieux
salt: Add a check about conflicting services for MetalK8s
cf4c8e1 
If some service are started on the host where we want to deploy MetalK8s
the installation may not work properly (e.g.: firewalld)
Add a new function to check that those service are not started on the
host before deploying all the MetalK8s components.
NOTE: We do not automatically stop the service from the host since those
services may have been started for good reason, so just ask the user to
remove those packages

Fixes: #3067
@bert-e bert-e closed this as completed in 0acf814 Feb 3, 2021
gdemonet pushed a commit that referenced this issue Feb 26, 2021
@TeddyAndrieux @gdemonet
salt: Add a check about conflicting services for MetalK8s
2f9d8fe 
If some service are started on the host where we want to deploy MetalK8s
the installation may not work properly (e.g.: firewalld)
Add a new function to check that those service are not started on the
host before deploying all the MetalK8s components.
NOTE: We do not automatically stop the service from the host since those
services may have been started for good reason, so just ask the user to
remove those packages

Fixes: #3067
Cherry-picked from: 0acf814
gdemonet pushed a commit that referenced this issue Feb 26, 2021
@TeddyAndrieux @gdemonet
salt: Add a check about conflicting services for MetalK8s
e9b2c32 
If some service are started on the host where we want to deploy MetalK8s
the installation may not work properly (e.g.: firewalld)
Add a new function to check that those service are not started on the
host before deploying all the MetalK8s components.
NOTE: We do not automatically stop the service from the host since those
services may have been started for good reason, so just ask the user to
remove those packages

Fixes: #3067
Cherry-picked from: 0acf814
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TeddyAndrieux TeddyAndrieux

Labels
priority:urgent Any issue we should jump in as soon as possible severity:major Major impact on live deployments (e.g. some non-critical feature is not working at all) topic:deployment Bugs in or enhancements to deployment stages topic:networking Networking-related issues
Projects
None yet
Milestone
MetalK8s 2.8.0
Development

Successfully merging a pull request may close this issue.

salt: Add a check about conflicting services for MetalK8s scality/metalk8s
3 participants
@NicolasT @thomasdanan @TeddyAndrieux